Sep 28 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session closed for user root
Sep 28 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session closed for user root
Sep 28 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52  user=root
Sep 28 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Failed password for root from 65.254.93.52 port 35494 ssh2
Sep 28 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Received disconnect from 65.254.93.52 port 35494:11: Bye Bye [preauth]
Sep 28 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15889]: Disconnected from 65.254.93.52 port 35494 [preauth]
Sep 28 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: Failed password for root from 81.162.54.144 port 42796 ssh2
Sep 28 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: Connection closed by 81.162.54.144 port 42796 [preauth]
Sep 28 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for root from 146.190.93.207 port 53536 ssh2
Sep 28 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Received disconnect from 146.190.93.207 port 53536:11: Bye Bye [preauth]
Sep 28 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Disconnected from 146.190.93.207 port 53536 [preauth]
Sep 28 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for root from 81.162.54.144 port 41332 ssh2
Sep 28 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Connection closed by 81.162.54.144 port 41332 [preauth]
Sep 28 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Failed password for root from 81.162.54.144 port 33178 ssh2
Sep 28 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Connection closed by 81.162.54.144 port 33178 [preauth]
Sep 28 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: Failed password for root from 59.19.182.197 port 33772 ssh2
Sep 28 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for root from 81.162.54.144 port 33190 ssh2
Sep 28 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: Received disconnect from 59.19.182.197 port 33772:11: Bye Bye [preauth]
Sep 28 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15953]: Disconnected from 59.19.182.197 port 33772 [preauth]
Sep 28 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 81.162.54.144 port 33190 [preauth]
Sep 28 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Failed password for root from 81.162.54.144 port 57786 ssh2
Sep 28 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Connection closed by 81.162.54.144 port 57786 [preauth]
Sep 28 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user root
Sep 28 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Failed password for root from 81.162.54.144 port 57794 ssh2
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: Successful su for rubyman by root
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: + ??? root:rubyman
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306711 of user rubyman.
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306711.
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Connection closed by 81.162.54.144 port 57794 [preauth]
Sep 28 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session closed for user root
Sep 28 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12619]: pam_unix(cron:session): session closed for user root
Sep 28 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Failed password for root from 81.162.54.144 port 33914 ssh2
Sep 28 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Connection closed by 81.162.54.144 port 33914 [preauth]
Sep 28 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99  user=root
Sep 28 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for root from 152.32.171.99 port 38826 ssh2
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Received disconnect from 152.32.171.99 port 38826:11: Bye Bye [preauth]
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Disconnected from 152.32.171.99 port 38826 [preauth]
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Invalid user hamza from 40.119.47.90
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: input_userauth_request: invalid user hamza [preauth]
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Failed password for root from 81.162.54.144 port 33922 ssh2
Sep 28 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Connection closed by 81.162.54.144 port 33922 [preauth]
Sep 28 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user hamza from 40.119.47.90 port 55920 ssh2
Sep 28 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Received disconnect from 40.119.47.90 port 55920:11: Bye Bye [preauth]
Sep 28 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Disconnected from 40.119.47.90 port 55920 [preauth]
Sep 28 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for root from 81.162.54.144 port 33932 ssh2
Sep 28 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Connection closed by 81.162.54.144 port 33932 [preauth]
Sep 28 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for root from 81.162.54.144 port 49146 ssh2
Sep 28 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Connection closed by 81.162.54.144 port 49146 [preauth]
Sep 28 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 81.162.54.144 port 49156 ssh2
Sep 28 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 81.162.54.144 port 49156 [preauth]
Sep 28 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for root from 81.162.54.144 port 57724 ssh2
Sep 28 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Connection closed by 81.162.54.144 port 57724 [preauth]
Sep 28 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for root from 81.162.54.144 port 57738 ssh2
Sep 28 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Connection closed by 81.162.54.144 port 57738 [preauth]
Sep 28 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Failed password for root from 103.142.69.89 port 51942 ssh2
Sep 28 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Received disconnect from 103.142.69.89 port 51942:11: Bye Bye [preauth]
Sep 28 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Disconnected from 103.142.69.89 port 51942 [preauth]
Sep 28 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Invalid user radarr from 115.240.221.28
Sep 28 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: input_userauth_request: invalid user radarr [preauth]
Sep 28 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Failed password for root from 81.162.54.144 port 57744 ssh2
Sep 28 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Connection closed by 81.162.54.144 port 57744 [preauth]
Sep 28 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session closed for user root
Sep 28 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Failed password for invalid user radarr from 115.240.221.28 port 37840 ssh2
Sep 28 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Received disconnect from 115.240.221.28 port 37840:11: Bye Bye [preauth]
Sep 28 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Disconnected from 115.240.221.28 port 37840 [preauth]
Sep 28 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Failed password for root from 81.162.54.144 port 42878 ssh2
Sep 28 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Connection closed by 81.162.54.144 port 42878 [preauth]
Sep 28 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Failed password for root from 81.162.54.144 port 42892 ssh2
Sep 28 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Connection closed by 81.162.54.144 port 42892 [preauth]
Sep 28 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: Failed password for root from 81.162.54.144 port 51552 ssh2
Sep 28 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Invalid user pascal from 103.4.92.103
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: input_userauth_request: invalid user pascal [preauth]
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16453]: Connection closed by 81.162.54.144 port 51552 [preauth]
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Invalid user hyper from 65.254.93.52
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: input_userauth_request: invalid user hyper [preauth]
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52
Sep 28 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Failed password for invalid user pascal from 103.4.92.103 port 57496 ssh2
Sep 28 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Received disconnect from 103.4.92.103 port 57496:11: Bye Bye [preauth]
Sep 28 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Disconnected from 103.4.92.103 port 57496 [preauth]
Sep 28 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Failed password for invalid user hyper from 65.254.93.52 port 51642 ssh2
Sep 28 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Received disconnect from 65.254.93.52 port 51642:11: Bye Bye [preauth]
Sep 28 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Disconnected from 65.254.93.52 port 51642 [preauth]
Sep 28 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16469]: Failed password for root from 81.162.54.144 port 51554 ssh2
Sep 28 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16469]: Connection closed by 81.162.54.144 port 51554 [preauth]
Sep 28 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Failed password for root from 198.23.174.113 port 38738 ssh2
Sep 28 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: Failed password for root from 146.190.93.207 port 55532 ssh2
Sep 28 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: Received disconnect from 146.190.93.207 port 55532:11: Bye Bye [preauth]
Sep 28 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16471]: Disconnected from 146.190.93.207 port 55532 [preauth]
Sep 28 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Received disconnect from 198.23.174.113 port 38738:11: Bye Bye [preauth]
Sep 28 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Disconnected from 198.23.174.113 port 38738 [preauth]
Sep 28 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: Failed password for root from 81.162.54.144 port 60674 ssh2
Sep 28 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: Connection closed by 81.162.54.144 port 60674 [preauth]
Sep 28 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16504]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16580]: Successful su for rubyman by root
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16580]: + ??? root:rubyman
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306714 of user rubyman.
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16580]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306714.
Sep 28 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Failed password for root from 81.162.54.144 port 60688 ssh2
Sep 28 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Connection closed by 81.162.54.144 port 60688 [preauth]
Sep 28 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Failed password for root from 81.162.54.144 port 49136 ssh2
Sep 28 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13126]: pam_unix(cron:session): session closed for user root
Sep 28 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16693]: Connection closed by 81.162.54.144 port 49136 [preauth]
Sep 28 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Failed password for root from 81.162.54.144 port 49142 ssh2
Sep 28 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Connection closed by 81.162.54.144 port 49142 [preauth]
Sep 28 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Invalid user nokia from 152.32.171.99
Sep 28 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: input_userauth_request: invalid user nokia [preauth]
Sep 28 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for invalid user nokia from 152.32.171.99 port 50690 ssh2
Sep 28 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Failed password for root from 81.162.54.144 port 49154 ssh2
Sep 28 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Received disconnect from 152.32.171.99 port 50690:11: Bye Bye [preauth]
Sep 28 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Disconnected from 152.32.171.99 port 50690 [preauth]
Sep 28 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Connection closed by 81.162.54.144 port 49154 [preauth]
Sep 28 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Invalid user webuser from 40.119.47.90
Sep 28 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: input_userauth_request: invalid user webuser [preauth]
Sep 28 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Failed password for root from 81.162.54.144 port 41758 ssh2
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Connection closed by 81.162.54.144 port 41758 [preauth]
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Failed password for invalid user webuser from 40.119.47.90 port 53316 ssh2
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Received disconnect from 40.119.47.90 port 53316:11: Bye Bye [preauth]
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16835]: Disconnected from 40.119.47.90 port 53316 [preauth]
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: Invalid user lisong from 59.19.182.197
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: input_userauth_request: invalid user lisong [preauth]
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: Failed password for invalid user lisong from 59.19.182.197 port 57852 ssh2
Sep 28 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: Received disconnect from 59.19.182.197 port 57852:11: Bye Bye [preauth]
Sep 28 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16837]: Disconnected from 59.19.182.197 port 57852 [preauth]
Sep 28 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for root from 81.162.54.144 port 41760 ssh2
Sep 28 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 81.162.54.144 port 41760 [preauth]
Sep 28 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Failed password for root from 81.162.54.144 port 35886 ssh2
Sep 28 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Connection closed by 81.162.54.144 port 35886 [preauth]
Sep 28 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Failed password for root from 81.162.54.144 port 35900 ssh2
Sep 28 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Connection closed by 81.162.54.144 port 35900 [preauth]
Sep 28 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session closed for user root
Sep 28 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: Failed password for root from 81.162.54.144 port 35912 ssh2
Sep 28 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: Connection closed by 81.162.54.144 port 35912 [preauth]
Sep 28 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16912]: Failed password for root from 81.162.54.144 port 44814 ssh2
Sep 28 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16912]: Connection closed by 81.162.54.144 port 44814 [preauth]
Sep 28 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Failed password for root from 81.162.54.144 port 44816 ssh2
Sep 28 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Connection closed by 81.162.54.144 port 44816 [preauth]
Sep 28 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16932]: Failed password for root from 115.240.221.28 port 29731 ssh2
Sep 28 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16932]: Received disconnect from 115.240.221.28 port 29731:11: Bye Bye [preauth]
Sep 28 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16932]: Disconnected from 115.240.221.28 port 29731 [preauth]
Sep 28 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16939]: Failed password for root from 81.162.54.144 port 39164 ssh2
Sep 28 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16939]: Connection closed by 81.162.54.144 port 39164 [preauth]
Sep 28 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Invalid user test from 103.142.69.89
Sep 28 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: input_userauth_request: invalid user test [preauth]
Sep 28 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Failed password for invalid user test from 103.142.69.89 port 47414 ssh2
Sep 28 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Received disconnect from 103.142.69.89 port 47414:11: Bye Bye [preauth]
Sep 28 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Disconnected from 103.142.69.89 port 47414 [preauth]
Sep 28 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Failed password for root from 81.162.54.144 port 39172 ssh2
Sep 28 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Connection closed by 81.162.54.144 port 39172 [preauth]
Sep 28 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for root from 81.162.54.144 port 50204 ssh2
Sep 28 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Connection closed by 81.162.54.144 port 50204 [preauth]
Sep 28 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17058]: Successful su for rubyman by root
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17058]: + ??? root:rubyman
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306720 of user rubyman.
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17058]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306720.
Sep 28 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Failed password for root from 81.162.54.144 port 50214 ssh2
Sep 28 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Connection closed by 81.162.54.144 port 50214 [preauth]
Sep 28 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Invalid user anonymous from 103.153.190.105
Sep 28 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: input_userauth_request: invalid user anonymous [preauth]
Sep 28 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Failed password for invalid user anonymous from 103.153.190.105 port 47611 ssh2
Sep 28 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Received disconnect from 103.153.190.105 port 47611:11: Bye Bye [preauth]
Sep 28 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Disconnected from 103.153.190.105 port 47611 [preauth]
Sep 28 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Failed password for root from 81.162.54.144 port 50226 ssh2
Sep 28 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session closed for user root
Sep 28 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Connection closed by 81.162.54.144 port 50226 [preauth]
Sep 28 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for root from 146.190.93.207 port 45456 ssh2
Sep 28 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Received disconnect from 146.190.93.207 port 45456:11: Bye Bye [preauth]
Sep 28 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Disconnected from 146.190.93.207 port 45456 [preauth]
Sep 28 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Failed password for root from 81.162.54.144 port 60188 ssh2
Sep 28 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Connection closed by 81.162.54.144 port 60188 [preauth]
Sep 28 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52  user=root
Sep 28 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for root from 81.162.54.144 port 60192 ssh2
Sep 28 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Connection closed by 81.162.54.144 port 60192 [preauth]
Sep 28 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Failed password for root from 65.254.93.52 port 34224 ssh2
Sep 28 06:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Received disconnect from 65.254.93.52 port 34224:11: Bye Bye [preauth]
Sep 28 06:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17297]: Disconnected from 65.254.93.52 port 34224 [preauth]
Sep 28 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Failed password for root from 81.162.54.144 port 57706 ssh2
Sep 28 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Connection closed by 81.162.54.144 port 57706 [preauth]
Sep 28 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Invalid user radius from 103.4.92.103
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: input_userauth_request: invalid user radius [preauth]
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Invalid user pal from 152.32.171.99
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: input_userauth_request: invalid user pal [preauth]
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Failed password for invalid user radius from 103.4.92.103 port 42037 ssh2
Sep 28 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Failed password for invalid user pal from 152.32.171.99 port 55814 ssh2
Sep 28 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Received disconnect from 152.32.171.99 port 55814:11: Bye Bye [preauth]
Sep 28 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Disconnected from 152.32.171.99 port 55814 [preauth]
Sep 28 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Received disconnect from 103.4.92.103 port 42037:11: Bye Bye [preauth]
Sep 28 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Disconnected from 103.4.92.103 port 42037 [preauth]
Sep 28 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: Failed password for root from 81.162.54.144 port 57720 ssh2
Sep 28 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: Connection closed by 81.162.54.144 port 57720 [preauth]
Sep 28 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Failed password for root from 81.162.54.144 port 57736 ssh2
Sep 28 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Connection closed by 81.162.54.144 port 57736 [preauth]
Sep 28 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90  user=root
Sep 28 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Failed password for root from 81.162.54.144 port 55418 ssh2
Sep 28 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Connection closed by 81.162.54.144 port 55418 [preauth]
Sep 28 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Failed password for root from 40.119.47.90 port 51154 ssh2
Sep 28 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Received disconnect from 40.119.47.90 port 51154:11: Bye Bye [preauth]
Sep 28 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Disconnected from 40.119.47.90 port 51154 [preauth]
Sep 28 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17382]: Failed password for root from 81.162.54.144 port 55434 ssh2
Sep 28 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17382]: Connection closed by 81.162.54.144 port 55434 [preauth]
Sep 28 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user root
Sep 28 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Failed password for root from 81.162.54.144 port 54874 ssh2
Sep 28 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Connection closed by 81.162.54.144 port 54874 [preauth]
Sep 28 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Failed password for root from 81.162.54.144 port 54882 ssh2
Sep 28 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Connection closed by 81.162.54.144 port 54882 [preauth]
Sep 28 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for root from 81.162.54.144 port 40122 ssh2
Sep 28 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Connection closed by 81.162.54.144 port 40122 [preauth]
Sep 28 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Failed password for root from 81.162.54.144 port 40130 ssh2
Sep 28 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Connection closed by 81.162.54.144 port 40130 [preauth]
Sep 28 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Failed password for root from 59.19.182.197 port 53702 ssh2
Sep 28 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Received disconnect from 59.19.182.197 port 53702:11: Bye Bye [preauth]
Sep 28 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Disconnected from 59.19.182.197 port 53702 [preauth]
Sep 28 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Failed password for root from 81.162.54.144 port 40134 ssh2
Sep 28 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Connection closed by 81.162.54.144 port 40134 [preauth]
Sep 28 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Failed password for root from 115.240.221.28 port 46881 ssh2
Sep 28 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Received disconnect from 115.240.221.28 port 46881:11: Bye Bye [preauth]
Sep 28 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Disconnected from 115.240.221.28 port 46881 [preauth]
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: Successful su for rubyman by root
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: + ??? root:rubyman
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306722 of user rubyman.
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306722.
Sep 28 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Failed password for root from 81.162.54.144 port 54746 ssh2
Sep 28 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Connection closed by 81.162.54.144 port 54746 [preauth]
Sep 28 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session closed for user root
Sep 28 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: Failed password for root from 81.162.54.144 port 47712 ssh2
Sep 28 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: Connection closed by 81.162.54.144 port 47712 [preauth]
Sep 28 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Invalid user rsync from 103.142.69.89
Sep 28 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: input_userauth_request: invalid user rsync [preauth]
Sep 28 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Invalid user fileuser from 198.23.174.113
Sep 28 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: input_userauth_request: invalid user fileuser [preauth]
Sep 28 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Failed password for invalid user rsync from 103.142.69.89 port 42888 ssh2
Sep 28 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Received disconnect from 103.142.69.89 port 42888:11: Bye Bye [preauth]
Sep 28 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Disconnected from 103.142.69.89 port 42888 [preauth]
Sep 28 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Failed password for root from 81.162.54.144 port 47728 ssh2
Sep 28 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for invalid user fileuser from 198.23.174.113 port 38840 ssh2
Sep 28 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17839]: Connection closed by 81.162.54.144 port 47728 [preauth]
Sep 28 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Received disconnect from 198.23.174.113 port 38840:11: Bye Bye [preauth]
Sep 28 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Disconnected from 198.23.174.113 port 38840 [preauth]
Sep 28 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Failed password for root from 81.162.54.144 port 47740 ssh2
Sep 28 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Connection closed by 81.162.54.144 port 47740 [preauth]
Sep 28 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for root from 81.162.54.144 port 33194 ssh2
Sep 28 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Connection closed by 81.162.54.144 port 33194 [preauth]
Sep 28 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Failed password for root from 146.190.93.207 port 48592 ssh2
Sep 28 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Received disconnect from 146.190.93.207 port 48592:11: Bye Bye [preauth]
Sep 28 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Disconnected from 146.190.93.207 port 48592 [preauth]
Sep 28 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Failed password for root from 81.162.54.144 port 33198 ssh2
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Invalid user ubuntu from 152.32.171.99
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Connection closed by 81.162.54.144 port 33198 [preauth]
Sep 28 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Failed password for invalid user ubuntu from 152.32.171.99 port 58800 ssh2
Sep 28 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Received disconnect from 152.32.171.99 port 58800:11: Bye Bye [preauth]
Sep 28 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Disconnected from 152.32.171.99 port 58800 [preauth]
Sep 28 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: Failed password for root from 81.162.54.144 port 49538 ssh2
Sep 28 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: Connection closed by 81.162.54.144 port 49538 [preauth]
Sep 28 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Failed password for root from 81.162.54.144 port 49540 ssh2
Sep 28 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Connection closed by 81.162.54.144 port 49540 [preauth]
Sep 28 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16504]: pam_unix(cron:session): session closed for user root
Sep 28 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52  user=root
Sep 28 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Failed password for root from 81.162.54.144 port 49556 ssh2
Sep 28 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Connection closed by 81.162.54.144 port 49556 [preauth]
Sep 28 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: Failed password for root from 65.254.93.52 port 60386 ssh2
Sep 28 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: Received disconnect from 65.254.93.52 port 60386:11: Bye Bye [preauth]
Sep 28 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17982]: Disconnected from 65.254.93.52 port 60386 [preauth]
Sep 28 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90  user=root
Sep 28 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Failed password for root from 40.119.47.90 port 58340 ssh2
Sep 28 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Received disconnect from 40.119.47.90 port 58340:11: Bye Bye [preauth]
Sep 28 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Disconnected from 40.119.47.90 port 58340 [preauth]
Sep 28 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: Failed password for root from 81.162.54.144 port 53550 ssh2
Sep 28 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17997]: Connection closed by 81.162.54.144 port 53550 [preauth]
Sep 28 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Failed password for root from 81.162.54.144 port 53564 ssh2
Sep 28 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Connection closed by 81.162.54.144 port 53564 [preauth]
Sep 28 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18043]: Failed password for root from 81.162.54.144 port 34786 ssh2
Sep 28 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18043]: Connection closed by 81.162.54.144 port 34786 [preauth]
Sep 28 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103  user=root
Sep 28 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18061]: Failed password for root from 103.4.92.103 port 54812 ssh2
Sep 28 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18061]: Received disconnect from 103.4.92.103 port 54812:11: Bye Bye [preauth]
Sep 28 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18061]: Disconnected from 103.4.92.103 port 54812 [preauth]
Sep 28 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for root from 81.162.54.144 port 34802 ssh2
Sep 28 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Connection closed by 81.162.54.144 port 34802 [preauth]
Sep 28 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Failed password for root from 81.162.54.144 port 46894 ssh2
Sep 28 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Connection closed by 81.162.54.144 port 46894 [preauth]
Sep 28 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Failed password for root from 81.162.54.144 port 46910 ssh2
Sep 28 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Connection closed by 81.162.54.144 port 46910 [preauth]
Sep 28 06:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: Successful su for rubyman by root
Sep 28 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: + ??? root:rubyman
Sep 28 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306726 of user rubyman.
Sep 28 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306726.
Sep 28 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session closed for user root
Sep 28 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18092]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Failed password for root from 81.162.54.144 port 46926 ssh2
Sep 28 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Connection closed by 81.162.54.144 port 46926 [preauth]
Sep 28 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for root from 81.162.54.144 port 60366 ssh2
Sep 28 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Connection closed by 81.162.54.144 port 60366 [preauth]
Sep 28 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: Invalid user emily from 115.240.221.28
Sep 28 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: input_userauth_request: invalid user emily [preauth]
Sep 28 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: Failed password for invalid user emily from 115.240.221.28 port 38108 ssh2
Sep 28 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: Failed password for root from 81.162.54.144 port 60370 ssh2
Sep 28 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: Received disconnect from 115.240.221.28 port 38108:11: Bye Bye [preauth]
Sep 28 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18629]: Disconnected from 115.240.221.28 port 38108 [preauth]
Sep 28 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: Connection closed by 81.162.54.144 port 60370 [preauth]
Sep 28 06:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Failed password for root from 59.19.182.197 port 49544 ssh2
Sep 28 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for root from 81.162.54.144 port 34814 ssh2
Sep 28 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Received disconnect from 59.19.182.197 port 49544:11: Bye Bye [preauth]
Sep 28 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Disconnected from 59.19.182.197 port 49544 [preauth]
Sep 28 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Connection closed by 81.162.54.144 port 34814 [preauth]
Sep 28 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Failed password for root from 81.162.54.144 port 34826 ssh2
Sep 28 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Connection closed by 81.162.54.144 port 34826 [preauth]
Sep 28 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Invalid user user from 103.142.69.89
Sep 28 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: input_userauth_request: invalid user user [preauth]
Sep 28 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Failed password for invalid user user from 103.142.69.89 port 38360 ssh2
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Failed password for root from 81.162.54.144 port 52412 ssh2
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Received disconnect from 103.142.69.89 port 38360:11: Bye Bye [preauth]
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Disconnected from 103.142.69.89 port 38360 [preauth]
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99  user=root
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Connection closed by 81.162.54.144 port 52412 [preauth]
Sep 28 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Failed password for root from 152.32.171.99 port 49044 ssh2
Sep 28 06:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Received disconnect from 152.32.171.99 port 49044:11: Bye Bye [preauth]
Sep 28 06:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Disconnected from 152.32.171.99 port 49044 [preauth]
Sep 28 06:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session closed for user root
Sep 28 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Failed password for root from 81.162.54.144 port 52422 ssh2
Sep 28 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18718]: Failed password for root from 146.190.93.207 port 58970 ssh2
Sep 28 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Connection closed by 81.162.54.144 port 52422 [preauth]
Sep 28 06:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18718]: Received disconnect from 146.190.93.207 port 58970:11: Bye Bye [preauth]
Sep 28 06:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18718]: Disconnected from 146.190.93.207 port 58970 [preauth]
Sep 28 06:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Failed password for root from 81.162.54.144 port 38612 ssh2
Sep 28 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Connection closed by 81.162.54.144 port 38612 [preauth]
Sep 28 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Failed password for root from 81.162.54.144 port 38626 ssh2
Sep 28 06:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Connection closed by 81.162.54.144 port 38626 [preauth]
Sep 28 06:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Invalid user gcs from 40.119.47.90
Sep 28 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: input_userauth_request: invalid user gcs [preauth]
Sep 28 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Failed password for invalid user gcs from 40.119.47.90 port 41542 ssh2
Sep 28 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Received disconnect from 40.119.47.90 port 41542:11: Bye Bye [preauth]
Sep 28 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18779]: Disconnected from 40.119.47.90 port 41542 [preauth]
Sep 28 06:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Failed password for root from 81.162.54.144 port 50792 ssh2
Sep 28 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Connection closed by 81.162.54.144 port 50792 [preauth]
Sep 28 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Failed password for root from 81.162.54.144 port 50808 ssh2
Sep 28 06:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Connection closed by 81.162.54.144 port 50808 [preauth]
Sep 28 06:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: Invalid user gera from 65.254.93.52
Sep 28 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: input_userauth_request: invalid user gera [preauth]
Sep 28 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52
Sep 28 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for root from 81.162.54.144 port 50824 ssh2
Sep 28 06:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Connection closed by 81.162.54.144 port 50824 [preauth]
Sep 28 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: Failed password for invalid user gera from 65.254.93.52 port 49146 ssh2
Sep 28 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: Received disconnect from 65.254.93.52 port 49146:11: Bye Bye [preauth]
Sep 28 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18815]: Disconnected from 65.254.93.52 port 49146 [preauth]
Sep 28 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Failed password for root from 81.162.54.144 port 57910 ssh2
Sep 28 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Connection closed by 81.162.54.144 port 57910 [preauth]
Sep 28 06:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session closed for user root
Sep 28 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18835]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: Successful su for rubyman by root
Sep 28 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: + ??? root:rubyman
Sep 28 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306730 of user rubyman.
Sep 28 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306730.
Sep 28 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Failed password for root from 81.162.54.144 port 57912 ssh2
Sep 28 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Connection closed by 81.162.54.144 port 57912 [preauth]
Sep 28 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session closed for user root
Sep 28 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15253]: pam_unix(cron:session): session closed for user root
Sep 28 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Failed password for root from 81.162.54.144 port 48870 ssh2
Sep 28 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Connection closed by 81.162.54.144 port 48870 [preauth]
Sep 28 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18836]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: Failed password for root from 81.162.54.144 port 48884 ssh2
Sep 28 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: Connection closed by 81.162.54.144 port 48884 [preauth]
Sep 28 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19202]: Failed password for root from 81.162.54.144 port 48886 ssh2
Sep 28 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19202]: Connection closed by 81.162.54.144 port 48886 [preauth]
Sep 28 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103  user=root
Sep 28 06:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: Failed password for root from 103.4.92.103 port 39354 ssh2
Sep 28 06:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: Received disconnect from 103.4.92.103 port 39354:11: Bye Bye [preauth]
Sep 28 06:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: Disconnected from 103.4.92.103 port 39354 [preauth]
Sep 28 06:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: Failed password for root from 81.162.54.144 port 49616 ssh2
Sep 28 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: Connection closed by 81.162.54.144 port 49616 [preauth]
Sep 28 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Invalid user mailuser from 198.23.174.113
Sep 28 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: input_userauth_request: invalid user mailuser [preauth]
Sep 28 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Failed password for invalid user mailuser from 198.23.174.113 port 38944 ssh2
Sep 28 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: Failed password for root from 81.162.54.144 port 33426 ssh2
Sep 28 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Received disconnect from 198.23.174.113 port 38944:11: Bye Bye [preauth]
Sep 28 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Disconnected from 198.23.174.113 port 38944 [preauth]
Sep 28 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: Connection closed by 81.162.54.144 port 33426 [preauth]
Sep 28 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for root from 115.240.221.28 port 52658 ssh2
Sep 28 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Received disconnect from 115.240.221.28 port 52658:11: Bye Bye [preauth]
Sep 28 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Disconnected from 115.240.221.28 port 52658 [preauth]
Sep 28 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: Failed password for root from 81.162.54.144 port 33434 ssh2
Sep 28 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: Connection closed by 81.162.54.144 port 33434 [preauth]
Sep 28 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user root
Sep 28 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19289]: Failed password for root from 81.162.54.144 port 37670 ssh2
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19289]: Connection closed by 81.162.54.144 port 37670 [preauth]
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: Invalid user ubuntu from 152.32.171.99
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: Failed password for invalid user ubuntu from 152.32.171.99 port 41558 ssh2
Sep 28 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: Received disconnect from 152.32.171.99 port 41558:11: Bye Bye [preauth]
Sep 28 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19348]: Disconnected from 152.32.171.99 port 41558 [preauth]
Sep 28 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Failed password for root from 81.162.54.144 port 37686 ssh2
Sep 28 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Connection closed by 81.162.54.144 port 37686 [preauth]
Sep 28 06:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Invalid user exx from 146.190.93.207
Sep 28 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: input_userauth_request: invalid user exx [preauth]
Sep 28 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Invalid user test from 59.19.182.197
Sep 28 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: input_userauth_request: invalid user test [preauth]
Sep 28 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Failed password for invalid user exx from 146.190.93.207 port 49534 ssh2
Sep 28 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for root from 81.162.54.144 port 37702 ssh2
Sep 28 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Received disconnect from 146.190.93.207 port 49534:11: Bye Bye [preauth]
Sep 28 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Disconnected from 146.190.93.207 port 49534 [preauth]
Sep 28 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Connection closed by 81.162.54.144 port 37702 [preauth]
Sep 28 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Failed password for invalid user test from 59.19.182.197 port 45390 ssh2
Sep 28 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Received disconnect from 59.19.182.197 port 45390:11: Bye Bye [preauth]
Sep 28 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Disconnected from 59.19.182.197 port 45390 [preauth]
Sep 28 06:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Failed password for root from 81.162.54.144 port 33604 ssh2
Sep 28 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Connection closed by 81.162.54.144 port 33604 [preauth]
Sep 28 06:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Invalid user share from 103.142.69.89
Sep 28 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: input_userauth_request: invalid user share [preauth]
Sep 28 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Failed password for invalid user share from 103.142.69.89 port 33832 ssh2
Sep 28 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Received disconnect from 103.142.69.89 port 33832:11: Bye Bye [preauth]
Sep 28 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Disconnected from 103.142.69.89 port 33832 [preauth]
Sep 28 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19560]: Failed password for root from 81.162.54.144 port 33606 ssh2
Sep 28 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19560]: Connection closed by 81.162.54.144 port 33606 [preauth]
Sep 28 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Failed password for root from 103.153.190.105 port 48203 ssh2
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Received disconnect from 103.153.190.105 port 48203:11: Bye Bye [preauth]
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Disconnected from 103.153.190.105 port 48203 [preauth]
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Invalid user vlad from 40.119.47.90
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: input_userauth_request: invalid user vlad [preauth]
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Failed password for invalid user vlad from 40.119.47.90 port 50620 ssh2
Sep 28 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Received disconnect from 40.119.47.90 port 50620:11: Bye Bye [preauth]
Sep 28 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Disconnected from 40.119.47.90 port 50620 [preauth]
Sep 28 06:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19565]: Failed password for root from 81.162.54.144 port 58282 ssh2
Sep 28 06:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19565]: Connection closed by 81.162.54.144 port 58282 [preauth]
Sep 28 06:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19579]: Failed password for root from 81.162.54.144 port 58296 ssh2
Sep 28 06:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19579]: Connection closed by 81.162.54.144 port 58296 [preauth]
Sep 28 06:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19603]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19604]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19783]: Successful su for rubyman by root
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19783]: + ??? root:rubyman
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306737 of user rubyman.
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19783]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306737.
Sep 28 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Failed password for root from 81.162.54.144 port 58310 ssh2
Sep 28 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Connection closed by 81.162.54.144 port 58310 [preauth]
Sep 28 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user root
Sep 28 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Failed password for root from 81.162.54.144 port 60484 ssh2
Sep 28 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Connection closed by 81.162.54.144 port 60484 [preauth]
Sep 28 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for root from 81.162.54.144 port 60488 ssh2
Sep 28 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 81.162.54.144 port 60488 [preauth]
Sep 28 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52  user=root
Sep 28 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: Failed password for root from 65.254.93.52 port 39044 ssh2
Sep 28 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: Received disconnect from 65.254.93.52 port 39044:11: Bye Bye [preauth]
Sep 28 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20059]: Disconnected from 65.254.93.52 port 39044 [preauth]
Sep 28 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Failed password for root from 81.162.54.144 port 51010 ssh2
Sep 28 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Connection closed by 81.162.54.144 port 51010 [preauth]
Sep 28 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Failed password for root from 81.162.54.144 port 51014 ssh2
Sep 28 06:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Connection closed by 81.162.54.144 port 51014 [preauth]
Sep 28 06:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Failed password for root from 81.162.54.144 port 51022 ssh2
Sep 28 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session closed for user root
Sep 28 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Connection closed by 81.162.54.144 port 51022 [preauth]
Sep 28 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20158]: Failed password for root from 81.162.54.144 port 55718 ssh2
Sep 28 06:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20158]: Connection closed by 81.162.54.144 port 55718 [preauth]
Sep 28 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: Invalid user aditya from 152.32.171.99
Sep 28 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: input_userauth_request: invalid user aditya [preauth]
Sep 28 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Invalid user cds from 115.240.221.28
Sep 28 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: input_userauth_request: invalid user cds [preauth]
Sep 28 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: Failed password for invalid user aditya from 152.32.171.99 port 60004 ssh2
Sep 28 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: Received disconnect from 152.32.171.99 port 60004:11: Bye Bye [preauth]
Sep 28 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20173]: Disconnected from 152.32.171.99 port 60004 [preauth]
Sep 28 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Failed password for invalid user cds from 115.240.221.28 port 28197 ssh2
Sep 28 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Received disconnect from 115.240.221.28 port 28197:11: Bye Bye [preauth]
Sep 28 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Disconnected from 115.240.221.28 port 28197 [preauth]
Sep 28 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Failed password for root from 81.162.54.144 port 55734 ssh2
Sep 28 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Connection closed by 81.162.54.144 port 55734 [preauth]
Sep 28 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103  user=root
Sep 28 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Failed password for root from 81.162.54.144 port 45582 ssh2
Sep 28 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Connection closed by 81.162.54.144 port 45582 [preauth]
Sep 28 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Failed password for root from 103.4.92.103 port 52130 ssh2
Sep 28 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Received disconnect from 103.4.92.103 port 52130:11: Bye Bye [preauth]
Sep 28 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Disconnected from 103.4.92.103 port 52130 [preauth]
Sep 28 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: Failed password for root from 81.162.54.144 port 45594 ssh2
Sep 28 06:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: Connection closed by 81.162.54.144 port 45594 [preauth]
Sep 28 06:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Invalid user julio from 146.190.93.207
Sep 28 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: input_userauth_request: invalid user julio [preauth]
Sep 28 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Failed password for invalid user julio from 146.190.93.207 port 34908 ssh2
Sep 28 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Received disconnect from 146.190.93.207 port 34908:11: Bye Bye [preauth]
Sep 28 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Disconnected from 146.190.93.207 port 34908 [preauth]
Sep 28 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: Failed password for root from 81.162.54.144 port 45596 ssh2
Sep 28 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20245]: Connection closed by 81.162.54.144 port 45596 [preauth]
Sep 28 06:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Failed password for root from 81.162.54.144 port 37290 ssh2
Sep 28 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Connection closed by 81.162.54.144 port 37290 [preauth]
Sep 28 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: Successful su for rubyman by root
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: + ??? root:rubyman
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306740 of user rubyman.
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306740.
Sep 28 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Invalid user stas from 40.119.47.90
Sep 28 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: input_userauth_request: invalid user stas [preauth]
Sep 28 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Failed password for root from 81.162.54.144 port 37294 ssh2
Sep 28 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Connection closed by 81.162.54.144 port 37294 [preauth]
Sep 28 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session closed for user root
Sep 28 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Failed password for invalid user stas from 40.119.47.90 port 38690 ssh2
Sep 28 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Received disconnect from 40.119.47.90 port 38690:11: Bye Bye [preauth]
Sep 28 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20373]: Disconnected from 40.119.47.90 port 38690 [preauth]
Sep 28 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Failed password for root from 81.162.54.144 port 58554 ssh2
Sep 28 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Connection closed by 81.162.54.144 port 58554 [preauth]
Sep 28 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: Invalid user osmc from 103.142.69.89
Sep 28 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: input_userauth_request: invalid user osmc [preauth]
Sep 28 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: Failed password for invalid user osmc from 103.142.69.89 port 57538 ssh2
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Invalid user deployer from 59.19.182.197
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: input_userauth_request: invalid user deployer [preauth]
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: Received disconnect from 103.142.69.89 port 57538:11: Bye Bye [preauth]
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20553]: Disconnected from 103.142.69.89 port 57538 [preauth]
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Failed password for root from 81.162.54.144 port 58566 ssh2
Sep 28 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Connection closed by 81.162.54.144 port 58566 [preauth]
Sep 28 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Failed password for invalid user deployer from 59.19.182.197 port 41238 ssh2
Sep 28 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Received disconnect from 59.19.182.197 port 41238:11: Bye Bye [preauth]
Sep 28 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20574]: Disconnected from 59.19.182.197 port 41238 [preauth]
Sep 28 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: Failed password for root from 81.162.54.144 port 58568 ssh2
Sep 28 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20576]: Connection closed by 81.162.54.144 port 58568 [preauth]
Sep 28 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Failed password for root from 81.162.54.144 port 46994 ssh2
Sep 28 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20601]: Connection closed by 81.162.54.144 port 46994 [preauth]
Sep 28 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: Failed password for root from 81.162.54.144 port 47008 ssh2
Sep 28 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: Connection closed by 81.162.54.144 port 47008 [preauth]
Sep 28 06:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Failed password for root from 81.162.54.144 port 60868 ssh2
Sep 28 06:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Connection closed by 81.162.54.144 port 60868 [preauth]
Sep 28 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session closed for user root
Sep 28 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Invalid user rsync from 65.254.93.52
Sep 28 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: input_userauth_request: invalid user rsync [preauth]
Sep 28 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52
Sep 28 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Failed password for root from 81.162.54.144 port 60876 ssh2
Sep 28 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Connection closed by 81.162.54.144 port 60876 [preauth]
Sep 28 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Failed password for invalid user rsync from 65.254.93.52 port 54828 ssh2
Sep 28 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Received disconnect from 65.254.93.52 port 54828:11: Bye Bye [preauth]
Sep 28 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Disconnected from 65.254.93.52 port 54828 [preauth]
Sep 28 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20696]: Failed password for root from 81.162.54.144 port 33936 ssh2
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20696]: Connection closed by 81.162.54.144 port 33936 [preauth]
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: Invalid user nathan from 198.23.174.113
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: input_userauth_request: invalid user nathan [preauth]
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Invalid user noreply from 152.32.171.99
Sep 28 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: input_userauth_request: invalid user noreply [preauth]
Sep 28 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: Failed password for invalid user nathan from 198.23.174.113 port 39052 ssh2
Sep 28 06:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: Received disconnect from 198.23.174.113 port 39052:11: Bye Bye [preauth]
Sep 28 06:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: Disconnected from 198.23.174.113 port 39052 [preauth]
Sep 28 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Failed password for invalid user noreply from 152.32.171.99 port 48932 ssh2
Sep 28 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Received disconnect from 152.32.171.99 port 48932:11: Bye Bye [preauth]
Sep 28 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Disconnected from 152.32.171.99 port 48932 [preauth]
Sep 28 06:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Failed password for root from 81.162.54.144 port 52828 ssh2
Sep 28 06:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Connection closed by 81.162.54.144 port 52828 [preauth]
Sep 28 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: Failed password for root from 81.162.54.144 port 52850 ssh2
Sep 28 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: Connection closed by 81.162.54.144 port 52850 [preauth]
Sep 28 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: Failed password for root from 81.162.54.144 port 52860 ssh2
Sep 28 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: Connection closed by 81.162.54.144 port 52860 [preauth]
Sep 28 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Failed password for root from 115.240.221.28 port 56707 ssh2
Sep 28 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Received disconnect from 115.240.221.28 port 56707:11: Bye Bye [preauth]
Sep 28 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Disconnected from 115.240.221.28 port 56707 [preauth]
Sep 28 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Failed password for root from 81.162.54.144 port 53892 ssh2
Sep 28 06:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Connection closed by 81.162.54.144 port 53892 [preauth]
Sep 28 06:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20780]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20844]: Successful su for rubyman by root
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20844]: + ??? root:rubyman
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306745 of user rubyman.
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20844]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306745.
Sep 28 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20776]: Failed password for root from 81.162.54.144 port 53908 ssh2
Sep 28 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20776]: Connection closed by 81.162.54.144 port 53908 [preauth]
Sep 28 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session closed for user root
Sep 28 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Failed password for root from 81.162.54.144 port 41240 ssh2
Sep 28 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Connection closed by 81.162.54.144 port 41240 [preauth]
Sep 28 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20781]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Invalid user debian from 146.190.93.207
Sep 28 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: input_userauth_request: invalid user debian [preauth]
Sep 28 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Failed password for invalid user debian from 146.190.93.207 port 34622 ssh2
Sep 28 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Received disconnect from 146.190.93.207 port 34622:11: Bye Bye [preauth]
Sep 28 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Disconnected from 146.190.93.207 port 34622 [preauth]
Sep 28 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Failed password for root from 81.162.54.144 port 41242 ssh2
Sep 28 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Connection closed by 81.162.54.144 port 41242 [preauth]
Sep 28 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: Invalid user pivpn from 40.119.47.90
Sep 28 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: input_userauth_request: invalid user pivpn [preauth]
Sep 28 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Invalid user map from 103.4.92.103
Sep 28 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: input_userauth_request: invalid user map [preauth]
Sep 28 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103
Sep 28 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Failed password for root from 81.162.54.144 port 41252 ssh2
Sep 28 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: Failed password for invalid user pivpn from 40.119.47.90 port 42892 ssh2
Sep 28 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: Received disconnect from 40.119.47.90 port 42892:11: Bye Bye [preauth]
Sep 28 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21089]: Disconnected from 40.119.47.90 port 42892 [preauth]
Sep 28 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Connection closed by 81.162.54.144 port 41252 [preauth]
Sep 28 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Failed password for invalid user map from 103.4.92.103 port 36668 ssh2
Sep 28 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Received disconnect from 103.4.92.103 port 36668:11: Bye Bye [preauth]
Sep 28 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Disconnected from 103.4.92.103 port 36668 [preauth]
Sep 28 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Failed password for root from 81.162.54.144 port 56568 ssh2
Sep 28 06:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Connection closed by 81.162.54.144 port 56568 [preauth]
Sep 28 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Failed password for root from 81.162.54.144 port 56582 ssh2
Sep 28 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Connection closed by 81.162.54.144 port 56582 [preauth]
Sep 28 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Failed password for root from 81.162.54.144 port 53336 ssh2
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: Invalid user ofbiz from 103.142.69.89
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: input_userauth_request: invalid user ofbiz [preauth]
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Connection closed by 81.162.54.144 port 53336 [preauth]
Sep 28 06:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: Failed password for invalid user ofbiz from 103.142.69.89 port 53006 ssh2
Sep 28 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: Received disconnect from 103.142.69.89 port 53006:11: Bye Bye [preauth]
Sep 28 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21141]: Disconnected from 103.142.69.89 port 53006 [preauth]
Sep 28 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 81.162.54.144 port 53342 ssh2
Sep 28 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Connection closed by 81.162.54.144 port 53342 [preauth]
Sep 28 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19604]: pam_unix(cron:session): session closed for user root
Sep 28 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21161]: Failed password for root from 81.162.54.144 port 57278 ssh2
Sep 28 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21161]: Connection closed by 81.162.54.144 port 57278 [preauth]
Sep 28 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Invalid user alan from 59.19.182.197
Sep 28 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: input_userauth_request: invalid user alan [preauth]
Sep 28 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Failed password for invalid user alan from 59.19.182.197 port 37086 ssh2
Sep 28 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Received disconnect from 59.19.182.197 port 37086:11: Bye Bye [preauth]
Sep 28 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Disconnected from 59.19.182.197 port 37086 [preauth]
Sep 28 06:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Failed password for root from 81.162.54.144 port 57284 ssh2
Sep 28 06:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Connection closed by 81.162.54.144 port 57284 [preauth]
Sep 28 06:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: Failed password for root from 81.162.54.144 port 48500 ssh2
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Invalid user ubuntu from 152.32.171.99
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: Connection closed by 81.162.54.144 port 48500 [preauth]
Sep 28 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for invalid user ubuntu from 152.32.171.99 port 54800 ssh2
Sep 28 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Received disconnect from 152.32.171.99 port 54800:11: Bye Bye [preauth]
Sep 28 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Disconnected from 152.32.171.99 port 54800 [preauth]
Sep 28 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: Failed password for root from 81.162.54.144 port 48514 ssh2
Sep 28 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21225]: Connection closed by 81.162.54.144 port 48514 [preauth]
Sep 28 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21237]: Failed password for root from 81.162.54.144 port 44426 ssh2
Sep 28 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21237]: Connection closed by 81.162.54.144 port 44426 [preauth]
Sep 28 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Failed password for root from 81.162.54.144 port 44436 ssh2
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Invalid user tamara from 65.254.93.52
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: input_userauth_request: invalid user tamara [preauth]
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21253]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Connection closed by 81.162.54.144 port 44436 [preauth]
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: Successful su for rubyman by root
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: + ??? root:rubyman
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306748 of user rubyman.
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306748.
Sep 28 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21251]: pam_unix(cron:session): session closed for user root
Sep 28 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Failed password for invalid user tamara from 65.254.93.52 port 41440 ssh2
Sep 28 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Received disconnect from 65.254.93.52 port 41440:11: Bye Bye [preauth]
Sep 28 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Disconnected from 65.254.93.52 port 41440 [preauth]
Sep 28 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user root
Sep 28 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Failed password for root from 81.162.54.144 port 44444 ssh2
Sep 28 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Connection closed by 81.162.54.144 port 44444 [preauth]
Sep 28 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: Failed password for root from 81.162.54.144 port 37798 ssh2
Sep 28 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: Connection closed by 81.162.54.144 port 37798 [preauth]
Sep 28 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Invalid user rex from 115.240.221.28
Sep 28 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: input_userauth_request: invalid user rex [preauth]
Sep 28 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Failed password for invalid user rex from 115.240.221.28 port 7952 ssh2
Sep 28 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Received disconnect from 115.240.221.28 port 7952:11: Bye Bye [preauth]
Sep 28 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Disconnected from 115.240.221.28 port 7952 [preauth]
Sep 28 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Failed password for root from 81.162.54.144 port 37808 ssh2
Sep 28 06:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21639]: Connection closed by 81.162.54.144 port 37808 [preauth]
Sep 28 06:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Failed password for root from 81.162.54.144 port 49390 ssh2
Sep 28 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Connection closed by 81.162.54.144 port 49390 [preauth]
Sep 28 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Failed password for root from 81.162.54.144 port 49396 ssh2
Sep 28 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Connection closed by 81.162.54.144 port 49396 [preauth]
Sep 28 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Failed password for root from 81.162.54.144 port 49412 ssh2
Sep 28 06:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Connection closed by 81.162.54.144 port 49412 [preauth]
Sep 28 06:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for root from 146.190.93.207 port 39558 ssh2
Sep 28 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Received disconnect from 146.190.93.207 port 39558:11: Bye Bye [preauth]
Sep 28 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Disconnected from 146.190.93.207 port 39558 [preauth]
Sep 28 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Invalid user ceo from 40.119.47.90
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: input_userauth_request: invalid user ceo [preauth]
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Failed password for root from 81.162.54.144 port 39506 ssh2
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Connection closed by 81.162.54.144 port 39506 [preauth]
Sep 28 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user ceo from 40.119.47.90 port 54400 ssh2
Sep 28 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Received disconnect from 40.119.47.90 port 54400:11: Bye Bye [preauth]
Sep 28 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Disconnected from 40.119.47.90 port 54400 [preauth]
Sep 28 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session closed for user root
Sep 28 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Failed password for root from 81.162.54.144 port 39522 ssh2
Sep 28 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Connection closed by 81.162.54.144 port 39522 [preauth]
Sep 28 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: Failed password for root from 81.162.54.144 port 54286 ssh2
Sep 28 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: Connection closed by 81.162.54.144 port 54286 [preauth]
Sep 28 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Failed password for root from 81.162.54.144 port 54288 ssh2
Sep 28 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Connection closed by 81.162.54.144 port 54288 [preauth]
Sep 28 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Invalid user osmc from 103.4.92.103
Sep 28 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: input_userauth_request: invalid user osmc [preauth]
Sep 28 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103
Sep 28 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for root from 103.142.69.89 port 48474 ssh2
Sep 28 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Received disconnect from 103.142.69.89 port 48474:11: Bye Bye [preauth]
Sep 28 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Disconnected from 103.142.69.89 port 48474 [preauth]
Sep 28 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Failed password for invalid user osmc from 103.4.92.103 port 49445 ssh2
Sep 28 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Received disconnect from 103.4.92.103 port 49445:11: Bye Bye [preauth]
Sep 28 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21785]: Disconnected from 103.4.92.103 port 49445 [preauth]
Sep 28 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: Failed password for root from 81.162.54.144 port 55060 ssh2
Sep 28 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21788]: Connection closed by 81.162.54.144 port 55060 [preauth]
Sep 28 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 06:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21798]: Failed password for root from 81.162.54.144 port 55076 ssh2
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21798]: Connection closed by 81.162.54.144 port 55076 [preauth]
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Invalid user home from 152.32.171.99
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: input_userauth_request: invalid user home [preauth]
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Failed password for root from 198.23.174.113 port 39154 ssh2
Sep 28 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Received disconnect from 198.23.174.113 port 39154:11: Bye Bye [preauth]
Sep 28 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Disconnected from 198.23.174.113 port 39154 [preauth]
Sep 28 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Failed password for invalid user home from 152.32.171.99 port 43330 ssh2
Sep 28 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Received disconnect from 152.32.171.99 port 43330:11: Bye Bye [preauth]
Sep 28 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Disconnected from 152.32.171.99 port 43330 [preauth]
Sep 28 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Failed password for root from 81.162.54.144 port 33270 ssh2
Sep 28 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Connection closed by 81.162.54.144 port 33270 [preauth]
Sep 28 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Failed password for root from 103.153.190.105 port 54187 ssh2
Sep 28 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Received disconnect from 103.153.190.105 port 54187:11: Bye Bye [preauth]
Sep 28 06:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21822]: Disconnected from 103.153.190.105 port 54187 [preauth]
Sep 28 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21849]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21849]: pam_unix(cron:session): session closed for user root
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21840]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Failed password for root from 81.162.54.144 port 33280 ssh2
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: Successful su for rubyman by root
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: + ??? root:rubyman
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306754 of user rubyman.
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306754.
Sep 28 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Connection closed by 81.162.54.144 port 33280 [preauth]
Sep 28 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21843]: pam_unix(cron:session): session closed for user root
Sep 28 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18093]: pam_unix(cron:session): session closed for user root
Sep 28 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Failed password for root from 81.162.54.144 port 50968 ssh2
Sep 28 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Connection closed by 81.162.54.144 port 50968 [preauth]
Sep 28 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21842]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Failed password for root from 81.162.54.144 port 50976 ssh2
Sep 28 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Connection closed by 81.162.54.144 port 50976 [preauth]
Sep 28 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: Failed password for root from 59.19.182.197 port 32932 ssh2
Sep 28 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: Received disconnect from 59.19.182.197 port 32932:11: Bye Bye [preauth]
Sep 28 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22169]: Disconnected from 59.19.182.197 port 32932 [preauth]
Sep 28 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22172]: Failed password for root from 81.162.54.144 port 50990 ssh2
Sep 28 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22172]: Connection closed by 81.162.54.144 port 50990 [preauth]
Sep 28 06:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: Failed password for root from 81.162.54.144 port 42818 ssh2
Sep 28 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: Connection closed by 81.162.54.144 port 42818 [preauth]
Sep 28 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: Failed password for root from 81.162.54.144 port 42828 ssh2
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Invalid user julio from 115.240.221.28
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: input_userauth_request: invalid user julio [preauth]
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22199]: Connection closed by 81.162.54.144 port 42828 [preauth]
Sep 28 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Invalid user postgres from 65.254.93.52
Sep 28 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: input_userauth_request: invalid user postgres [preauth]
Sep 28 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52
Sep 28 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Failed password for invalid user julio from 115.240.221.28 port 17863 ssh2
Sep 28 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Received disconnect from 115.240.221.28 port 17863:11: Bye Bye [preauth]
Sep 28 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Disconnected from 115.240.221.28 port 17863 [preauth]
Sep 28 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Failed password for invalid user postgres from 65.254.93.52 port 46108 ssh2
Sep 28 06:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Received disconnect from 65.254.93.52 port 46108:11: Bye Bye [preauth]
Sep 28 06:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Disconnected from 65.254.93.52 port 46108 [preauth]
Sep 28 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for root from 81.162.54.144 port 51302 ssh2
Sep 28 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Connection closed by 81.162.54.144 port 51302 [preauth]
Sep 28 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Failed password for root from 81.162.54.144 port 51314 ssh2
Sep 28 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Connection closed by 81.162.54.144 port 51314 [preauth]
Sep 28 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session closed for user root
Sep 28 06:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22261]: Failed password for root from 81.162.54.144 port 38808 ssh2
Sep 28 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22261]: Connection closed by 81.162.54.144 port 38808 [preauth]
Sep 28 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90  user=root
Sep 28 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Invalid user nikola from 146.190.93.207
Sep 28 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: input_userauth_request: invalid user nikola [preauth]
Sep 28 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22298]: Failed password for root from 40.119.47.90 port 37630 ssh2
Sep 28 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22298]: Received disconnect from 40.119.47.90 port 37630:11: Bye Bye [preauth]
Sep 28 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22298]: Disconnected from 40.119.47.90 port 37630 [preauth]
Sep 28 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: Failed password for root from 81.162.54.144 port 38816 ssh2
Sep 28 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: Connection closed by 81.162.54.144 port 38816 [preauth]
Sep 28 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Failed password for invalid user nikola from 146.190.93.207 port 57352 ssh2
Sep 28 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Received disconnect from 146.190.93.207 port 57352:11: Bye Bye [preauth]
Sep 28 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Disconnected from 146.190.93.207 port 57352 [preauth]
Sep 28 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Failed password for root from 81.162.54.144 port 38820 ssh2
Sep 28 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Connection closed by 81.162.54.144 port 38820 [preauth]
Sep 28 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22327]: Failed password for root from 81.162.54.144 port 48418 ssh2
Sep 28 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22327]: Connection closed by 81.162.54.144 port 48418 [preauth]
Sep 28 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22339]: Failed password for root from 81.162.54.144 port 48430 ssh2
Sep 28 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22339]: Connection closed by 81.162.54.144 port 48430 [preauth]
Sep 28 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99  user=root
Sep 28 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: Failed password for root from 81.162.54.144 port 40544 ssh2
Sep 28 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: Failed password for root from 152.32.171.99 port 53226 ssh2
Sep 28 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: Received disconnect from 152.32.171.99 port 53226:11: Bye Bye [preauth]
Sep 28 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: Disconnected from 152.32.171.99 port 53226 [preauth]
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22372]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: Connection closed by 81.162.54.144 port 40544 [preauth]
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22453]: Successful su for rubyman by root
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22453]: + ??? root:rubyman
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306760 of user rubyman.
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22453]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306760.
Sep 28 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Invalid user exx from 103.142.69.89
Sep 28 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: input_userauth_request: invalid user exx [preauth]
Sep 28 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Failed password for invalid user exx from 103.142.69.89 port 43946 ssh2
Sep 28 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Received disconnect from 103.142.69.89 port 43946:11: Bye Bye [preauth]
Sep 28 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Disconnected from 103.142.69.89 port 43946 [preauth]
Sep 28 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session closed for user root
Sep 28 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Failed password for root from 81.162.54.144 port 40550 ssh2
Sep 28 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Connection closed by 81.162.54.144 port 40550 [preauth]
Sep 28 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22373]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Failed password for root from 81.162.54.144 port 55934 ssh2
Sep 28 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22643]: Connection closed by 81.162.54.144 port 55934 [preauth]
Sep 28 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103  user=root
Sep 28 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Failed password for root from 103.4.92.103 port 33985 ssh2
Sep 28 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Received disconnect from 103.4.92.103 port 33985:11: Bye Bye [preauth]
Sep 28 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Disconnected from 103.4.92.103 port 33985 [preauth]
Sep 28 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Failed password for root from 81.162.54.144 port 55950 ssh2
Sep 28 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22679]: Connection closed by 81.162.54.144 port 55950 [preauth]
Sep 28 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Failed password for root from 81.162.54.144 port 33882 ssh2
Sep 28 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Connection closed by 81.162.54.144 port 33882 [preauth]
Sep 28 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Failed password for root from 81.162.54.144 port 33886 ssh2
Sep 28 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Connection closed by 81.162.54.144 port 33886 [preauth]
Sep 28 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Failed password for root from 81.162.54.144 port 46272 ssh2
Sep 28 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Connection closed by 81.162.54.144 port 46272 [preauth]
Sep 28 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Failed password for root from 81.162.54.144 port 46276 ssh2
Sep 28 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Connection closed by 81.162.54.144 port 46276 [preauth]
Sep 28 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session closed for user root
Sep 28 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Failed password for root from 81.162.54.144 port 49346 ssh2
Sep 28 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Connection closed by 81.162.54.144 port 49346 [preauth]
Sep 28 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Invalid user hamza from 59.19.182.197
Sep 28 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: input_userauth_request: invalid user hamza [preauth]
Sep 28 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: Failed password for root from 115.240.221.28 port 48886 ssh2
Sep 28 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: Received disconnect from 115.240.221.28 port 48886:11: Bye Bye [preauth]
Sep 28 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: Disconnected from 115.240.221.28 port 48886 [preauth]
Sep 28 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Failed password for root from 81.162.54.144 port 49362 ssh2
Sep 28 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Connection closed by 81.162.54.144 port 49362 [preauth]
Sep 28 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Failed password for invalid user hamza from 59.19.182.197 port 57006 ssh2
Sep 28 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Received disconnect from 59.19.182.197 port 57006:11: Bye Bye [preauth]
Sep 28 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Disconnected from 59.19.182.197 port 57006 [preauth]
Sep 28 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.254.93.52  user=root
Sep 28 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Failed password for root from 81.162.54.144 port 49366 ssh2
Sep 28 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Connection closed by 81.162.54.144 port 49366 [preauth]
Sep 28 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Failed password for root from 65.254.93.52 port 39908 ssh2
Sep 28 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Received disconnect from 65.254.93.52 port 39908:11: Bye Bye [preauth]
Sep 28 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Disconnected from 65.254.93.52 port 39908 [preauth]
Sep 28 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: Invalid user ahmad from 40.119.47.90
Sep 28 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: input_userauth_request: invalid user ahmad [preauth]
Sep 28 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Failed password for root from 81.162.54.144 port 40008 ssh2
Sep 28 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Connection closed by 81.162.54.144 port 40008 [preauth]
Sep 28 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: Failed password for invalid user ahmad from 40.119.47.90 port 46628 ssh2
Sep 28 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: Received disconnect from 40.119.47.90 port 46628:11: Bye Bye [preauth]
Sep 28 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23044]: Disconnected from 40.119.47.90 port 46628 [preauth]
Sep 28 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Failed password for root from 81.162.54.144 port 40010 ssh2
Sep 28 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Connection closed by 81.162.54.144 port 40010 [preauth]
Sep 28 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: Failed password for root from 81.162.54.144 port 41070 ssh2
Sep 28 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: Connection closed by 81.162.54.144 port 41070 [preauth]
Sep 28 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Invalid user radarr from 146.190.93.207
Sep 28 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: input_userauth_request: invalid user radarr [preauth]
Sep 28 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Failed password for root from 81.162.54.144 port 41076 ssh2
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Failed password for invalid user radarr from 146.190.93.207 port 40742 ssh2
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Received disconnect from 146.190.93.207 port 40742:11: Bye Bye [preauth]
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23081]: Disconnected from 146.190.93.207 port 40742 [preauth]
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: Successful su for rubyman by root
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: + ??? root:rubyman
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306764 of user rubyman.
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306764.
Sep 28 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Invalid user test from 152.32.171.99
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: input_userauth_request: invalid user test [preauth]
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Connection closed by 81.162.54.144 port 41076 [preauth]
Sep 28 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19603]: pam_unix(cron:session): session closed for user root
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Invalid user userr from 198.23.174.113
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: input_userauth_request: invalid user userr [preauth]
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Failed password for invalid user test from 152.32.171.99 port 49464 ssh2
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Received disconnect from 152.32.171.99 port 49464:11: Bye Bye [preauth]
Sep 28 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Disconnected from 152.32.171.99 port 49464 [preauth]
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for invalid user userr from 198.23.174.113 port 39258 ssh2
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Received disconnect from 198.23.174.113 port 39258:11: Bye Bye [preauth]
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Disconnected from 198.23.174.113 port 39258 [preauth]
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: Failed password for root from 81.162.54.144 port 41084 ssh2
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23330]: Connection closed by 81.162.54.144 port 41084 [preauth]
Sep 28 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: Failed password for root from 81.162.54.144 port 47428 ssh2
Sep 28 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: Connection closed by 81.162.54.144 port 47428 [preauth]
Sep 28 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Invalid user jonathan from 103.142.69.89
Sep 28 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: input_userauth_request: invalid user jonathan [preauth]
Sep 28 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Failed password for root from 81.162.54.144 port 38848 ssh2
Sep 28 06:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Connection closed by 81.162.54.144 port 38848 [preauth]
Sep 28 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for invalid user jonathan from 103.142.69.89 port 39420 ssh2
Sep 28 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Received disconnect from 103.142.69.89 port 39420:11: Bye Bye [preauth]
Sep 28 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Disconnected from 103.142.69.89 port 39420 [preauth]
Sep 28 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Failed password for root from 81.162.54.144 port 38854 ssh2
Sep 28 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Connection closed by 81.162.54.144 port 38854 [preauth]
Sep 28 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Failed password for root from 81.162.54.144 port 38858 ssh2
Sep 28 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Connection closed by 81.162.54.144 port 38858 [preauth]
Sep 28 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for root from 81.162.54.144 port 36866 ssh2
Sep 28 06:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Connection closed by 81.162.54.144 port 36866 [preauth]
Sep 28 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Failed password for root from 81.162.54.144 port 36874 ssh2
Sep 28 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Connection closed by 81.162.54.144 port 36874 [preauth]
Sep 28 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21846]: pam_unix(cron:session): session closed for user root
Sep 28 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Failed password for root from 81.162.54.144 port 59990 ssh2
Sep 28 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Connection closed by 81.162.54.144 port 59990 [preauth]
Sep 28 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Invalid user deploy from 103.4.92.103
Sep 28 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: input_userauth_request: invalid user deploy [preauth]
Sep 28 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.4.92.103
Sep 28 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Failed password for invalid user deploy from 103.4.92.103 port 46762 ssh2
Sep 28 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Received disconnect from 103.4.92.103 port 46762:11: Bye Bye [preauth]
Sep 28 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Disconnected from 103.4.92.103 port 46762 [preauth]
Sep 28 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Failed password for root from 81.162.54.144 port 60002 ssh2
Sep 28 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Connection closed by 81.162.54.144 port 60002 [preauth]
Sep 28 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: Failed password for root from 81.162.54.144 port 60018 ssh2
Sep 28 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: Connection closed by 81.162.54.144 port 60018 [preauth]
Sep 28 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Failed password for root from 81.162.54.144 port 34722 ssh2
Sep 28 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Connection closed by 81.162.54.144 port 34722 [preauth]
Sep 28 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Invalid user mikey from 115.240.221.28
Sep 28 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: input_userauth_request: invalid user mikey [preauth]
Sep 28 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Failed password for invalid user mikey from 115.240.221.28 port 50533 ssh2
Sep 28 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Received disconnect from 115.240.221.28 port 50533:11: Bye Bye [preauth]
Sep 28 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23816]: Disconnected from 115.240.221.28 port 50533 [preauth]
Sep 28 06:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: Failed password for root from 81.162.54.144 port 34728 ssh2
Sep 28 06:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: Connection closed by 81.162.54.144 port 34728 [preauth]
Sep 28 06:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23828]: Failed password for root from 81.162.54.144 port 48648 ssh2
Sep 28 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23828]: Connection closed by 81.162.54.144 port 48648 [preauth]
Sep 28 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: Invalid user hery from 40.119.47.90
Sep 28 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: input_userauth_request: invalid user hery [preauth]
Sep 28 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: Failed password for invalid user hery from 40.119.47.90 port 47670 ssh2
Sep 28 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: Received disconnect from 40.119.47.90 port 47670:11: Bye Bye [preauth]
Sep 28 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: Disconnected from 40.119.47.90 port 47670 [preauth]
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23830]: Failed password for root from 81.162.54.144 port 48652 ssh2
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23844]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23830]: Connection closed by 81.162.54.144 port 48652 [preauth]
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23909]: Successful su for rubyman by root
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23909]: + ??? root:rubyman
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306768 of user rubyman.
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23909]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306768.
Sep 28 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session closed for user root
Sep 28 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Failed password for root from 59.19.182.197 port 52854 ssh2
Sep 28 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Received disconnect from 59.19.182.197 port 52854:11: Bye Bye [preauth]
Sep 28 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Disconnected from 59.19.182.197 port 52854 [preauth]
Sep 28 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Failed password for root from 81.162.54.144 port 48660 ssh2
Sep 28 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23845]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Connection closed by 81.162.54.144 port 48660 [preauth]
Sep 28 06:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: Invalid user misp from 152.32.171.99
Sep 28 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: input_userauth_request: invalid user misp [preauth]
Sep 28 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: Failed password for invalid user misp from 152.32.171.99 port 52712 ssh2
Sep 28 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: Received disconnect from 152.32.171.99 port 52712:11: Bye Bye [preauth]
Sep 28 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: Disconnected from 152.32.171.99 port 52712 [preauth]
Sep 28 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: Failed password for root from 81.162.54.144 port 49924 ssh2
Sep 28 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: Connection closed by 81.162.54.144 port 49924 [preauth]
Sep 28 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for root from 146.190.93.207 port 35518 ssh2
Sep 28 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Received disconnect from 146.190.93.207 port 35518:11: Bye Bye [preauth]
Sep 28 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Disconnected from 146.190.93.207 port 35518 [preauth]
Sep 28 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Failed password for root from 81.162.54.144 port 35694 ssh2
Sep 28 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Connection closed by 81.162.54.144 port 35694 [preauth]
Sep 28 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Failed password for root from 81.162.54.144 port 35704 ssh2
Sep 28 06:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Connection closed by 81.162.54.144 port 35704 [preauth]
Sep 28 06:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Failed password for root from 81.162.54.144 port 35626 ssh2
Sep 28 06:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Connection closed by 81.162.54.144 port 35626 [preauth]
Sep 28 06:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Failed password for root from 81.162.54.144 port 35640 ssh2
Sep 28 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Connection closed by 81.162.54.144 port 35640 [preauth]
Sep 28 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22375]: pam_unix(cron:session): session closed for user root
Sep 28 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for root from 103.142.69.89 port 34888 ssh2
Sep 28 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Received disconnect from 103.142.69.89 port 34888:11: Bye Bye [preauth]
Sep 28 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Disconnected from 103.142.69.89 port 34888 [preauth]
Sep 28 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: Failed password for root from 81.162.54.144 port 35642 ssh2
Sep 28 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: Connection closed by 81.162.54.144 port 35642 [preauth]
Sep 28 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Failed password for root from 81.162.54.144 port 43308 ssh2
Sep 28 06:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Connection closed by 81.162.54.144 port 43308 [preauth]
Sep 28 06:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Failed password for root from 81.162.54.144 port 43316 ssh2
Sep 28 06:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Connection closed by 81.162.54.144 port 43316 [preauth]
Sep 28 06:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Failed password for root from 81.162.54.144 port 33014 ssh2
Sep 28 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Connection closed by 81.162.54.144 port 33014 [preauth]
Sep 28 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Failed password for root from 81.162.54.144 port 33026 ssh2
Sep 28 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Connection closed by 81.162.54.144 port 33026 [preauth]
Sep 28 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Failed password for root from 103.153.190.105 port 58363 ssh2
Sep 28 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Received disconnect from 103.153.190.105 port 58363:11: Bye Bye [preauth]
Sep 28 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Disconnected from 103.153.190.105 port 58363 [preauth]
Sep 28 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Failed password for root from 81.162.54.144 port 33038 ssh2
Sep 28 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Connection closed by 81.162.54.144 port 33038 [preauth]
Sep 28 06:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Failed password for root from 81.162.54.144 port 46750 ssh2
Sep 28 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Connection closed by 81.162.54.144 port 46750 [preauth]
Sep 28 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24380]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24379]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: Successful su for rubyman by root
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: + ??? root:rubyman
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306772 of user rubyman.
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306772.
Sep 28 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Failed password for root from 81.162.54.144 port 46756 ssh2
Sep 28 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Connection closed by 81.162.54.144 port 46756 [preauth]
Sep 28 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20782]: pam_unix(cron:session): session closed for user root
Sep 28 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Failed password for root from 115.240.221.28 port 38133 ssh2
Sep 28 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Received disconnect from 115.240.221.28 port 38133:11: Bye Bye [preauth]
Sep 28 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Disconnected from 115.240.221.28 port 38133 [preauth]
Sep 28 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Failed password for root from 81.162.54.144 port 36386 ssh2
Sep 28 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24536]: Connection closed by 81.162.54.144 port 36386 [preauth]
Sep 28 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24378]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Failed password for root from 81.162.54.144 port 36388 ssh2
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Connection closed by 81.162.54.144 port 36388 [preauth]
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Invalid user lisong from 40.119.47.90
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: input_userauth_request: invalid user lisong [preauth]
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Failed password for invalid user lisong from 40.119.47.90 port 58892 ssh2
Sep 28 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Received disconnect from 40.119.47.90 port 58892:11: Bye Bye [preauth]
Sep 28 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Disconnected from 40.119.47.90 port 58892 [preauth]
Sep 28 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Failed password for root from 81.162.54.144 port 36402 ssh2
Sep 28 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Connection closed by 81.162.54.144 port 36402 [preauth]
Sep 28 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Invalid user daveo from 152.32.171.99
Sep 28 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: input_userauth_request: invalid user daveo [preauth]
Sep 28 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Failed password for invalid user daveo from 152.32.171.99 port 44934 ssh2
Sep 28 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Received disconnect from 152.32.171.99 port 44934:11: Bye Bye [preauth]
Sep 28 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Disconnected from 152.32.171.99 port 44934 [preauth]
Sep 28 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for root from 198.23.174.113 port 39356 ssh2
Sep 28 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Received disconnect from 198.23.174.113 port 39356:11: Bye Bye [preauth]
Sep 28 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Disconnected from 198.23.174.113 port 39356 [preauth]
Sep 28 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Failed password for root from 81.162.54.144 port 45990 ssh2
Sep 28 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Connection closed by 81.162.54.144 port 45990 [preauth]
Sep 28 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Failed password for root from 81.162.54.144 port 51958 ssh2
Sep 28 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Connection closed by 81.162.54.144 port 51958 [preauth]
Sep 28 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Invalid user mtest from 146.190.93.207
Sep 28 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: input_userauth_request: invalid user mtest [preauth]
Sep 28 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Invalid user dockeruser from 59.19.182.197
Sep 28 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: input_userauth_request: invalid user dockeruser [preauth]
Sep 28 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Failed password for root from 81.162.54.144 port 51982 ssh2
Sep 28 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Failed password for invalid user dockeruser from 59.19.182.197 port 48694 ssh2
Sep 28 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Received disconnect from 59.19.182.197 port 48694:11: Bye Bye [preauth]
Sep 28 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24760]: Disconnected from 59.19.182.197 port 48694 [preauth]
Sep 28 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Connection closed by 81.162.54.144 port 51982 [preauth]
Sep 28 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Failed password for invalid user mtest from 146.190.93.207 port 60332 ssh2
Sep 28 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Received disconnect from 146.190.93.207 port 60332:11: Bye Bye [preauth]
Sep 28 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Disconnected from 146.190.93.207 port 60332 [preauth]
Sep 28 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23092]: pam_unix(cron:session): session closed for user root
Sep 28 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: Failed password for root from 81.162.54.144 port 40930 ssh2
Sep 28 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: Connection closed by 81.162.54.144 port 40930 [preauth]
Sep 28 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: Failed password for root from 81.162.54.144 port 40936 ssh2
Sep 28 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: Connection closed by 81.162.54.144 port 40936 [preauth]
Sep 28 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Failed password for root from 81.162.54.144 port 40946 ssh2
Sep 28 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Connection closed by 81.162.54.144 port 40946 [preauth]
Sep 28 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Failed password for root from 81.162.54.144 port 51288 ssh2
Sep 28 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Connection closed by 81.162.54.144 port 51288 [preauth]
Sep 28 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Invalid user smp from 103.142.69.89
Sep 28 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: input_userauth_request: invalid user smp [preauth]
Sep 28 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Failed password for invalid user smp from 103.142.69.89 port 58592 ssh2
Sep 28 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Received disconnect from 103.142.69.89 port 58592:11: Bye Bye [preauth]
Sep 28 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Disconnected from 103.142.69.89 port 58592 [preauth]
Sep 28 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: Failed password for root from 81.162.54.144 port 51296 ssh2
Sep 28 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: Connection closed by 81.162.54.144 port 51296 [preauth]
Sep 28 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: Failed password for root from 81.162.54.144 port 32954 ssh2
Sep 28 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: Connection closed by 81.162.54.144 port 32954 [preauth]
Sep 28 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session closed for user root
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Failed password for root from 81.162.54.144 port 32968 ssh2
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Connection closed by 81.162.54.144 port 32968 [preauth]
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: Successful su for rubyman by root
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: + ??? root:rubyman
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306775 of user rubyman.
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306775.
Sep 28 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session closed for user root
Sep 28 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session closed for user root
Sep 28 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Failed password for root from 81.162.54.144 port 32972 ssh2
Sep 28 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Connection closed by 81.162.54.144 port 32972 [preauth]
Sep 28 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24873]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Failed password for root from 81.162.54.144 port 37280 ssh2
Sep 28 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Connection closed by 81.162.54.144 port 37280 [preauth]
Sep 28 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Failed password for root from 81.162.54.144 port 37290 ssh2
Sep 28 06:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Connection closed by 81.162.54.144 port 37290 [preauth]
Sep 28 06:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Failed password for root from 81.162.54.144 port 36648 ssh2
Sep 28 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Connection closed by 81.162.54.144 port 36648 [preauth]
Sep 28 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Invalid user pzuser from 115.240.221.28
Sep 28 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: input_userauth_request: invalid user pzuser [preauth]
Sep 28 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Failed password for invalid user pzuser from 115.240.221.28 port 17165 ssh2
Sep 28 06:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Failed password for root from 81.162.54.144 port 36652 ssh2
Sep 28 06:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Received disconnect from 115.240.221.28 port 17165:11: Bye Bye [preauth]
Sep 28 06:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Disconnected from 115.240.221.28 port 17165 [preauth]
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Connection closed by 81.162.54.144 port 36652 [preauth]
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Invalid user shamim from 152.32.171.99
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: input_userauth_request: invalid user shamim [preauth]
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Invalid user dockeruser from 40.119.47.90
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: input_userauth_request: invalid user dockeruser [preauth]
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Failed password for invalid user shamim from 152.32.171.99 port 53170 ssh2
Sep 28 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Received disconnect from 152.32.171.99 port 53170:11: Bye Bye [preauth]
Sep 28 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25286]: Disconnected from 152.32.171.99 port 53170 [preauth]
Sep 28 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Failed password for invalid user dockeruser from 40.119.47.90 port 58148 ssh2
Sep 28 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Received disconnect from 40.119.47.90 port 58148:11: Bye Bye [preauth]
Sep 28 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Disconnected from 40.119.47.90 port 58148 [preauth]
Sep 28 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25514]: Failed password for root from 81.162.54.144 port 33618 ssh2
Sep 28 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25514]: Connection closed by 81.162.54.144 port 33618 [preauth]
Sep 28 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23847]: pam_unix(cron:session): session closed for user root
Sep 28 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Failed password for root from 81.162.54.144 port 45904 ssh2
Sep 28 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Connection closed by 81.162.54.144 port 45904 [preauth]
Sep 28 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Failed password for root from 81.162.54.144 port 45912 ssh2
Sep 28 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Connection closed by 81.162.54.144 port 45912 [preauth]
Sep 28 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Failed password for root from 81.162.54.144 port 45920 ssh2
Sep 28 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Connection closed by 81.162.54.144 port 45920 [preauth]
Sep 28 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Failed password for root from 81.162.54.144 port 34716 ssh2
Sep 28 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Failed password for root from 146.190.93.207 port 43020 ssh2
Sep 28 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Connection closed by 81.162.54.144 port 34716 [preauth]
Sep 28 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Received disconnect from 146.190.93.207 port 43020:11: Bye Bye [preauth]
Sep 28 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Disconnected from 146.190.93.207 port 43020 [preauth]
Sep 28 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Failed password for root from 81.162.54.144 port 34720 ssh2
Sep 28 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Connection closed by 81.162.54.144 port 34720 [preauth]
Sep 28 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25609]: Failed password for root from 81.162.54.144 port 52092 ssh2
Sep 28 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25609]: Connection closed by 81.162.54.144 port 52092 [preauth]
Sep 28 06:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Failed password for root from 81.162.54.144 port 52114 ssh2
Sep 28 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Connection closed by 81.162.54.144 port 52114 [preauth]
Sep 28 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25713]: Successful su for rubyman by root
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25713]: + ??? root:rubyman
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306781 of user rubyman.
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25713]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306781.
Sep 28 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Failed password for root from 59.19.182.197 port 44538 ssh2
Sep 28 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Received disconnect from 59.19.182.197 port 44538:11: Bye Bye [preauth]
Sep 28 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Disconnected from 59.19.182.197 port 44538 [preauth]
Sep 28 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Failed password for root from 81.162.54.144 port 52118 ssh2
Sep 28 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Connection closed by 81.162.54.144 port 52118 [preauth]
Sep 28 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21844]: pam_unix(cron:session): session closed for user root
Sep 28 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Failed password for root from 81.162.54.144 port 53462 ssh2
Sep 28 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Connection closed by 81.162.54.144 port 53462 [preauth]
Sep 28 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Invalid user tamara from 103.142.69.89
Sep 28 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: input_userauth_request: invalid user tamara [preauth]
Sep 28 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Failed password for invalid user tamara from 103.142.69.89 port 54064 ssh2
Sep 28 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Received disconnect from 103.142.69.89 port 54064:11: Bye Bye [preauth]
Sep 28 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Disconnected from 103.142.69.89 port 54064 [preauth]
Sep 28 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: Failed password for root from 81.162.54.144 port 53472 ssh2
Sep 28 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: Connection closed by 81.162.54.144 port 53472 [preauth]
Sep 28 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Failed password for root from 81.162.54.144 port 40872 ssh2
Sep 28 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Connection closed by 81.162.54.144 port 40872 [preauth]
Sep 28 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Failed password for root from 81.162.54.144 port 40874 ssh2
Sep 28 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Connection closed by 81.162.54.144 port 40874 [preauth]
Sep 28 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for root from 81.162.54.144 port 40884 ssh2
Sep 28 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Connection closed by 81.162.54.144 port 40884 [preauth]
Sep 28 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Invalid user webapp from 152.32.171.99
Sep 28 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: input_userauth_request: invalid user webapp [preauth]
Sep 28 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Failed password for root from 81.162.54.144 port 55664 ssh2
Sep 28 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Connection closed by 81.162.54.144 port 55664 [preauth]
Sep 28 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Failed password for invalid user webapp from 152.32.171.99 port 57560 ssh2
Sep 28 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Received disconnect from 152.32.171.99 port 57560:11: Bye Bye [preauth]
Sep 28 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Disconnected from 152.32.171.99 port 57560 [preauth]
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: Invalid user jimmy from 198.23.174.113
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: input_userauth_request: invalid user jimmy [preauth]
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24380]: pam_unix(cron:session): session closed for user root
Sep 28 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Invalid user test from 40.119.47.90
Sep 28 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: input_userauth_request: invalid user test [preauth]
Sep 28 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Sep 28 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: Failed password for invalid user jimmy from 198.23.174.113 port 39462 ssh2
Sep 28 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: Received disconnect from 198.23.174.113 port 39462:11: Bye Bye [preauth]
Sep 28 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: Disconnected from 198.23.174.113 port 39462 [preauth]
Sep 28 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Failed password for invalid user test from 40.119.47.90 port 39194 ssh2
Sep 28 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Received disconnect from 40.119.47.90 port 39194:11: Bye Bye [preauth]
Sep 28 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Disconnected from 40.119.47.90 port 39194 [preauth]
Sep 28 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Failed password for root from 115.240.221.28 port 29809 ssh2
Sep 28 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Received disconnect from 115.240.221.28 port 29809:11: Bye Bye [preauth]
Sep 28 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Disconnected from 115.240.221.28 port 29809 [preauth]
Sep 28 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Failed password for root from 81.162.54.144 port 55678 ssh2
Sep 28 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Connection closed by 81.162.54.144 port 55678 [preauth]
Sep 28 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Failed password for root from 81.162.54.144 port 59388 ssh2
Sep 28 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Connection closed by 81.162.54.144 port 59388 [preauth]
Sep 28 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Failed password for root from 81.162.54.144 port 59400 ssh2
Sep 28 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Connection closed by 81.162.54.144 port 59400 [preauth]
Sep 28 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Failed password for root from 81.162.54.144 port 56098 ssh2
Sep 28 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Connection closed by 81.162.54.144 port 56098 [preauth]
Sep 28 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Failed password for root from 81.162.54.144 port 56104 ssh2
Sep 28 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Connection closed by 81.162.54.144 port 56104 [preauth]
Sep 28 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: Failed password for root from 81.162.54.144 port 43902 ssh2
Sep 28 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26234]: Connection closed by 81.162.54.144 port 43902 [preauth]
Sep 28 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Invalid user hussain from 146.190.93.207
Sep 28 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: input_userauth_request: invalid user hussain [preauth]
Sep 28 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Failed password for invalid user hussain from 146.190.93.207 port 37718 ssh2
Sep 28 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Failed password for root from 81.162.54.144 port 43904 ssh2
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Received disconnect from 146.190.93.207 port 37718:11: Bye Bye [preauth]
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Disconnected from 146.190.93.207 port 37718 [preauth]
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Connection closed by 81.162.54.144 port 43904 [preauth]
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: Successful su for rubyman by root
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: + ??? root:rubyman
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306789 of user rubyman.
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306789.
Sep 28 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session closed for user root
Sep 28 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: Failed password for root from 81.162.54.144 port 43908 ssh2
Sep 28 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: Connection closed by 81.162.54.144 port 43908 [preauth]
Sep 28 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session closed for user root
Sep 28 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Failed password for root from 81.162.54.144 port 37626 ssh2
Sep 28 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Connection closed by 81.162.54.144 port 37626 [preauth]
Sep 28 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Failed password for root from 81.162.54.144 port 37640 ssh2
Sep 28 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Connection closed by 81.162.54.144 port 37640 [preauth]
Sep 28 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Failed password for root from 81.162.54.144 port 60380 ssh2
Sep 28 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Connection closed by 81.162.54.144 port 60380 [preauth]
Sep 28 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: Failed password for root from 81.162.54.144 port 60394 ssh2
Sep 28 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: Connection closed by 81.162.54.144 port 60394 [preauth]
Sep 28 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Failed password for root from 81.162.54.144 port 60398 ssh2
Sep 28 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Connection closed by 81.162.54.144 port 60398 [preauth]
Sep 28 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26749]: Failed password for root from 81.162.54.144 port 57092 ssh2
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26749]: Connection closed by 81.162.54.144 port 57092 [preauth]
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Invalid user ubuntu from 59.19.182.197
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Invalid user map from 103.142.69.89
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: input_userauth_request: invalid user map [preauth]
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99  user=root
Sep 28 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Failed password for invalid user ubuntu from 59.19.182.197 port 40386 ssh2
Sep 28 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Received disconnect from 59.19.182.197 port 40386:11: Bye Bye [preauth]
Sep 28 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Disconnected from 59.19.182.197 port 40386 [preauth]
Sep 28 06:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Failed password for invalid user map from 103.142.69.89 port 49536 ssh2
Sep 28 06:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Received disconnect from 103.142.69.89 port 49536:11: Bye Bye [preauth]
Sep 28 06:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Disconnected from 103.142.69.89 port 49536 [preauth]
Sep 28 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Failed password for root from 81.162.54.144 port 57098 ssh2
Sep 28 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Connection closed by 81.162.54.144 port 57098 [preauth]
Sep 28 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Failed password for root from 152.32.171.99 port 47588 ssh2
Sep 28 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Received disconnect from 152.32.171.99 port 47588:11: Bye Bye [preauth]
Sep 28 06:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Disconnected from 152.32.171.99 port 47588 [preauth]
Sep 28 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session closed for user root
Sep 28 06:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Failed password for root from 81.162.54.144 port 40694 ssh2
Sep 28 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26822]: Connection closed by 81.162.54.144 port 40694 [preauth]
Sep 28 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Failed password for root from 81.162.54.144 port 40704 ssh2
Sep 28 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90  user=root
Sep 28 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Connection closed by 81.162.54.144 port 40704 [preauth]
Sep 28 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Failed password for root from 40.119.47.90 port 57382 ssh2
Sep 28 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Received disconnect from 40.119.47.90 port 57382:11: Bye Bye [preauth]
Sep 28 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Disconnected from 40.119.47.90 port 57382 [preauth]
Sep 28 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Failed password for root from 81.162.54.144 port 40706 ssh2
Sep 28 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Connection closed by 81.162.54.144 port 40706 [preauth]
Sep 28 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Invalid user nikola from 115.240.221.28
Sep 28 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: input_userauth_request: invalid user nikola [preauth]
Sep 28 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Failed password for invalid user nikola from 115.240.221.28 port 4221 ssh2
Sep 28 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Received disconnect from 115.240.221.28 port 4221:11: Bye Bye [preauth]
Sep 28 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26925]: Disconnected from 115.240.221.28 port 4221 [preauth]
Sep 28 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26944]: Failed password for root from 81.162.54.144 port 46122 ssh2
Sep 28 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26944]: Connection closed by 81.162.54.144 port 46122 [preauth]
Sep 28 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26960]: Failed password for root from 103.153.190.105 port 39096 ssh2
Sep 28 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26960]: Received disconnect from 103.153.190.105 port 39096:11: Bye Bye [preauth]
Sep 28 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26960]: Disconnected from 103.153.190.105 port 39096 [preauth]
Sep 28 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Failed password for root from 81.162.54.144 port 46134 ssh2
Sep 28 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Connection closed by 81.162.54.144 port 46134 [preauth]
Sep 28 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: Failed password for root from 81.162.54.144 port 54064 ssh2
Sep 28 06:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: Connection closed by 81.162.54.144 port 54064 [preauth]
Sep 28 06:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Failed password for root from 81.162.54.144 port 54072 ssh2
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27074]: Successful su for rubyman by root
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27074]: + ??? root:rubyman
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306790 of user rubyman.
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27074]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306790.
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Connection closed by 81.162.54.144 port 54072 [preauth]
Sep 28 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user root
Sep 28 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Failed password for root from 81.162.54.144 port 59612 ssh2
Sep 28 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Connection closed by 81.162.54.144 port 59612 [preauth]
Sep 28 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Invalid user emily from 146.190.93.207
Sep 28 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: input_userauth_request: invalid user emily [preauth]
Sep 28 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Failed password for root from 81.162.54.144 port 59616 ssh2
Sep 28 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Connection closed by 81.162.54.144 port 59616 [preauth]
Sep 28 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user emily from 146.190.93.207 port 40766 ssh2
Sep 28 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Received disconnect from 146.190.93.207 port 40766:11: Bye Bye [preauth]
Sep 28 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Disconnected from 146.190.93.207 port 40766 [preauth]
Sep 28 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Failed password for root from 81.162.54.144 port 59628 ssh2
Sep 28 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Connection closed by 81.162.54.144 port 59628 [preauth]
Sep 28 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Failed password for root from 81.162.54.144 port 41604 ssh2
Sep 28 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Connection closed by 81.162.54.144 port 41604 [preauth]
Sep 28 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Failed password for root from 81.162.54.144 port 41606 ssh2
Sep 28 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Connection closed by 81.162.54.144 port 41606 [preauth]
Sep 28 06:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27359]: Failed password for root from 81.162.54.144 port 57008 ssh2
Sep 28 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27359]: Connection closed by 81.162.54.144 port 57008 [preauth]
Sep 28 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Failed password for root from 81.162.54.144 port 57016 ssh2
Sep 28 06:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Connection closed by 81.162.54.144 port 57016 [preauth]
Sep 28 06:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Invalid user pablo from 152.32.171.99
Sep 28 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: input_userauth_request: invalid user pablo [preauth]
Sep 28 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Failed password for root from 81.162.54.144 port 57026 ssh2
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Failed password for invalid user pablo from 152.32.171.99 port 35374 ssh2
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Received disconnect from 152.32.171.99 port 35374:11: Bye Bye [preauth]
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Disconnected from 152.32.171.99 port 35374 [preauth]
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Connection closed by 81.162.54.144 port 57026 [preauth]
Sep 28 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Failed password for root from 81.162.54.144 port 39052 ssh2
Sep 28 06:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Connection closed by 81.162.54.144 port 39052 [preauth]
Sep 28 06:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Failed password for root from 81.162.54.144 port 39062 ssh2
Sep 28 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Connection closed by 81.162.54.144 port 39062 [preauth]
Sep 28 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Failed password for root from 81.162.54.144 port 39076 ssh2
Sep 28 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Connection closed by 81.162.54.144 port 39076 [preauth]
Sep 28 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Invalid user deploy from 103.142.69.89
Sep 28 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: input_userauth_request: invalid user deploy [preauth]
Sep 28 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Failed password for root from 198.23.174.113 port 39560 ssh2
Sep 28 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Received disconnect from 198.23.174.113 port 39560:11: Bye Bye [preauth]
Sep 28 06:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Disconnected from 198.23.174.113 port 39560 [preauth]
Sep 28 06:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for invalid user deploy from 103.142.69.89 port 45004 ssh2
Sep 28 06:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Received disconnect from 103.142.69.89 port 45004:11: Bye Bye [preauth]
Sep 28 06:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Disconnected from 103.142.69.89 port 45004 [preauth]
Sep 28 06:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90  user=root
Sep 28 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for root from 81.162.54.144 port 59170 ssh2
Sep 28 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Connection closed by 81.162.54.144 port 59170 [preauth]
Sep 28 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Failed password for root from 40.119.47.90 port 58516 ssh2
Sep 28 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Received disconnect from 40.119.47.90 port 58516:11: Bye Bye [preauth]
Sep 28 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Disconnected from 40.119.47.90 port 58516 [preauth]
Sep 28 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Failed password for root from 59.19.182.197 port 36232 ssh2
Sep 28 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Failed password for root from 81.162.54.144 port 39440 ssh2
Sep 28 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Received disconnect from 59.19.182.197 port 36232:11: Bye Bye [preauth]
Sep 28 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Disconnected from 59.19.182.197 port 36232 [preauth]
Sep 28 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Connection closed by 81.162.54.144 port 39440 [preauth]
Sep 28 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Invalid user exx from 115.240.221.28
Sep 28 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: input_userauth_request: invalid user exx [preauth]
Sep 28 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: Failed password for root from 81.162.54.144 port 39448 ssh2
Sep 28 06:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Failed password for invalid user exx from 115.240.221.28 port 49634 ssh2
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: Connection closed by 81.162.54.144 port 39448 [preauth]
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Received disconnect from 115.240.221.28 port 49634:11: Bye Bye [preauth]
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Disconnected from 115.240.221.28 port 49634 [preauth]
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27769]: Successful su for rubyman by root
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27769]: + ??? root:rubyman
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306794 of user rubyman.
Sep 28 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27769]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306794.
Sep 28 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23846]: pam_unix(cron:session): session closed for user root
Sep 28 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Failed password for root from 81.162.54.144 port 39464 ssh2
Sep 28 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Connection closed by 81.162.54.144 port 39464 [preauth]
Sep 28 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27704]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Failed password for root from 81.162.54.144 port 33564 ssh2
Sep 28 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Connection closed by 81.162.54.144 port 33564 [preauth]
Sep 28 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Failed password for root from 81.162.54.144 port 33572 ssh2
Sep 28 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Connection closed by 81.162.54.144 port 33572 [preauth]
Sep 28 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: Failed password for root from 81.162.54.144 port 48414 ssh2
Sep 28 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: Connection closed by 81.162.54.144 port 48414 [preauth]
Sep 28 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28022]: Failed password for root from 81.162.54.144 port 48446 ssh2
Sep 28 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
Sep 28 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28022]: Connection closed by 81.162.54.144 port 48446 [preauth]
Sep 28 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28024]: Failed password for root from 146.190.93.207 port 58226 ssh2
Sep 28 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28024]: Received disconnect from 146.190.93.207 port 58226:11: Bye Bye [preauth]
Sep 28 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28024]: Disconnected from 146.190.93.207 port 58226 [preauth]
Sep 28 06:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Failed password for root from 81.162.54.144 port 48484 ssh2
Sep 28 06:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Connection closed by 81.162.54.144 port 48484 [preauth]
Sep 28 06:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Failed password for root from 81.162.54.144 port 37234 ssh2
Sep 28 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Connection closed by 81.162.54.144 port 37234 [preauth]
Sep 28 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Failed password for root from 81.162.54.144 port 37250 ssh2
Sep 28 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Invalid user anything from 152.32.171.99
Sep 28 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: input_userauth_request: invalid user anything [preauth]
Sep 28 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Connection closed by 81.162.54.144 port 37250 [preauth]
Sep 28 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session closed for user root
Sep 28 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Failed password for invalid user anything from 152.32.171.99 port 47210 ssh2
Sep 28 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Received disconnect from 152.32.171.99 port 47210:11: Bye Bye [preauth]
Sep 28 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Disconnected from 152.32.171.99 port 47210 [preauth]
Sep 28 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: Failed password for root from 81.162.54.144 port 32898 ssh2
Sep 28 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: Connection closed by 81.162.54.144 port 32898 [preauth]
Sep 28 06:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Failed password for root from 81.162.54.144 port 32920 ssh2
Sep 28 06:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Connection closed by 81.162.54.144 port 32920 [preauth]
Sep 28 06:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28129]: Failed password for root from 81.162.54.144 port 46184 ssh2
Sep 28 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28129]: Connection closed by 81.162.54.144 port 46184 [preauth]
Sep 28 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: Failed password for root from 81.162.54.144 port 46188 ssh2
Sep 28 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28148]: Connection closed by 81.162.54.144 port 46188 [preauth]
Sep 28 06:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Failed password for root from 81.162.54.144 port 46196 ssh2
Sep 28 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Connection closed by 81.162.54.144 port 46196 [preauth]
Sep 28 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: Invalid user exx from 40.119.47.90
Sep 28 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: input_userauth_request: invalid user exx [preauth]
Sep 28 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.119.47.90
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session closed for user root
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28263]: Successful su for rubyman by root
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28263]: + ??? root:rubyman
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306803 of user rubyman.
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28263]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306803.
Sep 28 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: Failed password for invalid user exx from 40.119.47.90 port 36680 ssh2
Sep 28 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: Received disconnect from 40.119.47.90 port 36680:11: Bye Bye [preauth]
Sep 28 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28187]: Disconnected from 40.119.47.90 port 36680 [preauth]
Sep 28 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Failed password for root from 81.162.54.144 port 60364 ssh2
Sep 28 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session closed for user root
Sep 28 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Connection closed by 81.162.54.144 port 60364 [preauth]
Sep 28 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24379]: pam_unix(cron:session): session closed for user root
Sep 28 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: Failed password for root from 103.142.69.89 port 40472 ssh2
Sep 28 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: Received disconnect from 103.142.69.89 port 40472:11: Bye Bye [preauth]
Sep 28 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28486]: Disconnected from 103.142.69.89 port 40472 [preauth]
Sep 28 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Failed password for root from 81.162.54.144 port 44124 ssh2
Sep 28 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Connection closed by 81.162.54.144 port 44124 [preauth]
Sep 28 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Invalid user test from 115.240.221.28
Sep 28 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: input_userauth_request: invalid user test [preauth]
Sep 28 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Failed password for root from 81.162.54.144 port 44136 ssh2
Sep 28 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Connection closed by 81.162.54.144 port 44136 [preauth]
Sep 28 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Failed password for invalid user test from 115.240.221.28 port 19474 ssh2
Sep 28 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Received disconnect from 115.240.221.28 port 19474:11: Bye Bye [preauth]
Sep 28 06:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Disconnected from 115.240.221.28 port 19474 [preauth]
Sep 28 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: Failed password for root from 81.162.54.144 port 48732 ssh2
Sep 28 06:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28651]: Connection closed by 81.162.54.144 port 48732 [preauth]
Sep 28 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Failed password for root from 81.162.54.144 port 48744 ssh2
Sep 28 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Connection closed by 81.162.54.144 port 48744 [preauth]
Sep 28 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: Invalid user zimbra from 59.19.182.197
Sep 28 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: input_userauth_request: invalid user zimbra [preauth]
Sep 28 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Failed password for root from 81.162.54.144 port 58644 ssh2
Sep 28 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Connection closed by 81.162.54.144 port 58644 [preauth]
Sep 28 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: Failed password for invalid user zimbra from 59.19.182.197 port 60304 ssh2
Sep 28 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: Received disconnect from 59.19.182.197 port 60304:11: Bye Bye [preauth]
Sep 28 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: Disconnected from 59.19.182.197 port 60304 [preauth]
Sep 28 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Failed password for root from 81.162.54.144 port 58646 ssh2
Sep 28 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Connection closed by 81.162.54.144 port 58646 [preauth]
Sep 28 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Invalid user mysftp from 146.190.93.207
Sep 28 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: input_userauth_request: invalid user mysftp [preauth]
Sep 28 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Failed password for root from 81.162.54.144 port 58656 ssh2
Sep 28 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27014]: pam_unix(cron:session): session closed for user root
Sep 28 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Connection closed by 81.162.54.144 port 58656 [preauth]
Sep 28 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user mysftp from 146.190.93.207 port 34044 ssh2
Sep 28 06:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Received disconnect from 146.190.93.207 port 34044:11: Bye Bye [preauth]
Sep 28 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Disconnected from 146.190.93.207 port 34044 [preauth]
Sep 28 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Failed password for root from 81.162.54.144 port 43500 ssh2
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Connection closed by 81.162.54.144 port 43500 [preauth]
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Invalid user esbuser from 152.32.171.99
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: input_userauth_request: invalid user esbuser [preauth]
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.171.99
Sep 28 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Failed password for invalid user esbuser from 152.32.171.99 port 40852 ssh2
Sep 28 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Received disconnect from 152.32.171.99 port 40852:11: Bye Bye [preauth]
Sep 28 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Disconnected from 152.32.171.99 port 40852 [preauth]
Sep 28 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Failed password for root from 81.162.54.144 port 43510 ssh2
Sep 28 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Connection closed by 81.162.54.144 port 43510 [preauth]
Sep 28 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Failed password for root from 81.162.54.144 port 59680 ssh2
Sep 28 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Connection closed by 81.162.54.144 port 59680 [preauth]
Sep 28 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Failed password for root from 81.162.54.144 port 59686 ssh2
Sep 28 06:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Connection closed by 81.162.54.144 port 59686 [preauth]
Sep 28 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Failed password for root from 81.162.54.144 port 59700 ssh2
Sep 28 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Invalid user hugo from 198.23.174.113
Sep 28 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: input_userauth_request: invalid user hugo [preauth]
Sep 28 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Connection closed by 81.162.54.144 port 59700 [preauth]
Sep 28 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for invalid user hugo from 198.23.174.113 port 39670 ssh2
Sep 28 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Received disconnect from 198.23.174.113 port 39670:11: Bye Bye [preauth]
Sep 28 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Disconnected from 198.23.174.113 port 39670 [preauth]
Sep 28 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: Failed password for root from 81.162.54.144 port 51158 ssh2
Sep 28 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: Connection closed by 81.162.54.144 port 51158 [preauth]
Sep 28 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: Successful su for rubyman by root
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: + ??? root:rubyman
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306804 of user rubyman.
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29011]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306804.
Sep 28 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Failed password for root from 81.162.54.144 port 51170 ssh2
Sep 28 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session closed for user root
Sep 28 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Connection closed by 81.162.54.144 port 51170 [preauth]
Sep 28 06:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Failed password for root from 81.162.54.144 port 56942 ssh2
Sep 28 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Connection closed by 81.162.54.144 port 56942 [preauth]
Sep 28 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: Failed password for root from 81.162.54.144 port 56956 ssh2
Sep 28 06:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: Connection closed by 81.162.54.144 port 56956 [preauth]
Sep 28 06:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Failed password for root from 81.162.54.144 port 58368 ssh2
Sep 28 06:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Connection closed by 81.162.54.144 port 58368 [preauth]
Sep 28 06:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Failed password for root from 81.162.54.144 port 58374 ssh2
Sep 28 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Connection closed by 81.162.54.144 port 58374 [preauth]
Sep 28 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Invalid user debian from 115.240.221.28
Sep 28 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: input_userauth_request: invalid user debian [preauth]
Sep 28 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Failed password for root from 81.162.54.144 port 52698 ssh2
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Connection closed by 81.162.54.144 port 52698 [preauth]
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Invalid user test001 from 103.142.69.89
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: input_userauth_request: invalid user test001 [preauth]
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user debian from 115.240.221.28 port 59578 ssh2
Sep 28 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Received disconnect from 115.240.221.28 port 59578:11: Bye Bye [preauth]
Sep 28 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Disconnected from 115.240.221.28 port 59578 [preauth]
Sep 28 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Failed password for invalid user test001 from 103.142.69.89 port 35942 ssh2
Sep 28 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Received disconnect from 103.142.69.89 port 35942:11: Bye Bye [preauth]
Sep 28 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Disconnected from 103.142.69.89 port 35942 [preauth]
Sep 28 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Failed password for root from 81.162.54.144 port 52702 ssh2
Sep 28 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Connection closed by 81.162.54.144 port 52702 [preauth]
Sep 28 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27706]: pam_unix(cron:session): session closed for user root
Sep 28 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Failed password for root from 81.162.54.144 port 37450 ssh2
Sep 28 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Connection closed by 81.162.54.144 port 37450 [preauth]
Sep 28 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Failed password for root from 81.162.54.144 port 37464 ssh2
Sep 28 06:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Connection closed by 81.162.54.144 port 37464 [preauth]
Sep 28 06:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for root from 81.162.54.144 port 33570 ssh2
Sep 28 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 81.162.54.144 port 33570 [preauth]
Sep 28 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Failed password for root from 103.153.190.105 port 50031 ssh2
Sep 28 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Failed password for root from 81.162.54.144 port 33586 ssh2
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Received disconnect from 103.153.190.105 port 50031:11: Bye Bye [preauth]
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Disconnected from 103.153.190.105 port 50031 [preauth]
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Connection closed by 81.162.54.144 port 33586 [preauth]
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Invalid user test from 146.190.93.207
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: input_userauth_request: invalid user test [preauth]
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Failed password for invalid user test from 146.190.93.207 port 36688 ssh2
Sep 28 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Received disconnect from 146.190.93.207 port 36688:11: Bye Bye [preauth]
Sep 28 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Disconnected from 146.190.93.207 port 36688 [preauth]
Sep 28 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Failed password for root from 81.162.54.144 port 33592 ssh2
Sep 28 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Connection closed by 81.162.54.144 port 33592 [preauth]
Sep 28 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Invalid user vlad from 59.19.182.197
Sep 28 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: input_userauth_request: invalid user vlad [preauth]
Sep 28 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Failed password for invalid user vlad from 59.19.182.197 port 56154 ssh2
Sep 28 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Failed password for root from 81.162.54.144 port 47716 ssh2
Sep 28 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Received disconnect from 59.19.182.197 port 56154:11: Bye Bye [preauth]
Sep 28 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29449]: Disconnected from 59.19.182.197 port 56154 [preauth]
Sep 28 06:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Connection closed by 81.162.54.144 port 47716 [preauth]
Sep 28 06:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: Successful su for rubyman by root
Sep 28 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: + ??? root:rubyman
Sep 28 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306808 of user rubyman.
Sep 28 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306808.
Sep 28 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Failed password for root from 81.162.54.144 port 47732 ssh2
Sep 28 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Connection closed by 81.162.54.144 port 47732 [preauth]
Sep 28 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user root
Sep 28 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Failed password for root from 81.162.54.144 port 53566 ssh2
Sep 28 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Connection closed by 81.162.54.144 port 53566 [preauth]
Sep 28 06:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Failed password for root from 81.162.54.144 port 53572 ssh2
Sep 28 06:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Connection closed by 81.162.54.144 port 53572 [preauth]
Sep 28 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for root from 81.162.54.144 port 53576 ssh2
Sep 28 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Connection closed by 81.162.54.144 port 53576 [preauth]
Sep 28 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29795]: Failed password for root from 81.162.54.144 port 59642 ssh2
Sep 28 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29795]: Connection closed by 81.162.54.144 port 59642 [preauth]
Sep 28 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Failed password for root from 81.162.54.144 port 35688 ssh2
Sep 28 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Connection closed by 81.162.54.144 port 35688 [preauth]
Sep 28 06:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for root from 81.162.54.144 port 35696 ssh2
Sep 28 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Connection closed by 81.162.54.144 port 35696 [preauth]
Sep 28 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session closed for user root
Sep 28 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Failed password for root from 81.162.54.144 port 35704 ssh2
Sep 28 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Connection closed by 81.162.54.144 port 35704 [preauth]
Sep 28 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Failed password for root from 81.162.54.144 port 53922 ssh2
Sep 28 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Connection closed by 81.162.54.144 port 53922 [preauth]
Sep 28 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Invalid user superadmin from 115.240.221.28
Sep 28 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: input_userauth_request: invalid user superadmin [preauth]
Sep 28 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Failed password for invalid user superadmin from 115.240.221.28 port 64873 ssh2
Sep 28 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Received disconnect from 115.240.221.28 port 64873:11: Bye Bye [preauth]
Sep 28 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Disconnected from 115.240.221.28 port 64873 [preauth]
Sep 28 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: Failed password for root from 81.162.54.144 port 53928 ssh2
Sep 28 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: Connection closed by 81.162.54.144 port 53928 [preauth]
Sep 28 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Failed password for root from 81.162.54.144 port 56390 ssh2
Sep 28 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Connection closed by 81.162.54.144 port 56390 [preauth]
Sep 28 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Invalid user pascal from 103.142.69.89
Sep 28 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: input_userauth_request: invalid user pascal [preauth]
Sep 28 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for root from 81.162.54.144 port 56396 ssh2
Sep 28 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Failed password for invalid user pascal from 103.142.69.89 port 59646 ssh2
Sep 28 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Connection closed by 81.162.54.144 port 56396 [preauth]
Sep 28 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Received disconnect from 103.142.69.89 port 59646:11: Bye Bye [preauth]
Sep 28 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29946]: Disconnected from 103.142.69.89 port 59646 [preauth]
Sep 28 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Failed password for root from 81.162.54.144 port 33048 ssh2
Sep 28 06:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Connection closed by 81.162.54.144 port 33048 [preauth]
Sep 28 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29961]: Failed password for root from 81.162.54.144 port 33050 ssh2
Sep 28 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29961]: Connection closed by 81.162.54.144 port 33050 [preauth]
Sep 28 06:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29977]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30053]: Successful su for rubyman by root
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30053]: + ??? root:rubyman
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306813 of user rubyman.
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30053]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306813.
Sep 28 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29974]: Failed password for root from 81.162.54.144 port 33054 ssh2
Sep 28 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29974]: Connection closed by 81.162.54.144 port 33054 [preauth]
Sep 28 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Invalid user cds from 146.190.93.207
Sep 28 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: input_userauth_request: invalid user cds [preauth]
Sep 28 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session closed for user root
Sep 28 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29978]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30233]: Failed password for root from 81.162.54.144 port 53490 ssh2
Sep 28 06:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30233]: Connection closed by 81.162.54.144 port 53490 [preauth]
Sep 28 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Failed password for invalid user cds from 146.190.93.207 port 60974 ssh2
Sep 28 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Received disconnect from 146.190.93.207 port 60974:11: Bye Bye [preauth]
Sep 28 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Disconnected from 146.190.93.207 port 60974 [preauth]
Sep 28 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Invalid user postgres from 198.23.174.113
Sep 28 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: input_userauth_request: invalid user postgres [preauth]
Sep 28 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Failed password for root from 81.162.54.144 port 53504 ssh2
Sep 28 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Connection closed by 81.162.54.144 port 53504 [preauth]
Sep 28 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Failed password for invalid user postgres from 198.23.174.113 port 39770 ssh2
Sep 28 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Received disconnect from 198.23.174.113 port 39770:11: Bye Bye [preauth]
Sep 28 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Disconnected from 198.23.174.113 port 39770 [preauth]
Sep 28 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Failed password for root from 81.162.54.144 port 53506 ssh2
Sep 28 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Connection closed by 81.162.54.144 port 53506 [preauth]
Sep 28 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Failed password for root from 81.162.54.144 port 44612 ssh2
Sep 28 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Connection closed by 81.162.54.144 port 44612 [preauth]
Sep 28 06:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Invalid user pivpn from 59.19.182.197
Sep 28 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: input_userauth_request: invalid user pivpn [preauth]
Sep 28 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Failed password for invalid user pivpn from 59.19.182.197 port 52002 ssh2
Sep 28 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Received disconnect from 59.19.182.197 port 52002:11: Bye Bye [preauth]
Sep 28 06:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Disconnected from 59.19.182.197 port 52002 [preauth]
Sep 28 06:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Failed password for root from 81.162.54.144 port 44620 ssh2
Sep 28 06:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Connection closed by 81.162.54.144 port 44620 [preauth]
Sep 28 06:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Failed password for root from 81.162.54.144 port 47230 ssh2
Sep 28 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Connection closed by 81.162.54.144 port 47230 [preauth]
Sep 28 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session closed for user root
Sep 28 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for root from 81.162.54.144 port 39788 ssh2
Sep 28 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Connection closed by 81.162.54.144 port 39788 [preauth]
Sep 28 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: Failed password for root from 81.162.54.144 port 39798 ssh2
Sep 28 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: Connection closed by 81.162.54.144 port 39798 [preauth]
Sep 28 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for root from 81.162.54.144 port 39804 ssh2
Sep 28 06:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 81.162.54.144 port 39804 [preauth]
Sep 28 06:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Failed password for root from 81.162.54.144 port 33578 ssh2
Sep 28 06:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Connection closed by 81.162.54.144 port 33578 [preauth]
Sep 28 06:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: Failed password for root from 81.162.54.144 port 33580 ssh2
Sep 28 06:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: Connection closed by 81.162.54.144 port 33580 [preauth]
Sep 28 06:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Invalid user nikolay from 115.240.221.28
Sep 28 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: input_userauth_request: invalid user nikolay [preauth]
Sep 28 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Sep 28 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Failed password for invalid user nikolay from 115.240.221.28 port 39457 ssh2
Sep 28 06:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Received disconnect from 115.240.221.28 port 39457:11: Bye Bye [preauth]
Sep 28 06:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Disconnected from 115.240.221.28 port 39457 [preauth]
Sep 28 06:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Failed password for root from 81.162.54.144 port 41592 ssh2
Sep 28 06:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Connection closed by 81.162.54.144 port 41592 [preauth]
Sep 28 06:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Failed password for root from 81.162.54.144 port 41600 ssh2
Sep 28 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Connection closed by 81.162.54.144 port 41600 [preauth]
Sep 28 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30617]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30614]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: Successful su for rubyman by root
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: + ??? root:rubyman
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306816 of user rubyman.
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30685]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306816.
Sep 28 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Failed password for root from 81.162.54.144 port 41614 ssh2
Sep 28 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Connection closed by 81.162.54.144 port 41614 [preauth]
Sep 28 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session closed for user root
Sep 28 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: Failed password for root from 81.162.54.144 port 43684 ssh2
Sep 28 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: Connection closed by 81.162.54.144 port 43684 [preauth]
Sep 28 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Invalid user hyper from 103.142.69.89
Sep 28 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: input_userauth_request: invalid user hyper [preauth]
Sep 28 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Failed password for root from 81.162.54.144 port 43694 ssh2
Sep 28 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Failed password for invalid user hyper from 103.142.69.89 port 55118 ssh2
Sep 28 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Connection closed by 81.162.54.144 port 43694 [preauth]
Sep 28 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Received disconnect from 103.142.69.89 port 55118:11: Bye Bye [preauth]
Sep 28 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Disconnected from 103.142.69.89 port 55118 [preauth]
Sep 28 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30914]: Failed password for root from 81.162.54.144 port 38970 ssh2
Sep 28 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30914]: Connection closed by 81.162.54.144 port 38970 [preauth]
Sep 28 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30933]: Failed password for root from 81.162.54.144 port 38980 ssh2
Sep 28 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30933]: Connection closed by 81.162.54.144 port 38980 [preauth]
Sep 28 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Invalid user nikolay from 146.190.93.207
Sep 28 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: input_userauth_request: invalid user nikolay [preauth]
Sep 28 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
Sep 28 06:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Failed password for invalid user nikolay from 146.190.93.207 port 54552 ssh2
Sep 28 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Received disconnect from 146.190.93.207 port 54552:11: Bye Bye [preauth]
Sep 28 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30944]: Disconnected from 146.190.93.207 port 54552 [preauth]
Sep 28 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: Failed password for root from 81.162.54.144 port 38984 ssh2
Sep 28 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: Connection closed by 81.162.54.144 port 38984 [preauth]
Sep 28 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: Invalid user admin from 139.19.117.131
Sep 28 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: input_userauth_request: invalid user admin [preauth]
Sep 28 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30968]: Failed password for root from 81.162.54.144 port 33582 ssh2
Sep 28 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30968]: Connection closed by 81.162.54.144 port 33582 [preauth]
Sep 28 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session closed for user root
Sep 28 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Failed password for root from 81.162.54.144 port 51168 ssh2
Sep 28 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Connection closed by 81.162.54.144 port 51168 [preauth]
Sep 28 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: Connection closed by 139.19.117.131 port 46070 [preauth]
Sep 28 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Failed password for root from 81.162.54.144 port 51172 ssh2
Sep 28 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Connection closed by 81.162.54.144 port 51172 [preauth]
Sep 28 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Failed password for root from 81.162.54.144 port 51186 ssh2
Sep 28 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Connection closed by 81.162.54.144 port 51186 [preauth]
Sep 28 06:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Failed password for root from 81.162.54.144 port 38640 ssh2
Sep 28 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Connection closed by 81.162.54.144 port 38640 [preauth]
Sep 28 06:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: Failed password for root from 81.162.54.144 port 38648 ssh2
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Invalid user stas from 59.19.182.197
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: input_userauth_request: invalid user stas [preauth]
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: Connection closed by 81.162.54.144 port 38648 [preauth]
Sep 28 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Failed password for invalid user stas from 59.19.182.197 port 47852 ssh2
Sep 28 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Received disconnect from 59.19.182.197 port 47852:11: Bye Bye [preauth]
Sep 28 06:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Disconnected from 59.19.182.197 port 47852 [preauth]
Sep 28 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: Failed password for root from 81.162.54.144 port 59334 ssh2
Sep 28 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: Connection closed by 81.162.54.144 port 59334 [preauth]
Sep 28 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31113]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31115]: pam_unix(cron:session): session closed for user root
Sep 28 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: Failed password for root from 81.162.54.144 port 59336 ssh2
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31105]: Connection closed by 81.162.54.144 port 59336 [preauth]
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31186]: Successful su for rubyman by root
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31186]: + ??? root:rubyman
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306820 of user rubyman.
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31186]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306820.
Sep 28 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session closed for user root
Sep 28 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session closed for user root
Sep 28 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: Failed password for root from 81.162.54.144 port 51344 ssh2
Sep 28 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31205]: Connection closed by 81.162.54.144 port 51344 [preauth]
Sep 28 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Failed password for root from 81.162.54.144 port 51346 ssh2
Sep 28 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Connection closed by 81.162.54.144 port 51346 [preauth]
Sep 28 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Failed password for root from 81.162.54.144 port 51350 ssh2
Sep 28 06:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Connection closed by 81.162.54.144 port 51350 [preauth]
Sep 28 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Failed password for root from 81.162.54.144 port 54014 ssh2
Sep 28 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Connection closed by 81.162.54.144 port 54014 [preauth]
Sep 28 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Failed password for root from 81.162.54.144 port 54028 ssh2
Sep 28 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Connection closed by 81.162.54.144 port 54028 [preauth]
Sep 28 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Failed password for root from 198.23.174.113 port 39870 ssh2
Sep 28 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Received disconnect from 198.23.174.113 port 39870:11: Bye Bye [preauth]
Sep 28 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Disconnected from 198.23.174.113 port 39870 [preauth]
Sep 28 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Failed password for root from 81.162.54.144 port 34206 ssh2
Sep 28 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Connection closed by 81.162.54.144 port 34206 [preauth]
Sep 28 06:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Invalid user radius from 103.142.69.89
Sep 28 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: input_userauth_request: invalid user radius [preauth]
Sep 28 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Failed password for invalid user radius from 103.142.69.89 port 50590 ssh2
Sep 28 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Failed password for root from 81.162.54.144 port 34218 ssh2
Sep 28 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Received disconnect from 103.142.69.89 port 50590:11: Bye Bye [preauth]
Sep 28 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Disconnected from 103.142.69.89 port 50590 [preauth]
Sep 28 06:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Connection closed by 81.162.54.144 port 34218 [preauth]
Sep 28 06:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29980]: pam_unix(cron:session): session closed for user root
Sep 28 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 81.162.54.144 port 34226 ssh2
Sep 28 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 81.162.54.144 port 34226 [preauth]
Sep 28 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: Failed password for root from 81.162.54.144 port 48560 ssh2
Sep 28 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: Connection closed by 81.162.54.144 port 48560 [preauth]
Sep 28 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: Invalid user cuser from 103.153.190.105
Sep 28 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: input_userauth_request: invalid user cuser [preauth]
Sep 28 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Failed password for root from 81.162.54.144 port 42198 ssh2
Sep 28 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: Failed password for invalid user cuser from 103.153.190.105 port 33557 ssh2
Sep 28 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Connection closed by 81.162.54.144 port 42198 [preauth]
Sep 28 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: Received disconnect from 103.153.190.105 port 33557:11: Bye Bye [preauth]
Sep 28 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31621]: Disconnected from 103.153.190.105 port 33557 [preauth]
Sep 28 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Failed password for root from 81.162.54.144 port 42204 ssh2
Sep 28 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Connection closed by 81.162.54.144 port 42204 [preauth]
Sep 28 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: Failed password for root from 81.162.54.144 port 42214 ssh2
Sep 28 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: Connection closed by 81.162.54.144 port 42214 [preauth]
Sep 28 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: Failed password for root from 81.162.54.144 port 37662 ssh2
Sep 28 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: Connection closed by 81.162.54.144 port 37662 [preauth]
Sep 28 06:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31662]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: Successful su for rubyman by root
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: + ??? root:rubyman
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306828 of user rubyman.
Sep 28 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306828.
Sep 28 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: Failed password for root from 81.162.54.144 port 37668 ssh2
Sep 28 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: Connection closed by 81.162.54.144 port 37668 [preauth]
Sep 28 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session closed for user root
Sep 28 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: Failed password for root from 81.162.54.144 port 42290 ssh2
Sep 28 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: Connection closed by 81.162.54.144 port 42290 [preauth]
Sep 28 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for root from 81.162.54.144 port 42300 ssh2
Sep 28 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Connection closed by 81.162.54.144 port 42300 [preauth]
Sep 28 06:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Failed password for root from 81.162.54.144 port 42306 ssh2
Sep 28 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Connection closed by 81.162.54.144 port 42306 [preauth]
Sep 28 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: Failed password for root from 81.162.54.144 port 58160 ssh2
Sep 28 06:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: Connection closed by 81.162.54.144 port 58160 [preauth]
Sep 28 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Invalid user ceo from 59.19.182.197
Sep 28 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: input_userauth_request: invalid user ceo [preauth]
Sep 28 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: Failed password for root from 81.162.54.144 port 58172 ssh2
Sep 28 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: Connection closed by 81.162.54.144 port 58172 [preauth]
Sep 28 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Failed password for invalid user ceo from 59.19.182.197 port 43696 ssh2
Sep 28 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Received disconnect from 59.19.182.197 port 43696:11: Bye Bye [preauth]
Sep 28 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Disconnected from 59.19.182.197 port 43696 [preauth]
Sep 28 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Failed password for root from 81.162.54.144 port 44230 ssh2
Sep 28 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Connection closed by 81.162.54.144 port 44230 [preauth]
Sep 28 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Failed password for root from 81.162.54.144 port 44244 ssh2
Sep 28 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Connection closed by 81.162.54.144 port 44244 [preauth]
Sep 28 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30617]: pam_unix(cron:session): session closed for user root
Sep 28 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Failed password for root from 81.162.54.144 port 44246 ssh2
Sep 28 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Connection closed by 81.162.54.144 port 44246 [preauth]
Sep 28 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Failed password for root from 81.162.54.144 port 50658 ssh2
Sep 28 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Connection closed by 81.162.54.144 port 50658 [preauth]
Sep 28 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Failed password for root from 81.162.54.144 port 50672 ssh2
Sep 28 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Connection closed by 81.162.54.144 port 50672 [preauth]
Sep 28 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Invalid user postgres from 103.142.69.89
Sep 28 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: input_userauth_request: invalid user postgres [preauth]
Sep 28 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Failed password for invalid user postgres from 103.142.69.89 port 46062 ssh2
Sep 28 06:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Received disconnect from 103.142.69.89 port 46062:11: Bye Bye [preauth]
Sep 28 06:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Disconnected from 103.142.69.89 port 46062 [preauth]
Sep 28 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: Failed password for root from 81.162.54.144 port 43032 ssh2
Sep 28 06:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32095]: Connection closed by 81.162.54.144 port 43032 [preauth]
Sep 28 06:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Failed password for root from 81.162.54.144 port 43038 ssh2
Sep 28 06:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Connection closed by 81.162.54.144 port 43038 [preauth]
Sep 28 06:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: Failed password for root from 81.162.54.144 port 56864 ssh2
Sep 28 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: Connection closed by 81.162.54.144 port 56864 [preauth]
Sep 28 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32142]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32140]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32216]: Successful su for rubyman by root
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32216]: + ??? root:rubyman
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306830 of user rubyman.
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32216]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306830.
Sep 28 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Failed password for root from 81.162.54.144 port 56870 ssh2
Sep 28 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Connection closed by 81.162.54.144 port 56870 [preauth]
Sep 28 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session closed for user root
Sep 28 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32141]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Failed password for root from 81.162.54.144 port 42570 ssh2
Sep 28 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Connection closed by 81.162.54.144 port 42570 [preauth]
Sep 28 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Failed password for root from 81.162.54.144 port 42580 ssh2
Sep 28 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Connection closed by 81.162.54.144 port 42580 [preauth]
Sep 28 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: Failed password for root from 81.162.54.144 port 34752 ssh2
Sep 28 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32422]: Connection closed by 81.162.54.144 port 34752 [preauth]
Sep 28 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: Failed password for root from 81.162.54.144 port 34754 ssh2
Sep 28 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32450]: Connection closed by 81.162.54.144 port 34754 [preauth]
Sep 28 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Failed password for root from 81.162.54.144 port 34762 ssh2
Sep 28 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Connection closed by 81.162.54.144 port 34762 [preauth]
Sep 28 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Failed password for root from 81.162.54.144 port 50120 ssh2
Sep 28 06:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Connection closed by 81.162.54.144 port 50120 [preauth]
Sep 28 06:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Failed password for root from 81.162.54.144 port 50130 ssh2
Sep 28 06:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Connection closed by 81.162.54.144 port 50130 [preauth]
Sep 28 06:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Invalid user odoo from 198.23.174.113
Sep 28 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: input_userauth_request: invalid user odoo [preauth]
Sep 28 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Failed password for invalid user odoo from 198.23.174.113 port 39974 ssh2
Sep 28 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Received disconnect from 198.23.174.113 port 39974:11: Bye Bye [preauth]
Sep 28 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Disconnected from 198.23.174.113 port 39974 [preauth]
Sep 28 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31114]: pam_unix(cron:session): session closed for user root
Sep 28 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Failed password for root from 81.162.54.144 port 40248 ssh2
Sep 28 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Connection closed by 81.162.54.144 port 40248 [preauth]
Sep 28 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Failed password for root from 81.162.54.144 port 40256 ssh2
Sep 28 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Connection closed by 81.162.54.144 port 40256 [preauth]
Sep 28 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Failed password for root from 81.162.54.144 port 40268 ssh2
Sep 28 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Connection closed by 81.162.54.144 port 40268 [preauth]
Sep 28 06:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Failed password for root from 81.162.54.144 port 55136 ssh2
Sep 28 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Connection closed by 81.162.54.144 port 55136 [preauth]
Sep 28 06:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Invalid user exx from 59.19.182.197
Sep 28 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: input_userauth_request: invalid user exx [preauth]
Sep 28 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Failed password for root from 81.162.54.144 port 55152 ssh2
Sep 28 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Failed password for invalid user exx from 59.19.182.197 port 39542 ssh2
Sep 28 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Connection closed by 81.162.54.144 port 55152 [preauth]
Sep 28 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Received disconnect from 59.19.182.197 port 39542:11: Bye Bye [preauth]
Sep 28 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Disconnected from 59.19.182.197 port 39542 [preauth]
Sep 28 06:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Failed password for root from 81.162.54.144 port 57004 ssh2
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Connection closed by 81.162.54.144 port 57004 [preauth]
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32607]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32682]: Successful su for rubyman by root
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32682]: + ??? root:rubyman
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306835 of user rubyman.
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32682]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306835.
Sep 28 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 28 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Invalid user eugene from 103.142.69.89
Sep 28 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: input_userauth_request: invalid user eugene [preauth]
Sep 28 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session closed for user root
Sep 28 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Failed password for root from 81.162.54.144 port 57008 ssh2
Sep 28 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Connection closed by 81.162.54.144 port 57008 [preauth]
Sep 28 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: Failed password for root from 213.209.157.9 port 24446 ssh2
Sep 28 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Failed password for invalid user eugene from 103.142.69.89 port 41532 ssh2
Sep 28 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Received disconnect from 103.142.69.89 port 41532:11: Bye Bye [preauth]
Sep 28 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Disconnected from 103.142.69.89 port 41532 [preauth]
Sep 28 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32604]: Connection closed by 213.209.157.9 port 24446 [preauth]
Sep 28 06:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Failed password for root from 81.162.54.144 port 35064 ssh2
Sep 28 06:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Connection closed by 81.162.54.144 port 35064 [preauth]
Sep 28 06:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Failed password for root from 81.162.54.144 port 35072 ssh2
Sep 28 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[434]: Connection closed by 81.162.54.144 port 35072 [preauth]
Sep 28 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: Failed password for root from 81.162.54.144 port 57354 ssh2
Sep 28 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: Connection closed by 81.162.54.144 port 57354 [preauth]
Sep 28 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Failed password for root from 81.162.54.144 port 57368 ssh2
Sep 28 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Connection closed by 81.162.54.144 port 57368 [preauth]
Sep 28 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Failed password for root from 81.162.54.144 port 57624 ssh2
Sep 28 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Connection closed by 81.162.54.144 port 57624 [preauth]
Sep 28 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Failed password for root from 81.162.54.144 port 57640 ssh2
Sep 28 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Connection closed by 81.162.54.144 port 57640 [preauth]
Sep 28 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Failed password for root from 81.162.54.144 port 57646 ssh2
Sep 28 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Connection closed by 81.162.54.144 port 57646 [preauth]
Sep 28 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session closed for user root
Sep 28 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Failed password for root from 81.162.54.144 port 35370 ssh2
Sep 28 06:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Connection closed by 81.162.54.144 port 35370 [preauth]
Sep 28 06:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Failed password for root from 81.162.54.144 port 35386 ssh2
Sep 28 06:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[558]: Connection closed by 81.162.54.144 port 35386 [preauth]
Sep 28 06:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Failed password for root from 81.162.54.144 port 35388 ssh2
Sep 28 06:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Connection closed by 81.162.54.144 port 35388 [preauth]
Sep 28 06:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: Failed password for root from 81.162.54.144 port 47656 ssh2
Sep 28 06:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[585]: Connection closed by 81.162.54.144 port 47656 [preauth]
Sep 28 06:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Failed password for root from 81.162.54.144 port 47670 ssh2
Sep 28 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Connection closed by 81.162.54.144 port 47670 [preauth]
Sep 28 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Failed password for root from 81.162.54.144 port 60046 ssh2
Sep 28 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Connection closed by 81.162.54.144 port 60046 [preauth]
Sep 28 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session closed for user p13x
Sep 28 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[683]: Successful su for rubyman by root
Sep 28 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[683]: + ??? root:rubyman
Sep 28 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306838 of user rubyman.
Sep 28 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[683]: pam_unix(su:session): session closed for user rubyman
Sep 28 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306838.
Sep 28 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29979]: pam_unix(cron:session): session closed for user root
Sep 28 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session closed for user samftp
Sep 28 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Failed password for root from 81.162.54.144 port 60052 ssh2
Sep 28 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Connection closed by 81.162.54.144 port 60052 [preauth]
Sep 28 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Failed password for root from 81.162.54.144 port 56538 ssh2
Sep 28 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Connection closed by 81.162.54.144 port 56538 [preauth]
Sep 28 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Failed password for root from 81.162.54.144 port 47564 ssh2
Sep 28 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Connection closed by 81.162.54.144 port 47564 [preauth]
Sep 28 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Invalid user admin from 59.19.182.197
Sep 28 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: input_userauth_request: invalid user admin [preauth]
Sep 28 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Failed password for root from 81.162.54.144 port 47580 ssh2
Sep 28 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Failed password for invalid user admin from 59.19.182.197 port 35386 ssh2
Sep 28 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Received disconnect from 59.19.182.197 port 35386:11: Bye Bye [preauth]
Sep 28 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Disconnected from 59.19.182.197 port 35386 [preauth]
Sep 28 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Connection closed by 81.162.54.144 port 47580 [preauth]
Sep 28 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Failed password for root from 81.162.54.144 port 42732 ssh2
Sep 28 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Connection closed by 81.162.54.144 port 42732 [preauth]
Sep 28 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Failed password for root from 81.162.54.144 port 42734 ssh2
Sep 28 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Connection closed by 81.162.54.144 port 42734 [preauth]
Sep 28 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Failed password for root from 103.142.69.89 port 37000 ssh2
Sep 28 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Received disconnect from 103.142.69.89 port 37000:11: Bye Bye [preauth]
Sep 28 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Disconnected from 103.142.69.89 port 37000 [preauth]
Sep 28 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Failed password for root from 81.162.54.144 port 42736 ssh2
Sep 28 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Connection closed by 81.162.54.144 port 42736 [preauth]
Sep 28 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32144]: pam_unix(cron:session): session closed for user root
Sep 28 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Failed password for root from 81.162.54.144 port 47138 ssh2
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Connection closed by 81.162.54.144 port 47138 [preauth]
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Invalid user test from 198.23.174.113
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: input_userauth_request: invalid user test [preauth]
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Failed password for invalid user test from 198.23.174.113 port 40082 ssh2
Sep 28 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Received disconnect from 198.23.174.113 port 40082:11: Bye Bye [preauth]
Sep 28 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Disconnected from 198.23.174.113 port 40082 [preauth]
Sep 28 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Failed password for root from 81.162.54.144 port 47140 ssh2
Sep 28 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1126]: Connection closed by 81.162.54.144 port 47140 [preauth]
Sep 28 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Failed password for root from 81.162.54.144 port 58640 ssh2
Sep 28 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Connection closed by 81.162.54.144 port 58640 [preauth]
Sep 28 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Failed password for root from 103.153.190.105 port 42945 ssh2
Sep 28 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Received disconnect from 103.153.190.105 port 42945:11: Bye Bye [preauth]
Sep 28 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Disconnected from 103.153.190.105 port 42945 [preauth]
Sep 28 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Failed password for root from 81.162.54.144 port 58644 ssh2
Sep 28 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Connection closed by 81.162.54.144 port 58644 [preauth]
Sep 28 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for root from 81.162.54.144 port 58650 ssh2
Sep 28 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Connection closed by 81.162.54.144 port 58650 [preauth]
Sep 28 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: Failed password for root from 81.162.54.144 port 53534 ssh2
Sep 28 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: Connection closed by 81.162.54.144 port 53534 [preauth]
Sep 28 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for root from 81.162.54.144 port 53550 ssh2
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Connection closed by 81.162.54.144 port 53550 [preauth]
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session closed for user root
Sep 28 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session closed for user root
Sep 28 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1193]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1319]: Successful su for rubyman by root
Sep 28 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1319]: + ??? root:rubyman
Sep 28 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306845 of user rubyman.
Sep 28 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1319]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306845.
Sep 28 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for root from 81.162.54.144 port 53566 ssh2
Sep 28 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 81.162.54.144 port 53566 [preauth]
Sep 28 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30616]: pam_unix(cron:session): session closed for user root
Sep 28 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session closed for user root
Sep 28 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1194]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: Failed password for root from 81.162.54.144 port 48032 ssh2
Sep 28 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1481]: Connection closed by 81.162.54.144 port 48032 [preauth]
Sep 28 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Failed password for root from 81.162.54.144 port 58040 ssh2
Sep 28 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Connection closed by 81.162.54.144 port 58040 [preauth]
Sep 28 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Failed password for root from 81.162.54.144 port 58044 ssh2
Sep 28 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Connection closed by 81.162.54.144 port 58044 [preauth]
Sep 28 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Failed password for root from 81.162.54.144 port 46036 ssh2
Sep 28 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Connection closed by 81.162.54.144 port 46036 [preauth]
Sep 28 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 81.162.54.144 port 46046 ssh2
Sep 28 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Connection closed by 81.162.54.144 port 46046 [preauth]
Sep 28 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Failed password for root from 81.162.54.144 port 46052 ssh2
Sep 28 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Connection closed by 81.162.54.144 port 46052 [preauth]
Sep 28 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session closed for user root
Sep 28 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Failed password for root from 81.162.54.144 port 37494 ssh2
Sep 28 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Connection closed by 81.162.54.144 port 37494 [preauth]
Sep 28 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Failed password for root from 81.162.54.144 port 37508 ssh2
Sep 28 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Connection closed by 81.162.54.144 port 37508 [preauth]
Sep 28 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Failed password for root from 81.162.54.144 port 51008 ssh2
Sep 28 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Connection closed by 81.162.54.144 port 51008 [preauth]
Sep 28 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Invalid user webuser from 59.19.182.197
Sep 28 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: input_userauth_request: invalid user webuser [preauth]
Sep 28 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Failed password for invalid user webuser from 59.19.182.197 port 59472 ssh2
Sep 28 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Received disconnect from 59.19.182.197 port 59472:11: Bye Bye [preauth]
Sep 28 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Disconnected from 59.19.182.197 port 59472 [preauth]
Sep 28 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Failed password for root from 81.162.54.144 port 51010 ssh2
Sep 28 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Connection closed by 81.162.54.144 port 51010 [preauth]
Sep 28 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Failed password for root from 103.142.69.89 port 60700 ssh2
Sep 28 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Received disconnect from 103.142.69.89 port 60700:11: Bye Bye [preauth]
Sep 28 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Disconnected from 103.142.69.89 port 60700 [preauth]
Sep 28 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for root from 81.162.54.144 port 51016 ssh2
Sep 28 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Connection closed by 81.162.54.144 port 51016 [preauth]
Sep 28 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Failed password for root from 81.162.54.144 port 43912 ssh2
Sep 28 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Connection closed by 81.162.54.144 port 43912 [preauth]
Sep 28 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Failed password for root from 81.162.54.144 port 43922 ssh2
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1902]: Successful su for rubyman by root
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1902]: + ??? root:rubyman
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306850 of user rubyman.
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1902]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306850.
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Connection closed by 81.162.54.144 port 43922 [preauth]
Sep 28 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Failed password for root from 81.162.54.144 port 34848 ssh2
Sep 28 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Connection closed by 81.162.54.144 port 34848 [preauth]
Sep 28 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31113]: pam_unix(cron:session): session closed for user root
Sep 28 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: Failed password for root from 81.162.54.144 port 34864 ssh2
Sep 28 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: Connection closed by 81.162.54.144 port 34864 [preauth]
Sep 28 07:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Failed password for root from 81.162.54.144 port 34876 ssh2
Sep 28 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Connection closed by 81.162.54.144 port 34876 [preauth]
Sep 28 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Failed password for root from 81.162.54.144 port 49088 ssh2
Sep 28 07:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Connection closed by 81.162.54.144 port 49088 [preauth]
Sep 28 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Failed password for root from 81.162.54.144 port 49104 ssh2
Sep 28 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Connection closed by 81.162.54.144 port 49104 [preauth]
Sep 28 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Failed password for root from 81.162.54.144 port 58464 ssh2
Sep 28 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Connection closed by 81.162.54.144 port 58464 [preauth]
Sep 28 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: Failed password for root from 81.162.54.144 port 58466 ssh2
Sep 28 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: Connection closed by 81.162.54.144 port 58466 [preauth]
Sep 28 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user root
Sep 28 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for root from 81.162.54.144 port 39576 ssh2
Sep 28 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Connection closed by 81.162.54.144 port 39576 [preauth]
Sep 28 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Failed password for root from 81.162.54.144 port 39580 ssh2
Sep 28 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Connection closed by 81.162.54.144 port 39580 [preauth]
Sep 28 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Invalid user pb from 198.23.174.113
Sep 28 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: input_userauth_request: invalid user pb [preauth]
Sep 28 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Failed password for root from 81.162.54.144 port 51834 ssh2
Sep 28 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Failed password for invalid user pb from 198.23.174.113 port 40186 ssh2
Sep 28 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Received disconnect from 198.23.174.113 port 40186:11: Bye Bye [preauth]
Sep 28 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Disconnected from 198.23.174.113 port 40186 [preauth]
Sep 28 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Connection closed by 81.162.54.144 port 51834 [preauth]
Sep 28 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Failed password for root from 81.162.54.144 port 51846 ssh2
Sep 28 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Connection closed by 81.162.54.144 port 51846 [preauth]
Sep 28 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Failed password for root from 81.162.54.144 port 51860 ssh2
Sep 28 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2283]: Connection closed by 81.162.54.144 port 51860 [preauth]
Sep 28 07:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for root from 81.162.54.144 port 53000 ssh2
Sep 28 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Connection closed by 81.162.54.144 port 53000 [preauth]
Sep 28 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for root from 81.162.54.144 port 53008 ssh2
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Connection closed by 81.162.54.144 port 53008 [preauth]
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: Successful su for rubyman by root
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: + ??? root:rubyman
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306853 of user rubyman.
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306853.
Sep 28 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Failed password for root from 81.162.54.144 port 53018 ssh2
Sep 28 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session closed for user root
Sep 28 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Connection closed by 81.162.54.144 port 53018 [preauth]
Sep 28 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Failed password for root from 81.162.54.144 port 39424 ssh2
Sep 28 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Connection closed by 81.162.54.144 port 39424 [preauth]
Sep 28 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Failed password for root from 81.162.54.144 port 39440 ssh2
Sep 28 07:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Connection closed by 81.162.54.144 port 39440 [preauth]
Sep 28 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Invalid user paul from 103.142.69.89
Sep 28 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: input_userauth_request: invalid user paul [preauth]
Sep 28 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89
Sep 28 07:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2601]: Failed password for root from 81.162.54.144 port 34874 ssh2
Sep 28 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Failed password for invalid user paul from 103.142.69.89 port 56174 ssh2
Sep 28 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2601]: Connection closed by 81.162.54.144 port 34874 [preauth]
Sep 28 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Received disconnect from 103.142.69.89 port 56174:11: Bye Bye [preauth]
Sep 28 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Disconnected from 103.142.69.89 port 56174 [preauth]
Sep 28 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Failed password for root from 81.162.54.144 port 34882 ssh2
Sep 28 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Connection closed by 81.162.54.144 port 34882 [preauth]
Sep 28 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: Failed password for root from 81.162.54.144 port 34888 ssh2
Sep 28 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: Connection closed by 81.162.54.144 port 34888 [preauth]
Sep 28 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Failed password for root from 81.162.54.144 port 51330 ssh2
Sep 28 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Connection closed by 81.162.54.144 port 51330 [preauth]
Sep 28 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user root
Sep 28 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Failed password for root from 81.162.54.144 port 43312 ssh2
Sep 28 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Connection closed by 81.162.54.144 port 43312 [preauth]
Sep 28 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Failed password for root from 81.162.54.144 port 43322 ssh2
Sep 28 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Connection closed by 81.162.54.144 port 43322 [preauth]
Sep 28 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Failed password for root from 81.162.54.144 port 50072 ssh2
Sep 28 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Connection closed by 81.162.54.144 port 50072 [preauth]
Sep 28 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: Failed password for root from 81.162.54.144 port 50078 ssh2
Sep 28 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2734]: Connection closed by 81.162.54.144 port 50078 [preauth]
Sep 28 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: Failed password for root from 81.162.54.144 port 50092 ssh2
Sep 28 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2747]: Connection closed by 81.162.54.144 port 50092 [preauth]
Sep 28 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Failed password for root from 81.162.54.144 port 44278 ssh2
Sep 28 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Connection closed by 81.162.54.144 port 44278 [preauth]
Sep 28 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2775]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: Successful su for rubyman by root
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: + ??? root:rubyman
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306858 of user rubyman.
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306858.
Sep 28 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Failed password for root from 81.162.54.144 port 44292 ssh2
Sep 28 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Connection closed by 81.162.54.144 port 44292 [preauth]
Sep 28 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Failed password for root from 81.162.54.144 port 38218 ssh2
Sep 28 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Connection closed by 81.162.54.144 port 38218 [preauth]
Sep 28 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32142]: pam_unix(cron:session): session closed for user root
Sep 28 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Failed password for root from 81.162.54.144 port 38234 ssh2
Sep 28 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Connection closed by 81.162.54.144 port 38234 [preauth]
Sep 28 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Failed password for root from 81.162.54.144 port 38240 ssh2
Sep 28 07:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Connection closed by 81.162.54.144 port 38240 [preauth]
Sep 28 07:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: Failed password for root from 81.162.54.144 port 33872 ssh2
Sep 28 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: Connection closed by 81.162.54.144 port 33872 [preauth]
Sep 28 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for root from 81.162.54.144 port 33900 ssh2
Sep 28 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 81.162.54.144 port 33900 [preauth]
Sep 28 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Failed password for root from 81.162.54.144 port 33924 ssh2
Sep 28 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Connection closed by 81.162.54.144 port 33924 [preauth]
Sep 28 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Failed password for root from 81.162.54.144 port 48560 ssh2
Sep 28 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Connection closed by 81.162.54.144 port 48560 [preauth]
Sep 28 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for root from 103.153.190.105 port 49115 ssh2
Sep 28 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Received disconnect from 103.153.190.105 port 49115:11: Bye Bye [preauth]
Sep 28 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Disconnected from 103.153.190.105 port 49115 [preauth]
Sep 28 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Failed password for root from 81.162.54.144 port 48570 ssh2
Sep 28 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session closed for user root
Sep 28 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.142.69.89  user=root
Sep 28 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: Failed password for root from 103.142.69.89 port 51640 ssh2
Sep 28 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: Received disconnect from 103.142.69.89 port 51640:11: Bye Bye [preauth]
Sep 28 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: Disconnected from 103.142.69.89 port 51640 [preauth]
Sep 28 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Connection closed by 81.162.54.144 port 48570 [preauth]
Sep 28 07:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for root from 81.162.54.144 port 36866 ssh2
Sep 28 07:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Connection closed by 81.162.54.144 port 36866 [preauth]
Sep 28 07:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Failed password for root from 81.162.54.144 port 49984 ssh2
Sep 28 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Connection closed by 81.162.54.144 port 49984 [preauth]
Sep 28 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Failed password for root from 81.162.54.144 port 49990 ssh2
Sep 28 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Connection closed by 81.162.54.144 port 49990 [preauth]
Sep 28 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: Invalid user info from 198.23.174.113
Sep 28 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: input_userauth_request: invalid user info [preauth]
Sep 28 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Failed password for root from 81.162.54.144 port 50000 ssh2
Sep 28 07:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Connection closed by 81.162.54.144 port 50000 [preauth]
Sep 28 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: Failed password for invalid user info from 198.23.174.113 port 40286 ssh2
Sep 28 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: Received disconnect from 198.23.174.113 port 40286:11: Bye Bye [preauth]
Sep 28 07:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: Disconnected from 198.23.174.113 port 40286 [preauth]
Sep 28 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Failed password for root from 81.162.54.144 port 56940 ssh2
Sep 28 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Connection closed by 81.162.54.144 port 56940 [preauth]
Sep 28 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3299]: Successful su for rubyman by root
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3299]: + ??? root:rubyman
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306862 of user rubyman.
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3299]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306862.
Sep 28 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Failed password for root from 81.162.54.144 port 56950 ssh2
Sep 28 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Connection closed by 81.162.54.144 port 56950 [preauth]
Sep 28 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session closed for user root
Sep 28 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Failed password for root from 81.162.54.144 port 55500 ssh2
Sep 28 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Connection closed by 81.162.54.144 port 55500 [preauth]
Sep 28 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: Invalid user vte from 46.101.170.54
Sep 28 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: input_userauth_request: invalid user vte [preauth]
Sep 28 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 07:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Failed password for root from 81.162.54.144 port 55502 ssh2
Sep 28 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: Failed password for invalid user vte from 46.101.170.54 port 49982 ssh2
Sep 28 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Connection closed by 81.162.54.144 port 55502 [preauth]
Sep 28 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3488]: Connection closed by 46.101.170.54 port 49982 [preauth]
Sep 28 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Failed password for root from 81.162.54.144 port 55506 ssh2
Sep 28 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Connection closed by 81.162.54.144 port 55506 [preauth]
Sep 28 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Failed password for root from 81.162.54.144 port 41936 ssh2
Sep 28 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Connection closed by 81.162.54.144 port 41936 [preauth]
Sep 28 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Failed password for root from 81.162.54.144 port 41952 ssh2
Sep 28 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Connection closed by 81.162.54.144 port 41952 [preauth]
Sep 28 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Failed password for root from 81.162.54.144 port 50628 ssh2
Sep 28 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Connection closed by 81.162.54.144 port 50628 [preauth]
Sep 28 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Failed password for root from 81.162.54.144 port 50632 ssh2
Sep 28 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3579]: Connection closed by 81.162.54.144 port 50632 [preauth]
Sep 28 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session closed for user root
Sep 28 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: Failed password for root from 81.162.54.144 port 50634 ssh2
Sep 28 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3589]: Connection closed by 81.162.54.144 port 50634 [preauth]
Sep 28 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Failed password for root from 81.162.54.144 port 56526 ssh2
Sep 28 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Connection closed by 81.162.54.144 port 56526 [preauth]
Sep 28 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Invalid user  from 8.129.232.65
Sep 28 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: input_userauth_request: invalid user  [preauth]
Sep 28 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Failed password for root from 81.162.54.144 port 56534 ssh2
Sep 28 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Connection closed by 8.129.232.65 port 57942 [preauth]
Sep 28 07:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Connection closed by 81.162.54.144 port 56534 [preauth]
Sep 28 07:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for root from 81.162.54.144 port 46880 ssh2
Sep 28 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Connection closed by 81.162.54.144 port 46880 [preauth]
Sep 28 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Failed password for root from 81.162.54.144 port 46884 ssh2
Sep 28 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Connection closed by 81.162.54.144 port 46884 [preauth]
Sep 28 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Failed password for root from 81.162.54.144 port 46324 ssh2
Sep 28 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Connection closed by 81.162.54.144 port 46324 [preauth]
Sep 28 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session closed for user root
Sep 28 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3685]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: Successful su for rubyman by root
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: + ??? root:rubyman
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306868 of user rubyman.
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306868.
Sep 28 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session closed for user root
Sep 28 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Failed password for root from 81.162.54.144 port 46338 ssh2
Sep 28 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Connection closed by 81.162.54.144 port 46338 [preauth]
Sep 28 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user root
Sep 28 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3686]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Failed password for root from 81.162.54.144 port 55788 ssh2
Sep 28 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Connection closed by 81.162.54.144 port 55788 [preauth]
Sep 28 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: Failed password for root from 81.162.54.144 port 55804 ssh2
Sep 28 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: Connection closed by 81.162.54.144 port 55804 [preauth]
Sep 28 07:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 81.162.54.144 port 60210 ssh2
Sep 28 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Connection closed by 81.162.54.144 port 60210 [preauth]
Sep 28 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Failed password for root from 81.162.54.144 port 60212 ssh2
Sep 28 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Connection closed by 81.162.54.144 port 60212 [preauth]
Sep 28 07:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Failed password for root from 81.162.54.144 port 56456 ssh2
Sep 28 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Connection closed by 81.162.54.144 port 56456 [preauth]
Sep 28 07:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Failed password for root from 81.162.54.144 port 56462 ssh2
Sep 28 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Connection closed by 81.162.54.144 port 56462 [preauth]
Sep 28 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2775]: pam_unix(cron:session): session closed for user root
Sep 28 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Failed password for root from 81.162.54.144 port 56470 ssh2
Sep 28 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Connection closed by 81.162.54.144 port 56470 [preauth]
Sep 28 07:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4114]: Failed password for root from 81.162.54.144 port 42704 ssh2
Sep 28 07:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4114]: Connection closed by 81.162.54.144 port 42704 [preauth]
Sep 28 07:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Failed password for root from 81.162.54.144 port 42712 ssh2
Sep 28 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Connection closed by 81.162.54.144 port 42712 [preauth]
Sep 28 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Failed password for root from 81.162.54.144 port 36570 ssh2
Sep 28 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Connection closed by 81.162.54.144 port 36570 [preauth]
Sep 28 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Failed password for root from 81.162.54.144 port 36582 ssh2
Sep 28 07:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Connection closed by 81.162.54.144 port 36582 [preauth]
Sep 28 07:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Failed password for root from 81.162.54.144 port 60090 ssh2
Sep 28 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Connection closed by 81.162.54.144 port 60090 [preauth]
Sep 28 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: Successful su for rubyman by root
Sep 28 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: + ??? root:rubyman
Sep 28 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306871 of user rubyman.
Sep 28 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306871.
Sep 28 07:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: Failed password for root from 81.162.54.144 port 60092 ssh2
Sep 28 07:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4200]: Connection closed by 81.162.54.144 port 60092 [preauth]
Sep 28 07:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Failed password for root from 81.162.54.144 port 53710 ssh2
Sep 28 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Connection closed by 81.162.54.144 port 53710 [preauth]
Sep 28 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session closed for user root
Sep 28 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Failed password for root from 81.162.54.144 port 53712 ssh2
Sep 28 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Connection closed by 81.162.54.144 port 53712 [preauth]
Sep 28 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Invalid user tpaterni from 198.23.174.113
Sep 28 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: input_userauth_request: invalid user tpaterni [preauth]
Sep 28 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Failed password for invalid user tpaterni from 198.23.174.113 port 40390 ssh2
Sep 28 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Received disconnect from 198.23.174.113 port 40390:11: Bye Bye [preauth]
Sep 28 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Disconnected from 198.23.174.113 port 40390 [preauth]
Sep 28 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: Failed password for root from 81.162.54.144 port 53724 ssh2
Sep 28 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: Connection closed by 81.162.54.144 port 53724 [preauth]
Sep 28 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Failed password for root from 81.162.54.144 port 40148 ssh2
Sep 28 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Connection closed by 81.162.54.144 port 40148 [preauth]
Sep 28 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Failed password for root from 81.162.54.144 port 40156 ssh2
Sep 28 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Connection closed by 81.162.54.144 port 40156 [preauth]
Sep 28 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Failed password for root from 81.162.54.144 port 60244 ssh2
Sep 28 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Connection closed by 81.162.54.144 port 60244 [preauth]
Sep 28 07:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4556]: Failed password for root from 81.162.54.144 port 60260 ssh2
Sep 28 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4556]: Connection closed by 81.162.54.144 port 60260 [preauth]
Sep 28 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session closed for user root
Sep 28 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Failed password for root from 81.162.54.144 port 60272 ssh2
Sep 28 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Connection closed by 81.162.54.144 port 60272 [preauth]
Sep 28 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Failed password for root from 81.162.54.144 port 44280 ssh2
Sep 28 07:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4595]: Connection closed by 81.162.54.144 port 44280 [preauth]
Sep 28 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Failed password for root from 81.162.54.144 port 44290 ssh2
Sep 28 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Connection closed by 81.162.54.144 port 44290 [preauth]
Sep 28 07:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Failed password for root from 81.162.54.144 port 42906 ssh2
Sep 28 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Connection closed by 81.162.54.144 port 42906 [preauth]
Sep 28 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Failed password for root from 81.162.54.144 port 42912 ssh2
Sep 28 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Connection closed by 81.162.54.144 port 42912 [preauth]
Sep 28 07:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Failed password for root from 81.162.54.144 port 42920 ssh2
Sep 28 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Connection closed by 81.162.54.144 port 42920 [preauth]
Sep 28 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Failed password for root from 81.162.54.144 port 50240 ssh2
Sep 28 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: Successful su for rubyman by root
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: + ??? root:rubyman
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306876 of user rubyman.
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4746]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306876.
Sep 28 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Connection closed by 81.162.54.144 port 50240 [preauth]
Sep 28 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user root
Sep 28 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Failed password for root from 81.162.54.144 port 57982 ssh2
Sep 28 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Connection closed by 81.162.54.144 port 57982 [preauth]
Sep 28 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Failed password for root from 81.162.54.144 port 57994 ssh2
Sep 28 07:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4948]: Connection closed by 81.162.54.144 port 57994 [preauth]
Sep 28 07:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: Failed password for root from 81.162.54.144 port 59902 ssh2
Sep 28 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4962]: Connection closed by 81.162.54.144 port 59902 [preauth]
Sep 28 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Failed password for root from 81.162.54.144 port 59906 ssh2
Sep 28 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Connection closed by 81.162.54.144 port 59906 [preauth]
Sep 28 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Invalid user azureuser from 103.153.190.105
Sep 28 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: input_userauth_request: invalid user azureuser [preauth]
Sep 28 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Failed password for invalid user azureuser from 103.153.190.105 port 41930 ssh2
Sep 28 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Failed password for root from 81.162.54.144 port 59908 ssh2
Sep 28 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Connection closed by 81.162.54.144 port 59908 [preauth]
Sep 28 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Received disconnect from 103.153.190.105 port 41930:11: Bye Bye [preauth]
Sep 28 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4992]: Disconnected from 103.153.190.105 port 41930 [preauth]
Sep 28 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for root from 81.162.54.144 port 37040 ssh2
Sep 28 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Connection closed by 81.162.54.144 port 37040 [preauth]
Sep 28 07:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5037]: Failed password for root from 81.162.54.144 port 37050 ssh2
Sep 28 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5037]: Connection closed by 81.162.54.144 port 37050 [preauth]
Sep 28 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session closed for user root
Sep 28 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for root from 81.162.54.144 port 37052 ssh2
Sep 28 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 81.162.54.144 port 37052 [preauth]
Sep 28 07:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Failed password for root from 81.162.54.144 port 60050 ssh2
Sep 28 07:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Connection closed by 81.162.54.144 port 60050 [preauth]
Sep 28 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Failed password for root from 81.162.54.144 port 60060 ssh2
Sep 28 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5093]: Connection closed by 81.162.54.144 port 60060 [preauth]
Sep 28 07:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5122]: Failed password for root from 81.162.54.144 port 46498 ssh2
Sep 28 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5122]: Connection closed by 81.162.54.144 port 46498 [preauth]
Sep 28 07:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Failed password for root from 81.162.54.144 port 46508 ssh2
Sep 28 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5133]: Connection closed by 81.162.54.144 port 46508 [preauth]
Sep 28 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for root from 81.162.54.144 port 44804 ssh2
Sep 28 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Connection closed by 81.162.54.144 port 44804 [preauth]
Sep 28 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: Failed password for root from 81.162.54.144 port 44820 ssh2
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5159]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5156]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: Connection closed by 81.162.54.144 port 44820 [preauth]
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5225]: Successful su for rubyman by root
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5225]: + ??? root:rubyman
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306881 of user rubyman.
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5225]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306881.
Sep 28 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: Failed password for root from 81.162.54.144 port 44824 ssh2
Sep 28 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5223]: Connection closed by 81.162.54.144 port 44824 [preauth]
Sep 28 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session closed for user root
Sep 28 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5158]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Failed password for root from 81.162.54.144 port 44964 ssh2
Sep 28 07:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5483]: Connection closed by 81.162.54.144 port 44964 [preauth]
Sep 28 07:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Failed password for root from 81.162.54.144 port 44974 ssh2
Sep 28 07:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Connection closed by 81.162.54.144 port 44974 [preauth]
Sep 28 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Failed password for root from 81.162.54.144 port 43860 ssh2
Sep 28 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Connection closed by 81.162.54.144 port 43860 [preauth]
Sep 28 07:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: Invalid user arkserver from 198.23.174.113
Sep 28 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: Failed password for invalid user arkserver from 198.23.174.113 port 40488 ssh2
Sep 28 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: Received disconnect from 198.23.174.113 port 40488:11: Bye Bye [preauth]
Sep 28 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5547]: Disconnected from 198.23.174.113 port 40488 [preauth]
Sep 28 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Failed password for root from 81.162.54.144 port 43872 ssh2
Sep 28 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Connection closed by 81.162.54.144 port 43872 [preauth]
Sep 28 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Failed password for root from 81.162.54.144 port 58382 ssh2
Sep 28 07:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Connection closed by 81.162.54.144 port 58382 [preauth]
Sep 28 07:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Failed password for root from 81.162.54.144 port 58394 ssh2
Sep 28 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Connection closed by 81.162.54.144 port 58394 [preauth]
Sep 28 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user root
Sep 28 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: Failed password for root from 81.162.54.144 port 54950 ssh2
Sep 28 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5620]: Connection closed by 81.162.54.144 port 54950 [preauth]
Sep 28 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: Failed password for root from 81.162.54.144 port 54966 ssh2
Sep 28 07:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: Connection closed by 81.162.54.144 port 54966 [preauth]
Sep 28 07:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Failed password for root from 81.162.54.144 port 54968 ssh2
Sep 28 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Connection closed by 81.162.54.144 port 54968 [preauth]
Sep 28 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Failed password for root from 81.162.54.144 port 38536 ssh2
Sep 28 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Connection closed by 81.162.54.144 port 38536 [preauth]
Sep 28 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Failed password for root from 81.162.54.144 port 38546 ssh2
Sep 28 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Connection closed by 81.162.54.144 port 38546 [preauth]
Sep 28 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Failed password for root from 81.162.54.144 port 40600 ssh2
Sep 28 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Connection closed by 81.162.54.144 port 40600 [preauth]
Sep 28 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Failed password for root from 81.162.54.144 port 40604 ssh2
Sep 28 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Connection closed by 81.162.54.144 port 40604 [preauth]
Sep 28 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5717]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5714]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: Successful su for rubyman by root
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: + ??? root:rubyman
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306886 of user rubyman.
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306886.
Sep 28 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session closed for user root
Sep 28 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session closed for user root
Sep 28 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Failed password for root from 81.162.54.144 port 40612 ssh2
Sep 28 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Connection closed by 81.162.54.144 port 40612 [preauth]
Sep 28 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5715]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: Failed password for root from 81.162.54.144 port 46974 ssh2
Sep 28 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6064]: Connection closed by 81.162.54.144 port 46974 [preauth]
Sep 28 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed password for root from 81.162.54.144 port 46984 ssh2
Sep 28 07:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Connection closed by 81.162.54.144 port 46984 [preauth]
Sep 28 07:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for root from 81.162.54.144 port 44550 ssh2
Sep 28 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Connection closed by 81.162.54.144 port 44550 [preauth]
Sep 28 07:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Failed password for root from 81.162.54.144 port 57972 ssh2
Sep 28 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Connection closed by 81.162.54.144 port 57972 [preauth]
Sep 28 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for root from 81.162.54.144 port 57980 ssh2
Sep 28 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 81.162.54.144 port 57980 [preauth]
Sep 28 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session closed for user root
Sep 28 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Failed password for root from 81.162.54.144 port 57996 ssh2
Sep 28 07:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6172]: Connection closed by 81.162.54.144 port 57996 [preauth]
Sep 28 07:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for root from 81.162.54.144 port 36344 ssh2
Sep 28 07:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Connection closed by 81.162.54.144 port 36344 [preauth]
Sep 28 07:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Invalid user abc from 190.103.202.7
Sep 28 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: input_userauth_request: invalid user abc [preauth]
Sep 28 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 07:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for root from 81.162.54.144 port 36350 ssh2
Sep 28 07:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Connection closed by 81.162.54.144 port 36350 [preauth]
Sep 28 07:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Failed password for invalid user abc from 190.103.202.7 port 56220 ssh2
Sep 28 07:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Connection closed by 190.103.202.7 port 56220 [preauth]
Sep 28 07:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6230]: Failed password for root from 81.162.54.144 port 47936 ssh2
Sep 28 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6230]: Connection closed by 81.162.54.144 port 47936 [preauth]
Sep 28 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Failed password for root from 81.162.54.144 port 47948 ssh2
Sep 28 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Connection closed by 81.162.54.144 port 47948 [preauth]
Sep 28 07:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Failed password for root from 81.162.54.144 port 47950 ssh2
Sep 28 07:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Connection closed by 81.162.54.144 port 47950 [preauth]
Sep 28 07:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Failed password for root from 81.162.54.144 port 45632 ssh2
Sep 28 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Connection closed by 81.162.54.144 port 45632 [preauth]
Sep 28 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session closed for user root
Sep 28 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6285]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6359]: Successful su for rubyman by root
Sep 28 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6359]: + ??? root:rubyman
Sep 28 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306890 of user rubyman.
Sep 28 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6359]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306890.
Sep 28 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Failed password for root from 81.162.54.144 port 45646 ssh2
Sep 28 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Connection closed by 81.162.54.144 port 45646 [preauth]
Sep 28 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session closed for user root
Sep 28 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6287]: pam_unix(cron:session): session closed for user root
Sep 28 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Failed password for root from 81.162.54.144 port 55388 ssh2
Sep 28 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Connection closed by 81.162.54.144 port 55388 [preauth]
Sep 28 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6286]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: Failed password for root from 81.162.54.144 port 55394 ssh2
Sep 28 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: Connection closed by 81.162.54.144 port 55394 [preauth]
Sep 28 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Failed password for root from 81.162.54.144 port 55408 ssh2
Sep 28 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Connection closed by 81.162.54.144 port 55408 [preauth]
Sep 28 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Failed password for root from 81.162.54.144 port 47658 ssh2
Sep 28 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6731]: Connection closed by 81.162.54.144 port 47658 [preauth]
Sep 28 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Failed password for root from 81.162.54.144 port 47672 ssh2
Sep 28 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Connection closed by 81.162.54.144 port 47672 [preauth]
Sep 28 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for root from 81.162.54.144 port 33022 ssh2
Sep 28 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Connection closed by 81.162.54.144 port 33022 [preauth]
Sep 28 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Failed password for root from 198.23.174.113 port 40592 ssh2
Sep 28 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Received disconnect from 198.23.174.113 port 40592:11: Bye Bye [preauth]
Sep 28 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Disconnected from 198.23.174.113 port 40592 [preauth]
Sep 28 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5160]: pam_unix(cron:session): session closed for user root
Sep 28 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Failed password for root from 81.162.54.144 port 33030 ssh2
Sep 28 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Connection closed by 81.162.54.144 port 33030 [preauth]
Sep 28 07:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Failed password for root from 81.162.54.144 port 58094 ssh2
Sep 28 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Connection closed by 81.162.54.144 port 58094 [preauth]
Sep 28 07:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Failed password for root from 81.162.54.144 port 58102 ssh2
Sep 28 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Connection closed by 81.162.54.144 port 58102 [preauth]
Sep 28 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for root from 81.162.54.144 port 58944 ssh2
Sep 28 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Connection closed by 81.162.54.144 port 58944 [preauth]
Sep 28 07:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: Failed password for root from 81.162.54.144 port 58950 ssh2
Sep 28 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: Connection closed by 81.162.54.144 port 58950 [preauth]
Sep 28 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Failed password for root from 81.162.54.144 port 37806 ssh2
Sep 28 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Connection closed by 81.162.54.144 port 37806 [preauth]
Sep 28 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for root from 81.162.54.144 port 37822 ssh2
Sep 28 07:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Connection closed by 81.162.54.144 port 37822 [preauth]
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6889]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6964]: Successful su for rubyman by root
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6964]: + ??? root:rubyman
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306896 of user rubyman.
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6964]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306896.
Sep 28 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: Failed password for root from 81.162.54.144 port 37830 ssh2
Sep 28 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: Connection closed by 81.162.54.144 port 37830 [preauth]
Sep 28 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3688]: pam_unix(cron:session): session closed for user root
Sep 28 07:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6893]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Failed password for root from 81.162.54.144 port 47974 ssh2
Sep 28 07:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Connection closed by 81.162.54.144 port 47974 [preauth]
Sep 28 07:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Failed password for root from 81.162.54.144 port 47990 ssh2
Sep 28 07:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7269]: Connection closed by 81.162.54.144 port 47990 [preauth]
Sep 28 07:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Failed password for root from 81.162.54.144 port 60970 ssh2
Sep 28 07:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Connection closed by 81.162.54.144 port 60970 [preauth]
Sep 28 07:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Invalid user test from 103.153.190.105
Sep 28 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: input_userauth_request: invalid user test [preauth]
Sep 28 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Failed password for root from 81.162.54.144 port 60986 ssh2
Sep 28 07:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Connection closed by 81.162.54.144 port 60986 [preauth]
Sep 28 07:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Failed password for invalid user test from 103.153.190.105 port 41439 ssh2
Sep 28 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Received disconnect from 103.153.190.105 port 41439:11: Bye Bye [preauth]
Sep 28 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Disconnected from 103.153.190.105 port 41439 [preauth]
Sep 28 07:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for root from 81.162.54.144 port 40632 ssh2
Sep 28 07:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Connection closed by 81.162.54.144 port 40632 [preauth]
Sep 28 07:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Failed password for root from 81.162.54.144 port 40646 ssh2
Sep 28 07:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Connection closed by 81.162.54.144 port 40646 [preauth]
Sep 28 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5717]: pam_unix(cron:session): session closed for user root
Sep 28 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for root from 81.162.54.144 port 40664 ssh2
Sep 28 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 81.162.54.144 port 40664 [preauth]
Sep 28 07:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for root from 81.162.54.144 port 36792 ssh2
Sep 28 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Connection closed by 81.162.54.144 port 36792 [preauth]
Sep 28 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Failed password for root from 81.162.54.144 port 36800 ssh2
Sep 28 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Connection closed by 81.162.54.144 port 36800 [preauth]
Sep 28 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Failed password for root from 81.162.54.144 port 56076 ssh2
Sep 28 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Connection closed by 81.162.54.144 port 56076 [preauth]
Sep 28 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Failed password for root from 81.162.54.144 port 56080 ssh2
Sep 28 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Connection closed by 81.162.54.144 port 56080 [preauth]
Sep 28 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Failed password for root from 81.162.54.144 port 51248 ssh2
Sep 28 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Connection closed by 81.162.54.144 port 51248 [preauth]
Sep 28 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Failed password for root from 81.162.54.144 port 51264 ssh2
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: Successful su for rubyman by root
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: + ??? root:rubyman
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306901 of user rubyman.
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306901.
Sep 28 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Connection closed by 81.162.54.144 port 51264 [preauth]
Sep 28 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user root
Sep 28 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Failed password for root from 81.162.54.144 port 59380 ssh2
Sep 28 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Connection closed by 81.162.54.144 port 59380 [preauth]
Sep 28 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7725]: Failed password for root from 81.162.54.144 port 59392 ssh2
Sep 28 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7725]: Connection closed by 81.162.54.144 port 59392 [preauth]
Sep 28 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Failed password for root from 81.162.54.144 port 59396 ssh2
Sep 28 07:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Connection closed by 81.162.54.144 port 59396 [preauth]
Sep 28 07:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Failed password for root from 81.162.54.144 port 51510 ssh2
Sep 28 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7775]: Connection closed by 81.162.54.144 port 51510 [preauth]
Sep 28 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: Failed password for root from 81.162.54.144 port 51520 ssh2
Sep 28 07:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7790]: Connection closed by 81.162.54.144 port 51520 [preauth]
Sep 28 07:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Failed password for root from 81.162.54.144 port 51534 ssh2
Sep 28 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Connection closed by 81.162.54.144 port 51534 [preauth]
Sep 28 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Failed password for root from 81.162.54.144 port 35554 ssh2
Sep 28 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Connection closed by 81.162.54.144 port 35554 [preauth]
Sep 28 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Failed password for root from 81.162.54.144 port 35568 ssh2
Sep 28 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Connection closed by 81.162.54.144 port 35568 [preauth]
Sep 28 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Invalid user kernel from 198.23.174.113
Sep 28 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: input_userauth_request: invalid user kernel [preauth]
Sep 28 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6289]: pam_unix(cron:session): session closed for user root
Sep 28 07:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for invalid user kernel from 198.23.174.113 port 40698 ssh2
Sep 28 07:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Received disconnect from 198.23.174.113 port 40698:11: Bye Bye [preauth]
Sep 28 07:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Disconnected from 198.23.174.113 port 40698 [preauth]
Sep 28 07:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Failed password for root from 81.162.54.144 port 36208 ssh2
Sep 28 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Connection closed by 81.162.54.144 port 36208 [preauth]
Sep 28 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: Failed password for root from 81.162.54.144 port 36214 ssh2
Sep 28 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: Connection closed by 81.162.54.144 port 36214 [preauth]
Sep 28 07:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Failed password for root from 81.162.54.144 port 51468 ssh2
Sep 28 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7921]: Connection closed by 81.162.54.144 port 51468 [preauth]
Sep 28 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: Failed password for root from 81.162.54.144 port 51484 ssh2
Sep 28 07:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: Connection closed by 81.162.54.144 port 51484 [preauth]
Sep 28 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Failed password for root from 81.162.54.144 port 45554 ssh2
Sep 28 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7946]: Connection closed by 81.162.54.144 port 45554 [preauth]
Sep 28 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Failed password for root from 81.162.54.144 port 45568 ssh2
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Connection closed by 81.162.54.144 port 45568 [preauth]
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7965]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7964]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7962]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: Successful su for rubyman by root
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: + ??? root:rubyman
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306904 of user rubyman.
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306904.
Sep 28 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Failed password for root from 81.162.54.144 port 45570 ssh2
Sep 28 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Connection closed by 81.162.54.144 port 45570 [preauth]
Sep 28 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session closed for user root
Sep 28 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7963]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Failed password for root from 81.162.54.144 port 38500 ssh2
Sep 28 07:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8247]: Connection closed by 81.162.54.144 port 38500 [preauth]
Sep 28 07:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Failed password for root from 81.162.54.144 port 38502 ssh2
Sep 28 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Connection closed by 81.162.54.144 port 38502 [preauth]
Sep 28 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.253.20  user=root
Sep 28 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: Failed password for root from 81.162.54.144 port 57244 ssh2
Sep 28 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Failed password for root from 14.103.253.20 port 39966 ssh2
Sep 28 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8293]: Connection closed by 81.162.54.144 port 57244 [preauth]
Sep 28 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Received disconnect from 14.103.253.20 port 39966:11: Bye Bye [preauth]
Sep 28 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Disconnected from 14.103.253.20 port 39966 [preauth]
Sep 28 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: Failed password for root from 81.162.54.144 port 57254 ssh2
Sep 28 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8317]: Connection closed by 81.162.54.144 port 57254 [preauth]
Sep 28 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Failed password for root from 81.162.54.144 port 57264 ssh2
Sep 28 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Connection closed by 81.162.54.144 port 57264 [preauth]
Sep 28 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Failed password for root from 81.162.54.144 port 40684 ssh2
Sep 28 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Connection closed by 81.162.54.144 port 40684 [preauth]
Sep 28 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Failed password for root from 81.162.54.144 port 40692 ssh2
Sep 28 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Connection closed by 81.162.54.144 port 40692 [preauth]
Sep 28 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session closed for user root
Sep 28 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Failed password for root from 81.162.54.144 port 38530 ssh2
Sep 28 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Connection closed by 81.162.54.144 port 38530 [preauth]
Sep 28 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Failed password for root from 81.162.54.144 port 38540 ssh2
Sep 28 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Connection closed by 81.162.54.144 port 38540 [preauth]
Sep 28 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 81.162.54.144 port 38548 ssh2
Sep 28 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Connection closed by 81.162.54.144 port 38548 [preauth]
Sep 28 07:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Failed password for root from 81.162.54.144 port 60118 ssh2
Sep 28 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Connection closed by 81.162.54.144 port 60118 [preauth]
Sep 28 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Failed password for root from 81.162.54.144 port 57678 ssh2
Sep 28 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Connection closed by 81.162.54.144 port 57678 [preauth]
Sep 28 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8553]: Successful su for rubyman by root
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8553]: + ??? root:rubyman
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: Failed password for root from 81.162.54.144 port 57688 ssh2
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306906 of user rubyman.
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8553]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306906.
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: Connection closed by 81.162.54.144 port 57688 [preauth]
Sep 28 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5159]: pam_unix(cron:session): session closed for user root
Sep 28 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Failed password for root from 81.162.54.144 port 55016 ssh2
Sep 28 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Connection closed by 81.162.54.144 port 55016 [preauth]
Sep 28 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Failed password for root from 81.162.54.144 port 55024 ssh2
Sep 28 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Connection closed by 81.162.54.144 port 55024 [preauth]
Sep 28 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Invalid user user from 62.60.131.157
Sep 28 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: input_userauth_request: invalid user user [preauth]
Sep 28 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for invalid user user from 62.60.131.157 port 52564 ssh2
Sep 28 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Failed password for root from 81.162.54.144 port 55028 ssh2
Sep 28 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Connection closed by 81.162.54.144 port 55028 [preauth]
Sep 28 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for invalid user user from 62.60.131.157 port 52564 ssh2
Sep 28 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for invalid user user from 62.60.131.157 port 52564 ssh2
Sep 28 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: Failed password for root from 81.162.54.144 port 58986 ssh2
Sep 28 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: Connection closed by 81.162.54.144 port 58986 [preauth]
Sep 28 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for invalid user user from 62.60.131.157 port 52564 ssh2
Sep 28 07:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Failed password for root from 81.162.54.144 port 58990 ssh2
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for invalid user user from 62.60.131.157 port 52564 ssh2
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Received disconnect from 62.60.131.157 port 52564:11: Bye [preauth]
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Disconnected from 62.60.131.157 port 52564 [preauth]
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Connection closed by 81.162.54.144 port 58990 [preauth]
Sep 28 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: Failed password for root from 81.162.54.144 port 58996 ssh2
Sep 28 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8935]: Connection closed by 81.162.54.144 port 58996 [preauth]
Sep 28 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for root from 81.162.54.144 port 50414 ssh2
Sep 28 07:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Connection closed by 81.162.54.144 port 50414 [preauth]
Sep 28 07:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8960]: Failed password for root from 81.162.54.144 port 50418 ssh2
Sep 28 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8960]: Connection closed by 81.162.54.144 port 50418 [preauth]
Sep 28 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session closed for user root
Sep 28 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Failed password for root from 81.162.54.144 port 52178 ssh2
Sep 28 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8995]: Connection closed by 81.162.54.144 port 52178 [preauth]
Sep 28 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: Failed password for root from 81.162.54.144 port 52182 ssh2
Sep 28 07:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: Connection closed by 81.162.54.144 port 52182 [preauth]
Sep 28 07:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Failed password for root from 81.162.54.144 port 52190 ssh2
Sep 28 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Connection closed by 81.162.54.144 port 52190 [preauth]
Sep 28 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: Failed password for root from 198.23.174.113 port 40798 ssh2
Sep 28 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: Received disconnect from 198.23.174.113 port 40798:11: Bye Bye [preauth]
Sep 28 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9015]: Disconnected from 198.23.174.113 port 40798 [preauth]
Sep 28 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Failed password for root from 81.162.54.144 port 38206 ssh2
Sep 28 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9044]: Connection closed by 81.162.54.144 port 38206 [preauth]
Sep 28 07:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for root from 81.162.54.144 port 38212 ssh2
Sep 28 07:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Connection closed by 81.162.54.144 port 38212 [preauth]
Sep 28 07:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session closed for user root
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9253]: Successful su for rubyman by root
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9253]: + ??? root:rubyman
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306913 of user rubyman.
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9253]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306913.
Sep 28 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: Failed password for root from 81.162.54.144 port 47318 ssh2
Sep 28 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: Connection closed by 81.162.54.144 port 47318 [preauth]
Sep 28 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session closed for user root
Sep 28 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5716]: pam_unix(cron:session): session closed for user root
Sep 28 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: Failed password for root from 81.162.54.144 port 44054 ssh2
Sep 28 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: Connection closed by 81.162.54.144 port 44054 [preauth]
Sep 28 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Invalid user pasha from 222.124.17.227
Sep 28 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: input_userauth_request: invalid user pasha [preauth]
Sep 28 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Failed password for invalid user pasha from 222.124.17.227 port 47162 ssh2
Sep 28 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Received disconnect from 222.124.17.227 port 47162:11: Bye Bye [preauth]
Sep 28 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9482]: Disconnected from 222.124.17.227 port 47162 [preauth]
Sep 28 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Failed password for root from 81.162.54.144 port 44066 ssh2
Sep 28 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Connection closed by 81.162.54.144 port 44066 [preauth]
Sep 28 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Failed password for root from 103.153.190.105 port 35348 ssh2
Sep 28 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Received disconnect from 103.153.190.105 port 35348:11: Bye Bye [preauth]
Sep 28 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Disconnected from 103.153.190.105 port 35348 [preauth]
Sep 28 07:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9515]: Failed password for root from 81.162.54.144 port 44080 ssh2
Sep 28 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9515]: Connection closed by 81.162.54.144 port 44080 [preauth]
Sep 28 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9542]: Failed password for root from 81.162.54.144 port 52044 ssh2
Sep 28 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9542]: Connection closed by 81.162.54.144 port 52044 [preauth]
Sep 28 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: Failed password for root from 81.162.54.144 port 52056 ssh2
Sep 28 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: Connection closed by 81.162.54.144 port 52056 [preauth]
Sep 28 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Failed password for root from 81.162.54.144 port 33660 ssh2
Sep 28 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Connection closed by 81.162.54.144 port 33660 [preauth]
Sep 28 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Failed password for root from 81.162.54.144 port 33672 ssh2
Sep 28 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Connection closed by 81.162.54.144 port 33672 [preauth]
Sep 28 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7965]: pam_unix(cron:session): session closed for user root
Sep 28 07:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Failed password for root from 81.162.54.144 port 38518 ssh2
Sep 28 07:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Connection closed by 81.162.54.144 port 38518 [preauth]
Sep 28 07:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Failed password for root from 81.162.54.144 port 38522 ssh2
Sep 28 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Connection closed by 81.162.54.144 port 38522 [preauth]
Sep 28 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Failed password for root from 81.162.54.144 port 46964 ssh2
Sep 28 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Connection closed by 81.162.54.144 port 46964 [preauth]
Sep 28 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Failed password for root from 81.162.54.144 port 46978 ssh2
Sep 28 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Connection closed by 81.162.54.144 port 46978 [preauth]
Sep 28 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: Invalid user test from 222.73.56.10
Sep 28 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: input_userauth_request: invalid user test [preauth]
Sep 28 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.56.10
Sep 28 07:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Failed password for root from 81.162.54.144 port 47008 ssh2
Sep 28 07:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Connection closed by 81.162.54.144 port 47008 [preauth]
Sep 28 07:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: Failed password for invalid user test from 222.73.56.10 port 51118 ssh2
Sep 28 07:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: Failed password for root from 81.162.54.144 port 36304 ssh2
Sep 28 07:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: Successful su for rubyman by root
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: + ??? root:rubyman
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306917 of user rubyman.
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306917.
Sep 28 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: Connection closed by 81.162.54.144 port 36304 [preauth]
Sep 28 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Failed password for root from 81.162.54.144 port 36312 ssh2
Sep 28 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Connection closed by 81.162.54.144 port 36312 [preauth]
Sep 28 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session closed for user root
Sep 28 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.162.54.144  user=root
Sep 28 07:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Failed password for root from 81.162.54.144 port 40468 ssh2
Sep 28 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Connection closed by 81.162.54.144 port 40468 [preauth]
Sep 28 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Invalid user esroot from 8.129.232.65
Sep 28 07:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: input_userauth_request: invalid user esroot [preauth]
Sep 28 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.129.232.65
Sep 28 07:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Invalid user gitlab from 8.129.232.65
Sep 28 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Failed password for invalid user esroot from 8.129.232.65 port 36900 ssh2
Sep 28 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.129.232.65
Sep 28 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Connection closed by 8.129.232.65 port 36900 [preauth]
Sep 28 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Failed password for invalid user gitlab from 8.129.232.65 port 49014 ssh2
Sep 28 07:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Connection closed by 8.129.232.65 port 49014 [preauth]
Sep 28 07:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user root
Sep 28 07:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Invalid user user from 8.129.232.65
Sep 28 07:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: input_userauth_request: invalid user user [preauth]
Sep 28 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.129.232.65
Sep 28 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Failed password for invalid user user from 8.129.232.65 port 34628 ssh2
Sep 28 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Connection closed by 8.129.232.65 port 34628 [preauth]
Sep 28 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Invalid user apache from 8.129.232.65
Sep 28 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: input_userauth_request: invalid user apache [preauth]
Sep 28 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.129.232.65
Sep 28 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Failed password for invalid user apache from 8.129.232.65 port 49024 ssh2
Sep 28 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Connection closed by 8.129.232.65 port 49024 [preauth]
Sep 28 07:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Invalid user test from 222.124.17.227
Sep 28 07:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: input_userauth_request: invalid user test [preauth]
Sep 28 07:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Failed password for invalid user test from 222.124.17.227 port 46348 ssh2
Sep 28 07:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Received disconnect from 222.124.17.227 port 46348:11: Bye Bye [preauth]
Sep 28 07:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Disconnected from 222.124.17.227 port 46348 [preauth]
Sep 28 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Connection reset by 8.129.232.65 port 36890 [preauth]
Sep 28 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10278]: Connection reset by 8.129.232.65 port 57832 [preauth]
Sep 28 07:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Connection reset by 8.129.232.65 port 57818 [preauth]
Sep 28 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10256]: Connection closed by 8.129.232.65 port 34642 [preauth]
Sep 28 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Connection closed by 8.129.232.65 port 34620 [preauth]
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10333]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session closed for user root
Sep 28 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: Successful su for rubyman by root
Sep 28 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: + ??? root:rubyman
Sep 28 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306921 of user rubyman.
Sep 28 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306921.
Sep 28 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session closed for user root
Sep 28 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Connection closed by 8.129.232.65 port 48520 [preauth]
Sep 28 07:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Connection closed by 8.129.232.65 port 48522 [preauth]
Sep 28 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session closed for user root
Sep 28 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Invalid user user2 from 222.124.17.227
Sep 28 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: input_userauth_request: invalid user user2 [preauth]
Sep 28 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Failed password for invalid user user2 from 222.124.17.227 port 41932 ssh2
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: Successful su for rubyman by root
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: + ??? root:rubyman
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306925 of user rubyman.
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306925.
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Received disconnect from 222.124.17.227 port 41932:11: Bye Bye [preauth]
Sep 28 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10779]: Disconnected from 222.124.17.227 port 41932 [preauth]
Sep 28 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session closed for user root
Sep 28 07:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9833]: pam_unix(cron:session): session closed for user root
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11201]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11278]: Successful su for rubyman by root
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11278]: + ??? root:rubyman
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306930 of user rubyman.
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11278]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306930.
Sep 28 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Invalid user foundry from 198.23.174.113
Sep 28 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: input_userauth_request: invalid user foundry [preauth]
Sep 28 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7964]: pam_unix(cron:session): session closed for user root
Sep 28 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Failed password for invalid user foundry from 198.23.174.113 port 41004 ssh2
Sep 28 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Received disconnect from 198.23.174.113 port 41004:11: Bye Bye [preauth]
Sep 28 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Disconnected from 198.23.174.113 port 41004 [preauth]
Sep 28 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11202]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Invalid user oleg from 103.153.190.105
Sep 28 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: input_userauth_request: invalid user oleg [preauth]
Sep 28 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Failed password for invalid user oleg from 103.153.190.105 port 34449 ssh2
Sep 28 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Received disconnect from 103.153.190.105 port 34449:11: Bye Bye [preauth]
Sep 28 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Disconnected from 103.153.190.105 port 34449 [preauth]
Sep 28 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Invalid user manager from 222.124.17.227
Sep 28 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: input_userauth_request: invalid user manager [preauth]
Sep 28 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Failed password for invalid user manager from 222.124.17.227 port 37516 ssh2
Sep 28 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Received disconnect from 222.124.17.227 port 37516:11: Bye Bye [preauth]
Sep 28 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Disconnected from 222.124.17.227 port 37516 [preauth]
Sep 28 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.56.10  user=root
Sep 28 07:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: Failed password for root from 222.73.56.10 port 35000 ssh2
Sep 28 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10333]: pam_unix(cron:session): session closed for user root
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session closed for user root
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11650]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: Successful su for rubyman by root
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: + ??? root:rubyman
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306935 of user rubyman.
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11812]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306935.
Sep 28 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session closed for user root
Sep 28 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user root
Sep 28 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11651]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Failed password for root from 222.124.17.227 port 33090 ssh2
Sep 28 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Received disconnect from 222.124.17.227 port 33090:11: Bye Bye [preauth]
Sep 28 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Disconnected from 222.124.17.227 port 33090 [preauth]
Sep 28 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session closed for user root
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12278]: Successful su for rubyman by root
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12278]: + ??? root:rubyman
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306940 of user rubyman.
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12278]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306940.
Sep 28 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session closed for user root
Sep 28 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Invalid user ryan from 198.23.174.113
Sep 28 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: input_userauth_request: invalid user ryan [preauth]
Sep 28 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Failed password for invalid user ryan from 198.23.174.113 port 41108 ssh2
Sep 28 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Received disconnect from 198.23.174.113 port 41108:11: Bye Bye [preauth]
Sep 28 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: Disconnected from 198.23.174.113 port 41108 [preauth]
Sep 28 07:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Invalid user lrendon from 222.124.17.227
Sep 28 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: input_userauth_request: invalid user lrendon [preauth]
Sep 28 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user root
Sep 28 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Failed password for invalid user lrendon from 222.124.17.227 port 56910 ssh2
Sep 28 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Received disconnect from 222.124.17.227 port 56910:11: Bye Bye [preauth]
Sep 28 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Disconnected from 222.124.17.227 port 56910 [preauth]
Sep 28 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: Successful su for rubyman by root
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: + ??? root:rubyman
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306943 of user rubyman.
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12725]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306943.
Sep 28 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9832]: pam_unix(cron:session): session closed for user root
Sep 28 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12653]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session closed for user root
Sep 28 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Invalid user administrator from 222.124.17.227
Sep 28 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: input_userauth_request: invalid user administrator [preauth]
Sep 28 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Failed password for invalid user administrator from 222.124.17.227 port 52488 ssh2
Sep 28 07:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Received disconnect from 222.124.17.227 port 52488:11: Bye Bye [preauth]
Sep 28 07:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Disconnected from 222.124.17.227 port 52488 [preauth]
Sep 28 07:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: Failed password for root from 103.153.190.105 port 52361 ssh2
Sep 28 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: Received disconnect from 103.153.190.105 port 52361:11: Bye Bye [preauth]
Sep 28 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: Disconnected from 103.153.190.105 port 52361 [preauth]
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: Successful su for rubyman by root
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: + ??? root:rubyman
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306948 of user rubyman.
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306948.
Sep 28 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session closed for user root
Sep 28 07:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Invalid user wangxin from 198.23.174.113
Sep 28 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: input_userauth_request: invalid user wangxin [preauth]
Sep 28 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user wangxin from 198.23.174.113 port 41214 ssh2
Sep 28 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12198]: pam_unix(cron:session): session closed for user root
Sep 28 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Received disconnect from 198.23.174.113 port 41214:11: Bye Bye [preauth]
Sep 28 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Disconnected from 198.23.174.113 port 41214 [preauth]
Sep 28 07:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Invalid user developer from 222.124.17.227
Sep 28 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: input_userauth_request: invalid user developer [preauth]
Sep 28 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Failed password for invalid user developer from 222.124.17.227 port 48110 ssh2
Sep 28 07:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Received disconnect from 222.124.17.227 port 48110:11: Bye Bye [preauth]
Sep 28 07:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Disconnected from 222.124.17.227 port 48110 [preauth]
Sep 28 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: Successful su for rubyman by root
Sep 28 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: + ??? root:rubyman
Sep 28 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306951 of user rubyman.
Sep 28 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306951.
Sep 28 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session closed for user root
Sep 28 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session closed for user root
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user root
Sep 28 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: Successful su for rubyman by root
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: + ??? root:rubyman
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306958 of user rubyman.
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306958.
Sep 28 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Failed password for root from 222.124.17.227 port 43688 ssh2
Sep 28 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Received disconnect from 222.124.17.227 port 43688:11: Bye Bye [preauth]
Sep 28 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Disconnected from 222.124.17.227 port 43688 [preauth]
Sep 28 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session closed for user root
Sep 28 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session closed for user root
Sep 28 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13108]: pam_unix(cron:session): session closed for user root
Sep 28 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113  user=root
Sep 28 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Failed password for root from 198.23.174.113 port 41318 ssh2
Sep 28 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Received disconnect from 198.23.174.113 port 41318:11: Bye Bye [preauth]
Sep 28 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Disconnected from 198.23.174.113 port 41318 [preauth]
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14578]: Successful su for rubyman by root
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14578]: + ??? root:rubyman
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306963 of user rubyman.
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14578]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306963.
Sep 28 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
Sep 28 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14504]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Invalid user backend from 222.124.17.227
Sep 28 07:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: input_userauth_request: invalid user backend [preauth]
Sep 28 07:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Failed password for invalid user backend from 222.124.17.227 port 39268 ssh2
Sep 28 07:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Received disconnect from 222.124.17.227 port 39268:11: Bye Bye [preauth]
Sep 28 07:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Disconnected from 222.124.17.227 port 39268 [preauth]
Sep 28 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session closed for user root
Sep 28 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Invalid user kav from 103.153.190.105
Sep 28 07:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: input_userauth_request: invalid user kav [preauth]
Sep 28 07:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Failed password for invalid user kav from 103.153.190.105 port 47690 ssh2
Sep 28 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Received disconnect from 103.153.190.105 port 47690:11: Bye Bye [preauth]
Sep 28 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Disconnected from 103.153.190.105 port 47690 [preauth]
Sep 28 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14932]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14998]: Successful su for rubyman by root
Sep 28 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14998]: + ??? root:rubyman
Sep 28 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306966 of user rubyman.
Sep 28 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14998]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306966.
Sep 28 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session closed for user root
Sep 28 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14933]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: Failed password for root from 222.124.17.227 port 34850 ssh2
Sep 28 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: Received disconnect from 222.124.17.227 port 34850:11: Bye Bye [preauth]
Sep 28 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15221]: Disconnected from 222.124.17.227 port 34850 [preauth]
Sep 28 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session closed for user root
Sep 28 07:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: Invalid user newftpuser from 198.23.174.113
Sep 28 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: input_userauth_request: invalid user newftpuser [preauth]
Sep 28 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.23.174.113
Sep 28 07:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: Failed password for invalid user newftpuser from 198.23.174.113 port 41418 ssh2
Sep 28 07:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: Received disconnect from 198.23.174.113 port 41418:11: Bye Bye [preauth]
Sep 28 07:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15305]: Disconnected from 198.23.174.113 port 41418 [preauth]
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15428]: Successful su for rubyman by root
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15428]: + ??? root:rubyman
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306969 of user rubyman.
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15428]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306969.
Sep 28 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12654]: pam_unix(cron:session): session closed for user root
Sep 28 07:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session closed for user root
Sep 28 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Failed password for root from 222.124.17.227 port 58668 ssh2
Sep 28 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Received disconnect from 222.124.17.227 port 58668:11: Bye Bye [preauth]
Sep 28 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Disconnected from 222.124.17.227 port 58668 [preauth]
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: Successful su for rubyman by root
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: + ??? root:rubyman
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306974 of user rubyman.
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306974.
Sep 28 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13107]: pam_unix(cron:session): session closed for user root
Sep 28 07:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session closed for user root
Sep 28 07:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Invalid user blue from 222.124.17.227
Sep 28 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: input_userauth_request: invalid user blue [preauth]
Sep 28 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Failed password for invalid user blue from 222.124.17.227 port 54258 ssh2
Sep 28 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Received disconnect from 222.124.17.227 port 54258:11: Bye Bye [preauth]
Sep 28 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Disconnected from 222.124.17.227 port 54258 [preauth]
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session closed for user root
Sep 28 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: Successful su for rubyman by root
Sep 28 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: + ??? root:rubyman
Sep 28 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306981 of user rubyman.
Sep 28 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16285]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306981.
Sep 28 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user root
Sep 28 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13547]: pam_unix(cron:session): session closed for user root
Sep 28 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session closed for user root
Sep 28 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Invalid user njzf from 103.153.190.105
Sep 28 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: input_userauth_request: invalid user njzf [preauth]
Sep 28 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Failed password for invalid user njzf from 103.153.190.105 port 47690 ssh2
Sep 28 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Received disconnect from 103.153.190.105 port 47690:11: Bye Bye [preauth]
Sep 28 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Disconnected from 103.153.190.105 port 47690 [preauth]
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16770]: Successful su for rubyman by root
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16770]: + ??? root:rubyman
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306984 of user rubyman.
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16770]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306984.
Sep 28 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Failed password for root from 222.124.17.227 port 49844 ssh2
Sep 28 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Received disconnect from 222.124.17.227 port 49844:11: Bye Bye [preauth]
Sep 28 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Disconnected from 222.124.17.227 port 49844 [preauth]
Sep 28 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session closed for user root
Sep 28 07:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session closed for user root
Sep 28 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Invalid user admin from 78.128.112.74
Sep 28 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: input_userauth_request: invalid user admin [preauth]
Sep 28 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user admin from 78.128.112.74 port 36102 ssh2
Sep 28 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Connection closed by 78.128.112.74 port 36102 [preauth]
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17210]: Successful su for rubyman by root
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17210]: + ??? root:rubyman
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306989 of user rubyman.
Sep 28 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17210]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306989.
Sep 28 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session closed for user root
Sep 28 07:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Invalid user ubuntu from 222.124.17.227
Sep 28 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Failed password for invalid user ubuntu from 222.124.17.227 port 45430 ssh2
Sep 28 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Received disconnect from 222.124.17.227 port 45430:11: Bye Bye [preauth]
Sep 28 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Disconnected from 222.124.17.227 port 45430 [preauth]
Sep 28 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session closed for user root
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17575]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: Successful su for rubyman by root
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: + ??? root:rubyman
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306992 of user rubyman.
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306992.
Sep 28 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session closed for user root
Sep 28 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17576]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Invalid user download from 222.124.17.227
Sep 28 07:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: input_userauth_request: invalid user download [preauth]
Sep 28 07:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for invalid user download from 222.124.17.227 port 41054 ssh2
Sep 28 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Received disconnect from 222.124.17.227 port 41054:11: Bye Bye [preauth]
Sep 28 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Disconnected from 222.124.17.227 port 41054 [preauth]
Sep 28 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session closed for user root
Sep 28 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: Successful su for rubyman by root
Sep 28 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: + ??? root:rubyman
Sep 28 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306995 of user rubyman.
Sep 28 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306995.
Sep 28 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session closed for user root
Sep 28 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Invalid user cys from 103.153.190.105
Sep 28 07:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: input_userauth_request: invalid user cys [preauth]
Sep 28 07:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for invalid user cys from 103.153.190.105 port 42780 ssh2
Sep 28 07:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Received disconnect from 103.153.190.105 port 42780:11: Bye Bye [preauth]
Sep 28 07:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Disconnected from 103.153.190.105 port 42780 [preauth]
Sep 28 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user root
Sep 28 07:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Invalid user dima from 222.124.17.227
Sep 28 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: input_userauth_request: invalid user dima [preauth]
Sep 28 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Failed password for invalid user dima from 222.124.17.227 port 36634 ssh2
Sep 28 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Received disconnect from 222.124.17.227 port 36634:11: Bye Bye [preauth]
Sep 28 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Disconnected from 222.124.17.227 port 36634 [preauth]
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session closed for user root
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: Successful su for rubyman by root
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: + ??? root:rubyman
Sep 28 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 306999 of user rubyman.
Sep 28 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18910]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 306999.
Sep 28 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user root
Sep 28 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session closed for user root
Sep 28 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session closed for user root
Sep 28 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Invalid user test02 from 222.124.17.227
Sep 28 07:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: input_userauth_request: invalid user test02 [preauth]
Sep 28 07:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for invalid user test02 from 222.124.17.227 port 60450 ssh2
Sep 28 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Received disconnect from 222.124.17.227 port 60450:11: Bye Bye [preauth]
Sep 28 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Disconnected from 222.124.17.227 port 60450 [preauth]
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: Successful su for rubyman by root
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: + ??? root:rubyman
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307005 of user rubyman.
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19616]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307005.
Sep 28 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session closed for user root
Sep 28 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session closed for user root
Sep 28 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Invalid user kali from 138.68.58.124
Sep 28 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: input_userauth_request: invalid user kali [preauth]
Sep 28 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 28 07:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Failed password for invalid user kali from 138.68.58.124 port 55688 ssh2
Sep 28 07:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Connection closed by 138.68.58.124 port 55688 [preauth]
Sep 28 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Invalid user super from 222.124.17.227
Sep 28 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: input_userauth_request: invalid user super [preauth]
Sep 28 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: Successful su for rubyman by root
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: + ??? root:rubyman
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307009 of user rubyman.
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307009.
Sep 28 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Failed password for invalid user super from 222.124.17.227 port 56036 ssh2
Sep 28 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Received disconnect from 222.124.17.227 port 56036:11: Bye Bye [preauth]
Sep 28 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Disconnected from 222.124.17.227 port 56036 [preauth]
Sep 28 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session closed for user root
Sep 28 07:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user root
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: Successful su for rubyman by root
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: + ??? root:rubyman
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307013 of user rubyman.
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307013.
Sep 28 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session closed for user root
Sep 28 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Invalid user mb from 222.124.17.227
Sep 28 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: input_userauth_request: invalid user mb [preauth]
Sep 28 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user mb from 222.124.17.227 port 51620 ssh2
Sep 28 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Received disconnect from 222.124.17.227 port 51620:11: Bye Bye [preauth]
Sep 28 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Disconnected from 222.124.17.227 port 51620 [preauth]
Sep 28 07:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Invalid user user12 from 103.153.190.105
Sep 28 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: input_userauth_request: invalid user user12 [preauth]
Sep 28 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Failed password for invalid user user12 from 103.153.190.105 port 40797 ssh2
Sep 28 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Received disconnect from 103.153.190.105 port 40797:11: Bye Bye [preauth]
Sep 28 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Disconnected from 103.153.190.105 port 40797 [preauth]
Sep 28 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user root
Sep 28 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21078]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21216]: Successful su for rubyman by root
Sep 28 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21216]: + ??? root:rubyman
Sep 28 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307018 of user rubyman.
Sep 28 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21216]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307018.
Sep 28 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21074]: pam_unix(cron:session): session closed for user root
Sep 28 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17577]: pam_unix(cron:session): session closed for user root
Sep 28 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21079]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Invalid user ebi from 222.124.17.227
Sep 28 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: input_userauth_request: invalid user ebi [preauth]
Sep 28 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Failed password for invalid user ebi from 222.124.17.227 port 47200 ssh2
Sep 28 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Received disconnect from 222.124.17.227 port 47200:11: Bye Bye [preauth]
Sep 28 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21470]: Disconnected from 222.124.17.227 port 47200 [preauth]
Sep 28 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20154]: pam_unix(cron:session): session closed for user root
Sep 28 07:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Invalid user blue from 222.73.56.10
Sep 28 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: input_userauth_request: invalid user blue [preauth]
Sep 28 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.56.10
Sep 28 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for invalid user blue from 222.73.56.10 port 49300 ssh2
Sep 28 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Received disconnect from 222.73.56.10 port 49300:11: Bye Bye [preauth]
Sep 28 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Disconnected from 222.73.56.10 port 49300 [preauth]
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session closed for user root
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21600]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21676]: Successful su for rubyman by root
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21676]: + ??? root:rubyman
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307026 of user rubyman.
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21676]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307026.
Sep 28 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user root
Sep 28 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session closed for user root
Sep 28 07:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21602]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: Invalid user rolando from 222.124.17.227
Sep 28 07:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: input_userauth_request: invalid user rolando [preauth]
Sep 28 07:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: Failed password for invalid user rolando from 222.124.17.227 port 42778 ssh2
Sep 28 07:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: Received disconnect from 222.124.17.227 port 42778:11: Bye Bye [preauth]
Sep 28 07:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21955]: Disconnected from 222.124.17.227 port 42778 [preauth]
Sep 28 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session closed for user root
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22085]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22081]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: Successful su for rubyman by root
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: + ??? root:rubyman
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307028 of user rubyman.
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307028.
Sep 28 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session closed for user root
Sep 28 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session closed for user root
Sep 28 07:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Invalid user leo from 222.124.17.227
Sep 28 07:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: input_userauth_request: invalid user leo [preauth]
Sep 28 07:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Failed password for invalid user leo from 222.124.17.227 port 38356 ssh2
Sep 28 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Received disconnect from 222.124.17.227 port 38356:11: Bye Bye [preauth]
Sep 28 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Disconnected from 222.124.17.227 port 38356 [preauth]
Sep 28 07:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: Invalid user bence from 103.153.190.105
Sep 28 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: input_userauth_request: invalid user bence [preauth]
Sep 28 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22537]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22534]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22597]: Successful su for rubyman by root
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22597]: + ??? root:rubyman
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307032 of user rubyman.
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22597]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307032.
Sep 28 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: Failed password for invalid user bence from 103.153.190.105 port 36977 ssh2
Sep 28 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: Received disconnect from 103.153.190.105 port 36977:11: Bye Bye [preauth]
Sep 28 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: Disconnected from 103.153.190.105 port 36977 [preauth]
Sep 28 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user root
Sep 28 07:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session closed for user root
Sep 28 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: Failed password for root from 222.124.17.227 port 33944 ssh2
Sep 28 07:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: Received disconnect from 222.124.17.227 port 33944:11: Bye Bye [preauth]
Sep 28 07:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: Disconnected from 222.124.17.227 port 33944 [preauth]
Sep 28 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23316]: Successful su for rubyman by root
Sep 28 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23316]: + ??? root:rubyman
Sep 28 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307036 of user rubyman.
Sep 28 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23316]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307036.
Sep 28 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session closed for user root
Sep 28 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22086]: pam_unix(cron:session): session closed for user root
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23975]: Successful su for rubyman by root
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23975]: + ??? root:rubyman
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307041 of user rubyman.
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23975]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307041.
Sep 28 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session closed for user root
Sep 28 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Invalid user sly from 222.124.17.227
Sep 28 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: input_userauth_request: invalid user sly [preauth]
Sep 28 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user sly from 222.124.17.227 port 57806 ssh2
Sep 28 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Received disconnect from 222.124.17.227 port 57806:11: Bye Bye [preauth]
Sep 28 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Disconnected from 222.124.17.227 port 57806 [preauth]
Sep 28 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22537]: pam_unix(cron:session): session closed for user root
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24400]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24401]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24405]: pam_unix(cron:session): session closed for user root
Sep 28 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24396]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: Successful su for rubyman by root
Sep 28 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: + ??? root:rubyman
Sep 28 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307044 of user rubyman.
Sep 28 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24478]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307044.
Sep 28 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24400]: pam_unix(cron:session): session closed for user root
Sep 28 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21081]: pam_unix(cron:session): session closed for user root
Sep 28 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24398]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Invalid user rust from 222.124.17.227
Sep 28 07:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: input_userauth_request: invalid user rust [preauth]
Sep 28 07:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Failed password for invalid user rust from 222.124.17.227 port 53392 ssh2
Sep 28 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Received disconnect from 222.124.17.227 port 53392:11: Bye Bye [preauth]
Sep 28 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Disconnected from 222.124.17.227 port 53392 [preauth]
Sep 28 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Invalid user cod4 from 164.68.105.9
Sep 28 07:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: input_userauth_request: invalid user cod4 [preauth]
Sep 28 07:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Failed password for invalid user cod4 from 164.68.105.9 port 44050 ssh2
Sep 28 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Connection closed by 164.68.105.9 port 44050 [preauth]
Sep 28 07:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session closed for user root
Sep 28 07:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Invalid user deployer from 103.153.190.105
Sep 28 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: input_userauth_request: invalid user deployer [preauth]
Sep 28 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24868]: Did not receive identification string from 92.49.191.48
Sep 28 07:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Invalid user a from 92.49.191.48
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: input_userauth_request: invalid user a [preauth]
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Failed password for invalid user deployer from 103.153.190.105 port 39229 ssh2
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Received disconnect from 103.153.190.105 port 39229:11: Bye Bye [preauth]
Sep 28 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Disconnected from 103.153.190.105 port 39229 [preauth]
Sep 28 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Failed password for invalid user a from 92.49.191.48 port 55568 ssh2
Sep 28 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Connection closed by 92.49.191.48 port 55568 [preauth]
Sep 28 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24880]: Invalid user nil from 92.49.191.48
Sep 28 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24880]: input_userauth_request: invalid user nil [preauth]
Sep 28 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24880]: Failed none for invalid user nil from 92.49.191.48 port 49766 ssh2
Sep 28 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24880]: Connection closed by 92.49.191.48 port 49766 [preauth]
Sep 28 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Invalid user admin from 92.49.191.48
Sep 28 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: input_userauth_request: invalid user admin [preauth]
Sep 28 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Failed password for invalid user admin from 92.49.191.48 port 49782 ssh2
Sep 28 07:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Connection closed by 92.49.191.48 port 49782 [preauth]
Sep 28 07:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48  user=root
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24897]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: Successful su for rubyman by root
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: + ??? root:rubyman
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307050 of user rubyman.
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24981]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307050.
Sep 28 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Failed password for root from 92.49.191.48 port 49790 ssh2
Sep 28 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Connection closed by 92.49.191.48 port 49790 [preauth]
Sep 28 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Invalid user orangepi from 92.49.191.48
Sep 28 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: input_userauth_request: invalid user orangepi [preauth]
Sep 28 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for invalid user orangepi from 92.49.191.48 port 50640 ssh2
Sep 28 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Connection closed by 92.49.191.48 port 50640 [preauth]
Sep 28 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user root
Sep 28 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Invalid user support from 92.49.191.48
Sep 28 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: input_userauth_request: invalid user support [preauth]
Sep 28 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24898]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Failed password for invalid user support from 92.49.191.48 port 50652 ssh2
Sep 28 07:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Connection closed by 92.49.191.48 port 50652 [preauth]
Sep 28 07:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Invalid user ubnt from 92.49.191.48
Sep 28 07:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: input_userauth_request: invalid user ubnt [preauth]
Sep 28 07:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for invalid user ubnt from 92.49.191.48 port 50658 ssh2
Sep 28 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Connection closed by 92.49.191.48 port 50658 [preauth]
Sep 28 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Invalid user user from 92.49.191.48
Sep 28 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: input_userauth_request: invalid user user [preauth]
Sep 28 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Failed password for invalid user user from 92.49.191.48 port 59410 ssh2
Sep 28 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Connection closed by 92.49.191.48 port 59410 [preauth]
Sep 28 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Connection closed by 92.49.191.48 port 59412 [preauth]
Sep 28 07:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48  user=root
Sep 28 07:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Failed password for root from 92.49.191.48 port 59426 ssh2
Sep 28 07:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Connection closed by 92.49.191.48 port 59426 [preauth]
Sep 28 07:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Invalid user admin from 92.49.191.48
Sep 28 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: input_userauth_request: invalid user admin [preauth]
Sep 28 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for invalid user admin from 92.49.191.48 port 50236 ssh2
Sep 28 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Connection closed by 92.49.191.48 port 50236 [preauth]
Sep 28 07:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Invalid user admin from 92.49.191.48
Sep 28 07:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: input_userauth_request: invalid user admin [preauth]
Sep 28 07:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Failed password for invalid user admin from 92.49.191.48 port 50252 ssh2
Sep 28 07:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Connection closed by 92.49.191.48 port 50252 [preauth]
Sep 28 07:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Invalid user pi from 92.49.191.48
Sep 28 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: input_userauth_request: invalid user pi [preauth]
Sep 28 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user pi from 92.49.191.48 port 50260 ssh2
Sep 28 07:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Connection closed by 92.49.191.48 port 50260 [preauth]
Sep 28 07:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: Invalid user debian from 92.49.191.48
Sep 28 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: input_userauth_request: invalid user debian [preauth]
Sep 28 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session closed for user root
Sep 28 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: Failed password for invalid user debian from 92.49.191.48 port 35620 ssh2
Sep 28 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: Connection closed by 92.49.191.48 port 35620 [preauth]
Sep 28 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Failed password for root from 222.124.17.227 port 48976 ssh2
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Received disconnect from 222.124.17.227 port 48976:11: Bye Bye [preauth]
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Disconnected from 222.124.17.227 port 48976 [preauth]
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Invalid user pi from 92.49.191.48
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: input_userauth_request: invalid user pi [preauth]
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Failed password for invalid user pi from 92.49.191.48 port 35632 ssh2
Sep 28 07:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Connection closed by 92.49.191.48 port 35632 [preauth]
Sep 28 07:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Invalid user localadmin from 92.49.191.48
Sep 28 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: input_userauth_request: invalid user localadmin [preauth]
Sep 28 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Failed password for invalid user localadmin from 92.49.191.48 port 35642 ssh2
Sep 28 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Connection closed by 92.49.191.48 port 35642 [preauth]
Sep 28 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48  user=root
Sep 28 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: Failed password for root from 92.49.191.48 port 45934 ssh2
Sep 28 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25581]: Connection closed by 92.49.191.48 port 45934 [preauth]
Sep 28 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Invalid user ubuntu from 92.49.191.48
Sep 28 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Failed password for invalid user ubuntu from 92.49.191.48 port 45944 ssh2
Sep 28 07:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Connection closed by 92.49.191.48 port 45944 [preauth]
Sep 28 07:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Invalid user pi from 92.49.191.48
Sep 28 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: input_userauth_request: invalid user pi [preauth]
Sep 28 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Failed password for invalid user pi from 92.49.191.48 port 57992 ssh2
Sep 28 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Connection closed by 92.49.191.48 port 57992 [preauth]
Sep 28 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Invalid user test from 92.49.191.48
Sep 28 07:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: input_userauth_request: invalid user test [preauth]
Sep 28 07:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Failed password for invalid user test from 92.49.191.48 port 58002 ssh2
Sep 28 07:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Connection closed by 92.49.191.48 port 58002 [preauth]
Sep 28 07:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48  user=root
Sep 28 07:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Failed password for root from 92.49.191.48 port 58008 ssh2
Sep 28 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25623]: Connection closed by 92.49.191.48 port 58008 [preauth]
Sep 28 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48  user=root
Sep 28 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25704]: Successful su for rubyman by root
Sep 28 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25704]: + ??? root:rubyman
Sep 28 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307055 of user rubyman.
Sep 28 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25704]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307055.
Sep 28 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Failed password for root from 92.49.191.48 port 43454 ssh2
Sep 28 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25636]: Connection closed by 92.49.191.48 port 43454 [preauth]
Sep 28 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Invalid user admin from 92.49.191.48
Sep 28 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: input_userauth_request: invalid user admin [preauth]
Sep 28 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22085]: pam_unix(cron:session): session closed for user root
Sep 28 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Failed password for invalid user admin from 92.49.191.48 port 43470 ssh2
Sep 28 07:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25922]: Connection closed by 92.49.191.48 port 43470 [preauth]
Sep 28 07:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25641]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Invalid user guest from 92.49.191.48
Sep 28 07:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: input_userauth_request: invalid user guest [preauth]
Sep 28 07:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.49.191.48
Sep 28 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user guest from 92.49.191.48 port 43480 ssh2
Sep 28 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Connection closed by 92.49.191.48 port 43480 [preauth]
Sep 28 07:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24402]: pam_unix(cron:session): session closed for user root
Sep 28 07:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Invalid user getosindex from 222.124.17.227
Sep 28 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: input_userauth_request: invalid user getosindex [preauth]
Sep 28 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Failed password for invalid user getosindex from 222.124.17.227 port 44562 ssh2
Sep 28 07:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Received disconnect from 222.124.17.227 port 44562:11: Bye Bye [preauth]
Sep 28 07:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Disconnected from 222.124.17.227 port 44562 [preauth]
Sep 28 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26276]: Successful su for rubyman by root
Sep 28 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26276]: + ??? root:rubyman
Sep 28 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307059 of user rubyman.
Sep 28 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26276]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307059.
Sep 28 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session closed for user root
Sep 28 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24900]: pam_unix(cron:session): session closed for user root
Sep 28 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26776]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26889]: Successful su for rubyman by root
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26889]: + ??? root:rubyman
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307062 of user rubyman.
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26889]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307062.
Sep 28 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Invalid user sandeep from 222.124.17.227
Sep 28 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: input_userauth_request: invalid user sandeep [preauth]
Sep 28 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Failed password for invalid user sandeep from 222.124.17.227 port 40144 ssh2
Sep 28 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Received disconnect from 222.124.17.227 port 40144:11: Bye Bye [preauth]
Sep 28 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Disconnected from 222.124.17.227 port 40144 [preauth]
Sep 28 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session closed for user root
Sep 28 07:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26778]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user root
Sep 28 07:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Invalid user kernel from 103.153.190.105
Sep 28 07:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: input_userauth_request: invalid user kernel [preauth]
Sep 28 07:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Failed password for invalid user kernel from 103.153.190.105 port 46269 ssh2
Sep 28 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Received disconnect from 103.153.190.105 port 46269:11: Bye Bye [preauth]
Sep 28 07:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Disconnected from 103.153.190.105 port 46269 [preauth]
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session closed for user root
Sep 28 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: Successful su for rubyman by root
Sep 28 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: + ??? root:rubyman
Sep 28 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307069 of user rubyman.
Sep 28 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27416]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307069.
Sep 28 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27328]: pam_unix(cron:session): session closed for user root
Sep 28 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session closed for user root
Sep 28 07:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27327]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: Failed password for root from 222.124.17.227 port 35724 ssh2
Sep 28 07:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: Received disconnect from 222.124.17.227 port 35724:11: Bye Bye [preauth]
Sep 28 07:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: Disconnected from 222.124.17.227 port 35724 [preauth]
Sep 28 07:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session closed for user root
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27993]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28075]: Successful su for rubyman by root
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28075]: + ??? root:rubyman
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307073 of user rubyman.
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28075]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307073.
Sep 28 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24401]: pam_unix(cron:session): session closed for user root
Sep 28 07:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27995]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 28 07:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 07:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp rhost=::ffff:79.124.49.146
Sep 28 07:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Invalid user almalinux from 222.124.17.227
Sep 28 07:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: input_userauth_request: invalid user almalinux [preauth]
Sep 28 07:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Failed password for invalid user almalinux from 222.124.17.227 port 59536 ssh2
Sep 28 07:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Received disconnect from 222.124.17.227 port 59536:11: Bye Bye [preauth]
Sep 28 07:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Disconnected from 222.124.17.227 port 59536 [preauth]
Sep 28 07:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26782]: pam_unix(cron:session): session closed for user root
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: Successful su for rubyman by root
Sep 28 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: + ??? root:rubyman
Sep 28 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307077 of user rubyman.
Sep 28 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307077.
Sep 28 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24899]: pam_unix(cron:session): session closed for user root
Sep 28 07:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session closed for user root
Sep 28 07:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Invalid user exx from 222.124.17.227
Sep 28 07:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: input_userauth_request: invalid user exx [preauth]
Sep 28 07:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Failed password for invalid user exx from 222.124.17.227 port 55116 ssh2
Sep 28 07:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Received disconnect from 222.124.17.227 port 55116:11: Bye Bye [preauth]
Sep 28 07:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29092]: Disconnected from 222.124.17.227 port 55116 [preauth]
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29149]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: Successful su for rubyman by root
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: + ??? root:rubyman
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307081 of user rubyman.
Sep 28 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307081.
Sep 28 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session closed for user root
Sep 28 07:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29150]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Invalid user vpnuser from 103.153.190.105
Sep 28 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: input_userauth_request: invalid user vpnuser [preauth]
Sep 28 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105
Sep 28 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28002]: pam_unix(cron:session): session closed for user root
Sep 28 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Failed password for invalid user vpnuser from 103.153.190.105 port 52791 ssh2
Sep 28 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Received disconnect from 103.153.190.105 port 52791:11: Bye Bye [preauth]
Sep 28 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Disconnected from 103.153.190.105 port 52791 [preauth]
Sep 28 07:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Invalid user ubuntu from 222.124.17.227
Sep 28 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227
Sep 28 07:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Failed password for invalid user ubuntu from 222.124.17.227 port 50736 ssh2
Sep 28 07:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Received disconnect from 222.124.17.227 port 50736:11: Bye Bye [preauth]
Sep 28 07:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Disconnected from 222.124.17.227 port 50736 [preauth]
Sep 28 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29626]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29622]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: Successful su for rubyman by root
Sep 28 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: + ??? root:rubyman
Sep 28 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307084 of user rubyman.
Sep 28 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29693]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307084.
Sep 28 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26203]: pam_unix(cron:session): session closed for user root
Sep 28 07:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29623]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Invalid user admin from 139.19.117.131
Sep 28 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: input_userauth_request: invalid user admin [preauth]
Sep 28 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session closed for user root
Sep 28 07:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Connection closed by 139.19.117.131 port 58688 [preauth]
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30110]: pam_unix(cron:session): session closed for user root
Sep 28 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: Successful su for rubyman by root
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: + ??? root:rubyman
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307091 of user rubyman.
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307091.
Sep 28 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.17.227  user=root
Sep 28 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session closed for user root
Sep 28 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26779]: pam_unix(cron:session): session closed for user root
Sep 28 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: Failed password for root from 222.124.17.227 port 46318 ssh2
Sep 28 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: Received disconnect from 222.124.17.227 port 46318:11: Bye Bye [preauth]
Sep 28 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30226]: Disconnected from 222.124.17.227 port 46318 [preauth]
Sep 28 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session closed for user root
Sep 28 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30797]: Successful su for rubyman by root
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30797]: + ??? root:rubyman
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307094 of user rubyman.
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30797]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307094.
Sep 28 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27329]: pam_unix(cron:session): session closed for user root
Sep 28 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29628]: pam_unix(cron:session): session closed for user root
Sep 28 07:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: Successful su for rubyman by root
Sep 28 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: + ??? root:rubyman
Sep 28 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307098 of user rubyman.
Sep 28 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307098.
Sep 28 07:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session closed for user root
Sep 28 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.153.190.105  user=root
Sep 28 07:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Failed password for root from 103.153.190.105 port 54653 ssh2
Sep 28 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Received disconnect from 103.153.190.105 port 54653:11: Bye Bye [preauth]
Sep 28 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Disconnected from 103.153.190.105 port 54653 [preauth]
Sep 28 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30109]: pam_unix(cron:session): session closed for user root
Sep 28 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: Invalid user crap from 185.255.91.51
Sep 28 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: input_userauth_request: invalid user crap [preauth]
Sep 28 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 07:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: Failed password for invalid user crap from 185.255.91.51 port 48054 ssh2
Sep 28 07:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: Received disconnect from 185.255.91.51 port 48054:11: Bye Bye [preauth]
Sep 28 07:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31632]: Disconnected from 185.255.91.51 port 48054 [preauth]
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31683]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31750]: Successful su for rubyman by root
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31750]: + ??? root:rubyman
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307102 of user rubyman.
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31750]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307102.
Sep 28 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28485]: pam_unix(cron:session): session closed for user root
Sep 28 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31684]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session closed for user root
Sep 28 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32116]: pam_unix(cron:session): session closed for user p13x
Sep 28 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32190]: Successful su for rubyman by root
Sep 28 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32190]: + ??? root:rubyman
Sep 28 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307107 of user rubyman.
Sep 28 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32190]: pam_unix(su:session): session closed for user rubyman
Sep 28 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307107.
Sep 28 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session closed for user root
Sep 28 07:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32117]: pam_unix(cron:session): session closed for user samftp
Sep 28 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Invalid user automation from 162.253.132.241
Sep 28 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: input_userauth_request: invalid user automation [preauth]
Sep 28 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 07:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Failed password for invalid user automation from 162.253.132.241 port 45076 ssh2
Sep 28 07:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Received disconnect from 162.253.132.241 port 45076:11: Bye Bye [preauth]
Sep 28 07:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Disconnected from 162.253.132.241 port 45076 [preauth]
Sep 28 07:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user root
Sep 28 07:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 07:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Invalid user toor from 50.30.83.61
Sep 28 07:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: input_userauth_request: invalid user toor [preauth]
Sep 28 07:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 07:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Failed password for invalid user toor from 50.30.83.61 port 49446 ssh2
Sep 28 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Received disconnect from 50.30.83.61 port 49446:11: Bye Bye [preauth]
Sep 28 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Disconnected from 50.30.83.61 port 49446 [preauth]
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user root
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32553]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32553]: pam_unix(cron:session): session closed for user root
Sep 28 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32661]: Successful su for rubyman by root
Sep 28 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32661]: + ??? root:rubyman
Sep 28 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307113 of user rubyman.
Sep 28 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32661]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307113.
Sep 28 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session closed for user root
Sep 28 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29626]: pam_unix(cron:session): session closed for user root
Sep 28 08:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: Invalid user bogdan from 27.254.235.3
Sep 28 08:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: input_userauth_request: invalid user bogdan [preauth]
Sep 28 08:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: Failed password for invalid user bogdan from 27.254.235.3 port 41210 ssh2
Sep 28 08:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: Received disconnect from 27.254.235.3 port 41210:11: Bye Bye [preauth]
Sep 28 08:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: Disconnected from 27.254.235.3 port 41210 [preauth]
Sep 28 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user root
Sep 28 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: Invalid user hunter from 50.30.83.61
Sep 28 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: input_userauth_request: invalid user hunter [preauth]
Sep 28 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Invalid user maintain from 162.253.132.241
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: input_userauth_request: invalid user maintain [preauth]
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: Failed password for invalid user hunter from 50.30.83.61 port 45926 ssh2
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: Received disconnect from 50.30.83.61 port 45926:11: Bye Bye [preauth]
Sep 28 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[608]: Disconnected from 50.30.83.61 port 45926 [preauth]
Sep 28 08:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Failed password for invalid user maintain from 162.253.132.241 port 46500 ssh2
Sep 28 08:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Received disconnect from 162.253.132.241 port 46500:11: Bye Bye [preauth]
Sep 28 08:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Disconnected from 162.253.132.241 port 46500 [preauth]
Sep 28 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Failed password for root from 185.255.91.51 port 41664 ssh2
Sep 28 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Received disconnect from 185.255.91.51 port 41664:11: Bye Bye [preauth]
Sep 28 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Disconnected from 185.255.91.51 port 41664 [preauth]
Sep 28 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[640]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[712]: Successful su for rubyman by root
Sep 28 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[712]: + ??? root:rubyman
Sep 28 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307118 of user rubyman.
Sep 28 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[712]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307118.
Sep 28 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session closed for user root
Sep 28 08:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32120]: pam_unix(cron:session): session closed for user root
Sep 28 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for root from 50.30.83.61 port 41690 ssh2
Sep 28 08:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Received disconnect from 50.30.83.61 port 41690:11: Bye Bye [preauth]
Sep 28 08:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Disconnected from 50.30.83.61 port 41690 [preauth]
Sep 28 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Invalid user testftp from 162.253.132.241
Sep 28 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: input_userauth_request: invalid user testftp [preauth]
Sep 28 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Failed password for invalid user testftp from 162.253.132.241 port 43424 ssh2
Sep 28 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Received disconnect from 162.253.132.241 port 43424:11: Bye Bye [preauth]
Sep 28 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Disconnected from 162.253.132.241 port 43424 [preauth]
Sep 28 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1191]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1189]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1266]: Successful su for rubyman by root
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1266]: + ??? root:rubyman
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307123 of user rubyman.
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1266]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307123.
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: User clamav from 185.255.91.51 not allowed because not listed in AllowUsers
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: input_userauth_request: invalid user clamav [preauth]
Sep 28 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=clamav
Sep 28 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for invalid user clamav from 185.255.91.51 port 60396 ssh2
Sep 28 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Received disconnect from 185.255.91.51 port 60396:11: Bye Bye [preauth]
Sep 28 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Disconnected from 185.255.91.51 port 60396 [preauth]
Sep 28 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session closed for user root
Sep 28 08:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1190]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Invalid user maintain from 27.254.235.3
Sep 28 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: input_userauth_request: invalid user maintain [preauth]
Sep 28 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Failed password for invalid user maintain from 27.254.235.3 port 42472 ssh2
Sep 28 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Received disconnect from 27.254.235.3 port 42472:11: Bye Bye [preauth]
Sep 28 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1571]: Disconnected from 27.254.235.3 port 42472 [preauth]
Sep 28 08:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session closed for user root
Sep 28 08:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for root from 50.30.83.61 port 37452 ssh2
Sep 28 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Received disconnect from 50.30.83.61 port 37452:11: Bye Bye [preauth]
Sep 28 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Disconnected from 50.30.83.61 port 37452 [preauth]
Sep 28 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Failed password for root from 162.253.132.241 port 40338 ssh2
Sep 28 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Received disconnect from 162.253.132.241 port 40338:11: Bye Bye [preauth]
Sep 28 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Disconnected from 162.253.132.241 port 40338 [preauth]
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1680]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1754]: Successful su for rubyman by root
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1754]: + ??? root:rubyman
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307126 of user rubyman.
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1754]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307126.
Sep 28 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user root
Sep 28 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1681]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Failed password for root from 185.255.91.51 port 37432 ssh2
Sep 28 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Received disconnect from 185.255.91.51 port 37432:11: Bye Bye [preauth]
Sep 28 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Disconnected from 185.255.91.51 port 37432 [preauth]
Sep 28 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session closed for user root
Sep 28 08:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Invalid user exx from 27.254.235.3
Sep 28 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: input_userauth_request: invalid user exx [preauth]
Sep 28 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Failed password for invalid user exx from 27.254.235.3 port 37848 ssh2
Sep 28 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Received disconnect from 27.254.235.3 port 37848:11: Bye Bye [preauth]
Sep 28 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Disconnected from 27.254.235.3 port 37848 [preauth]
Sep 28 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Failed password for root from 50.30.83.61 port 33212 ssh2
Sep 28 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Received disconnect from 50.30.83.61 port 33212:11: Bye Bye [preauth]
Sep 28 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Disconnected from 50.30.83.61 port 33212 [preauth]
Sep 28 08:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2202]: Successful su for rubyman by root
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2202]: + ??? root:rubyman
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307129 of user rubyman.
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2202]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307129.
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Failed password for root from 162.253.132.241 port 37256 ssh2
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Received disconnect from 162.253.132.241 port 37256:11: Bye Bye [preauth]
Sep 28 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2126]: Disconnected from 162.253.132.241 port 37256 [preauth]
Sep 28 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session closed for user root
Sep 28 08:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: Invalid user kafka from 185.255.91.51
Sep 28 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: input_userauth_request: invalid user kafka [preauth]
Sep 28 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: Failed password for invalid user kafka from 185.255.91.51 port 41200 ssh2
Sep 28 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: Received disconnect from 185.255.91.51 port 41200:11: Bye Bye [preauth]
Sep 28 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2424]: Disconnected from 185.255.91.51 port 41200 [preauth]
Sep 28 08:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1192]: pam_unix(cron:session): session closed for user root
Sep 28 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Failed password for root from 50.30.83.61 port 57200 ssh2
Sep 28 08:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Received disconnect from 50.30.83.61 port 57200:11: Bye Bye [preauth]
Sep 28 08:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2563]: Disconnected from 50.30.83.61 port 57200 [preauth]
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2588]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session closed for user root
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: Successful su for rubyman by root
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: + ??? root:rubyman
Sep 28 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307136 of user rubyman.
Sep 28 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307136.
Sep 28 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Failed password for root from 162.253.132.241 port 34170 ssh2
Sep 28 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Received disconnect from 162.253.132.241 port 34170:11: Bye Bye [preauth]
Sep 28 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Disconnected from 162.253.132.241 port 34170 [preauth]
Sep 28 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session closed for user root
Sep 28 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32118]: pam_unix(cron:session): session closed for user root
Sep 28 08:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Invalid user automation from 27.254.235.3
Sep 28 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: input_userauth_request: invalid user automation [preauth]
Sep 28 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Invalid user ash from 185.255.91.51
Sep 28 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: input_userauth_request: invalid user ash [preauth]
Sep 28 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Failed password for invalid user automation from 27.254.235.3 port 33224 ssh2
Sep 28 08:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Received disconnect from 27.254.235.3 port 33224:11: Bye Bye [preauth]
Sep 28 08:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2914]: Disconnected from 27.254.235.3 port 33224 [preauth]
Sep 28 08:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Failed password for invalid user ash from 185.255.91.51 port 55710 ssh2
Sep 28 08:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Received disconnect from 185.255.91.51 port 55710:11: Bye Bye [preauth]
Sep 28 08:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Disconnected from 185.255.91.51 port 55710 [preauth]
Sep 28 08:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session closed for user root
Sep 28 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Invalid user angie from 50.30.83.61
Sep 28 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: input_userauth_request: invalid user angie [preauth]
Sep 28 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Failed password for invalid user angie from 50.30.83.61 port 52978 ssh2
Sep 28 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Received disconnect from 50.30.83.61 port 52978:11: Bye Bye [preauth]
Sep 28 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Disconnected from 50.30.83.61 port 52978 [preauth]
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: Successful su for rubyman by root
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: + ??? root:rubyman
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307141 of user rubyman.
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307141.
Sep 28 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session closed for user root
Sep 28 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Invalid user personal from 162.253.132.241
Sep 28 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: input_userauth_request: invalid user personal [preauth]
Sep 28 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Failed password for invalid user personal from 162.253.132.241 port 59326 ssh2
Sep 28 08:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Received disconnect from 162.253.132.241 port 59326:11: Bye Bye [preauth]
Sep 28 08:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Disconnected from 162.253.132.241 port 59326 [preauth]
Sep 28 08:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Failed password for root from 185.255.91.51 port 59068 ssh2
Sep 28 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Received disconnect from 185.255.91.51 port 59068:11: Bye Bye [preauth]
Sep 28 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Disconnected from 185.255.91.51 port 59068 [preauth]
Sep 28 08:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session closed for user root
Sep 28 08:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Invalid user ash from 27.254.235.3
Sep 28 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: input_userauth_request: invalid user ash [preauth]
Sep 28 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Failed password for invalid user ash from 27.254.235.3 port 56832 ssh2
Sep 28 08:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Received disconnect from 27.254.235.3 port 56832:11: Bye Bye [preauth]
Sep 28 08:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Disconnected from 27.254.235.3 port 56832 [preauth]
Sep 28 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: Invalid user hadi from 50.30.83.61
Sep 28 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: input_userauth_request: invalid user hadi [preauth]
Sep 28 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: Failed password for invalid user hadi from 50.30.83.61 port 48734 ssh2
Sep 28 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: Received disconnect from 50.30.83.61 port 48734:11: Bye Bye [preauth]
Sep 28 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3473]: Disconnected from 50.30.83.61 port 48734 [preauth]
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3552]: Successful su for rubyman by root
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3552]: + ??? root:rubyman
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307143 of user rubyman.
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3552]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307143.
Sep 28 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session closed for user root
Sep 28 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Failed password for root from 162.253.132.241 port 56254 ssh2
Sep 28 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Received disconnect from 162.253.132.241 port 56254:11: Bye Bye [preauth]
Sep 28 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Disconnected from 162.253.132.241 port 56254 [preauth]
Sep 28 08:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2589]: pam_unix(cron:session): session closed for user root
Sep 28 08:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: Invalid user testftp from 185.255.91.51
Sep 28 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: input_userauth_request: invalid user testftp [preauth]
Sep 28 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: Failed password for invalid user testftp from 185.255.91.51 port 55242 ssh2
Sep 28 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: Received disconnect from 185.255.91.51 port 55242:11: Bye Bye [preauth]
Sep 28 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: Disconnected from 185.255.91.51 port 55242 [preauth]
Sep 28 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Invalid user mcuser from 50.30.83.61
Sep 28 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: input_userauth_request: invalid user mcuser [preauth]
Sep 28 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Failed password for invalid user mcuser from 50.30.83.61 port 44494 ssh2
Sep 28 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Received disconnect from 50.30.83.61 port 44494:11: Bye Bye [preauth]
Sep 28 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Disconnected from 50.30.83.61 port 44494 [preauth]
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: Successful su for rubyman by root
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: + ??? root:rubyman
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307149 of user rubyman.
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307149.
Sep 28 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1191]: pam_unix(cron:session): session closed for user root
Sep 28 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Invalid user cdn from 27.254.235.3
Sep 28 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: input_userauth_request: invalid user cdn [preauth]
Sep 28 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Failed password for invalid user cdn from 27.254.235.3 port 52208 ssh2
Sep 28 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Received disconnect from 27.254.235.3 port 52208:11: Bye Bye [preauth]
Sep 28 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Disconnected from 27.254.235.3 port 52208 [preauth]
Sep 28 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Failed password for root from 162.253.132.241 port 53200 ssh2
Sep 28 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Received disconnect from 162.253.132.241 port 53200:11: Bye Bye [preauth]
Sep 28 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Disconnected from 162.253.132.241 port 53200 [preauth]
Sep 28 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session closed for user root
Sep 28 08:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Invalid user andres from 50.30.83.61
Sep 28 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: input_userauth_request: invalid user andres [preauth]
Sep 28 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Failed password for invalid user andres from 50.30.83.61 port 40254 ssh2
Sep 28 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Received disconnect from 50.30.83.61 port 40254:11: Bye Bye [preauth]
Sep 28 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Disconnected from 50.30.83.61 port 40254 [preauth]
Sep 28 08:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for root from 185.255.91.51 port 40754 ssh2
Sep 28 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Received disconnect from 185.255.91.51 port 40754:11: Bye Bye [preauth]
Sep 28 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Disconnected from 185.255.91.51 port 40754 [preauth]
Sep 28 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4368]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4370]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4512]: Successful su for rubyman by root
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4512]: + ??? root:rubyman
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307151 of user rubyman.
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4512]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307151.
Sep 28 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4368]: pam_unix(cron:session): session closed for user root
Sep 28 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1682]: pam_unix(cron:session): session closed for user root
Sep 28 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4751]: Failed password for root from 103.159.132.91 port 46686 ssh2
Sep 28 08:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4751]: Received disconnect from 103.159.132.91 port 46686:11: Bye Bye [preauth]
Sep 28 08:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4751]: Disconnected from 103.159.132.91 port 46686 [preauth]
Sep 28 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: Invalid user nguyen from 27.254.235.3
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: input_userauth_request: invalid user nguyen [preauth]
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Invalid user tezos from 162.253.132.241
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: input_userauth_request: invalid user tezos [preauth]
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session closed for user root
Sep 28 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: Failed password for invalid user nguyen from 27.254.235.3 port 47584 ssh2
Sep 28 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Failed password for invalid user tezos from 162.253.132.241 port 50130 ssh2
Sep 28 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Received disconnect from 162.253.132.241 port 50130:11: Bye Bye [preauth]
Sep 28 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Disconnected from 162.253.132.241 port 50130 [preauth]
Sep 28 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: Received disconnect from 27.254.235.3 port 47584:11: Bye Bye [preauth]
Sep 28 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4821]: Disconnected from 27.254.235.3 port 47584 [preauth]
Sep 28 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Invalid user kingbase from 50.30.83.61
Sep 28 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: input_userauth_request: invalid user kingbase [preauth]
Sep 28 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Failed password for invalid user kingbase from 50.30.83.61 port 36012 ssh2
Sep 28 08:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Received disconnect from 50.30.83.61 port 36012:11: Bye Bye [preauth]
Sep 28 08:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Disconnected from 50.30.83.61 port 36012 [preauth]
Sep 28 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4917]: pam_unix(cron:session): session closed for user root
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4910]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: Successful su for rubyman by root
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: + ??? root:rubyman
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307159 of user rubyman.
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4988]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307159.
Sep 28 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2132]: pam_unix(cron:session): session closed for user root
Sep 28 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user root
Sep 28 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: Invalid user proxyuser1 from 185.255.91.51
Sep 28 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: input_userauth_request: invalid user proxyuser1 [preauth]
Sep 28 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: Failed password for invalid user proxyuser1 from 185.255.91.51 port 41628 ssh2
Sep 28 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: Received disconnect from 185.255.91.51 port 41628:11: Bye Bye [preauth]
Sep 28 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5177]: Disconnected from 185.255.91.51 port 41628 [preauth]
Sep 28 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session closed for user root
Sep 28 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5433]: Failed password for root from 162.253.132.241 port 47058 ssh2
Sep 28 08:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5433]: Received disconnect from 162.253.132.241 port 47058:11: Bye Bye [preauth]
Sep 28 08:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5433]: Disconnected from 162.253.132.241 port 47058 [preauth]
Sep 28 08:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Failed password for root from 50.6.5.235 port 47300 ssh2
Sep 28 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Received disconnect from 50.6.5.235 port 47300:11: Bye Bye [preauth]
Sep 28 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Disconnected from 50.6.5.235 port 47300 [preauth]
Sep 28 08:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Invalid user tezos from 27.254.235.3
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: input_userauth_request: invalid user tezos [preauth]
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Invalid user sinusbot from 50.30.83.61
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: input_userauth_request: invalid user sinusbot [preauth]
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Failed password for invalid user tezos from 27.254.235.3 port 42960 ssh2
Sep 28 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Received disconnect from 27.254.235.3 port 42960:11: Bye Bye [preauth]
Sep 28 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5477]: Disconnected from 27.254.235.3 port 42960 [preauth]
Sep 28 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Failed password for invalid user sinusbot from 50.30.83.61 port 60016 ssh2
Sep 28 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Received disconnect from 50.30.83.61 port 60016:11: Bye Bye [preauth]
Sep 28 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Disconnected from 50.30.83.61 port 60016 [preauth]
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5492]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: Successful su for rubyman by root
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: + ??? root:rubyman
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307164 of user rubyman.
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307164.
Sep 28 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2588]: pam_unix(cron:session): session closed for user root
Sep 28 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5493]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Invalid user tezos from 185.255.91.51
Sep 28 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: input_userauth_request: invalid user tezos [preauth]
Sep 28 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Failed password for invalid user tezos from 185.255.91.51 port 51574 ssh2
Sep 28 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Received disconnect from 185.255.91.51 port 51574:11: Bye Bye [preauth]
Sep 28 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Disconnected from 185.255.91.51 port 51574 [preauth]
Sep 28 08:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4373]: pam_unix(cron:session): session closed for user root
Sep 28 08:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Invalid user ash from 162.253.132.241
Sep 28 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: input_userauth_request: invalid user ash [preauth]
Sep 28 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Failed password for invalid user ash from 162.253.132.241 port 43984 ssh2
Sep 28 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Received disconnect from 162.253.132.241 port 43984:11: Bye Bye [preauth]
Sep 28 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Disconnected from 162.253.132.241 port 43984 [preauth]
Sep 28 08:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for root from 50.30.83.61 port 55776 ssh2
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Received disconnect from 50.30.83.61 port 55776:11: Bye Bye [preauth]
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Disconnected from 50.30.83.61 port 55776 [preauth]
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: Successful su for rubyman by root
Sep 28 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: + ??? root:rubyman
Sep 28 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307166 of user rubyman.
Sep 28 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307166.
Sep 28 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session closed for user root
Sep 28 08:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Invalid user ollama from 50.6.5.235
Sep 28 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: input_userauth_request: invalid user ollama [preauth]
Sep 28 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Failed password for invalid user ollama from 50.6.5.235 port 43082 ssh2
Sep 28 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Received disconnect from 50.6.5.235 port 43082:11: Bye Bye [preauth]
Sep 28 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Disconnected from 50.6.5.235 port 43082 [preauth]
Sep 28 08:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Failed password for root from 27.254.235.3 port 38336 ssh2
Sep 28 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Received disconnect from 27.254.235.3 port 38336:11: Bye Bye [preauth]
Sep 28 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Disconnected from 27.254.235.3 port 38336 [preauth]
Sep 28 08:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Invalid user automation from 185.255.91.51
Sep 28 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: input_userauth_request: invalid user automation [preauth]
Sep 28 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Failed password for invalid user automation from 185.255.91.51 port 38642 ssh2
Sep 28 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Received disconnect from 185.255.91.51 port 38642:11: Bye Bye [preauth]
Sep 28 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Disconnected from 185.255.91.51 port 38642 [preauth]
Sep 28 08:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session closed for user root
Sep 28 08:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Invalid user mmd from 162.253.132.241
Sep 28 08:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: input_userauth_request: invalid user mmd [preauth]
Sep 28 08:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user mmd from 162.253.132.241 port 40910 ssh2
Sep 28 08:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Received disconnect from 162.253.132.241 port 40910:11: Bye Bye [preauth]
Sep 28 08:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Disconnected from 162.253.132.241 port 40910 [preauth]
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6389]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6447]: Successful su for rubyman by root
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6447]: + ??? root:rubyman
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307170 of user rubyman.
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6447]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307170.
Sep 28 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Invalid user botuser from 50.30.83.61
Sep 28 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: input_userauth_request: invalid user botuser [preauth]
Sep 28 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session closed for user root
Sep 28 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Failed password for invalid user botuser from 50.30.83.61 port 51552 ssh2
Sep 28 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Received disconnect from 50.30.83.61 port 51552:11: Bye Bye [preauth]
Sep 28 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Disconnected from 50.30.83.61 port 51552 [preauth]
Sep 28 08:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6386]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for root from 50.6.5.235 port 36760 ssh2
Sep 28 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Received disconnect from 50.6.5.235 port 36760:11: Bye Bye [preauth]
Sep 28 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Disconnected from 50.6.5.235 port 36760 [preauth]
Sep 28 08:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Invalid user alina from 103.159.132.91
Sep 28 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: input_userauth_request: invalid user alina [preauth]
Sep 28 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session closed for user root
Sep 28 08:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Failed password for invalid user alina from 103.159.132.91 port 41886 ssh2
Sep 28 08:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Received disconnect from 103.159.132.91 port 41886:11: Bye Bye [preauth]
Sep 28 08:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Disconnected from 103.159.132.91 port 41886 [preauth]
Sep 28 08:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Invalid user mmd from 185.255.91.51
Sep 28 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: input_userauth_request: invalid user mmd [preauth]
Sep 28 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for invalid user mmd from 185.255.91.51 port 36608 ssh2
Sep 28 08:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Received disconnect from 185.255.91.51 port 36608:11: Bye Bye [preauth]
Sep 28 08:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Disconnected from 185.255.91.51 port 36608 [preauth]
Sep 28 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for root from 27.254.235.3 port 33716 ssh2
Sep 28 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Received disconnect from 27.254.235.3 port 33716:11: Bye Bye [preauth]
Sep 28 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Disconnected from 27.254.235.3 port 33716 [preauth]
Sep 28 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6933]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7002]: Successful su for rubyman by root
Sep 28 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7002]: + ??? root:rubyman
Sep 28 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307175 of user rubyman.
Sep 28 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7002]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307175.
Sep 28 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Invalid user minecraft from 162.253.132.241
Sep 28 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session closed for user root
Sep 28 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Failed password for invalid user minecraft from 162.253.132.241 port 37842 ssh2
Sep 28 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Received disconnect from 162.253.132.241 port 37842:11: Bye Bye [preauth]
Sep 28 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Disconnected from 162.253.132.241 port 37842 [preauth]
Sep 28 08:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6934]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Failed password for root from 50.30.83.61 port 47328 ssh2
Sep 28 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Received disconnect from 50.30.83.61 port 47328:11: Bye Bye [preauth]
Sep 28 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Disconnected from 50.30.83.61 port 47328 [preauth]
Sep 28 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Failed password for root from 50.6.5.235 port 38660 ssh2
Sep 28 08:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Received disconnect from 50.6.5.235 port 38660:11: Bye Bye [preauth]
Sep 28 08:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Disconnected from 50.6.5.235 port 38660 [preauth]
Sep 28 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Bad protocol version identification 'GET / HTTP/1.1' from 165.227.116.115 port 56912
Sep 28 08:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session closed for user root
Sep 28 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Invalid user maintain from 185.255.91.51
Sep 28 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: input_userauth_request: invalid user maintain [preauth]
Sep 28 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for invalid user maintain from 185.255.91.51 port 34784 ssh2
Sep 28 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Received disconnect from 185.255.91.51 port 34784:11: Bye Bye [preauth]
Sep 28 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Disconnected from 185.255.91.51 port 34784 [preauth]
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session closed for user root
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7561]: Successful su for rubyman by root
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7561]: + ??? root:rubyman
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307178 of user rubyman.
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7561]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307178.
Sep 28 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session closed for user root
Sep 28 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session closed for user root
Sep 28 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7486]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Invalid user wireguard from 103.159.132.91
Sep 28 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: input_userauth_request: invalid user wireguard [preauth]
Sep 28 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Failed password for invalid user wireguard from 103.159.132.91 port 38584 ssh2
Sep 28 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Received disconnect from 103.159.132.91 port 38584:11: Bye Bye [preauth]
Sep 28 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Disconnected from 103.159.132.91 port 38584 [preauth]
Sep 28 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Invalid user website from 50.30.83.61
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: input_userauth_request: invalid user website [preauth]
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for root from 50.6.5.235 port 38642 ssh2
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Received disconnect from 50.6.5.235 port 38642:11: Bye Bye [preauth]
Sep 28 08:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Disconnected from 50.6.5.235 port 38642 [preauth]
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Failed password for root from 27.254.235.3 port 57324 ssh2
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Received disconnect from 27.254.235.3 port 57324:11: Bye Bye [preauth]
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Disconnected from 27.254.235.3 port 57324 [preauth]
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for root from 162.253.132.241 port 34784 ssh2
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Received disconnect from 162.253.132.241 port 34784:11: Bye Bye [preauth]
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Disconnected from 162.253.132.241 port 34784 [preauth]
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Failed password for invalid user website from 50.30.83.61 port 43096 ssh2
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Received disconnect from 50.30.83.61 port 43096:11: Bye Bye [preauth]
Sep 28 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Disconnected from 50.30.83.61 port 43096 [preauth]
Sep 28 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6389]: pam_unix(cron:session): session closed for user root
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7994]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: Successful su for rubyman by root
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: + ??? root:rubyman
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307184 of user rubyman.
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307184.
Sep 28 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user root
Sep 28 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Invalid user alina from 50.6.5.235
Sep 28 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: input_userauth_request: invalid user alina [preauth]
Sep 28 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Failed password for root from 185.255.91.51 port 37044 ssh2
Sep 28 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Received disconnect from 185.255.91.51 port 37044:11: Bye Bye [preauth]
Sep 28 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Disconnected from 185.255.91.51 port 37044 [preauth]
Sep 28 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for invalid user alina from 50.6.5.235 port 34756 ssh2
Sep 28 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Received disconnect from 50.6.5.235 port 34756:11: Bye Bye [preauth]
Sep 28 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Disconnected from 50.6.5.235 port 34756 [preauth]
Sep 28 08:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Failed password for root from 50.30.83.61 port 38862 ssh2
Sep 28 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Received disconnect from 50.30.83.61 port 38862:11: Bye Bye [preauth]
Sep 28 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Disconnected from 50.30.83.61 port 38862 [preauth]
Sep 28 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Invalid user proxyuser1 from 162.253.132.241
Sep 28 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: input_userauth_request: invalid user proxyuser1 [preauth]
Sep 28 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Failed password for invalid user proxyuser1 from 162.253.132.241 port 59944 ssh2
Sep 28 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Received disconnect from 162.253.132.241 port 59944:11: Bye Bye [preauth]
Sep 28 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8367]: Disconnected from 162.253.132.241 port 59944 [preauth]
Sep 28 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6936]: pam_unix(cron:session): session closed for user root
Sep 28 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Invalid user tarun from 103.159.132.91
Sep 28 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: input_userauth_request: invalid user tarun [preauth]
Sep 28 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Failed password for invalid user tarun from 103.159.132.91 port 35280 ssh2
Sep 28 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Received disconnect from 103.159.132.91 port 35280:11: Bye Bye [preauth]
Sep 28 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Disconnected from 103.159.132.91 port 35280 [preauth]
Sep 28 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Failed password for root from 27.254.235.3 port 52700 ssh2
Sep 28 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Received disconnect from 27.254.235.3 port 52700:11: Bye Bye [preauth]
Sep 28 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Disconnected from 27.254.235.3 port 52700 [preauth]
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session closed for user root
Sep 28 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8504]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: Successful su for rubyman by root
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: + ??? root:rubyman
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307191 of user rubyman.
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307191.
Sep 28 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Invalid user wireguard from 50.6.5.235
Sep 28 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: input_userauth_request: invalid user wireguard [preauth]
Sep 28 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session closed for user root
Sep 28 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Failed password for invalid user wireguard from 50.6.5.235 port 34514 ssh2
Sep 28 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Received disconnect from 50.6.5.235 port 34514:11: Bye Bye [preauth]
Sep 28 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Disconnected from 50.6.5.235 port 34514 [preauth]
Sep 28 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8505]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Invalid user ts3 from 50.30.83.61
Sep 28 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: input_userauth_request: invalid user ts3 [preauth]
Sep 28 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Failed password for invalid user ts3 from 50.30.83.61 port 34610 ssh2
Sep 28 08:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Received disconnect from 50.30.83.61 port 34610:11: Bye Bye [preauth]
Sep 28 08:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Disconnected from 50.30.83.61 port 34610 [preauth]
Sep 28 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Invalid user nguyen from 185.255.91.51
Sep 28 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: input_userauth_request: invalid user nguyen [preauth]
Sep 28 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Failed password for invalid user nguyen from 185.255.91.51 port 59914 ssh2
Sep 28 08:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Received disconnect from 185.255.91.51 port 59914:11: Bye Bye [preauth]
Sep 28 08:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Disconnected from 185.255.91.51 port 59914 [preauth]
Sep 28 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Failed password for root from 162.253.132.241 port 56878 ssh2
Sep 28 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Received disconnect from 162.253.132.241 port 56878:11: Bye Bye [preauth]
Sep 28 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Disconnected from 162.253.132.241 port 56878 [preauth]
Sep 28 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user root
Sep 28 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Invalid user cent from 50.6.5.235
Sep 28 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: input_userauth_request: invalid user cent [preauth]
Sep 28 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Failed password for invalid user cent from 50.6.5.235 port 52254 ssh2
Sep 28 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Received disconnect from 50.6.5.235 port 52254:11: Bye Bye [preauth]
Sep 28 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Disconnected from 50.6.5.235 port 52254 [preauth]
Sep 28 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9075]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9238]: Successful su for rubyman by root
Sep 28 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9238]: + ??? root:rubyman
Sep 28 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307193 of user rubyman.
Sep 28 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9238]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307193.
Sep 28 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session closed for user root
Sep 28 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: Invalid user admin from 27.254.235.3
Sep 28 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: Failed password for invalid user admin from 27.254.235.3 port 48076 ssh2
Sep 28 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: Received disconnect from 27.254.235.3 port 48076:11: Bye Bye [preauth]
Sep 28 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9390]: Disconnected from 27.254.235.3 port 48076 [preauth]
Sep 28 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9076]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Failed password for root from 103.159.132.91 port 60208 ssh2
Sep 28 08:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Received disconnect from 103.159.132.91 port 60208:11: Bye Bye [preauth]
Sep 28 08:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Disconnected from 103.159.132.91 port 60208 [preauth]
Sep 28 08:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: Failed password for root from 50.30.83.61 port 58622 ssh2
Sep 28 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: Received disconnect from 50.30.83.61 port 58622:11: Bye Bye [preauth]
Sep 28 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9496]: Disconnected from 50.30.83.61 port 58622 [preauth]
Sep 28 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Invalid user user1 from 185.255.91.51
Sep 28 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: input_userauth_request: invalid user user1 [preauth]
Sep 28 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Failed password for invalid user user1 from 185.255.91.51 port 52602 ssh2
Sep 28 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Received disconnect from 185.255.91.51 port 52602:11: Bye Bye [preauth]
Sep 28 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Disconnected from 185.255.91.51 port 52602 [preauth]
Sep 28 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Invalid user user1 from 162.253.132.241
Sep 28 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: input_userauth_request: invalid user user1 [preauth]
Sep 28 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for invalid user user1 from 162.253.132.241 port 53802 ssh2
Sep 28 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Received disconnect from 162.253.132.241 port 53802:11: Bye Bye [preauth]
Sep 28 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Disconnected from 162.253.132.241 port 53802 [preauth]
Sep 28 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session closed for user root
Sep 28 08:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: Failed password for root from 50.6.5.235 port 35114 ssh2
Sep 28 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: Received disconnect from 50.6.5.235 port 35114:11: Bye Bye [preauth]
Sep 28 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9612]: Disconnected from 50.6.5.235 port 35114 [preauth]
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: Successful su for rubyman by root
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: + ??? root:rubyman
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307198 of user rubyman.
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307198.
Sep 28 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6388]: pam_unix(cron:session): session closed for user root
Sep 28 08:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Invalid user test from 50.30.83.61
Sep 28 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: input_userauth_request: invalid user test [preauth]
Sep 28 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Failed password for invalid user test from 50.30.83.61 port 54372 ssh2
Sep 28 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Received disconnect from 50.30.83.61 port 54372:11: Bye Bye [preauth]
Sep 28 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Disconnected from 50.30.83.61 port 54372 [preauth]
Sep 28 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Invalid user testftp from 27.254.235.3
Sep 28 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: input_userauth_request: invalid user testftp [preauth]
Sep 28 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8508]: pam_unix(cron:session): session closed for user root
Sep 28 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Failed password for invalid user testftp from 27.254.235.3 port 43452 ssh2
Sep 28 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Received disconnect from 27.254.235.3 port 43452:11: Bye Bye [preauth]
Sep 28 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Disconnected from 27.254.235.3 port 43452 [preauth]
Sep 28 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Invalid user minecraft from 185.255.91.51
Sep 28 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Invalid user kafka from 162.253.132.241
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: input_userauth_request: invalid user kafka [preauth]
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Failed password for invalid user minecraft from 185.255.91.51 port 36236 ssh2
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Received disconnect from 185.255.91.51 port 36236:11: Bye Bye [preauth]
Sep 28 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Disconnected from 185.255.91.51 port 36236 [preauth]
Sep 28 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Failed password for invalid user kafka from 162.253.132.241 port 50732 ssh2
Sep 28 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Received disconnect from 162.253.132.241 port 50732:11: Bye Bye [preauth]
Sep 28 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10151]: Disconnected from 162.253.132.241 port 50732 [preauth]
Sep 28 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Failed password for root from 103.159.132.91 port 56908 ssh2
Sep 28 08:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Received disconnect from 103.159.132.91 port 56908:11: Bye Bye [preauth]
Sep 28 08:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Disconnected from 103.159.132.91 port 56908 [preauth]
Sep 28 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Invalid user ben from 50.6.5.235
Sep 28 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: input_userauth_request: invalid user ben [preauth]
Sep 28 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Failed password for invalid user ben from 50.6.5.235 port 36760 ssh2
Sep 28 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Received disconnect from 50.6.5.235 port 36760:11: Bye Bye [preauth]
Sep 28 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10182]: Disconnected from 50.6.5.235 port 36760 [preauth]
Sep 28 08:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10201]: Did not receive identification string from 196.251.114.29
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10223]: pam_unix(cron:session): session closed for user root
Sep 28 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10216]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10295]: Successful su for rubyman by root
Sep 28 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10295]: + ??? root:rubyman
Sep 28 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307201 of user rubyman.
Sep 28 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10295]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307201.
Sep 28 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session closed for user root
Sep 28 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6935]: pam_unix(cron:session): session closed for user root
Sep 28 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10217]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Invalid user tv from 50.30.83.61
Sep 28 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: input_userauth_request: invalid user tv [preauth]
Sep 28 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user tv from 50.30.83.61 port 50150 ssh2
Sep 28 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Received disconnect from 50.30.83.61 port 50150:11: Bye Bye [preauth]
Sep 28 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Disconnected from 50.30.83.61 port 50150 [preauth]
Sep 28 08:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10577]: Did not receive identification string from 49.7.233.99
Sep 28 08:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Invalid user wqmarlduiqkmgs from 49.7.233.99
Sep 28 08:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: input_userauth_request: invalid user wqmarlduiqkmgs [preauth]
Sep 28 08:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: fatal: ssh_packet_get_string: incomplete message [preauth]
Sep 28 08:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9078]: pam_unix(cron:session): session closed for user root
Sep 28 08:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Invalid user exx from 50.6.5.235
Sep 28 08:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: input_userauth_request: invalid user exx [preauth]
Sep 28 08:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Failed password for invalid user exx from 50.6.5.235 port 41858 ssh2
Sep 28 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Received disconnect from 50.6.5.235 port 41858:11: Bye Bye [preauth]
Sep 28 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Disconnected from 50.6.5.235 port 41858 [preauth]
Sep 28 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Failed password for root from 162.253.132.241 port 47670 ssh2
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Received disconnect from 162.253.132.241 port 47670:11: Bye Bye [preauth]
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Disconnected from 162.253.132.241 port 47670 [preauth]
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Invalid user cdn from 185.255.91.51
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: input_userauth_request: invalid user cdn [preauth]
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Failed password for invalid user cdn from 185.255.91.51 port 49372 ssh2
Sep 28 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Received disconnect from 185.255.91.51 port 49372:11: Bye Bye [preauth]
Sep 28 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Disconnected from 185.255.91.51 port 49372 [preauth]
Sep 28 08:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Invalid user personal from 27.254.235.3
Sep 28 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: input_userauth_request: invalid user personal [preauth]
Sep 28 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: Successful su for rubyman by root
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: + ??? root:rubyman
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307207 of user rubyman.
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10794]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307207.
Sep 28 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Failed password for invalid user personal from 27.254.235.3 port 38828 ssh2
Sep 28 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Received disconnect from 27.254.235.3 port 38828:11: Bye Bye [preauth]
Sep 28 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Disconnected from 27.254.235.3 port 38828 [preauth]
Sep 28 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session closed for user root
Sep 28 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10723]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Failed password for root from 103.159.132.91 port 53598 ssh2
Sep 28 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Received disconnect from 103.159.132.91 port 53598:11: Bye Bye [preauth]
Sep 28 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Disconnected from 103.159.132.91 port 53598 [preauth]
Sep 28 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Invalid user user from 62.60.131.157
Sep 28 08:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: input_userauth_request: invalid user user [preauth]
Sep 28 08:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user user from 62.60.131.157 port 5915 ssh2
Sep 28 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Failed password for root from 50.30.83.61 port 45916 ssh2
Sep 28 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Received disconnect from 50.30.83.61 port 45916:11: Bye Bye [preauth]
Sep 28 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Disconnected from 50.30.83.61 port 45916 [preauth]
Sep 28 08:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user user from 62.60.131.157 port 5915 ssh2
Sep 28 08:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user user from 62.60.131.157 port 5915 ssh2
Sep 28 08:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user user from 62.60.131.157 port 5915 ssh2
Sep 28 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user user from 62.60.131.157 port 5915 ssh2
Sep 28 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Received disconnect from 62.60.131.157 port 5915:11: Bye [preauth]
Sep 28 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Disconnected from 62.60.131.157 port 5915 [preauth]
Sep 28 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session closed for user root
Sep 28 08:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Failed password for root from 50.6.5.235 port 49478 ssh2
Sep 28 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Received disconnect from 50.6.5.235 port 49478:11: Bye Bye [preauth]
Sep 28 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Disconnected from 50.6.5.235 port 49478 [preauth]
Sep 28 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Invalid user bogdan from 162.253.132.241
Sep 28 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: input_userauth_request: invalid user bogdan [preauth]
Sep 28 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Failed password for invalid user bogdan from 162.253.132.241 port 44606 ssh2
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Received disconnect from 162.253.132.241 port 44606:11: Bye Bye [preauth]
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Disconnected from 162.253.132.241 port 44606 [preauth]
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11159]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: Successful su for rubyman by root
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: + ??? root:rubyman
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307212 of user rubyman.
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307212.
Sep 28 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session closed for user root
Sep 28 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Failed password for root from 185.255.91.51 port 33886 ssh2
Sep 28 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Received disconnect from 185.255.91.51 port 33886:11: Bye Bye [preauth]
Sep 28 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11305]: Disconnected from 185.255.91.51 port 33886 [preauth]
Sep 28 08:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Invalid user jc from 27.254.235.3
Sep 28 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: input_userauth_request: invalid user jc [preauth]
Sep 28 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Failed password for invalid user jc from 27.254.235.3 port 34204 ssh2
Sep 28 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Received disconnect from 27.254.235.3 port 34204:11: Bye Bye [preauth]
Sep 28 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Disconnected from 27.254.235.3 port 34204 [preauth]
Sep 28 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Failed password for root from 50.30.83.61 port 41686 ssh2
Sep 28 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Received disconnect from 50.30.83.61 port 41686:11: Bye Bye [preauth]
Sep 28 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Disconnected from 50.30.83.61 port 41686 [preauth]
Sep 28 08:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10221]: pam_unix(cron:session): session closed for user root
Sep 28 08:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Invalid user dixi from 103.159.132.91
Sep 28 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: input_userauth_request: invalid user dixi [preauth]
Sep 28 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Invalid user upgrade from 50.6.5.235
Sep 28 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: input_userauth_request: invalid user upgrade [preauth]
Sep 28 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Failed password for invalid user dixi from 103.159.132.91 port 50292 ssh2
Sep 28 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Received disconnect from 103.159.132.91 port 50292:11: Bye Bye [preauth]
Sep 28 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Disconnected from 103.159.132.91 port 50292 [preauth]
Sep 28 08:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Failed password for invalid user upgrade from 50.6.5.235 port 49044 ssh2
Sep 28 08:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Received disconnect from 50.6.5.235 port 49044:11: Bye Bye [preauth]
Sep 28 08:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Disconnected from 50.6.5.235 port 49044 [preauth]
Sep 28 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: Successful su for rubyman by root
Sep 28 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: + ??? root:rubyman
Sep 28 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307215 of user rubyman.
Sep 28 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307215.
Sep 28 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8506]: pam_unix(cron:session): session closed for user root
Sep 28 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Failed password for root from 162.253.132.241 port 41530 ssh2
Sep 28 08:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Received disconnect from 162.253.132.241 port 41530:11: Bye Bye [preauth]
Sep 28 08:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Disconnected from 162.253.132.241 port 41530 [preauth]
Sep 28 08:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Invalid user exx from 185.255.91.51
Sep 28 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: input_userauth_request: invalid user exx [preauth]
Sep 28 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Failed password for invalid user exx from 185.255.91.51 port 46928 ssh2
Sep 28 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Received disconnect from 185.255.91.51 port 46928:11: Bye Bye [preauth]
Sep 28 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11995]: Disconnected from 185.255.91.51 port 46928 [preauth]
Sep 28 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Invalid user like from 50.30.83.61
Sep 28 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: input_userauth_request: invalid user like [preauth]
Sep 28 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Failed password for invalid user like from 50.30.83.61 port 37440 ssh2
Sep 28 08:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Received disconnect from 50.30.83.61 port 37440:11: Bye Bye [preauth]
Sep 28 08:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Disconnected from 50.30.83.61 port 37440 [preauth]
Sep 28 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10726]: pam_unix(cron:session): session closed for user root
Sep 28 08:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Failed password for root from 50.6.5.235 port 43716 ssh2
Sep 28 08:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Received disconnect from 50.6.5.235 port 43716:11: Bye Bye [preauth]
Sep 28 08:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Disconnected from 50.6.5.235 port 43716 [preauth]
Sep 28 08:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: Failed password for root from 27.254.235.3 port 57812 ssh2
Sep 28 08:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: Received disconnect from 27.254.235.3 port 57812:11: Bye Bye [preauth]
Sep 28 08:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12095]: Disconnected from 27.254.235.3 port 57812 [preauth]
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12128]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: Successful su for rubyman by root
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: + ??? root:rubyman
Sep 28 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307220 of user rubyman.
Sep 28 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307220.
Sep 28 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9077]: pam_unix(cron:session): session closed for user root
Sep 28 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Failed password for root from 103.159.132.91 port 46990 ssh2
Sep 28 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Received disconnect from 103.159.132.91 port 46990:11: Bye Bye [preauth]
Sep 28 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Disconnected from 103.159.132.91 port 46990 [preauth]
Sep 28 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Invalid user sammy from 162.253.132.241
Sep 28 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: input_userauth_request: invalid user sammy [preauth]
Sep 28 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Failed password for invalid user sammy from 162.253.132.241 port 38466 ssh2
Sep 28 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Received disconnect from 162.253.132.241 port 38466:11: Bye Bye [preauth]
Sep 28 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Disconnected from 162.253.132.241 port 38466 [preauth]
Sep 28 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Invalid user personal from 185.255.91.51
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: input_userauth_request: invalid user personal [preauth]
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Invalid user david from 50.30.83.61
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: input_userauth_request: invalid user david [preauth]
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Failed password for invalid user personal from 185.255.91.51 port 35956 ssh2
Sep 28 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Failed password for invalid user david from 50.30.83.61 port 33210 ssh2
Sep 28 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Received disconnect from 50.30.83.61 port 33210:11: Bye Bye [preauth]
Sep 28 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Disconnected from 50.30.83.61 port 33210 [preauth]
Sep 28 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Received disconnect from 185.255.91.51 port 35956:11: Bye Bye [preauth]
Sep 28 08:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Disconnected from 185.255.91.51 port 35956 [preauth]
Sep 28 08:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session closed for user root
Sep 28 08:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Failed password for root from 50.6.5.235 port 45930 ssh2
Sep 28 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Received disconnect from 50.6.5.235 port 45930:11: Bye Bye [preauth]
Sep 28 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Disconnected from 50.6.5.235 port 45930 [preauth]
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12578]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session closed for user root
Sep 28 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12575]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12660]: Successful su for rubyman by root
Sep 28 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12660]: + ??? root:rubyman
Sep 28 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307226 of user rubyman.
Sep 28 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12660]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307226.
Sep 28 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session closed for user root
Sep 28 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12577]: pam_unix(cron:session): session closed for user root
Sep 28 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Failed password for root from 27.254.235.3 port 53188 ssh2
Sep 28 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Received disconnect from 27.254.235.3 port 53188:11: Bye Bye [preauth]
Sep 28 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Disconnected from 27.254.235.3 port 53188 [preauth]
Sep 28 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: Failed password for root from 162.253.132.241 port 35398 ssh2
Sep 28 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: Received disconnect from 162.253.132.241 port 35398:11: Bye Bye [preauth]
Sep 28 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: Disconnected from 162.253.132.241 port 35398 [preauth]
Sep 28 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Invalid user tejas from 50.30.83.61
Sep 28 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: input_userauth_request: invalid user tejas [preauth]
Sep 28 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Failed password for invalid user tejas from 50.30.83.61 port 57216 ssh2
Sep 28 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Received disconnect from 50.30.83.61 port 57216:11: Bye Bye [preauth]
Sep 28 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Disconnected from 50.30.83.61 port 57216 [preauth]
Sep 28 08:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session closed for user root
Sep 28 08:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Invalid user test from 50.6.5.235
Sep 28 08:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: input_userauth_request: invalid user test [preauth]
Sep 28 08:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Invalid user test from 103.159.132.91
Sep 28 08:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: input_userauth_request: invalid user test [preauth]
Sep 28 08:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Invalid user admin from 185.255.91.51
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Failed password for invalid user test from 50.6.5.235 port 52684 ssh2
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Received disconnect from 50.6.5.235 port 52684:11: Bye Bye [preauth]
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Disconnected from 50.6.5.235 port 52684 [preauth]
Sep 28 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Failed password for invalid user test from 103.159.132.91 port 43688 ssh2
Sep 28 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Received disconnect from 103.159.132.91 port 43688:11: Bye Bye [preauth]
Sep 28 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Disconnected from 103.159.132.91 port 43688 [preauth]
Sep 28 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Failed password for invalid user admin from 185.255.91.51 port 40734 ssh2
Sep 28 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Received disconnect from 185.255.91.51 port 40734:11: Bye Bye [preauth]
Sep 28 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Disconnected from 185.255.91.51 port 40734 [preauth]
Sep 28 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13073]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: Successful su for rubyman by root
Sep 28 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: + ??? root:rubyman
Sep 28 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307229 of user rubyman.
Sep 28 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307229.
Sep 28 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10220]: pam_unix(cron:session): session closed for user root
Sep 28 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13074]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Invalid user root1 from 50.30.83.61
Sep 28 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: input_userauth_request: invalid user root1 [preauth]
Sep 28 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Failed password for root from 27.254.235.3 port 48564 ssh2
Sep 28 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user root
Sep 28 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Received disconnect from 27.254.235.3 port 48564:11: Bye Bye [preauth]
Sep 28 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Disconnected from 27.254.235.3 port 48564 [preauth]
Sep 28 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Invalid user admin from 162.253.132.241
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Failed password for invalid user root1 from 50.30.83.61 port 52986 ssh2
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Received disconnect from 50.30.83.61 port 52986:11: Bye Bye [preauth]
Sep 28 08:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Disconnected from 50.30.83.61 port 52986 [preauth]
Sep 28 08:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Failed password for invalid user admin from 162.253.132.241 port 60574 ssh2
Sep 28 08:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Received disconnect from 162.253.132.241 port 60574:11: Bye Bye [preauth]
Sep 28 08:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Disconnected from 162.253.132.241 port 60574 [preauth]
Sep 28 08:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Invalid user mas from 50.6.5.235
Sep 28 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: input_userauth_request: invalid user mas [preauth]
Sep 28 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Failed password for invalid user mas from 50.6.5.235 port 34090 ssh2
Sep 28 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Received disconnect from 50.6.5.235 port 34090:11: Bye Bye [preauth]
Sep 28 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13468]: Disconnected from 50.6.5.235 port 34090 [preauth]
Sep 28 08:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Failed password for root from 185.255.91.51 port 58006 ssh2
Sep 28 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Received disconnect from 185.255.91.51 port 58006:11: Bye Bye [preauth]
Sep 28 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13513]: Disconnected from 185.255.91.51 port 58006 [preauth]
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13527]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: Successful su for rubyman by root
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: + ??? root:rubyman
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307233 of user rubyman.
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307233.
Sep 28 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Invalid user exx from 103.159.132.91
Sep 28 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: input_userauth_request: invalid user exx [preauth]
Sep 28 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Failed password for invalid user exx from 103.159.132.91 port 40382 ssh2
Sep 28 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session closed for user root
Sep 28 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Received disconnect from 103.159.132.91 port 40382:11: Bye Bye [preauth]
Sep 28 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Disconnected from 103.159.132.91 port 40382 [preauth]
Sep 28 08:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13529]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Invalid user erpnext from 50.6.5.235
Sep 28 08:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: input_userauth_request: invalid user erpnext [preauth]
Sep 28 08:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Invalid user exx from 50.30.83.61
Sep 28 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: input_userauth_request: invalid user exx [preauth]
Sep 28 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session closed for user root
Sep 28 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Failed password for invalid user erpnext from 50.6.5.235 port 40508 ssh2
Sep 28 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Received disconnect from 50.6.5.235 port 40508:11: Bye Bye [preauth]
Sep 28 08:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Disconnected from 50.6.5.235 port 40508 [preauth]
Sep 28 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for invalid user exx from 50.30.83.61 port 48752 ssh2
Sep 28 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Received disconnect from 50.30.83.61 port 48752:11: Bye Bye [preauth]
Sep 28 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Disconnected from 50.30.83.61 port 48752 [preauth]
Sep 28 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13935]: Failed password for root from 162.253.132.241 port 57514 ssh2
Sep 28 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13935]: Received disconnect from 162.253.132.241 port 57514:11: Bye Bye [preauth]
Sep 28 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13935]: Disconnected from 162.253.132.241 port 57514 [preauth]
Sep 28 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Invalid user crap from 27.254.235.3
Sep 28 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: input_userauth_request: invalid user crap [preauth]
Sep 28 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Failed password for invalid user crap from 27.254.235.3 port 43940 ssh2
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Received disconnect from 27.254.235.3 port 43940:11: Bye Bye [preauth]
Sep 28 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Disconnected from 27.254.235.3 port 43940 [preauth]
Sep 28 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14019]: Successful su for rubyman by root
Sep 28 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14019]: + ??? root:rubyman
Sep 28 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307239 of user rubyman.
Sep 28 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14019]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307239.
Sep 28 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session closed for user root
Sep 28 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: Invalid user sammy from 185.255.91.51
Sep 28 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: input_userauth_request: invalid user sammy [preauth]
Sep 28 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: Failed password for invalid user sammy from 185.255.91.51 port 56460 ssh2
Sep 28 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: Received disconnect from 185.255.91.51 port 56460:11: Bye Bye [preauth]
Sep 28 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14310]: Disconnected from 185.255.91.51 port 56460 [preauth]
Sep 28 08:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Invalid user cent from 103.159.132.91
Sep 28 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: input_userauth_request: invalid user cent [preauth]
Sep 28 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13076]: pam_unix(cron:session): session closed for user root
Sep 28 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Failed password for invalid user cent from 103.159.132.91 port 37078 ssh2
Sep 28 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Received disconnect from 103.159.132.91 port 37078:11: Bye Bye [preauth]
Sep 28 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Disconnected from 103.159.132.91 port 37078 [preauth]
Sep 28 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Invalid user dixi from 50.6.5.235
Sep 28 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: input_userauth_request: invalid user dixi [preauth]
Sep 28 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Failed password for invalid user dixi from 50.6.5.235 port 60790 ssh2
Sep 28 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Received disconnect from 50.6.5.235 port 60790:11: Bye Bye [preauth]
Sep 28 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Disconnected from 50.6.5.235 port 60790 [preauth]
Sep 28 08:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: Invalid user harry from 50.30.83.61
Sep 28 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: input_userauth_request: invalid user harry [preauth]
Sep 28 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: Failed password for invalid user harry from 50.30.83.61 port 44514 ssh2
Sep 28 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: Received disconnect from 50.30.83.61 port 44514:11: Bye Bye [preauth]
Sep 28 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: Disconnected from 50.30.83.61 port 44514 [preauth]
Sep 28 08:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Invalid user crap from 162.253.132.241
Sep 28 08:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: input_userauth_request: invalid user crap [preauth]
Sep 28 08:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for invalid user crap from 162.253.132.241 port 54444 ssh2
Sep 28 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Received disconnect from 162.253.132.241 port 54444:11: Bye Bye [preauth]
Sep 28 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Disconnected from 162.253.132.241 port 54444 [preauth]
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14532]: Successful su for rubyman by root
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14532]: + ??? root:rubyman
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307242 of user rubyman.
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14532]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307242.
Sep 28 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session closed for user root
Sep 28 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: Failed password for root from 185.255.91.51 port 54802 ssh2
Sep 28 08:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: Received disconnect from 185.255.91.51 port 54802:11: Bye Bye [preauth]
Sep 28 08:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: Disconnected from 185.255.91.51 port 54802 [preauth]
Sep 28 08:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: Invalid user test from 27.254.235.3
Sep 28 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: input_userauth_request: invalid user test [preauth]
Sep 28 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: Failed password for invalid user test from 27.254.235.3 port 39316 ssh2
Sep 28 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: Received disconnect from 27.254.235.3 port 39316:11: Bye Bye [preauth]
Sep 28 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: Disconnected from 27.254.235.3 port 39316 [preauth]
Sep 28 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Invalid user wifi from 50.6.5.235
Sep 28 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: input_userauth_request: invalid user wifi [preauth]
Sep 28 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for invalid user wifi from 50.6.5.235 port 37184 ssh2
Sep 28 08:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Received disconnect from 50.6.5.235 port 37184:11: Bye Bye [preauth]
Sep 28 08:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Disconnected from 50.6.5.235 port 37184 [preauth]
Sep 28 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user root
Sep 28 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Failed password for root from 50.30.83.61 port 40270 ssh2
Sep 28 08:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Received disconnect from 50.30.83.61 port 40270:11: Bye Bye [preauth]
Sep 28 08:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Disconnected from 50.30.83.61 port 40270 [preauth]
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session closed for user root
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Invalid user nguyen from 162.253.132.241
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: input_userauth_request: invalid user nguyen [preauth]
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14972]: Successful su for rubyman by root
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14972]: + ??? root:rubyman
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307246 of user rubyman.
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14972]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307246.
Sep 28 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user nguyen from 162.253.132.241 port 51360 ssh2
Sep 28 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Received disconnect from 162.253.132.241 port 51360:11: Bye Bye [preauth]
Sep 28 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Disconnected from 162.253.132.241 port 51360 [preauth]
Sep 28 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session closed for user root
Sep 28 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user root
Sep 28 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Failed password for root from 103.159.132.91 port 33776 ssh2
Sep 28 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Received disconnect from 103.159.132.91 port 33776:11: Bye Bye [preauth]
Sep 28 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Disconnected from 103.159.132.91 port 33776 [preauth]
Sep 28 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Invalid user user from 50.6.5.235
Sep 28 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: input_userauth_request: invalid user user [preauth]
Sep 28 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Failed password for invalid user user from 50.6.5.235 port 37096 ssh2
Sep 28 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Received disconnect from 50.6.5.235 port 37096:11: Bye Bye [preauth]
Sep 28 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Disconnected from 50.6.5.235 port 37096 [preauth]
Sep 28 08:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: Invalid user test from 185.255.91.51
Sep 28 08:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: input_userauth_request: invalid user test [preauth]
Sep 28 08:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: Failed password for invalid user test from 185.255.91.51 port 55454 ssh2
Sep 28 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: Received disconnect from 185.255.91.51 port 55454:11: Bye Bye [preauth]
Sep 28 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15256]: Disconnected from 185.255.91.51 port 55454 [preauth]
Sep 28 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user root
Sep 28 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Invalid user ftpuser from 50.30.83.61
Sep 28 08:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 08:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for invalid user ftpuser from 50.30.83.61 port 36054 ssh2
Sep 28 08:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Received disconnect from 50.30.83.61 port 36054:11: Bye Bye [preauth]
Sep 28 08:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Disconnected from 50.30.83.61 port 36054 [preauth]
Sep 28 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: Invalid user kafka from 27.254.235.3
Sep 28 08:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: input_userauth_request: invalid user kafka [preauth]
Sep 28 08:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: Failed password for invalid user kafka from 27.254.235.3 port 34692 ssh2
Sep 28 08:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: Received disconnect from 27.254.235.3 port 34692:11: Bye Bye [preauth]
Sep 28 08:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15344]: Disconnected from 27.254.235.3 port 34692 [preauth]
Sep 28 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: Successful su for rubyman by root
Sep 28 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: + ??? root:rubyman
Sep 28 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307252 of user rubyman.
Sep 28 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307252.
Sep 28 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12578]: pam_unix(cron:session): session closed for user root
Sep 28 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: User clamav from 162.253.132.241 not allowed because not listed in AllowUsers
Sep 28 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: input_userauth_request: invalid user clamav [preauth]
Sep 28 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=clamav
Sep 28 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Failed password for invalid user clamav from 162.253.132.241 port 48304 ssh2
Sep 28 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Received disconnect from 162.253.132.241 port 48304:11: Bye Bye [preauth]
Sep 28 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Disconnected from 162.253.132.241 port 48304 [preauth]
Sep 28 08:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Invalid user utente from 50.6.5.235
Sep 28 08:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: input_userauth_request: invalid user utente [preauth]
Sep 28 08:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Failed password for invalid user utente from 50.6.5.235 port 51890 ssh2
Sep 28 08:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Received disconnect from 50.6.5.235 port 51890:11: Bye Bye [preauth]
Sep 28 08:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Disconnected from 50.6.5.235 port 51890 [preauth]
Sep 28 08:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session closed for user root
Sep 28 08:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Invalid user frappe-user from 50.30.83.61
Sep 28 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: input_userauth_request: invalid user frappe-user [preauth]
Sep 28 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Received disconnect from 103.159.132.91 port 58702:11: Bye Bye [preauth]
Sep 28 08:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Disconnected from 103.159.132.91 port 58702 [preauth]
Sep 28 08:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Failed password for invalid user frappe-user from 50.30.83.61 port 60048 ssh2
Sep 28 08:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Failed password for root from 185.255.91.51 port 43094 ssh2
Sep 28 08:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Received disconnect from 50.30.83.61 port 60048:11: Bye Bye [preauth]
Sep 28 08:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Disconnected from 50.30.83.61 port 60048 [preauth]
Sep 28 08:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Received disconnect from 185.255.91.51 port 43094:11: Bye Bye [preauth]
Sep 28 08:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Disconnected from 185.255.91.51 port 43094 [preauth]
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15869]: Successful su for rubyman by root
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15869]: + ??? root:rubyman
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307256 of user rubyman.
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15869]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307256.
Sep 28 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13075]: pam_unix(cron:session): session closed for user root
Sep 28 08:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Invalid user szy from 50.6.5.235
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: input_userauth_request: invalid user szy [preauth]
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Invalid user exx from 162.253.132.241
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: input_userauth_request: invalid user exx [preauth]
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Failed password for root from 27.254.235.3 port 58300 ssh2
Sep 28 08:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Received disconnect from 27.254.235.3 port 58300:11: Bye Bye [preauth]
Sep 28 08:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16094]: Disconnected from 27.254.235.3 port 58300 [preauth]
Sep 28 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Failed password for invalid user szy from 50.6.5.235 port 42958 ssh2
Sep 28 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Received disconnect from 50.6.5.235 port 42958:11: Bye Bye [preauth]
Sep 28 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Disconnected from 50.6.5.235 port 42958 [preauth]
Sep 28 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for invalid user exx from 162.253.132.241 port 45236 ssh2
Sep 28 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Received disconnect from 162.253.132.241 port 45236:11: Bye Bye [preauth]
Sep 28 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Disconnected from 162.253.132.241 port 45236 [preauth]
Sep 28 08:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14901]: pam_unix(cron:session): session closed for user root
Sep 28 08:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61  user=root
Sep 28 08:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Failed password for root from 50.30.83.61 port 55808 ssh2
Sep 28 08:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Received disconnect from 50.30.83.61 port 55808:11: Bye Bye [preauth]
Sep 28 08:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Disconnected from 50.30.83.61 port 55808 [preauth]
Sep 28 08:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Failed password for root from 185.255.91.51 port 34960 ssh2
Sep 28 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Received disconnect from 185.255.91.51 port 34960:11: Bye Bye [preauth]
Sep 28 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Disconnected from 185.255.91.51 port 34960 [preauth]
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: Successful su for rubyman by root
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: + ??? root:rubyman
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307259 of user rubyman.
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307259.
Sep 28 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user root
Sep 28 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Invalid user mas from 103.159.132.91
Sep 28 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: input_userauth_request: invalid user mas [preauth]
Sep 28 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for invalid user mas from 103.159.132.91 port 55400 ssh2
Sep 28 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Received disconnect from 103.159.132.91 port 55400:11: Bye Bye [preauth]
Sep 28 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Disconnected from 103.159.132.91 port 55400 [preauth]
Sep 28 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Invalid user oxidized from 50.6.5.235
Sep 28 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: input_userauth_request: invalid user oxidized [preauth]
Sep 28 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Failed password for invalid user oxidized from 50.6.5.235 port 50982 ssh2
Sep 28 08:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Received disconnect from 50.6.5.235 port 50982:11: Bye Bye [preauth]
Sep 28 08:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Disconnected from 50.6.5.235 port 50982 [preauth]
Sep 28 08:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 08:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: Failed password for root from 162.253.132.241 port 42166 ssh2
Sep 28 08:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: Received disconnect from 162.253.132.241 port 42166:11: Bye Bye [preauth]
Sep 28 08:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16585]: Disconnected from 162.253.132.241 port 42166 [preauth]
Sep 28 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session closed for user root
Sep 28 08:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Invalid user sachin from 50.30.83.61
Sep 28 08:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: input_userauth_request: invalid user sachin [preauth]
Sep 28 08:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.30.83.61
Sep 28 08:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Failed password for invalid user sachin from 50.30.83.61 port 51570 ssh2
Sep 28 08:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Received disconnect from 50.30.83.61 port 51570:11: Bye Bye [preauth]
Sep 28 08:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Disconnected from 50.30.83.61 port 51570 [preauth]
Sep 28 08:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Failed password for root from 27.254.235.3 port 53684 ssh2
Sep 28 08:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Received disconnect from 27.254.235.3 port 53684:11: Bye Bye [preauth]
Sep 28 08:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Disconnected from 27.254.235.3 port 53684 [preauth]
Sep 28 08:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Did not receive identification string from 196.251.69.141
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16759]: Successful su for rubyman by root
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16759]: + ??? root:rubyman
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307263 of user rubyman.
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16759]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307263.
Sep 28 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Invalid user bogdan from 185.255.91.51
Sep 28 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: input_userauth_request: invalid user bogdan [preauth]
Sep 28 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user root
Sep 28 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for invalid user bogdan from 185.255.91.51 port 34624 ssh2
Sep 28 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Received disconnect from 185.255.91.51 port 34624:11: Bye Bye [preauth]
Sep 28 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Disconnected from 185.255.91.51 port 34624 [preauth]
Sep 28 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Failed password for root from 50.6.5.235 port 48600 ssh2
Sep 28 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Received disconnect from 50.6.5.235 port 48600:11: Bye Bye [preauth]
Sep 28 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Disconnected from 50.6.5.235 port 48600 [preauth]
Sep 28 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Invalid user ben from 103.159.132.91
Sep 28 08:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: input_userauth_request: invalid user ben [preauth]
Sep 28 08:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Failed password for invalid user ben from 103.159.132.91 port 52098 ssh2
Sep 28 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Received disconnect from 103.159.132.91 port 52098:11: Bye Bye [preauth]
Sep 28 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Disconnected from 103.159.132.91 port 52098 [preauth]
Sep 28 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session closed for user root
Sep 28 08:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Invalid user jc from 162.253.132.241
Sep 28 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: input_userauth_request: invalid user jc [preauth]
Sep 28 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Failed password for invalid user jc from 162.253.132.241 port 39104 ssh2
Sep 28 08:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Received disconnect from 162.253.132.241 port 39104:11: Bye Bye [preauth]
Sep 28 08:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17076]: Disconnected from 162.253.132.241 port 39104 [preauth]
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session closed for user root
Sep 28 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: Successful su for rubyman by root
Sep 28 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: + ??? root:rubyman
Sep 28 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307272 of user rubyman.
Sep 28 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307272.
Sep 28 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user root
Sep 28 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session closed for user root
Sep 28 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Invalid user info from 50.6.5.235
Sep 28 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: input_userauth_request: invalid user info [preauth]
Sep 28 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Failed password for invalid user info from 50.6.5.235 port 39734 ssh2
Sep 28 08:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Received disconnect from 50.6.5.235 port 39734:11: Bye Bye [preauth]
Sep 28 08:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Disconnected from 50.6.5.235 port 39734 [preauth]
Sep 28 08:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Invalid user proxyuser1 from 27.254.235.3
Sep 28 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: input_userauth_request: invalid user proxyuser1 [preauth]
Sep 28 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Failed password for invalid user proxyuser1 from 27.254.235.3 port 49064 ssh2
Sep 28 08:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Received disconnect from 27.254.235.3 port 49064:11: Bye Bye [preauth]
Sep 28 08:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Disconnected from 27.254.235.3 port 49064 [preauth]
Sep 28 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Failed password for root from 185.255.91.51 port 49296 ssh2
Sep 28 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Received disconnect from 185.255.91.51 port 49296:11: Bye Bye [preauth]
Sep 28 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Disconnected from 185.255.91.51 port 49296 [preauth]
Sep 28 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16239]: pam_unix(cron:session): session closed for user root
Sep 28 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: Invalid user cdn from 162.253.132.241
Sep 28 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: input_userauth_request: invalid user cdn [preauth]
Sep 28 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: Failed password for invalid user cdn from 162.253.132.241 port 36038 ssh2
Sep 28 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: Received disconnect from 162.253.132.241 port 36038:11: Bye Bye [preauth]
Sep 28 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17588]: Disconnected from 162.253.132.241 port 36038 [preauth]
Sep 28 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: Invalid user upgrade from 103.159.132.91
Sep 28 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: input_userauth_request: invalid user upgrade [preauth]
Sep 28 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Invalid user gateway from 14.225.205.58
Sep 28 08:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: input_userauth_request: invalid user gateway [preauth]
Sep 28 08:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: Failed password for invalid user upgrade from 103.159.132.91 port 48792 ssh2
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: Received disconnect from 103.159.132.91 port 48792:11: Bye Bye [preauth]
Sep 28 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17610]: Disconnected from 103.159.132.91 port 48792 [preauth]
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: Successful su for rubyman by root
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: + ??? root:rubyman
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307274 of user rubyman.
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307274.
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for invalid user gateway from 14.225.205.58 port 60470 ssh2
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Received disconnect from 14.225.205.58 port 60470:11: Bye Bye [preauth]
Sep 28 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Disconnected from 14.225.205.58 port 60470 [preauth]
Sep 28 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14900]: pam_unix(cron:session): session closed for user root
Sep 28 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Invalid user myadmin from 50.6.5.235
Sep 28 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: input_userauth_request: invalid user myadmin [preauth]
Sep 28 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for invalid user myadmin from 50.6.5.235 port 35656 ssh2
Sep 28 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Received disconnect from 50.6.5.235 port 35656:11: Bye Bye [preauth]
Sep 28 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Disconnected from 50.6.5.235 port 35656 [preauth]
Sep 28 08:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Failed password for root from 185.255.91.51 port 35342 ssh2
Sep 28 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Received disconnect from 185.255.91.51 port 35342:11: Bye Bye [preauth]
Sep 28 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18075]: Disconnected from 185.255.91.51 port 35342 [preauth]
Sep 28 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16686]: pam_unix(cron:session): session closed for user root
Sep 28 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Invalid user mmd from 27.254.235.3
Sep 28 08:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: input_userauth_request: invalid user mmd [preauth]
Sep 28 08:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Failed password for invalid user mmd from 27.254.235.3 port 44440 ssh2
Sep 28 08:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Received disconnect from 27.254.235.3 port 44440:11: Bye Bye [preauth]
Sep 28 08:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Disconnected from 27.254.235.3 port 44440 [preauth]
Sep 28 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Invalid user test from 162.253.132.241
Sep 28 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: input_userauth_request: invalid user test [preauth]
Sep 28 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 08:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Failed password for invalid user test from 162.253.132.241 port 32962 ssh2
Sep 28 08:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Received disconnect from 162.253.132.241 port 32962:11: Bye Bye [preauth]
Sep 28 08:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18283]: Disconnected from 162.253.132.241 port 32962 [preauth]
Sep 28 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Invalid user rahul from 50.6.5.235
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: input_userauth_request: invalid user rahul [preauth]
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18489]: Successful su for rubyman by root
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18489]: + ??? root:rubyman
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307278 of user rubyman.
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18489]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307278.
Sep 28 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Failed password for invalid user rahul from 50.6.5.235 port 59278 ssh2
Sep 28 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Received disconnect from 50.6.5.235 port 59278:11: Bye Bye [preauth]
Sep 28 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Disconnected from 50.6.5.235 port 59278 [preauth]
Sep 28 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15372]: pam_unix(cron:session): session closed for user root
Sep 28 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Failed password for root from 196.251.69.141 port 46200 ssh2
Sep 28 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Connection closed by 196.251.69.141 port 46200 [preauth]
Sep 28 08:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Invalid user user from 103.159.132.91
Sep 28 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: input_userauth_request: invalid user user [preauth]
Sep 28 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Failed password for invalid user user from 103.159.132.91 port 45488 ssh2
Sep 28 08:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Received disconnect from 103.159.132.91 port 45488:11: Bye Bye [preauth]
Sep 28 08:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Disconnected from 103.159.132.91 port 45488 [preauth]
Sep 28 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session closed for user root
Sep 28 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Invalid user jc from 185.255.91.51
Sep 28 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: input_userauth_request: invalid user jc [preauth]
Sep 28 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51
Sep 28 08:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Failed password for invalid user jc from 185.255.91.51 port 36406 ssh2
Sep 28 08:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Received disconnect from 185.255.91.51 port 36406:11: Bye Bye [preauth]
Sep 28 08:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Disconnected from 185.255.91.51 port 36406 [preauth]
Sep 28 08:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18908]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18979]: Successful su for rubyman by root
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18979]: + ??? root:rubyman
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307281 of user rubyman.
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18979]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307281.
Sep 28 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 50.6.5.235 port 41650 ssh2
Sep 28 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Received disconnect from 50.6.5.235 port 41650:11: Bye Bye [preauth]
Sep 28 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Disconnected from 50.6.5.235 port 41650 [preauth]
Sep 28 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Failed password for root from 27.254.235.3 port 39816 ssh2
Sep 28 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Received disconnect from 27.254.235.3 port 39816:11: Bye Bye [preauth]
Sep 28 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Disconnected from 27.254.235.3 port 39816 [preauth]
Sep 28 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
Sep 28 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18910]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Failed password for root from 196.251.69.141 port 57542 ssh2
Sep 28 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Connection closed by 196.251.69.141 port 57542 [preauth]
Sep 28 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user root
Sep 28 08:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.51  user=root
Sep 28 08:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Failed password for root from 185.255.91.51 port 49774 ssh2
Sep 28 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Received disconnect from 185.255.91.51 port 49774:11: Bye Bye [preauth]
Sep 28 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Disconnected from 185.255.91.51 port 49774 [preauth]
Sep 28 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: Invalid user erpnext from 103.159.132.91
Sep 28 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: input_userauth_request: invalid user erpnext [preauth]
Sep 28 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: Failed password for invalid user erpnext from 103.159.132.91 port 42184 ssh2
Sep 28 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: Received disconnect from 103.159.132.91 port 42184:11: Bye Bye [preauth]
Sep 28 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19555]: Disconnected from 103.159.132.91 port 42184 [preauth]
Sep 28 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: Invalid user musa from 50.6.5.235
Sep 28 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: input_userauth_request: invalid user musa [preauth]
Sep 28 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: Failed password for invalid user musa from 50.6.5.235 port 39802 ssh2
Sep 28 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: Received disconnect from 50.6.5.235 port 39802:11: Bye Bye [preauth]
Sep 28 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: Disconnected from 50.6.5.235 port 39802 [preauth]
Sep 28 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19578]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19581]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: Successful su for rubyman by root
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: + ??? root:rubyman
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307286 of user rubyman.
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307286.
Sep 28 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19578]: pam_unix(cron:session): session closed for user root
Sep 28 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session closed for user root
Sep 28 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: Failed password for root from 196.251.69.141 port 60436 ssh2
Sep 28 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: Connection closed by 196.251.69.141 port 60436 [preauth]
Sep 28 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Invalid user sammy from 27.254.235.3
Sep 28 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: input_userauth_request: invalid user sammy [preauth]
Sep 28 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Failed password for invalid user sammy from 27.254.235.3 port 35192 ssh2
Sep 28 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Received disconnect from 27.254.235.3 port 35192:11: Bye Bye [preauth]
Sep 28 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Disconnected from 27.254.235.3 port 35192 [preauth]
Sep 28 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session closed for user root
Sep 28 08:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Invalid user user123 from 220.118.173.234
Sep 28 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: input_userauth_request: invalid user user123 [preauth]
Sep 28 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Failed password for invalid user user123 from 220.118.173.234 port 58312 ssh2
Sep 28 08:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Received disconnect from 220.118.173.234 port 58312:11: Bye Bye [preauth]
Sep 28 08:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Disconnected from 220.118.173.234 port 58312 [preauth]
Sep 28 08:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Invalid user gao from 50.6.5.235
Sep 28 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: input_userauth_request: invalid user gao [preauth]
Sep 28 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Failed password for invalid user gao from 50.6.5.235 port 40044 ssh2
Sep 28 08:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Received disconnect from 50.6.5.235 port 40044:11: Bye Bye [preauth]
Sep 28 08:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Disconnected from 50.6.5.235 port 40044 [preauth]
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20326]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user root
Sep 28 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20408]: Successful su for rubyman by root
Sep 28 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20408]: + ??? root:rubyman
Sep 28 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307290 of user rubyman.
Sep 28 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20408]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307290.
Sep 28 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session closed for user root
Sep 28 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20326]: pam_unix(cron:session): session closed for user root
Sep 28 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Failed password for root from 196.251.69.141 port 58324 ssh2
Sep 28 08:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Connection closed by 196.251.69.141 port 58324 [preauth]
Sep 28 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Invalid user myadmin from 103.159.132.91
Sep 28 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: input_userauth_request: invalid user myadmin [preauth]
Sep 28 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Failed password for invalid user myadmin from 103.159.132.91 port 38876 ssh2
Sep 28 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Received disconnect from 103.159.132.91 port 38876:11: Bye Bye [preauth]
Sep 28 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Disconnected from 103.159.132.91 port 38876 [preauth]
Sep 28 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: Invalid user wms from 190.103.202.7
Sep 28 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: input_userauth_request: invalid user wms [preauth]
Sep 28 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: Failed password for invalid user wms from 190.103.202.7 port 54372 ssh2
Sep 28 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20718]: Connection closed by 190.103.202.7 port 54372 [preauth]
Sep 28 08:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18912]: pam_unix(cron:session): session closed for user root
Sep 28 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: Invalid user postgres from 14.225.205.58
Sep 28 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: input_userauth_request: invalid user postgres [preauth]
Sep 28 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: Failed password for invalid user postgres from 14.225.205.58 port 35666 ssh2
Sep 28 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: Received disconnect from 14.225.205.58 port 35666:11: Bye Bye [preauth]
Sep 28 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20760]: Disconnected from 14.225.205.58 port 35666 [preauth]
Sep 28 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Invalid user tarun from 50.6.5.235
Sep 28 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: input_userauth_request: invalid user tarun [preauth]
Sep 28 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Failed password for invalid user tarun from 50.6.5.235 port 51662 ssh2
Sep 28 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Received disconnect from 50.6.5.235 port 51662:11: Bye Bye [preauth]
Sep 28 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Disconnected from 50.6.5.235 port 51662 [preauth]
Sep 28 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Failed password for root from 27.254.235.3 port 58800 ssh2
Sep 28 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Received disconnect from 27.254.235.3 port 58800:11: Bye Bye [preauth]
Sep 28 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Disconnected from 27.254.235.3 port 58800 [preauth]
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: Successful su for rubyman by root
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: + ??? root:rubyman
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307297 of user rubyman.
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20902]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307297.
Sep 28 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user root
Sep 28 08:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20828]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: Failed password for root from 196.251.69.141 port 52786 ssh2
Sep 28 08:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: Connection closed by 196.251.69.141 port 52786 [preauth]
Sep 28 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session closed for user root
Sep 28 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: Invalid user software from 50.6.5.235
Sep 28 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: input_userauth_request: invalid user software [preauth]
Sep 28 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235
Sep 28 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: Failed password for invalid user software from 50.6.5.235 port 44714 ssh2
Sep 28 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: Received disconnect from 50.6.5.235 port 44714:11: Bye Bye [preauth]
Sep 28 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21236]: Disconnected from 50.6.5.235 port 44714 [preauth]
Sep 28 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: Invalid user usuario2 from 220.118.173.234
Sep 28 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: input_userauth_request: invalid user usuario2 [preauth]
Sep 28 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: Failed password for invalid user usuario2 from 220.118.173.234 port 45782 ssh2
Sep 28 08:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: Received disconnect from 220.118.173.234 port 45782:11: Bye Bye [preauth]
Sep 28 08:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21246]: Disconnected from 220.118.173.234 port 45782 [preauth]
Sep 28 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Failed password for root from 103.159.132.91 port 35570 ssh2
Sep 28 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Received disconnect from 103.159.132.91 port 35570:11: Bye Bye [preauth]
Sep 28 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Disconnected from 103.159.132.91 port 35570 [preauth]
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: Invalid user user123 from 14.225.205.58
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: input_userauth_request: invalid user user123 [preauth]
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21334]: Successful su for rubyman by root
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21334]: + ??? root:rubyman
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307301 of user rubyman.
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21334]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307301.
Sep 28 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: Failed password for invalid user user123 from 14.225.205.58 port 51000 ssh2
Sep 28 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: Received disconnect from 14.225.205.58 port 51000:11: Bye Bye [preauth]
Sep 28 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21266]: Disconnected from 14.225.205.58 port 51000 [preauth]
Sep 28 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user root
Sep 28 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Failed password for root from 27.254.235.3 port 54176 ssh2
Sep 28 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Received disconnect from 27.254.235.3 port 54176:11: Bye Bye [preauth]
Sep 28 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Disconnected from 27.254.235.3 port 54176 [preauth]
Sep 28 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for root from 196.251.69.141 port 46042 ssh2
Sep 28 08:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Connection closed by 196.251.69.141 port 46042 [preauth]
Sep 28 08:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user root
Sep 28 08:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.6.5.235  user=root
Sep 28 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21655]: Failed password for root from 50.6.5.235 port 41982 ssh2
Sep 28 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21655]: Received disconnect from 50.6.5.235 port 41982:11: Bye Bye [preauth]
Sep 28 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21655]: Disconnected from 50.6.5.235 port 41982 [preauth]
Sep 28 08:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Invalid user ftpuser1 from 220.118.173.234
Sep 28 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: input_userauth_request: invalid user ftpuser1 [preauth]
Sep 28 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Failed password for invalid user ftpuser1 from 220.118.173.234 port 45780 ssh2
Sep 28 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Received disconnect from 220.118.173.234 port 45780:11: Bye Bye [preauth]
Sep 28 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Disconnected from 220.118.173.234 port 45780 [preauth]
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21714]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21712]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: Successful su for rubyman by root
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: + ??? root:rubyman
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307304 of user rubyman.
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307304.
Sep 28 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session closed for user root
Sep 28 08:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21713]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 08:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: Failed password for root from 14.225.205.58 port 38126 ssh2
Sep 28 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: Received disconnect from 14.225.205.58 port 38126:11: Bye Bye [preauth]
Sep 28 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22000]: Disconnected from 14.225.205.58 port 38126 [preauth]
Sep 28 08:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: Failed password for root from 196.251.69.141 port 38048 ssh2
Sep 28 08:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: Connection closed by 196.251.69.141 port 38048 [preauth]
Sep 28 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Invalid user software from 103.159.132.91
Sep 28 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: input_userauth_request: invalid user software [preauth]
Sep 28 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Failed password for invalid user software from 103.159.132.91 port 60500 ssh2
Sep 28 08:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Received disconnect from 103.159.132.91 port 60500:11: Bye Bye [preauth]
Sep 28 08:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Disconnected from 103.159.132.91 port 60500 [preauth]
Sep 28 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session closed for user root
Sep 28 08:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Invalid user user1 from 27.254.235.3
Sep 28 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: input_userauth_request: invalid user user1 [preauth]
Sep 28 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Failed password for invalid user user1 from 27.254.235.3 port 49552 ssh2
Sep 28 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Received disconnect from 27.254.235.3 port 49552:11: Bye Bye [preauth]
Sep 28 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Disconnected from 27.254.235.3 port 49552 [preauth]
Sep 28 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22168]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: Successful su for rubyman by root
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: + ??? root:rubyman
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307308 of user rubyman.
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307308.
Sep 28 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Failed password for root from 220.118.173.234 port 39000 ssh2
Sep 28 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Received disconnect from 220.118.173.234 port 39000:11: Bye Bye [preauth]
Sep 28 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Disconnected from 220.118.173.234 port 39000 [preauth]
Sep 28 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18911]: pam_unix(cron:session): session closed for user root
Sep 28 08:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Failed password for root from 196.251.69.141 port 57160 ssh2
Sep 28 08:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22452]: Connection closed by 196.251.69.141 port 57160 [preauth]
Sep 28 08:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 08:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Failed password for root from 14.225.205.58 port 59674 ssh2
Sep 28 08:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Received disconnect from 14.225.205.58 port 59674:11: Bye Bye [preauth]
Sep 28 08:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Disconnected from 14.225.205.58 port 59674 [preauth]
Sep 28 08:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21272]: pam_unix(cron:session): session closed for user root
Sep 28 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Invalid user wifi from 103.159.132.91
Sep 28 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: input_userauth_request: invalid user wifi [preauth]
Sep 28 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for invalid user wifi from 103.159.132.91 port 57192 ssh2
Sep 28 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Received disconnect from 103.159.132.91 port 57192:11: Bye Bye [preauth]
Sep 28 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Disconnected from 103.159.132.91 port 57192 [preauth]
Sep 28 08:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Invalid user minecraft from 27.254.235.3
Sep 28 08:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 08:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Failed password for invalid user minecraft from 27.254.235.3 port 44928 ssh2
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session closed for user root
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Received disconnect from 27.254.235.3 port 44928:11: Bye Bye [preauth]
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Disconnected from 27.254.235.3 port 44928 [preauth]
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22892]: Successful su for rubyman by root
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22892]: + ??? root:rubyman
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307316 of user rubyman.
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22892]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307316.
Sep 28 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user root
Sep 28 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session closed for user root
Sep 28 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Failed password for root from 196.251.69.141 port 47524 ssh2
Sep 28 08:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Connection closed by 196.251.69.141 port 47524 [preauth]
Sep 28 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Invalid user jboss from 220.118.173.234
Sep 28 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: input_userauth_request: invalid user jboss [preauth]
Sep 28 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Failed password for invalid user jboss from 220.118.173.234 port 52810 ssh2
Sep 28 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Received disconnect from 220.118.173.234 port 52810:11: Bye Bye [preauth]
Sep 28 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Disconnected from 220.118.173.234 port 52810 [preauth]
Sep 28 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session closed for user root
Sep 28 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Invalid user relay from 14.225.205.58
Sep 28 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: input_userauth_request: invalid user relay [preauth]
Sep 28 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Failed password for invalid user relay from 14.225.205.58 port 38804 ssh2
Sep 28 08:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Received disconnect from 14.225.205.58 port 38804:11: Bye Bye [preauth]
Sep 28 08:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Disconnected from 14.225.205.58 port 38804 [preauth]
Sep 28 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: Invalid user admin from 196.251.69.141
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23385]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23464]: Successful su for rubyman by root
Sep 28 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23464]: + ??? root:rubyman
Sep 28 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307319 of user rubyman.
Sep 28 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23464]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307319.
Sep 28 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: Failed password for invalid user admin from 196.251.69.141 port 37506 ssh2
Sep 28 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: Connection closed by 196.251.69.141 port 37506 [preauth]
Sep 28 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session closed for user root
Sep 28 08:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Invalid user musa from 103.159.132.91
Sep 28 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: input_userauth_request: invalid user musa [preauth]
Sep 28 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Failed password for invalid user musa from 103.159.132.91 port 53892 ssh2
Sep 28 08:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Received disconnect from 103.159.132.91 port 53892:11: Bye Bye [preauth]
Sep 28 08:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Disconnected from 103.159.132.91 port 53892 [preauth]
Sep 28 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=root
Sep 28 08:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Failed password for root from 27.254.235.3 port 40304 ssh2
Sep 28 08:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Received disconnect from 27.254.235.3 port 40304:11: Bye Bye [preauth]
Sep 28 08:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Disconnected from 27.254.235.3 port 40304 [preauth]
Sep 28 08:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22172]: pam_unix(cron:session): session closed for user root
Sep 28 08:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Failed password for root from 220.118.173.234 port 50066 ssh2
Sep 28 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Received disconnect from 220.118.173.234 port 50066:11: Bye Bye [preauth]
Sep 28 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Disconnected from 220.118.173.234 port 50066 [preauth]
Sep 28 08:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Invalid user system from 14.225.205.58
Sep 28 08:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: input_userauth_request: invalid user system [preauth]
Sep 28 08:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Failed password for invalid user system from 14.225.205.58 port 55876 ssh2
Sep 28 08:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Received disconnect from 14.225.205.58 port 55876:11: Bye Bye [preauth]
Sep 28 08:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24026]: Disconnected from 14.225.205.58 port 55876 [preauth]
Sep 28 08:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Invalid user admin from 196.251.69.141
Sep 28 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Failed password for invalid user admin from 196.251.69.141 port 55344 ssh2
Sep 28 08:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Connection closed by 196.251.69.141 port 55344 [preauth]
Sep 28 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24155]: Successful su for rubyman by root
Sep 28 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24155]: + ??? root:rubyman
Sep 28 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307324 of user rubyman.
Sep 28 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24155]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307324.
Sep 28 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session closed for user root
Sep 28 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session closed for user root
Sep 28 08:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Invalid user gao from 103.159.132.91
Sep 28 08:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: input_userauth_request: invalid user gao [preauth]
Sep 28 08:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for invalid user gao from 103.159.132.91 port 50590 ssh2
Sep 28 08:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Received disconnect from 103.159.132.91 port 50590:11: Bye Bye [preauth]
Sep 28 08:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Disconnected from 103.159.132.91 port 50590 [preauth]
Sep 28 08:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user admin from 196.251.69.141
Sep 28 08:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user admin from 196.251.69.141 port 45008 ssh2
Sep 28 08:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Connection closed by 196.251.69.141 port 45008 [preauth]
Sep 28 08:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: User clamav from 27.254.235.3 not allowed because not listed in AllowUsers
Sep 28 08:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: input_userauth_request: invalid user clamav [preauth]
Sep 28 08:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.3  user=clamav
Sep 28 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: Failed password for invalid user clamav from 27.254.235.3 port 35684 ssh2
Sep 28 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: Received disconnect from 27.254.235.3 port 35684:11: Bye Bye [preauth]
Sep 28 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: Disconnected from 27.254.235.3 port 35684 [preauth]
Sep 28 08:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Invalid user jboss from 14.225.205.58
Sep 28 08:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: input_userauth_request: invalid user jboss [preauth]
Sep 28 08:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24632]: Successful su for rubyman by root
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24632]: + ??? root:rubyman
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307326 of user rubyman.
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24632]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307326.
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Failed password for invalid user jboss from 14.225.205.58 port 40004 ssh2
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Received disconnect from 14.225.205.58 port 40004:11: Bye Bye [preauth]
Sep 28 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Disconnected from 14.225.205.58 port 40004 [preauth]
Sep 28 08:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21271]: pam_unix(cron:session): session closed for user root
Sep 28 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 28 08:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: Failed password for root from 20.163.71.109 port 36414 ssh2
Sep 28 08:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: Connection closed by 20.163.71.109 port 36414 [preauth]
Sep 28 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Invalid user system from 220.118.173.234
Sep 28 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: input_userauth_request: invalid user system [preauth]
Sep 28 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Failed password for invalid user system from 220.118.173.234 port 45706 ssh2
Sep 28 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Received disconnect from 220.118.173.234 port 45706:11: Bye Bye [preauth]
Sep 28 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Disconnected from 220.118.173.234 port 45706 [preauth]
Sep 28 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23388]: pam_unix(cron:session): session closed for user root
Sep 28 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Invalid user www from 138.68.58.124
Sep 28 08:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: input_userauth_request: invalid user www [preauth]
Sep 28 08:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 28 08:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Failed password for invalid user www from 138.68.58.124 port 48254 ssh2
Sep 28 08:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Connection closed by 138.68.58.124 port 48254 [preauth]
Sep 28 08:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Invalid user admin from 196.251.69.141
Sep 28 08:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Failed password for invalid user admin from 196.251.69.141 port 33476 ssh2
Sep 28 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Connection closed by 196.251.69.141 port 33476 [preauth]
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25080]: Successful su for rubyman by root
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25080]: + ??? root:rubyman
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307330 of user rubyman.
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25080]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307330.
Sep 28 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Invalid user mariet from 190.103.202.7
Sep 28 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: input_userauth_request: invalid user mariet [preauth]
Sep 28 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21714]: pam_unix(cron:session): session closed for user root
Sep 28 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Failed password for invalid user mariet from 190.103.202.7 port 55858 ssh2
Sep 28 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Connection closed by 190.103.202.7 port 55858 [preauth]
Sep 28 08:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: Invalid user oxidized from 103.159.132.91
Sep 28 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: input_userauth_request: invalid user oxidized [preauth]
Sep 28 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: Failed password for invalid user oxidized from 103.159.132.91 port 47284 ssh2
Sep 28 08:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: Received disconnect from 103.159.132.91 port 47284:11: Bye Bye [preauth]
Sep 28 08:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25546]: Disconnected from 103.159.132.91 port 47284 [preauth]
Sep 28 08:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: Invalid user report from 14.225.205.58
Sep 28 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: input_userauth_request: invalid user report [preauth]
Sep 28 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: Failed password for invalid user report from 14.225.205.58 port 36592 ssh2
Sep 28 08:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: Received disconnect from 14.225.205.58 port 36592:11: Bye Bye [preauth]
Sep 28 08:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25568]: Disconnected from 14.225.205.58 port 36592 [preauth]
Sep 28 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session closed for user root
Sep 28 08:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Invalid user admin from 196.251.69.141
Sep 28 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Failed password for root from 220.118.173.234 port 60676 ssh2
Sep 28 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Received disconnect from 220.118.173.234 port 60676:11: Bye Bye [preauth]
Sep 28 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25641]: Disconnected from 220.118.173.234 port 60676 [preauth]
Sep 28 08:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Failed password for invalid user admin from 196.251.69.141 port 50374 ssh2
Sep 28 08:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Connection closed by 196.251.69.141 port 50374 [preauth]
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25711]: pam_unix(cron:session): session closed for user root
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25705]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25792]: Successful su for rubyman by root
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25792]: + ??? root:rubyman
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307334 of user rubyman.
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25792]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307334.
Sep 28 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25708]: pam_unix(cron:session): session closed for user root
Sep 28 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22171]: pam_unix(cron:session): session closed for user root
Sep 28 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25706]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Invalid user ftpuser1 from 14.225.205.58
Sep 28 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: input_userauth_request: invalid user ftpuser1 [preauth]
Sep 28 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Invalid user admin from 196.251.69.141
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Failed password for invalid user ftpuser1 from 14.225.205.58 port 39988 ssh2
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Received disconnect from 14.225.205.58 port 39988:11: Bye Bye [preauth]
Sep 28 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Disconnected from 14.225.205.58 port 39988 [preauth]
Sep 28 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Failed password for invalid user admin from 196.251.69.141 port 37426 ssh2
Sep 28 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Connection closed by 196.251.69.141 port 37426 [preauth]
Sep 28 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session closed for user root
Sep 28 08:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Invalid user utente from 103.159.132.91
Sep 28 08:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: input_userauth_request: invalid user utente [preauth]
Sep 28 08:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Failed password for invalid user utente from 103.159.132.91 port 43982 ssh2
Sep 28 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Received disconnect from 103.159.132.91 port 43982:11: Bye Bye [preauth]
Sep 28 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Disconnected from 103.159.132.91 port 43982 [preauth]
Sep 28 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26493]: Successful su for rubyman by root
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26493]: + ??? root:rubyman
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307341 of user rubyman.
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26493]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307341.
Sep 28 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Failed password for root from 220.118.173.234 port 32802 ssh2
Sep 28 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Received disconnect from 220.118.173.234 port 32802:11: Bye Bye [preauth]
Sep 28 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Disconnected from 220.118.173.234 port 32802 [preauth]
Sep 28 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session closed for user root
Sep 28 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Invalid user admin from 196.251.69.141
Sep 28 08:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Failed password for invalid user admin from 196.251.69.141 port 52624 ssh2
Sep 28 08:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Connection closed by 196.251.69.141 port 52624 [preauth]
Sep 28 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25019]: pam_unix(cron:session): session closed for user root
Sep 28 08:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Invalid user celeryuser from 14.225.205.58
Sep 28 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: input_userauth_request: invalid user celeryuser [preauth]
Sep 28 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Failed password for invalid user celeryuser from 14.225.205.58 port 41874 ssh2
Sep 28 08:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Received disconnect from 14.225.205.58 port 41874:11: Bye Bye [preauth]
Sep 28 08:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Disconnected from 14.225.205.58 port 41874 [preauth]
Sep 28 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: Successful su for rubyman by root
Sep 28 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: + ??? root:rubyman
Sep 28 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307346 of user rubyman.
Sep 28 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307346.
Sep 28 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23387]: pam_unix(cron:session): session closed for user root
Sep 28 08:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Invalid user szy from 103.159.132.91
Sep 28 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: input_userauth_request: invalid user szy [preauth]
Sep 28 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Failed password for invalid user szy from 103.159.132.91 port 40680 ssh2
Sep 28 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Received disconnect from 103.159.132.91 port 40680:11: Bye Bye [preauth]
Sep 28 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Disconnected from 103.159.132.91 port 40680 [preauth]
Sep 28 08:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Invalid user admin from 196.251.69.141
Sep 28 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for invalid user admin from 196.251.69.141 port 39376 ssh2
Sep 28 08:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Connection closed by 196.251.69.141 port 39376 [preauth]
Sep 28 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Invalid user won from 220.118.173.234
Sep 28 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: input_userauth_request: invalid user won [preauth]
Sep 28 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Failed password for invalid user won from 220.118.173.234 port 44254 ssh2
Sep 28 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Received disconnect from 220.118.173.234 port 44254:11: Bye Bye [preauth]
Sep 28 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Disconnected from 220.118.173.234 port 44254 [preauth]
Sep 28 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25710]: pam_unix(cron:session): session closed for user root
Sep 28 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27402]: Invalid user  from 64.62.156.120
Sep 28 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27402]: input_userauth_request: invalid user  [preauth]
Sep 28 08:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27402]: Connection closed by 64.62.156.120 port 62865 [preauth]
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27479]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: Successful su for rubyman by root
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: + ??? root:rubyman
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307348 of user rubyman.
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307348.
Sep 28 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Invalid user bot from 14.225.205.58
Sep 28 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: input_userauth_request: invalid user bot [preauth]
Sep 28 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session closed for user root
Sep 28 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Failed password for invalid user bot from 14.225.205.58 port 36110 ssh2
Sep 28 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Received disconnect from 14.225.205.58 port 36110:11: Bye Bye [preauth]
Sep 28 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27747]: Disconnected from 14.225.205.58 port 36110 [preauth]
Sep 28 08:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27478]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Invalid user admin from 196.251.69.141
Sep 28 08:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Failed password for invalid user admin from 196.251.69.141 port 54290 ssh2
Sep 28 08:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Connection closed by 196.251.69.141 port 54290 [preauth]
Sep 28 08:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session closed for user root
Sep 28 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Invalid user aovalle from 220.118.173.234
Sep 28 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: input_userauth_request: invalid user aovalle [preauth]
Sep 28 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user aovalle from 220.118.173.234 port 49176 ssh2
Sep 28 08:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Received disconnect from 220.118.173.234 port 49176:11: Bye Bye [preauth]
Sep 28 08:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Disconnected from 220.118.173.234 port 49176 [preauth]
Sep 28 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Invalid user rahul from 103.159.132.91
Sep 28 08:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: input_userauth_request: invalid user rahul [preauth]
Sep 28 08:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Failed password for invalid user rahul from 103.159.132.91 port 37374 ssh2
Sep 28 08:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Received disconnect from 103.159.132.91 port 37374:11: Bye Bye [preauth]
Sep 28 08:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Disconnected from 103.159.132.91 port 37374 [preauth]
Sep 28 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28177]: Successful su for rubyman by root
Sep 28 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28177]: + ??? root:rubyman
Sep 28 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307352 of user rubyman.
Sep 28 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28177]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307352.
Sep 28 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: Invalid user test from 196.251.69.141
Sep 28 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: input_userauth_request: invalid user test [preauth]
Sep 28 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24566]: pam_unix(cron:session): session closed for user root
Sep 28 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: Failed password for invalid user test from 196.251.69.141 port 41264 ssh2
Sep 28 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28096]: Connection closed by 196.251.69.141 port 41264 [preauth]
Sep 28 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 08:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Failed password for root from 14.225.205.58 port 41208 ssh2
Sep 28 08:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Received disconnect from 14.225.205.58 port 41208:11: Bye Bye [preauth]
Sep 28 08:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Disconnected from 14.225.205.58 port 41208 [preauth]
Sep 28 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user root
Sep 28 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: Invalid user admin from 139.19.117.131
Sep 28 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: input_userauth_request: invalid user admin [preauth]
Sep 28 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: Connection closed by 139.19.117.131 port 38348 [preauth]
Sep 28 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Failed password for root from 220.118.173.234 port 45142 ssh2
Sep 28 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Received disconnect from 220.118.173.234 port 45142:11: Bye Bye [preauth]
Sep 28 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Disconnected from 220.118.173.234 port 45142 [preauth]
Sep 28 08:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Invalid user test from 196.251.69.141
Sep 28 08:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: input_userauth_request: invalid user test [preauth]
Sep 28 08:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Failed password for invalid user test from 196.251.69.141 port 55604 ssh2
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Connection closed by 196.251.69.141 port 55604 [preauth]
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session closed for user root
Sep 28 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: Successful su for rubyman by root
Sep 28 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: + ??? root:rubyman
Sep 28 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307356 of user rubyman.
Sep 28 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307356.
Sep 28 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session closed for user root
Sep 28 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user root
Sep 28 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Invalid user ollama from 103.159.132.91
Sep 28 08:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: input_userauth_request: invalid user ollama [preauth]
Sep 28 08:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Failed password for invalid user ollama from 103.159.132.91 port 34072 ssh2
Sep 28 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Received disconnect from 103.159.132.91 port 34072:11: Bye Bye [preauth]
Sep 28 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Disconnected from 103.159.132.91 port 34072 [preauth]
Sep 28 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session closed for user root
Sep 28 08:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 08:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Failed password for root from 14.225.205.58 port 33440 ssh2
Sep 28 08:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Received disconnect from 14.225.205.58 port 33440:11: Bye Bye [preauth]
Sep 28 08:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Disconnected from 14.225.205.58 port 33440 [preauth]
Sep 28 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: Invalid user test from 196.251.69.141
Sep 28 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: input_userauth_request: invalid user test [preauth]
Sep 28 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: Failed password for invalid user test from 196.251.69.141 port 40782 ssh2
Sep 28 08:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29260]: Connection closed by 196.251.69.141 port 40782 [preauth]
Sep 28 08:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Invalid user user12 from 220.118.173.234
Sep 28 08:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: input_userauth_request: invalid user user12 [preauth]
Sep 28 08:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Failed password for invalid user user12 from 220.118.173.234 port 58738 ssh2
Sep 28 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Received disconnect from 220.118.173.234 port 58738:11: Bye Bye [preauth]
Sep 28 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Disconnected from 220.118.173.234 port 58738 [preauth]
Sep 28 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: Successful su for rubyman by root
Sep 28 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: + ??? root:rubyman
Sep 28 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307362 of user rubyman.
Sep 28 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29374]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307362.
Sep 28 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25709]: pam_unix(cron:session): session closed for user root
Sep 28 08:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session closed for user root
Sep 28 08:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Invalid user test from 196.251.69.141
Sep 28 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: input_userauth_request: invalid user test [preauth]
Sep 28 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Failed password for invalid user test from 196.251.69.141 port 56668 ssh2
Sep 28 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Connection closed by 196.251.69.141 port 56668 [preauth]
Sep 28 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Failed password for root from 103.159.132.91 port 59002 ssh2
Sep 28 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Received disconnect from 103.159.132.91 port 59002:11: Bye Bye [preauth]
Sep 28 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Disconnected from 103.159.132.91 port 59002 [preauth]
Sep 28 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Invalid user ssm from 14.225.205.58
Sep 28 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: input_userauth_request: invalid user ssm [preauth]
Sep 28 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Failed password for invalid user ssm from 14.225.205.58 port 41316 ssh2
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Received disconnect from 14.225.205.58 port 41316:11: Bye Bye [preauth]
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Disconnected from 14.225.205.58 port 41316 [preauth]
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Failed password for root from 220.118.173.234 port 60142 ssh2
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Received disconnect from 220.118.173.234 port 60142:11: Bye Bye [preauth]
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Disconnected from 220.118.173.234 port 60142 [preauth]
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: Successful su for rubyman by root
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: + ??? root:rubyman
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307366 of user rubyman.
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307366.
Sep 28 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session closed for user root
Sep 28 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Invalid user test from 196.251.69.141
Sep 28 08:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: input_userauth_request: invalid user test [preauth]
Sep 28 08:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Failed password for invalid user test from 196.251.69.141 port 42252 ssh2
Sep 28 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Connection closed by 196.251.69.141 port 42252 [preauth]
Sep 28 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28681]: pam_unix(cron:session): session closed for user root
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30274]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30275]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30271]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: Successful su for rubyman by root
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: + ??? root:rubyman
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307371 of user rubyman.
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307371.
Sep 28 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session closed for user root
Sep 28 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Invalid user relay from 220.118.173.234
Sep 28 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: input_userauth_request: invalid user relay [preauth]
Sep 28 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30272]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user relay from 220.118.173.234 port 47692 ssh2
Sep 28 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Received disconnect from 220.118.173.234 port 47692:11: Bye Bye [preauth]
Sep 28 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Disconnected from 220.118.173.234 port 47692 [preauth]
Sep 28 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Invalid user info from 103.159.132.91
Sep 28 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: input_userauth_request: invalid user info [preauth]
Sep 28 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91
Sep 28 08:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Failed password for invalid user info from 103.159.132.91 port 55696 ssh2
Sep 28 08:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Received disconnect from 103.159.132.91 port 55696:11: Bye Bye [preauth]
Sep 28 08:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Disconnected from 103.159.132.91 port 55696 [preauth]
Sep 28 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Invalid user certbot from 14.225.205.58
Sep 28 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: input_userauth_request: invalid user certbot [preauth]
Sep 28 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Failed password for invalid user certbot from 14.225.205.58 port 40192 ssh2
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Invalid user test from 196.251.69.141
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: input_userauth_request: invalid user test [preauth]
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Received disconnect from 14.225.205.58 port 40192:11: Bye Bye [preauth]
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Disconnected from 14.225.205.58 port 40192 [preauth]
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Failed password for invalid user test from 196.251.69.141 port 55754 ssh2
Sep 28 08:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Connection closed by 196.251.69.141 port 55754 [preauth]
Sep 28 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session closed for user root
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user p13x
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30906]: Successful su for rubyman by root
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30906]: + ??? root:rubyman
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307374 of user rubyman.
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30906]: pam_unix(su:session): session closed for user rubyman
Sep 28 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307374.
Sep 28 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27479]: pam_unix(cron:session): session closed for user root
Sep 28 08:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user samftp
Sep 28 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Invalid user test from 196.251.69.141
Sep 28 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: input_userauth_request: invalid user test [preauth]
Sep 28 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Failed password for invalid user test from 196.251.69.141 port 41474 ssh2
Sep 28 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Connection closed by 196.251.69.141 port 41474 [preauth]
Sep 28 08:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Failed password for root from 220.118.173.234 port 47950 ssh2
Sep 28 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Received disconnect from 220.118.173.234 port 47950:11: Bye Bye [preauth]
Sep 28 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Disconnected from 220.118.173.234 port 47950 [preauth]
Sep 28 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session closed for user root
Sep 28 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 08:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Failed password for root from 14.225.205.58 port 52088 ssh2
Sep 28 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Received disconnect from 14.225.205.58 port 52088:11: Bye Bye [preauth]
Sep 28 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Disconnected from 14.225.205.58 port 52088 [preauth]
Sep 28 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Failed password for root from 103.159.132.91 port 52394 ssh2
Sep 28 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Received disconnect from 103.159.132.91 port 52394:11: Bye Bye [preauth]
Sep 28 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Disconnected from 103.159.132.91 port 52394 [preauth]
Sep 28 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Invalid user test from 196.251.69.141
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: input_userauth_request: invalid user test [preauth]
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session closed for user root
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session closed for user root
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31401]: Successful su for rubyman by root
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31401]: + ??? root:rubyman
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307384 of user rubyman.
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31401]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307384.
Sep 28 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Failed password for invalid user test from 196.251.69.141 port 54146 ssh2
Sep 28 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Connection closed by 196.251.69.141 port 54146 [preauth]
Sep 28 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session closed for user root
Sep 28 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session closed for user root
Sep 28 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Invalid user debianuser from 220.118.173.234
Sep 28 09:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: input_userauth_request: invalid user debianuser [preauth]
Sep 28 09:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Failed password for invalid user debianuser from 220.118.173.234 port 45252 ssh2
Sep 28 09:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Received disconnect from 220.118.173.234 port 45252:11: Bye Bye [preauth]
Sep 28 09:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Disconnected from 220.118.173.234 port 45252 [preauth]
Sep 28 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30275]: pam_unix(cron:session): session closed for user root
Sep 28 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: Invalid user test from 196.251.69.141
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: input_userauth_request: invalid user test [preauth]
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Failed password for root from 14.225.205.58 port 45320 ssh2
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Received disconnect from 14.225.205.58 port 45320:11: Bye Bye [preauth]
Sep 28 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Disconnected from 14.225.205.58 port 45320 [preauth]
Sep 28 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: Failed password for invalid user test from 196.251.69.141 port 39456 ssh2
Sep 28 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: Connection closed by 196.251.69.141 port 39456 [preauth]
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31893]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: Successful su for rubyman by root
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: + ??? root:rubyman
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307385 of user rubyman.
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31968]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307385.
Sep 28 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session closed for user root
Sep 28 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.91  user=root
Sep 28 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Failed password for root from 103.159.132.91 port 49092 ssh2
Sep 28 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Received disconnect from 103.159.132.91 port 49092:11: Bye Bye [preauth]
Sep 28 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Disconnected from 103.159.132.91 port 49092 [preauth]
Sep 28 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Invalid user bot from 220.118.173.234
Sep 28 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: input_userauth_request: invalid user bot [preauth]
Sep 28 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Failed password for invalid user bot from 220.118.173.234 port 53148 ssh2
Sep 28 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Received disconnect from 220.118.173.234 port 53148:11: Bye Bye [preauth]
Sep 28 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32246]: Disconnected from 220.118.173.234 port 53148 [preauth]
Sep 28 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session closed for user root
Sep 28 09:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Invalid user user from 196.251.69.141
Sep 28 09:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: input_userauth_request: invalid user user [preauth]
Sep 28 09:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Failed password for invalid user user from 196.251.69.141 port 52740 ssh2
Sep 28 09:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Connection closed by 196.251.69.141 port 52740 [preauth]
Sep 28 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: Successful su for rubyman by root
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: + ??? root:rubyman
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307390 of user rubyman.
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307390.
Sep 28 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session closed for user root
Sep 28 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Failed password for root from 14.225.205.58 port 46740 ssh2
Sep 28 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Received disconnect from 14.225.205.58 port 46740:11: Bye Bye [preauth]
Sep 28 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Disconnected from 14.225.205.58 port 46740 [preauth]
Sep 28 09:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: Invalid user user from 196.251.69.141
Sep 28 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: input_userauth_request: invalid user user [preauth]
Sep 28 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: Failed password for invalid user user from 196.251.69.141 port 37758 ssh2
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31303]: pam_unix(cron:session): session closed for user root
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Invalid user report from 220.118.173.234
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: input_userauth_request: invalid user report [preauth]
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32691]: Connection closed by 196.251.69.141 port 37758 [preauth]
Sep 28 09:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Failed password for invalid user report from 220.118.173.234 port 53000 ssh2
Sep 28 09:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Received disconnect from 220.118.173.234 port 53000:11: Bye Bye [preauth]
Sep 28 09:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Disconnected from 220.118.173.234 port 53000 [preauth]
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: Successful su for rubyman by root
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: + ??? root:rubyman
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307393 of user rubyman.
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307393.
Sep 28 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session closed for user root
Sep 28 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Invalid user debianuser from 14.225.205.58
Sep 28 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: input_userauth_request: invalid user debianuser [preauth]
Sep 28 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user debianuser from 14.225.205.58 port 32964 ssh2
Sep 28 09:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Received disconnect from 14.225.205.58 port 32964:11: Bye Bye [preauth]
Sep 28 09:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Disconnected from 14.225.205.58 port 32964 [preauth]
Sep 28 09:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: Invalid user user from 196.251.69.141
Sep 28 09:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: input_userauth_request: invalid user user [preauth]
Sep 28 09:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: Failed password for invalid user user from 196.251.69.141 port 50588 ssh2
Sep 28 09:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: Connection closed by 196.251.69.141 port 50588 [preauth]
Sep 28 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user root
Sep 28 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: Failed password for root from 220.118.173.234 port 46584 ssh2
Sep 28 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: Received disconnect from 220.118.173.234 port 46584:11: Bye Bye [preauth]
Sep 28 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: Disconnected from 220.118.173.234 port 46584 [preauth]
Sep 28 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[774]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[773]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[767]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[875]: Successful su for rubyman by root
Sep 28 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[875]: + ??? root:rubyman
Sep 28 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307398 of user rubyman.
Sep 28 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[875]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307398.
Sep 28 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30274]: pam_unix(cron:session): session closed for user root
Sep 28 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[770]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Invalid user user from 196.251.69.141
Sep 28 09:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: input_userauth_request: invalid user user [preauth]
Sep 28 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Failed password for invalid user user from 196.251.69.141 port 35018 ssh2
Sep 28 09:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Connection closed by 196.251.69.141 port 35018 [preauth]
Sep 28 09:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user root
Sep 28 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: Failed password for root from 14.225.205.58 port 60458 ssh2
Sep 28 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: Received disconnect from 14.225.205.58 port 60458:11: Bye Bye [preauth]
Sep 28 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1252]: Disconnected from 14.225.205.58 port 60458 [preauth]
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1324]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session closed for user root
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: Successful su for rubyman by root
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: + ??? root:rubyman
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307405 of user rubyman.
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307405.
Sep 28 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1324]: pam_unix(cron:session): session closed for user root
Sep 28 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session closed for user root
Sep 28 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: Invalid user user from 196.251.69.141
Sep 28 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: input_userauth_request: invalid user user [preauth]
Sep 28 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: Failed password for invalid user user from 196.251.69.141 port 47336 ssh2
Sep 28 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1541]: Connection closed by 196.251.69.141 port 47336 [preauth]
Sep 28 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1323]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Invalid user gateway from 220.118.173.234
Sep 28 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: input_userauth_request: invalid user gateway [preauth]
Sep 28 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Failed password for invalid user gateway from 220.118.173.234 port 37282 ssh2
Sep 28 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Received disconnect from 220.118.173.234 port 37282:11: Bye Bye [preauth]
Sep 28 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Disconnected from 220.118.173.234 port 37282 [preauth]
Sep 28 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Did not receive identification string from 167.99.78.165
Sep 28 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session closed for user root
Sep 28 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Invalid user user from 196.251.69.141
Sep 28 09:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: input_userauth_request: invalid user user [preauth]
Sep 28 09:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for invalid user user from 196.251.69.141 port 59172 ssh2
Sep 28 09:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Connection closed by 196.251.69.141 port 59172 [preauth]
Sep 28 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1921]: Successful su for rubyman by root
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1921]: + ??? root:rubyman
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307409 of user rubyman.
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1921]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307409.
Sep 28 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Failed password for root from 14.225.205.58 port 33586 ssh2
Sep 28 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Received disconnect from 14.225.205.58 port 33586:11: Bye Bye [preauth]
Sep 28 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Disconnected from 14.225.205.58 port 33586 [preauth]
Sep 28 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session closed for user root
Sep 28 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1846]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Invalid user postgres from 220.118.173.234
Sep 28 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Failed password for invalid user postgres from 220.118.173.234 port 56762 ssh2
Sep 28 09:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Received disconnect from 220.118.173.234 port 56762:11: Bye Bye [preauth]
Sep 28 09:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Disconnected from 220.118.173.234 port 56762 [preauth]
Sep 28 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[774]: pam_unix(cron:session): session closed for user root
Sep 28 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Invalid user user from 196.251.69.141
Sep 28 09:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: input_userauth_request: invalid user user [preauth]
Sep 28 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Failed password for invalid user user from 196.251.69.141 port 41146 ssh2
Sep 28 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Connection closed by 196.251.69.141 port 41146 [preauth]
Sep 28 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: Successful su for rubyman by root
Sep 28 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: + ??? root:rubyman
Sep 28 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307411 of user rubyman.
Sep 28 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307411.
Sep 28 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session closed for user root
Sep 28 09:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Invalid user boris from 14.225.205.58
Sep 28 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: input_userauth_request: invalid user boris [preauth]
Sep 28 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Failed password for invalid user boris from 14.225.205.58 port 33718 ssh2
Sep 28 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Received disconnect from 14.225.205.58 port 33718:11: Bye Bye [preauth]
Sep 28 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Disconnected from 14.225.205.58 port 33718 [preauth]
Sep 28 09:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Invalid user user from 196.251.69.141
Sep 28 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: input_userauth_request: invalid user user [preauth]
Sep 28 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session closed for user root
Sep 28 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for invalid user user from 196.251.69.141 port 50980 ssh2
Sep 28 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Failed password for root from 220.118.173.234 port 50784 ssh2
Sep 28 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Received disconnect from 220.118.173.234 port 50784:11: Bye Bye [preauth]
Sep 28 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Disconnected from 220.118.173.234 port 50784 [preauth]
Sep 28 09:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Connection closed by 196.251.69.141 port 50980 [preauth]
Sep 28 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2718]: Received disconnect from 193.46.255.33 port 32860:11:  [preauth]
Sep 28 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2718]: Disconnected from 193.46.255.33 port 32860 [preauth]
Sep 28 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2794]: Successful su for rubyman by root
Sep 28 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2794]: + ??? root:rubyman
Sep 28 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307415 of user rubyman.
Sep 28 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2794]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307415.
Sep 28 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session closed for user root
Sep 28 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Invalid user user from 196.251.69.141
Sep 28 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: input_userauth_request: invalid user user [preauth]
Sep 28 09:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Failed password for invalid user user from 196.251.69.141 port 33942 ssh2
Sep 28 09:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Connection closed by 196.251.69.141 port 33942 [preauth]
Sep 28 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session closed for user root
Sep 28 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Invalid user user12 from 14.225.205.58
Sep 28 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: input_userauth_request: invalid user user12 [preauth]
Sep 28 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Failed password for invalid user user12 from 14.225.205.58 port 50282 ssh2
Sep 28 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Received disconnect from 14.225.205.58 port 50282:11: Bye Bye [preauth]
Sep 28 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3076]: Disconnected from 14.225.205.58 port 50282 [preauth]
Sep 28 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Invalid user iksi from 220.118.173.234
Sep 28 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: input_userauth_request: invalid user iksi [preauth]
Sep 28 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Failed password for invalid user iksi from 220.118.173.234 port 39404 ssh2
Sep 28 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Received disconnect from 220.118.173.234 port 39404:11: Bye Bye [preauth]
Sep 28 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Disconnected from 220.118.173.234 port 39404 [preauth]
Sep 28 09:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Invalid user shop from 164.68.105.9
Sep 28 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: input_userauth_request: invalid user shop [preauth]
Sep 28 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 09:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Failed password for invalid user shop from 164.68.105.9 port 44878 ssh2
Sep 28 09:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Connection closed by 164.68.105.9 port 44878 [preauth]
Sep 28 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: Successful su for rubyman by root
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: + ??? root:rubyman
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307420 of user rubyman.
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307420.
Sep 28 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session closed for user root
Sep 28 09:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session closed for user root
Sep 28 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user ubuntu from 196.251.69.141 port 44390 ssh2
Sep 28 09:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Connection closed by 196.251.69.141 port 44390 [preauth]
Sep 28 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session closed for user root
Sep 28 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Invalid user admin from 220.118.173.234
Sep 28 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Failed password for invalid user admin from 220.118.173.234 port 51478 ssh2
Sep 28 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Received disconnect from 220.118.173.234 port 51478:11: Bye Bye [preauth]
Sep 28 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Disconnected from 220.118.173.234 port 51478 [preauth]
Sep 28 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: Invalid user admin from 14.225.205.58
Sep 28 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: Failed password for invalid user admin from 14.225.205.58 port 58034 ssh2
Sep 28 09:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: Received disconnect from 14.225.205.58 port 58034:11: Bye Bye [preauth]
Sep 28 09:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3662]: Disconnected from 14.225.205.58 port 58034 [preauth]
Sep 28 09:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Failed password for invalid user ubuntu from 196.251.69.141 port 54528 ssh2
Sep 28 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Connection closed by 196.251.69.141 port 54528 [preauth]
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session closed for user root
Sep 28 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3685]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: Successful su for rubyman by root
Sep 28 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: + ??? root:rubyman
Sep 28 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307424 of user rubyman.
Sep 28 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3772]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307424.
Sep 28 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session closed for user root
Sep 28 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[773]: pam_unix(cron:session): session closed for user root
Sep 28 09:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3686]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2735]: pam_unix(cron:session): session closed for user root
Sep 28 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for invalid user ubuntu from 196.251.69.141 port 36272 ssh2
Sep 28 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 196.251.69.141 port 36272 [preauth]
Sep 28 09:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Invalid user ssm from 220.118.173.234
Sep 28 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: input_userauth_request: invalid user ssm [preauth]
Sep 28 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Failed password for invalid user ssm from 220.118.173.234 port 39208 ssh2
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Received disconnect from 220.118.173.234 port 39208:11: Bye Bye [preauth]
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Disconnected from 220.118.173.234 port 39208 [preauth]
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: Successful su for rubyman by root
Sep 28 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: + ??? root:rubyman
Sep 28 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307431 of user rubyman.
Sep 28 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307431.
Sep 28 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session closed for user root
Sep 28 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Invalid user trade from 14.225.205.58
Sep 28 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: input_userauth_request: invalid user trade [preauth]
Sep 28 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Failed password for invalid user trade from 14.225.205.58 port 40676 ssh2
Sep 28 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Received disconnect from 14.225.205.58 port 40676:11: Bye Bye [preauth]
Sep 28 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Disconnected from 14.225.205.58 port 40676 [preauth]
Sep 28 09:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Failed password for invalid user ubuntu from 196.251.69.141 port 46418 ssh2
Sep 28 09:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Connection closed by 196.251.69.141 port 46418 [preauth]
Sep 28 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session closed for user root
Sep 28 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4616]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: Successful su for rubyman by root
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: + ??? root:rubyman
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307435 of user rubyman.
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307435.
Sep 28 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session closed for user root
Sep 28 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: Invalid user trade from 220.118.173.234
Sep 28 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: input_userauth_request: invalid user trade [preauth]
Sep 28 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: Failed password for invalid user trade from 220.118.173.234 port 45494 ssh2
Sep 28 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: Received disconnect from 220.118.173.234 port 45494:11: Bye Bye [preauth]
Sep 28 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4863]: Disconnected from 220.118.173.234 port 45494 [preauth]
Sep 28 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Failed password for invalid user ubuntu from 196.251.69.141 port 56262 ssh2
Sep 28 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Connection closed by 196.251.69.141 port 56262 [preauth]
Sep 28 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Invalid user iksi from 14.225.205.58
Sep 28 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: input_userauth_request: invalid user iksi [preauth]
Sep 28 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session closed for user root
Sep 28 09:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Failed password for invalid user iksi from 14.225.205.58 port 55738 ssh2
Sep 28 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Received disconnect from 14.225.205.58 port 55738:11: Bye Bye [preauth]
Sep 28 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Disconnected from 14.225.205.58 port 55738 [preauth]
Sep 28 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: Successful su for rubyman by root
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: + ??? root:rubyman
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307439 of user rubyman.
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307439.
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Failed password for invalid user ubuntu from 196.251.69.141 port 37764 ssh2
Sep 28 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Connection closed by 196.251.69.141 port 37764 [preauth]
Sep 28 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session closed for user root
Sep 28 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5444]: Failed password for root from 220.118.173.234 port 42348 ssh2
Sep 28 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5444]: Received disconnect from 220.118.173.234 port 42348:11: Bye Bye [preauth]
Sep 28 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5444]: Disconnected from 220.118.173.234 port 42348 [preauth]
Sep 28 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session closed for user root
Sep 28 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 09:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Failed password for invalid user ubuntu from 196.251.69.141 port 47784 ssh2
Sep 28 09:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Connection closed by 196.251.69.141 port 47784 [preauth]
Sep 28 09:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Failed password for root from 14.225.205.58 port 42974 ssh2
Sep 28 09:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Received disconnect from 14.225.205.58 port 42974:11: Bye Bye [preauth]
Sep 28 09:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Disconnected from 14.225.205.58 port 42974 [preauth]
Sep 28 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5668]: Successful su for rubyman by root
Sep 28 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5668]: + ??? root:rubyman
Sep 28 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307444 of user rubyman.
Sep 28 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5668]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307444.
Sep 28 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2734]: pam_unix(cron:session): session closed for user root
Sep 28 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user root
Sep 28 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Failed password for invalid user ubuntu from 196.251.69.141 port 57466 ssh2
Sep 28 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Connection closed by 196.251.69.141 port 57466 [preauth]
Sep 28 09:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Invalid user boris from 220.118.173.234
Sep 28 09:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: input_userauth_request: invalid user boris [preauth]
Sep 28 09:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Failed password for invalid user boris from 220.118.173.234 port 47946 ssh2
Sep 28 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Received disconnect from 220.118.173.234 port 47946:11: Bye Bye [preauth]
Sep 28 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Disconnected from 220.118.173.234 port 47946 [preauth]
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session closed for user root
Sep 28 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6047]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6120]: Successful su for rubyman by root
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6120]: + ??? root:rubyman
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307446 of user rubyman.
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6120]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307446.
Sep 28 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58  user=root
Sep 28 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6050]: pam_unix(cron:session): session closed for user root
Sep 28 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3162]: pam_unix(cron:session): session closed for user root
Sep 28 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Failed password for root from 14.225.205.58 port 38896 ssh2
Sep 28 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Received disconnect from 14.225.205.58 port 38896:11: Bye Bye [preauth]
Sep 28 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Disconnected from 14.225.205.58 port 38896 [preauth]
Sep 28 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6049]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Invalid user ubuntu from 196.251.69.141
Sep 28 09:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Failed password for invalid user ubuntu from 196.251.69.141 port 39024 ssh2
Sep 28 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Connection closed by 196.251.69.141 port 39024 [preauth]
Sep 28 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session closed for user root
Sep 28 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Invalid user celeryuser from 220.118.173.234
Sep 28 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: input_userauth_request: invalid user celeryuser [preauth]
Sep 28 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Failed password for invalid user celeryuser from 220.118.173.234 port 42818 ssh2
Sep 28 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Received disconnect from 220.118.173.234 port 42818:11: Bye Bye [preauth]
Sep 28 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6495]: Disconnected from 220.118.173.234 port 42818 [preauth]
Sep 28 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6693]: Successful su for rubyman by root
Sep 28 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6693]: + ??? root:rubyman
Sep 28 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307453 of user rubyman.
Sep 28 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6693]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307453.
Sep 28 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3688]: pam_unix(cron:session): session closed for user root
Sep 28 09:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: Invalid user guest from 196.251.69.141
Sep 28 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: Failed password for invalid user guest from 196.251.69.141 port 49254 ssh2
Sep 28 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: Connection closed by 196.251.69.141 port 49254 [preauth]
Sep 28 09:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Invalid user usuario2 from 14.225.205.58
Sep 28 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: input_userauth_request: invalid user usuario2 [preauth]
Sep 28 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Failed password for invalid user usuario2 from 14.225.205.58 port 58742 ssh2
Sep 28 09:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Received disconnect from 14.225.205.58 port 58742:11: Bye Bye [preauth]
Sep 28 09:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Disconnected from 14.225.205.58 port 58742 [preauth]
Sep 28 09:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user root
Sep 28 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Invalid user guest from 196.251.69.141
Sep 28 09:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Invalid user certbot from 220.118.173.234
Sep 28 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: input_userauth_request: invalid user certbot [preauth]
Sep 28 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Failed password for invalid user guest from 196.251.69.141 port 58568 ssh2
Sep 28 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Connection closed by 196.251.69.141 port 58568 [preauth]
Sep 28 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Failed password for invalid user certbot from 220.118.173.234 port 50512 ssh2
Sep 28 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Received disconnect from 220.118.173.234 port 50512:11: Bye Bye [preauth]
Sep 28 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Disconnected from 220.118.173.234 port 50512 [preauth]
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session closed for user root
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: Successful su for rubyman by root
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: + ??? root:rubyman
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307459 of user rubyman.
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307459.
Sep 28 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session closed for user root
Sep 28 09:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7102]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session closed for user root
Sep 28 09:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Invalid user admin from 14.225.205.58
Sep 28 09:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Failed password for invalid user admin from 14.225.205.58 port 50382 ssh2
Sep 28 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Received disconnect from 14.225.205.58 port 50382:11: Bye Bye [preauth]
Sep 28 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Disconnected from 14.225.205.58 port 50382 [preauth]
Sep 28 09:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: Invalid user guest from 196.251.69.141
Sep 28 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: Failed password for invalid user guest from 196.251.69.141 port 39768 ssh2
Sep 28 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7581]: Connection closed by 196.251.69.141 port 39768 [preauth]
Sep 28 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7617]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: Successful su for rubyman by root
Sep 28 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: + ??? root:rubyman
Sep 28 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307461 of user rubyman.
Sep 28 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307461.
Sep 28 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session closed for user root
Sep 28 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7615]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Invalid user admin from 220.118.173.234
Sep 28 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Failed password for invalid user admin from 220.118.173.234 port 53372 ssh2
Sep 28 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Received disconnect from 220.118.173.234 port 53372:11: Bye Bye [preauth]
Sep 28 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Disconnected from 220.118.173.234 port 53372 [preauth]
Sep 28 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user root
Sep 28 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Invalid user guest from 196.251.69.141
Sep 28 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Failed password for invalid user guest from 196.251.69.141 port 48886 ssh2
Sep 28 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Connection closed by 196.251.69.141 port 48886 [preauth]
Sep 28 09:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: Invalid user won from 14.225.205.58
Sep 28 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: input_userauth_request: invalid user won [preauth]
Sep 28 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: Failed password for invalid user won from 14.225.205.58 port 45604 ssh2
Sep 28 09:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: Received disconnect from 14.225.205.58 port 45604:11: Bye Bye [preauth]
Sep 28 09:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8081]: Disconnected from 14.225.205.58 port 45604 [preauth]
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8102]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8099]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: Successful su for rubyman by root
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: + ??? root:rubyman
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307466 of user rubyman.
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307466.
Sep 28 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session closed for user root
Sep 28 09:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8100]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: Invalid user guest from 196.251.69.141
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Invalid user admin from 220.118.173.234
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234
Sep 28 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: Failed password for invalid user guest from 196.251.69.141 port 58332 ssh2
Sep 28 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Failed password for invalid user admin from 220.118.173.234 port 41916 ssh2
Sep 28 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8440]: Connection closed by 196.251.69.141 port 58332 [preauth]
Sep 28 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Received disconnect from 220.118.173.234 port 41916:11: Bye Bye [preauth]
Sep 28 09:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Disconnected from 220.118.173.234 port 41916 [preauth]
Sep 28 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7104]: pam_unix(cron:session): session closed for user root
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8576]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session closed for user root
Sep 28 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8572]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: Successful su for rubyman by root
Sep 28 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: + ??? root:rubyman
Sep 28 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307470 of user rubyman.
Sep 28 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307470.
Sep 28 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user root
Sep 28 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8576]: pam_unix(cron:session): session closed for user root
Sep 28 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Invalid user guest from 196.251.69.141
Sep 28 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Invalid user admin from 14.225.205.58
Sep 28 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Failed password for invalid user guest from 196.251.69.141 port 40526 ssh2
Sep 28 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Connection closed by 196.251.69.141 port 40526 [preauth]
Sep 28 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Failed password for invalid user admin from 14.225.205.58 port 40658 ssh2
Sep 28 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Received disconnect from 14.225.205.58 port 40658:11: Bye Bye [preauth]
Sep 28 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Disconnected from 14.225.205.58 port 40658 [preauth]
Sep 28 09:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.118.173.234  user=root
Sep 28 09:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7617]: pam_unix(cron:session): session closed for user root
Sep 28 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Failed password for root from 220.118.173.234 port 43076 ssh2
Sep 28 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Received disconnect from 220.118.173.234 port 43076:11: Bye Bye [preauth]
Sep 28 09:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Disconnected from 220.118.173.234 port 43076 [preauth]
Sep 28 09:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Invalid user guest from 196.251.69.141
Sep 28 09:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Failed password for invalid user guest from 196.251.69.141 port 49790 ssh2
Sep 28 09:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Connection closed by 196.251.69.141 port 49790 [preauth]
Sep 28 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9273]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9356]: Successful su for rubyman by root
Sep 28 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9356]: + ??? root:rubyman
Sep 28 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307476 of user rubyman.
Sep 28 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9356]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307476.
Sep 28 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session closed for user root
Sep 28 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9271]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Invalid user aovalle from 14.225.205.58
Sep 28 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: input_userauth_request: invalid user aovalle [preauth]
Sep 28 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.205.58
Sep 28 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Failed password for invalid user aovalle from 14.225.205.58 port 41892 ssh2
Sep 28 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Received disconnect from 14.225.205.58 port 41892:11: Bye Bye [preauth]
Sep 28 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Disconnected from 14.225.205.58 port 41892 [preauth]
Sep 28 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8102]: pam_unix(cron:session): session closed for user root
Sep 28 09:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: Invalid user guest from 196.251.69.141
Sep 28 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: Failed password for invalid user guest from 196.251.69.141 port 59368 ssh2
Sep 28 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: Connection closed by 196.251.69.141 port 59368 [preauth]
Sep 28 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9851]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9848]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9918]: Successful su for rubyman by root
Sep 28 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9918]: + ??? root:rubyman
Sep 28 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307479 of user rubyman.
Sep 28 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9918]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307479.
Sep 28 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session closed for user root
Sep 28 09:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Invalid user guest from 196.251.69.141
Sep 28 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: input_userauth_request: invalid user guest [preauth]
Sep 28 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Failed password for invalid user guest from 196.251.69.141 port 40758 ssh2
Sep 28 09:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Connection closed by 196.251.69.141 port 40758 [preauth]
Sep 28 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8579]: pam_unix(cron:session): session closed for user root
Sep 28 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10382]: Successful su for rubyman by root
Sep 28 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10382]: + ??? root:rubyman
Sep 28 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307483 of user rubyman.
Sep 28 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10382]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307483.
Sep 28 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7103]: pam_unix(cron:session): session closed for user root
Sep 28 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Invalid user oracle from 196.251.69.141
Sep 28 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Failed password for invalid user oracle from 196.251.69.141 port 49944 ssh2
Sep 28 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10591]: Connection closed by 196.251.69.141 port 49944 [preauth]
Sep 28 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9273]: pam_unix(cron:session): session closed for user root
Sep 28 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Invalid user oracle from 196.251.69.141
Sep 28 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Failed password for invalid user oracle from 196.251.69.141 port 59254 ssh2
Sep 28 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Connection closed by 196.251.69.141 port 59254 [preauth]
Sep 28 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10762]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: Successful su for rubyman by root
Sep 28 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: + ??? root:rubyman
Sep 28 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307487 of user rubyman.
Sep 28 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307487.
Sep 28 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Invalid user csgo from 5.161.255.90
Sep 28 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: input_userauth_request: invalid user csgo [preauth]
Sep 28 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7616]: pam_unix(cron:session): session closed for user root
Sep 28 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Failed password for invalid user csgo from 5.161.255.90 port 53746 ssh2
Sep 28 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Received disconnect from 5.161.255.90 port 53746:11: Bye Bye [preauth]
Sep 28 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Disconnected from 5.161.255.90 port 53746 [preauth]
Sep 28 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10761]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9851]: pam_unix(cron:session): session closed for user root
Sep 28 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Invalid user oracle from 196.251.69.141
Sep 28 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Failed password for invalid user oracle from 196.251.69.141 port 40422 ssh2
Sep 28 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Connection closed by 196.251.69.141 port 40422 [preauth]
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11184]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session closed for user root
Sep 28 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: Successful su for rubyman by root
Sep 28 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: + ??? root:rubyman
Sep 28 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307493 of user rubyman.
Sep 28 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11262]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307493.
Sep 28 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session closed for user root
Sep 28 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session closed for user root
Sep 28 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for root from 115.78.226.174 port 48797 ssh2
Sep 28 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Received disconnect from 115.78.226.174 port 48797:11: Bye Bye [preauth]
Sep 28 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Disconnected from 115.78.226.174 port 48797 [preauth]
Sep 28 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11182]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Invalid user oussama from 139.59.66.39
Sep 28 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: input_userauth_request: invalid user oussama [preauth]
Sep 28 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Invalid user oracle from 196.251.69.141
Sep 28 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user root
Sep 28 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Failed password for invalid user oussama from 139.59.66.39 port 33546 ssh2
Sep 28 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Received disconnect from 139.59.66.39 port 33546:11: Bye Bye [preauth]
Sep 28 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Disconnected from 139.59.66.39 port 33546 [preauth]
Sep 28 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Failed password for invalid user oracle from 196.251.69.141 port 49878 ssh2
Sep 28 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Connection closed by 196.251.69.141 port 49878 [preauth]
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11742]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11825]: Successful su for rubyman by root
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11825]: + ??? root:rubyman
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307499 of user rubyman.
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11825]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307499.
Sep 28 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8577]: pam_unix(cron:session): session closed for user root
Sep 28 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Connection reset by 198.235.24.93 port 60982 [preauth]
Sep 28 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Invalid user oracle from 196.251.69.141
Sep 28 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user oracle from 196.251.69.141 port 59350 ssh2
Sep 28 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Connection closed by 196.251.69.141 port 59350 [preauth]
Sep 28 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session closed for user root
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: Successful su for rubyman by root
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: + ??? root:rubyman
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307501 of user rubyman.
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307501.
Sep 28 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9272]: pam_unix(cron:session): session closed for user root
Sep 28 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Invalid user oracle from 196.251.69.141
Sep 28 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: Failed password for root from 5.161.255.90 port 35892 ssh2
Sep 28 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: Received disconnect from 5.161.255.90 port 35892:11: Bye Bye [preauth]
Sep 28 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12399]: Disconnected from 5.161.255.90 port 35892 [preauth]
Sep 28 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Failed password for invalid user oracle from 196.251.69.141 port 40688 ssh2
Sep 28 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Connection closed by 196.251.69.141 port 40688 [preauth]
Sep 28 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Invalid user user from 62.60.131.157
Sep 28 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: input_userauth_request: invalid user user [preauth]
Sep 28 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 09:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for invalid user user from 62.60.131.157 port 64171 ssh2
Sep 28 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for invalid user user from 62.60.131.157 port 64171 ssh2
Sep 28 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11185]: pam_unix(cron:session): session closed for user root
Sep 28 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for invalid user user from 62.60.131.157 port 64171 ssh2
Sep 28 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for invalid user user from 62.60.131.157 port 64171 ssh2
Sep 28 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for invalid user user from 62.60.131.157 port 64171 ssh2
Sep 28 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Received disconnect from 62.60.131.157 port 64171:11: Bye [preauth]
Sep 28 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Disconnected from 62.60.131.157 port 64171 [preauth]
Sep 28 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Invalid user oracle from 196.251.69.141
Sep 28 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Failed password for invalid user oracle from 196.251.69.141 port 49518 ssh2
Sep 28 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Connection closed by 196.251.69.141 port 49518 [preauth]
Sep 28 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12710]: Successful su for rubyman by root
Sep 28 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12710]: + ??? root:rubyman
Sep 28 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307505 of user rubyman.
Sep 28 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12710]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307505.
Sep 28 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user root
Sep 28 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Invalid user steam from 209.38.91.249
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: input_userauth_request: invalid user steam [preauth]
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Invalid user test from 5.161.255.90
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: input_userauth_request: invalid user test [preauth]
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Failed password for invalid user steam from 209.38.91.249 port 47280 ssh2
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Failed password for invalid user test from 5.161.255.90 port 61032 ssh2
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Received disconnect from 5.161.255.90 port 61032:11: Bye Bye [preauth]
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Disconnected from 5.161.255.90 port 61032 [preauth]
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Received disconnect from 209.38.91.249 port 47280:11: Bye Bye [preauth]
Sep 28 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Disconnected from 209.38.91.249 port 47280 [preauth]
Sep 28 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Invalid user minecraft from 139.59.66.39
Sep 28 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Failed password for invalid user minecraft from 139.59.66.39 port 41546 ssh2
Sep 28 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Received disconnect from 139.59.66.39 port 41546:11: Bye Bye [preauth]
Sep 28 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Disconnected from 139.59.66.39 port 41546 [preauth]
Sep 28 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11743]: pam_unix(cron:session): session closed for user root
Sep 28 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Invalid user test from 115.78.226.174
Sep 28 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: input_userauth_request: invalid user test [preauth]
Sep 28 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Failed password for invalid user test from 115.78.226.174 port 44927 ssh2
Sep 28 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Received disconnect from 115.78.226.174 port 44927:11: Bye Bye [preauth]
Sep 28 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Disconnected from 115.78.226.174 port 44927 [preauth]
Sep 28 09:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Invalid user oracle from 196.251.69.141
Sep 28 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Failed password for invalid user oracle from 196.251.69.141 port 58636 ssh2
Sep 28 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Connection closed by 196.251.69.141 port 58636 [preauth]
Sep 28 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13162]: Successful su for rubyman by root
Sep 28 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13162]: + ??? root:rubyman
Sep 28 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307511 of user rubyman.
Sep 28 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13162]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307511.
Sep 28 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user root
Sep 28 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user federica from 5.161.255.90
Sep 28 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user federica [preauth]
Sep 28 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user federica from 5.161.255.90 port 21652 ssh2
Sep 28 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Received disconnect from 5.161.255.90 port 21652:11: Bye Bye [preauth]
Sep 28 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Disconnected from 5.161.255.90 port 21652 [preauth]
Sep 28 09:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13437]: Failed password for root from 139.59.66.39 port 54462 ssh2
Sep 28 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13437]: Received disconnect from 139.59.66.39 port 54462:11: Bye Bye [preauth]
Sep 28 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13437]: Disconnected from 139.59.66.39 port 54462 [preauth]
Sep 28 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Invalid user oracle from 196.251.69.141
Sep 28 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: input_userauth_request: invalid user oracle [preauth]
Sep 28 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user oracle from 196.251.69.141 port 39878 ssh2
Sep 28 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Connection closed by 196.251.69.141 port 39878 [preauth]
Sep 28 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user root
Sep 28 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Failed password for root from 209.38.91.249 port 40822 ssh2
Sep 28 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Received disconnect from 209.38.91.249 port 40822:11: Bye Bye [preauth]
Sep 28 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Disconnected from 209.38.91.249 port 40822 [preauth]
Sep 28 09:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: Invalid user iksi from 115.78.226.174
Sep 28 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: input_userauth_request: invalid user iksi [preauth]
Sep 28 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: Failed password for invalid user iksi from 115.78.226.174 port 56552 ssh2
Sep 28 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: Received disconnect from 115.78.226.174 port 56552:11: Bye Bye [preauth]
Sep 28 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: Disconnected from 115.78.226.174 port 56552 [preauth]
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session closed for user root
Sep 28 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13545]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13614]: Successful su for rubyman by root
Sep 28 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13614]: + ??? root:rubyman
Sep 28 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307515 of user rubyman.
Sep 28 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13614]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307515.
Sep 28 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Invalid user admin from 78.128.112.74
Sep 28 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10762]: pam_unix(cron:session): session closed for user root
Sep 28 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13547]: pam_unix(cron:session): session closed for user root
Sep 28 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Failed password for invalid user admin from 78.128.112.74 port 34132 ssh2
Sep 28 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Connection closed by 78.128.112.74 port 34132 [preauth]
Sep 28 09:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Failed password for root from 5.161.255.90 port 46794 ssh2
Sep 28 09:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Received disconnect from 5.161.255.90 port 46794:11: Bye Bye [preauth]
Sep 28 09:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Disconnected from 5.161.255.90 port 46794 [preauth]
Sep 28 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13546]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Invalid user postgres from 196.251.69.141
Sep 28 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Failed password for invalid user postgres from 196.251.69.141 port 48224 ssh2
Sep 28 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Connection closed by 196.251.69.141 port 48224 [preauth]
Sep 28 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12633]: pam_unix(cron:session): session closed for user root
Sep 28 09:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Invalid user federica from 139.59.66.39
Sep 28 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: input_userauth_request: invalid user federica [preauth]
Sep 28 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Failed password for invalid user federica from 139.59.66.39 port 52480 ssh2
Sep 28 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Received disconnect from 139.59.66.39 port 52480:11: Bye Bye [preauth]
Sep 28 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Disconnected from 139.59.66.39 port 52480 [preauth]
Sep 28 09:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for root from 115.78.226.174 port 39945 ssh2
Sep 28 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Received disconnect from 115.78.226.174 port 39945:11: Bye Bye [preauth]
Sep 28 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Disconnected from 115.78.226.174 port 39945 [preauth]
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: Successful su for rubyman by root
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: + ??? root:rubyman
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307519 of user rubyman.
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307519.
Sep 28 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: Invalid user postgres from 196.251.69.141
Sep 28 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11184]: pam_unix(cron:session): session closed for user root
Sep 28 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: Failed password for invalid user postgres from 196.251.69.141 port 57444 ssh2
Sep 28 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: Connection closed by 196.251.69.141 port 57444 [preauth]
Sep 28 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Invalid user pedrito from 209.38.91.249
Sep 28 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: input_userauth_request: invalid user pedrito [preauth]
Sep 28 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Failed password for root from 5.161.255.90 port 7414 ssh2
Sep 28 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Received disconnect from 5.161.255.90 port 7414:11: Bye Bye [preauth]
Sep 28 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Disconnected from 5.161.255.90 port 7414 [preauth]
Sep 28 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Failed password for invalid user pedrito from 209.38.91.249 port 57760 ssh2
Sep 28 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Received disconnect from 209.38.91.249 port 57760:11: Bye Bye [preauth]
Sep 28 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Disconnected from 209.38.91.249 port 57760 [preauth]
Sep 28 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session closed for user root
Sep 28 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Invalid user teamspeak from 139.59.66.39
Sep 28 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: input_userauth_request: invalid user teamspeak [preauth]
Sep 28 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Invalid user postgres from 196.251.69.141
Sep 28 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Failed password for invalid user teamspeak from 139.59.66.39 port 56916 ssh2
Sep 28 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Received disconnect from 139.59.66.39 port 56916:11: Bye Bye [preauth]
Sep 28 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Disconnected from 139.59.66.39 port 56916 [preauth]
Sep 28 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Failed password for invalid user postgres from 196.251.69.141 port 38832 ssh2
Sep 28 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Connection closed by 196.251.69.141 port 38832 [preauth]
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14527]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: Successful su for rubyman by root
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: + ??? root:rubyman
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307523 of user rubyman.
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14595]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307523.
Sep 28 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11742]: pam_unix(cron:session): session closed for user root
Sep 28 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Failed password for root from 115.78.226.174 port 51567 ssh2
Sep 28 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Received disconnect from 115.78.226.174 port 51567:11: Bye Bye [preauth]
Sep 28 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Disconnected from 115.78.226.174 port 51567 [preauth]
Sep 28 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: Invalid user steam from 5.161.255.90
Sep 28 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: input_userauth_request: invalid user steam [preauth]
Sep 28 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: Failed password for invalid user steam from 5.161.255.90 port 32550 ssh2
Sep 28 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: Received disconnect from 5.161.255.90 port 32550:11: Bye Bye [preauth]
Sep 28 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: Disconnected from 5.161.255.90 port 32550 [preauth]
Sep 28 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Failed password for root from 209.38.91.249 port 53902 ssh2
Sep 28 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Received disconnect from 209.38.91.249 port 53902:11: Bye Bye [preauth]
Sep 28 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Disconnected from 209.38.91.249 port 53902 [preauth]
Sep 28 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13549]: pam_unix(cron:session): session closed for user root
Sep 28 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: Invalid user postgres from 196.251.69.141
Sep 28 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: Failed password for invalid user postgres from 196.251.69.141 port 47744 ssh2
Sep 28 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: Connection closed by 196.251.69.141 port 47744 [preauth]
Sep 28 09:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Invalid user paul from 139.59.66.39
Sep 28 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: input_userauth_request: invalid user paul [preauth]
Sep 28 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Failed password for invalid user paul from 139.59.66.39 port 56684 ssh2
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Received disconnect from 139.59.66.39 port 56684:11: Bye Bye [preauth]
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Disconnected from 139.59.66.39 port 56684 [preauth]
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14958]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15028]: Successful su for rubyman by root
Sep 28 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15028]: + ??? root:rubyman
Sep 28 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307529 of user rubyman.
Sep 28 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15028]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307529.
Sep 28 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session closed for user root
Sep 28 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14959]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Failed password for root from 5.161.255.90 port 57684 ssh2
Sep 28 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Received disconnect from 5.161.255.90 port 57684:11: Bye Bye [preauth]
Sep 28 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Disconnected from 5.161.255.90 port 57684 [preauth]
Sep 28 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Failed password for root from 115.78.226.174 port 34950 ssh2
Sep 28 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Received disconnect from 115.78.226.174 port 34950:11: Bye Bye [preauth]
Sep 28 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15215]: Disconnected from 115.78.226.174 port 34950 [preauth]
Sep 28 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Invalid user postgres from 196.251.69.141
Sep 28 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Failed password for invalid user postgres from 196.251.69.141 port 56480 ssh2
Sep 28 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Connection closed by 196.251.69.141 port 56480 [preauth]
Sep 28 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session closed for user root
Sep 28 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Invalid user user2 from 209.38.91.249
Sep 28 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: input_userauth_request: invalid user user2 [preauth]
Sep 28 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Failed password for invalid user user2 from 209.38.91.249 port 34728 ssh2
Sep 28 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Received disconnect from 209.38.91.249 port 34728:11: Bye Bye [preauth]
Sep 28 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Disconnected from 209.38.91.249 port 34728 [preauth]
Sep 28 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15400]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15399]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: Successful su for rubyman by root
Sep 28 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: + ??? root:rubyman
Sep 28 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307533 of user rubyman.
Sep 28 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307533.
Sep 28 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Invalid user tomcat from 139.59.66.39
Sep 28 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session closed for user root
Sep 28 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Failed password for invalid user tomcat from 139.59.66.39 port 42910 ssh2
Sep 28 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Received disconnect from 139.59.66.39 port 42910:11: Bye Bye [preauth]
Sep 28 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15579]: Disconnected from 139.59.66.39 port 42910 [preauth]
Sep 28 09:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15398]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15664]: Failed password for root from 5.161.255.90 port 18308 ssh2
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Invalid user postgres from 196.251.69.141
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15664]: Received disconnect from 5.161.255.90 port 18308:11: Bye Bye [preauth]
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15664]: Disconnected from 5.161.255.90 port 18308 [preauth]
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: Failed password for root from 115.78.226.174 port 46571 ssh2
Sep 28 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: Received disconnect from 115.78.226.174 port 46571:11: Bye Bye [preauth]
Sep 28 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: Disconnected from 115.78.226.174 port 46571 [preauth]
Sep 28 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Failed password for invalid user postgres from 196.251.69.141 port 37080 ssh2
Sep 28 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Connection closed by 196.251.69.141 port 37080 [preauth]
Sep 28 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Invalid user supports from 154.72.233.36
Sep 28 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: input_userauth_request: invalid user supports [preauth]
Sep 28 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Failed password for invalid user supports from 154.72.233.36 port 55626 ssh2
Sep 28 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Received disconnect from 154.72.233.36 port 55626:11: Bye Bye [preauth]
Sep 28 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Disconnected from 154.72.233.36 port 55626 [preauth]
Sep 28 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session closed for user root
Sep 28 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Invalid user hyperchain from 209.38.91.249
Sep 28 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: input_userauth_request: invalid user hyperchain [preauth]
Sep 28 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Failed password for invalid user hyperchain from 209.38.91.249 port 53866 ssh2
Sep 28 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Received disconnect from 209.38.91.249 port 53866:11: Bye Bye [preauth]
Sep 28 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Disconnected from 209.38.91.249 port 53866 [preauth]
Sep 28 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Invalid user postgres from 196.251.69.141
Sep 28 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Failed password for invalid user postgres from 196.251.69.141 port 45656 ssh2
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Connection closed by 196.251.69.141 port 45656 [preauth]
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session closed for user root
Sep 28 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15829]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15901]: Successful su for rubyman by root
Sep 28 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15901]: + ??? root:rubyman
Sep 28 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307537 of user rubyman.
Sep 28 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15901]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307537.
Sep 28 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session closed for user root
Sep 28 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15831]: pam_unix(cron:session): session closed for user root
Sep 28 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15830]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Failed password for root from 139.59.66.39 port 56046 ssh2
Sep 28 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Received disconnect from 139.59.66.39 port 56046:11: Bye Bye [preauth]
Sep 28 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Disconnected from 139.59.66.39 port 56046 [preauth]
Sep 28 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Invalid user oussama from 5.161.255.90
Sep 28 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: input_userauth_request: invalid user oussama [preauth]
Sep 28 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Failed password for invalid user oussama from 5.161.255.90 port 43446 ssh2
Sep 28 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Received disconnect from 5.161.255.90 port 43446:11: Bye Bye [preauth]
Sep 28 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16138]: Disconnected from 5.161.255.90 port 43446 [preauth]
Sep 28 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Failed password for root from 115.78.226.174 port 58185 ssh2
Sep 28 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Received disconnect from 115.78.226.174 port 58185:11: Bye Bye [preauth]
Sep 28 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Disconnected from 115.78.226.174 port 58185 [preauth]
Sep 28 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session closed for user root
Sep 28 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Invalid user postgres from 196.251.69.141
Sep 28 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Failed password for invalid user postgres from 196.251.69.141 port 53892 ssh2
Sep 28 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Connection closed by 196.251.69.141 port 53892 [preauth]
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16293]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16374]: Successful su for rubyman by root
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16374]: + ??? root:rubyman
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307543 of user rubyman.
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16374]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307543.
Sep 28 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13548]: pam_unix(cron:session): session closed for user root
Sep 28 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16294]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Invalid user teamspeak from 209.38.91.249
Sep 28 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: input_userauth_request: invalid user teamspeak [preauth]
Sep 28 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Failed password for invalid user teamspeak from 209.38.91.249 port 57732 ssh2
Sep 28 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Received disconnect from 209.38.91.249 port 57732:11: Bye Bye [preauth]
Sep 28 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Disconnected from 209.38.91.249 port 57732 [preauth]
Sep 28 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Invalid user iksi from 139.59.66.39
Sep 28 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: input_userauth_request: invalid user iksi [preauth]
Sep 28 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: Invalid user tomcat from 5.161.255.90
Sep 28 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Failed password for invalid user iksi from 139.59.66.39 port 57854 ssh2
Sep 28 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Received disconnect from 139.59.66.39 port 57854:11: Bye Bye [preauth]
Sep 28 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Disconnected from 139.59.66.39 port 57854 [preauth]
Sep 28 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: Failed password for invalid user tomcat from 5.161.255.90 port 4074 ssh2
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: Received disconnect from 5.161.255.90 port 4074:11: Bye Bye [preauth]
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16628]: Disconnected from 5.161.255.90 port 4074 [preauth]
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: Invalid user pedrito from 115.78.226.174
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: input_userauth_request: invalid user pedrito [preauth]
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: Failed password for invalid user pedrito from 115.78.226.174 port 41575 ssh2
Sep 28 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: Received disconnect from 115.78.226.174 port 41575:11: Bye Bye [preauth]
Sep 28 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16643]: Disconnected from 115.78.226.174 port 41575 [preauth]
Sep 28 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Invalid user postgres from 196.251.69.141
Sep 28 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: input_userauth_request: invalid user postgres [preauth]
Sep 28 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Failed password for invalid user postgres from 196.251.69.141 port 34076 ssh2
Sep 28 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16653]: Connection closed by 196.251.69.141 port 34076 [preauth]
Sep 28 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15400]: pam_unix(cron:session): session closed for user root
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: Successful su for rubyman by root
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: + ??? root:rubyman
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307545 of user rubyman.
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307545.
Sep 28 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session closed for user root
Sep 28 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Invalid user rajeev from 154.72.233.36
Sep 28 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: input_userauth_request: invalid user rajeev [preauth]
Sep 28 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Failed password for invalid user rajeev from 154.72.233.36 port 61380 ssh2
Sep 28 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Received disconnect from 154.72.233.36 port 61380:11: Bye Bye [preauth]
Sep 28 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Disconnected from 154.72.233.36 port 61380 [preauth]
Sep 28 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: Invalid user pi from 196.251.69.141
Sep 28 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: Failed password for invalid user pi from 196.251.69.141 port 42532 ssh2
Sep 28 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17049]: Connection closed by 196.251.69.141 port 42532 [preauth]
Sep 28 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: Invalid user oussama from 209.38.91.249
Sep 28 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: input_userauth_request: invalid user oussama [preauth]
Sep 28 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: Failed password for invalid user oussama from 209.38.91.249 port 41382 ssh2
Sep 28 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: Received disconnect from 209.38.91.249 port 41382:11: Bye Bye [preauth]
Sep 28 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: Disconnected from 209.38.91.249 port 41382 [preauth]
Sep 28 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Invalid user hyperchain from 5.161.255.90
Sep 28 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: input_userauth_request: invalid user hyperchain [preauth]
Sep 28 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Failed password for invalid user hyperchain from 5.161.255.90 port 29212 ssh2
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Received disconnect from 5.161.255.90 port 29212:11: Bye Bye [preauth]
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Disconnected from 5.161.255.90 port 29212 [preauth]
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Invalid user csgo from 115.78.226.174
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: input_userauth_request: invalid user csgo [preauth]
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Failed password for root from 139.59.66.39 port 34700 ssh2
Sep 28 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Received disconnect from 139.59.66.39 port 34700:11: Bye Bye [preauth]
Sep 28 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Disconnected from 139.59.66.39 port 34700 [preauth]
Sep 28 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Failed password for invalid user csgo from 115.78.226.174 port 53198 ssh2
Sep 28 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Received disconnect from 115.78.226.174 port 53198:11: Bye Bye [preauth]
Sep 28 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Disconnected from 115.78.226.174 port 53198 [preauth]
Sep 28 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session closed for user root
Sep 28 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17210]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: Successful su for rubyman by root
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: + ??? root:rubyman
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307549 of user rubyman.
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307549.
Sep 28 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Invalid user pi from 196.251.69.141
Sep 28 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session closed for user root
Sep 28 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Failed password for invalid user pi from 196.251.69.141 port 50832 ssh2
Sep 28 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Connection closed by 196.251.69.141 port 50832 [preauth]
Sep 28 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Connection closed by 207.90.244.14 port 49582 [preauth]
Sep 28 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: Connection closed by 207.90.244.14 port 49590 [preauth]
Sep 28 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: Invalid user amit from 154.72.233.36
Sep 28 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: input_userauth_request: invalid user amit [preauth]
Sep 28 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: Failed password for invalid user amit from 154.72.233.36 port 56222 ssh2
Sep 28 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: Received disconnect from 154.72.233.36 port 56222:11: Bye Bye [preauth]
Sep 28 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: Disconnected from 154.72.233.36 port 56222 [preauth]
Sep 28 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16296]: pam_unix(cron:session): session closed for user root
Sep 28 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Invalid user iksi from 209.38.91.249
Sep 28 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: input_userauth_request: invalid user iksi [preauth]
Sep 28 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Failed password for invalid user iksi from 209.38.91.249 port 60160 ssh2
Sep 28 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Received disconnect from 209.38.91.249 port 60160:11: Bye Bye [preauth]
Sep 28 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Disconnected from 209.38.91.249 port 60160 [preauth]
Sep 28 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Invalid user vcsa from 115.78.226.174
Sep 28 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: input_userauth_request: invalid user vcsa [preauth]
Sep 28 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Failed password for invalid user vcsa from 115.78.226.174 port 36583 ssh2
Sep 28 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Received disconnect from 115.78.226.174 port 36583:11: Bye Bye [preauth]
Sep 28 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Disconnected from 115.78.226.174 port 36583 [preauth]
Sep 28 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Failed password for root from 139.59.66.39 port 52922 ssh2
Sep 28 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Received disconnect from 139.59.66.39 port 52922:11: Bye Bye [preauth]
Sep 28 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17607]: Disconnected from 139.59.66.39 port 52922 [preauth]
Sep 28 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for root from 5.161.255.90 port 54356 ssh2
Sep 28 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Received disconnect from 5.161.255.90 port 54356:11: Bye Bye [preauth]
Sep 28 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Disconnected from 5.161.255.90 port 54356 [preauth]
Sep 28 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Invalid user pi from 196.251.69.141
Sep 28 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Failed password for invalid user pi from 196.251.69.141 port 58900 ssh2
Sep 28 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Connection closed by 196.251.69.141 port 58900 [preauth]
Sep 28 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17667]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17930]: Successful su for rubyman by root
Sep 28 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17930]: + ??? root:rubyman
Sep 28 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307554 of user rubyman.
Sep 28 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17930]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307554.
Sep 28 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17667]: pam_unix(cron:session): session closed for user root
Sep 28 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14960]: pam_unix(cron:session): session closed for user root
Sep 28 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Invalid user wiki from 154.72.233.36
Sep 28 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: input_userauth_request: invalid user wiki [preauth]
Sep 28 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Failed password for invalid user wiki from 154.72.233.36 port 54904 ssh2
Sep 28 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Received disconnect from 154.72.233.36 port 54904:11: Bye Bye [preauth]
Sep 28 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Disconnected from 154.72.233.36 port 54904 [preauth]
Sep 28 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Invalid user pi from 196.251.69.141
Sep 28 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session closed for user root
Sep 28 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Failed password for invalid user pi from 196.251.69.141 port 38866 ssh2
Sep 28 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Connection closed by 196.251.69.141 port 38866 [preauth]
Sep 28 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Invalid user hyperchain from 115.78.226.174
Sep 28 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: input_userauth_request: invalid user hyperchain [preauth]
Sep 28 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Failed password for invalid user hyperchain from 115.78.226.174 port 48207 ssh2
Sep 28 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Received disconnect from 115.78.226.174 port 48207:11: Bye Bye [preauth]
Sep 28 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Disconnected from 115.78.226.174 port 48207 [preauth]
Sep 28 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Invalid user baba from 209.38.91.249
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: input_userauth_request: invalid user baba [preauth]
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Invalid user baba from 5.161.255.90
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: input_userauth_request: invalid user baba [preauth]
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: Failed password for root from 139.59.66.39 port 47764 ssh2
Sep 28 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: Received disconnect from 139.59.66.39 port 47764:11: Bye Bye [preauth]
Sep 28 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18524]: Disconnected from 139.59.66.39 port 47764 [preauth]
Sep 28 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Failed password for invalid user baba from 209.38.91.249 port 34540 ssh2
Sep 28 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Received disconnect from 209.38.91.249 port 34540:11: Bye Bye [preauth]
Sep 28 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Disconnected from 209.38.91.249 port 34540 [preauth]
Sep 28 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Failed password for invalid user baba from 5.161.255.90 port 14984 ssh2
Sep 28 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Received disconnect from 5.161.255.90 port 14984:11: Bye Bye [preauth]
Sep 28 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Disconnected from 5.161.255.90 port 14984 [preauth]
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user root
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: Successful su for rubyman by root
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: + ??? root:rubyman
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307561 of user rubyman.
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18657]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307561.
Sep 28 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user root
Sep 28 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15399]: pam_unix(cron:session): session closed for user root
Sep 28 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Failed password for root from 154.72.233.36 port 56924 ssh2
Sep 28 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Received disconnect from 154.72.233.36 port 56924:11: Bye Bye [preauth]
Sep 28 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Disconnected from 154.72.233.36 port 56924 [preauth]
Sep 28 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Invalid user pi from 196.251.69.141
Sep 28 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for invalid user pi from 196.251.69.141 port 47116 ssh2
Sep 28 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Connection closed by 196.251.69.141 port 47116 [preauth]
Sep 28 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session closed for user root
Sep 28 09:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Invalid user teamspeak from 115.78.226.174
Sep 28 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: input_userauth_request: invalid user teamspeak [preauth]
Sep 28 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user teamspeak from 115.78.226.174 port 59827 ssh2
Sep 28 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Received disconnect from 115.78.226.174 port 59827:11: Bye Bye [preauth]
Sep 28 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Disconnected from 115.78.226.174 port 59827 [preauth]
Sep 28 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19083]: Failed password for root from 5.161.255.90 port 40136 ssh2
Sep 28 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19083]: Received disconnect from 5.161.255.90 port 40136:11: Bye Bye [preauth]
Sep 28 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19083]: Disconnected from 5.161.255.90 port 40136 [preauth]
Sep 28 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 139.59.66.39 port 41584 ssh2
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Received disconnect from 139.59.66.39 port 41584:11: Bye Bye [preauth]
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Disconnected from 139.59.66.39 port 41584 [preauth]
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19101]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: Successful su for rubyman by root
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: + ??? root:rubyman
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307564 of user rubyman.
Sep 28 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307564.
Sep 28 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: Invalid user pi from 196.251.69.141
Sep 28 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Failed password for root from 209.38.91.249 port 35116 ssh2
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Received disconnect from 209.38.91.249 port 35116:11: Bye Bye [preauth]
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Disconnected from 209.38.91.249 port 35116 [preauth]
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Invalid user rick from 154.72.233.36
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: input_userauth_request: invalid user rick [preauth]
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: Failed password for invalid user pi from 196.251.69.141 port 55284 ssh2
Sep 28 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: Connection closed by 196.251.69.141 port 55284 [preauth]
Sep 28 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15832]: pam_unix(cron:session): session closed for user root
Sep 28 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Failed password for invalid user rick from 154.72.233.36 port 44974 ssh2
Sep 28 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Received disconnect from 154.72.233.36 port 44974:11: Bye Bye [preauth]
Sep 28 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Disconnected from 154.72.233.36 port 44974 [preauth]
Sep 28 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Invalid user admin from 80.94.95.112
Sep 28 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user admin from 80.94.95.112 port 61515 ssh2
Sep 28 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user admin from 80.94.95.112 port 61515 ssh2
Sep 28 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user admin from 80.94.95.112 port 61515 ssh2
Sep 28 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user admin from 80.94.95.112 port 61515 ssh2
Sep 28 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Failed password for invalid user admin from 80.94.95.112 port 61515 ssh2
Sep 28 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Received disconnect from 80.94.95.112 port 61515:11: Bye [preauth]
Sep 28 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: Disconnected from 80.94.95.112 port 61515 [preauth]
Sep 28 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19607]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session closed for user root
Sep 28 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: Invalid user pi from 196.251.69.141
Sep 28 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: Failed password for invalid user pi from 196.251.69.141 port 34706 ssh2
Sep 28 09:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: Connection closed by 196.251.69.141 port 34706 [preauth]
Sep 28 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Invalid user baba from 115.78.226.174
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: input_userauth_request: invalid user baba [preauth]
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Invalid user pick from 5.161.255.90
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: input_userauth_request: invalid user pick [preauth]
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19930]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: Successful su for rubyman by root
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: + ??? root:rubyman
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307568 of user rubyman.
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307568.
Sep 28 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Failed password for invalid user baba from 115.78.226.174 port 43219 ssh2
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Received disconnect from 115.78.226.174 port 43219:11: Bye Bye [preauth]
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Disconnected from 115.78.226.174 port 43219 [preauth]
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Failed password for invalid user pick from 5.161.255.90 port 65274 ssh2
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Received disconnect from 5.161.255.90 port 65274:11: Bye Bye [preauth]
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Disconnected from 5.161.255.90 port 65274 [preauth]
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Invalid user exx from 154.72.233.36
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: input_userauth_request: invalid user exx [preauth]
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Failed password for invalid user exx from 154.72.233.36 port 44568 ssh2
Sep 28 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session closed for user root
Sep 28 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Received disconnect from 154.72.233.36 port 44568:11: Bye Bye [preauth]
Sep 28 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Disconnected from 154.72.233.36 port 44568 [preauth]
Sep 28 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19931]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Invalid user aliyun from 139.59.66.39
Sep 28 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: input_userauth_request: invalid user aliyun [preauth]
Sep 28 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Failed password for invalid user aliyun from 139.59.66.39 port 42682 ssh2
Sep 28 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Received disconnect from 139.59.66.39 port 42682:11: Bye Bye [preauth]
Sep 28 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Disconnected from 139.59.66.39 port 42682 [preauth]
Sep 28 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Invalid user aliyun from 209.38.91.249
Sep 28 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: input_userauth_request: invalid user aliyun [preauth]
Sep 28 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Failed password for invalid user aliyun from 209.38.91.249 port 54824 ssh2
Sep 28 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Received disconnect from 209.38.91.249 port 54824:11: Bye Bye [preauth]
Sep 28 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Disconnected from 209.38.91.249 port 54824 [preauth]
Sep 28 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Invalid user pi from 196.251.69.141
Sep 28 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user root
Sep 28 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Failed password for invalid user pi from 196.251.69.141 port 43358 ssh2
Sep 28 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Connection closed by 196.251.69.141 port 43358 [preauth]
Sep 28 09:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20494]: Successful su for rubyman by root
Sep 28 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20494]: + ??? root:rubyman
Sep 28 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307573 of user rubyman.
Sep 28 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20494]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307573.
Sep 28 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Failed password for root from 154.72.233.36 port 40296 ssh2
Sep 28 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Received disconnect from 154.72.233.36 port 40296:11: Bye Bye [preauth]
Sep 28 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20424]: Disconnected from 154.72.233.36 port 40296 [preauth]
Sep 28 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16758]: pam_unix(cron:session): session closed for user root
Sep 28 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Invalid user minecraft from 5.161.255.90
Sep 28 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Invalid user oussama from 115.78.226.174
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: input_userauth_request: invalid user oussama [preauth]
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for invalid user minecraft from 5.161.255.90 port 25904 ssh2
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Received disconnect from 5.161.255.90 port 25904:11: Bye Bye [preauth]
Sep 28 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Disconnected from 5.161.255.90 port 25904 [preauth]
Sep 28 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Failed password for invalid user oussama from 115.78.226.174 port 54844 ssh2
Sep 28 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Received disconnect from 115.78.226.174 port 54844:11: Bye Bye [preauth]
Sep 28 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Disconnected from 115.78.226.174 port 54844 [preauth]
Sep 28 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Invalid user pi from 196.251.69.141
Sep 28 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: input_userauth_request: invalid user pi [preauth]
Sep 28 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Failed password for invalid user pi from 196.251.69.141 port 51550 ssh2
Sep 28 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Connection closed by 196.251.69.141 port 51550 [preauth]
Sep 28 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session closed for user root
Sep 28 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: Failed password for root from 139.59.66.39 port 48976 ssh2
Sep 28 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: Received disconnect from 139.59.66.39 port 48976:11: Bye Bye [preauth]
Sep 28 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20791]: Disconnected from 139.59.66.39 port 48976 [preauth]
Sep 28 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Invalid user csgo from 209.38.91.249
Sep 28 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: input_userauth_request: invalid user csgo [preauth]
Sep 28 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Failed password for invalid user csgo from 209.38.91.249 port 47916 ssh2
Sep 28 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Received disconnect from 209.38.91.249 port 47916:11: Bye Bye [preauth]
Sep 28 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20827]: Disconnected from 209.38.91.249 port 47916 [preauth]
Sep 28 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20887]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20885]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: Successful su for rubyman by root
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: + ??? root:rubyman
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307578 of user rubyman.
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307578.
Sep 28 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: Failed password for root from 154.72.233.36 port 41010 ssh2
Sep 28 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user root
Sep 28 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: Received disconnect from 154.72.233.36 port 41010:11: Bye Bye [preauth]
Sep 28 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: Disconnected from 154.72.233.36 port 41010 [preauth]
Sep 28 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: Invalid user administrator from 196.251.69.141
Sep 28 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20886]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: Failed password for invalid user administrator from 196.251.69.141 port 59750 ssh2
Sep 28 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: Connection closed by 196.251.69.141 port 59750 [preauth]
Sep 28 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Invalid user paul from 5.161.255.90
Sep 28 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: input_userauth_request: invalid user paul [preauth]
Sep 28 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Failed password for invalid user paul from 5.161.255.90 port 51040 ssh2
Sep 28 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Received disconnect from 5.161.255.90 port 51040:11: Bye Bye [preauth]
Sep 28 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Disconnected from 5.161.255.90 port 51040 [preauth]
Sep 28 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Failed password for root from 115.78.226.174 port 38234 ssh2
Sep 28 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Received disconnect from 115.78.226.174 port 38234:11: Bye Bye [preauth]
Sep 28 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Disconnected from 115.78.226.174 port 38234 [preauth]
Sep 28 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user root
Sep 28 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Invalid user baba from 139.59.66.39
Sep 28 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: input_userauth_request: invalid user baba [preauth]
Sep 28 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Failed password for invalid user baba from 139.59.66.39 port 57442 ssh2
Sep 28 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Received disconnect from 139.59.66.39 port 57442:11: Bye Bye [preauth]
Sep 28 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Disconnected from 139.59.66.39 port 57442 [preauth]
Sep 28 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Invalid user administrator from 196.251.69.141
Sep 28 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Failed password for invalid user administrator from 196.251.69.141 port 39528 ssh2
Sep 28 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Connection closed by 196.251.69.141 port 39528 [preauth]
Sep 28 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: Invalid user sammy from 154.72.233.36
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: input_userauth_request: invalid user sammy [preauth]
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21327]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21326]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21329]: pam_unix(cron:session): session closed for user root
Sep 28 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: Successful su for rubyman by root
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: + ??? root:rubyman
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307584 of user rubyman.
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21400]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307584.
Sep 28 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Failed password for root from 209.38.91.249 port 33562 ssh2
Sep 28 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: Failed password for invalid user sammy from 154.72.233.36 port 50876 ssh2
Sep 28 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: Received disconnect from 154.72.233.36 port 50876:11: Bye Bye [preauth]
Sep 28 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21321]: Disconnected from 154.72.233.36 port 50876 [preauth]
Sep 28 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Received disconnect from 209.38.91.249 port 33562:11: Bye Bye [preauth]
Sep 28 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Disconnected from 209.38.91.249 port 33562 [preauth]
Sep 28 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21326]: pam_unix(cron:session): session closed for user root
Sep 28 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session closed for user root
Sep 28 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21325]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Invalid user fengyun from 5.161.255.90
Sep 28 09:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: input_userauth_request: invalid user fengyun [preauth]
Sep 28 09:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Failed password for invalid user fengyun from 5.161.255.90 port 11666 ssh2
Sep 28 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Received disconnect from 5.161.255.90 port 11666:11: Bye Bye [preauth]
Sep 28 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Disconnected from 5.161.255.90 port 11666 [preauth]
Sep 28 09:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Failed password for root from 115.78.226.174 port 49855 ssh2
Sep 28 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Received disconnect from 115.78.226.174 port 49855:11: Bye Bye [preauth]
Sep 28 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Disconnected from 115.78.226.174 port 49855 [preauth]
Sep 28 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20431]: pam_unix(cron:session): session closed for user root
Sep 28 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Invalid user administrator from 196.251.69.141
Sep 28 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Failed password for invalid user administrator from 196.251.69.141 port 47672 ssh2
Sep 28 09:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Connection closed by 196.251.69.141 port 47672 [preauth]
Sep 28 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Failed password for root from 139.59.66.39 port 55606 ssh2
Sep 28 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Received disconnect from 139.59.66.39 port 55606:11: Bye Bye [preauth]
Sep 28 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Disconnected from 139.59.66.39 port 55606 [preauth]
Sep 28 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Invalid user test1 from 154.72.233.36
Sep 28 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: input_userauth_request: invalid user test1 [preauth]
Sep 28 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Failed password for invalid user test1 from 154.72.233.36 port 57154 ssh2
Sep 28 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Received disconnect from 154.72.233.36 port 57154:11: Bye Bye [preauth]
Sep 28 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Disconnected from 154.72.233.36 port 57154 [preauth]
Sep 28 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: Successful su for rubyman by root
Sep 28 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: + ??? root:rubyman
Sep 28 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307587 of user rubyman.
Sep 28 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307587.
Sep 28 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user root
Sep 28 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22132]: Failed password for root from 209.38.91.249 port 56174 ssh2
Sep 28 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22132]: Received disconnect from 209.38.91.249 port 56174:11: Bye Bye [preauth]
Sep 28 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22132]: Disconnected from 209.38.91.249 port 56174 [preauth]
Sep 28 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Invalid user teamspeak from 5.161.255.90
Sep 28 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: input_userauth_request: invalid user teamspeak [preauth]
Sep 28 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Failed password for invalid user teamspeak from 5.161.255.90 port 36800 ssh2
Sep 28 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Received disconnect from 5.161.255.90 port 36800:11: Bye Bye [preauth]
Sep 28 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Disconnected from 5.161.255.90 port 36800 [preauth]
Sep 28 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Invalid user administrator from 196.251.69.141
Sep 28 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Failed password for invalid user administrator from 196.251.69.141 port 55836 ssh2
Sep 28 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Connection closed by 196.251.69.141 port 55836 [preauth]
Sep 28 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: Invalid user fengyun from 115.78.226.174
Sep 28 09:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: input_userauth_request: invalid user fengyun [preauth]
Sep 28 09:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: Failed password for invalid user fengyun from 115.78.226.174 port 33237 ssh2
Sep 28 09:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: Received disconnect from 115.78.226.174 port 33237:11: Bye Bye [preauth]
Sep 28 09:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22176]: Disconnected from 115.78.226.174 port 33237 [preauth]
Sep 28 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
Sep 28 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Invalid user samir from 154.72.233.36
Sep 28 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: input_userauth_request: invalid user samir [preauth]
Sep 28 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user samir from 154.72.233.36 port 58228 ssh2
Sep 28 09:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Received disconnect from 154.72.233.36 port 58228:11: Bye Bye [preauth]
Sep 28 09:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Disconnected from 154.72.233.36 port 58228 [preauth]
Sep 28 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Invalid user user2 from 139.59.66.39
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: input_userauth_request: invalid user user2 [preauth]
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: Successful su for rubyman by root
Sep 28 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: + ??? root:rubyman
Sep 28 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307591 of user rubyman.
Sep 28 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307591.
Sep 28 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Failed password for invalid user user2 from 139.59.66.39 port 57714 ssh2
Sep 28 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Received disconnect from 139.59.66.39 port 57714:11: Bye Bye [preauth]
Sep 28 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Disconnected from 139.59.66.39 port 57714 [preauth]
Sep 28 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session closed for user root
Sep 28 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Invalid user administrator from 196.251.69.141
Sep 28 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Failed password for invalid user administrator from 196.251.69.141 port 35624 ssh2
Sep 28 09:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Connection closed by 196.251.69.141 port 35624 [preauth]
Sep 28 09:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Invalid user tech from 5.161.255.90
Sep 28 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: input_userauth_request: invalid user tech [preauth]
Sep 28 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Failed password for invalid user tech from 5.161.255.90 port 61936 ssh2
Sep 28 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Received disconnect from 5.161.255.90 port 61936:11: Bye Bye [preauth]
Sep 28 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Disconnected from 5.161.255.90 port 61936 [preauth]
Sep 28 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Invalid user tomcat from 209.38.91.249
Sep 28 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Invalid user paul from 115.78.226.174
Sep 28 09:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: input_userauth_request: invalid user paul [preauth]
Sep 28 09:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Failed password for invalid user tomcat from 209.38.91.249 port 51890 ssh2
Sep 28 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for invalid user paul from 115.78.226.174 port 44857 ssh2
Sep 28 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Received disconnect from 209.38.91.249 port 51890:11: Bye Bye [preauth]
Sep 28 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Disconnected from 209.38.91.249 port 51890 [preauth]
Sep 28 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Received disconnect from 115.78.226.174 port 44857:11: Bye Bye [preauth]
Sep 28 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Disconnected from 115.78.226.174 port 44857 [preauth]
Sep 28 09:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21328]: pam_unix(cron:session): session closed for user root
Sep 28 09:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Invalid user administrator from 196.251.69.141
Sep 28 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Failed password for invalid user administrator from 196.251.69.141 port 43750 ssh2
Sep 28 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Connection closed by 196.251.69.141 port 43750 [preauth]
Sep 28 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: Failed password for root from 154.72.233.36 port 59316 ssh2
Sep 28 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: Received disconnect from 154.72.233.36 port 59316:11: Bye Bye [preauth]
Sep 28 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: Disconnected from 154.72.233.36 port 59316 [preauth]
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22937]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22934]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23010]: Successful su for rubyman by root
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23010]: + ??? root:rubyman
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307594 of user rubyman.
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23010]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307594.
Sep 28 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session closed for user root
Sep 28 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22935]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Invalid user vcsa from 139.59.66.39
Sep 28 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: input_userauth_request: invalid user vcsa [preauth]
Sep 28 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Failed password for invalid user vcsa from 139.59.66.39 port 49834 ssh2
Sep 28 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Received disconnect from 139.59.66.39 port 49834:11: Bye Bye [preauth]
Sep 28 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Disconnected from 139.59.66.39 port 49834 [preauth]
Sep 28 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Failed password for root from 5.161.255.90 port 22562 ssh2
Sep 28 09:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Received disconnect from 5.161.255.90 port 22562:11: Bye Bye [preauth]
Sep 28 09:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23347]: Disconnected from 5.161.255.90 port 22562 [preauth]
Sep 28 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session closed for user root
Sep 28 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: Invalid user administrator from 196.251.69.141
Sep 28 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: Failed password for invalid user administrator from 196.251.69.141 port 51740 ssh2
Sep 28 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: Connection closed by 196.251.69.141 port 51740 [preauth]
Sep 28 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: Invalid user steam from 115.78.226.174
Sep 28 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: input_userauth_request: invalid user steam [preauth]
Sep 28 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: Failed password for invalid user steam from 115.78.226.174 port 56479 ssh2
Sep 28 09:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: Received disconnect from 115.78.226.174 port 56479:11: Bye Bye [preauth]
Sep 28 09:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: Disconnected from 115.78.226.174 port 56479 [preauth]
Sep 28 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Invalid user test from 209.38.91.249
Sep 28 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: input_userauth_request: invalid user test [preauth]
Sep 28 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Failed password for invalid user test from 209.38.91.249 port 57490 ssh2
Sep 28 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Received disconnect from 209.38.91.249 port 57490:11: Bye Bye [preauth]
Sep 28 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Disconnected from 209.38.91.249 port 57490 [preauth]
Sep 28 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Failed password for root from 154.72.233.36 port 42758 ssh2
Sep 28 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Received disconnect from 154.72.233.36 port 42758:11: Bye Bye [preauth]
Sep 28 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Disconnected from 154.72.233.36 port 42758 [preauth]
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: Successful su for rubyman by root
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: + ??? root:rubyman
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307598 of user rubyman.
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307598.
Sep 28 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session closed for user root
Sep 28 09:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Invalid user administrator from 196.251.69.141
Sep 28 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Invalid user hyperchain from 139.59.66.39
Sep 28 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: input_userauth_request: invalid user hyperchain [preauth]
Sep 28 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Failed password for invalid user administrator from 196.251.69.141 port 59862 ssh2
Sep 28 09:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Connection closed by 196.251.69.141 port 59862 [preauth]
Sep 28 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Failed password for invalid user hyperchain from 139.59.66.39 port 51456 ssh2
Sep 28 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Received disconnect from 139.59.66.39 port 51456:11: Bye Bye [preauth]
Sep 28 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Disconnected from 139.59.66.39 port 51456 [preauth]
Sep 28 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Invalid user foundry from 5.161.255.90
Sep 28 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: input_userauth_request: invalid user foundry [preauth]
Sep 28 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session closed for user root
Sep 28 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Failed password for invalid user foundry from 5.161.255.90 port 47700 ssh2
Sep 28 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Received disconnect from 5.161.255.90 port 47700:11: Bye Bye [preauth]
Sep 28 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Disconnected from 5.161.255.90 port 47700 [preauth]
Sep 28 09:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Invalid user neo from 115.78.226.174
Sep 28 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: input_userauth_request: invalid user neo [preauth]
Sep 28 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Failed password for invalid user neo from 115.78.226.174 port 39873 ssh2
Sep 28 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Received disconnect from 115.78.226.174 port 39873:11: Bye Bye [preauth]
Sep 28 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Disconnected from 115.78.226.174 port 39873 [preauth]
Sep 28 09:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: Invalid user odoo from 154.72.233.36
Sep 28 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: input_userauth_request: invalid user odoo [preauth]
Sep 28 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: Failed password for invalid user odoo from 154.72.233.36 port 42748 ssh2
Sep 28 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: Received disconnect from 154.72.233.36 port 42748:11: Bye Bye [preauth]
Sep 28 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24148]: Disconnected from 154.72.233.36 port 42748 [preauth]
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24167]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session closed for user root
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24248]: Successful su for rubyman by root
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24248]: + ??? root:rubyman
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307603 of user rubyman.
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24248]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307603.
Sep 28 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Invalid user administrator from 196.251.69.141
Sep 28 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: input_userauth_request: invalid user administrator [preauth]
Sep 28 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24165]: pam_unix(cron:session): session closed for user root
Sep 28 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user administrator from 196.251.69.141 port 39400 ssh2
Sep 28 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20887]: pam_unix(cron:session): session closed for user root
Sep 28 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Connection closed by 196.251.69.141 port 39400 [preauth]
Sep 28 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24164]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: Failed password for root from 209.38.91.249 port 41428 ssh2
Sep 28 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: Received disconnect from 209.38.91.249 port 41428:11: Bye Bye [preauth]
Sep 28 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: Disconnected from 209.38.91.249 port 41428 [preauth]
Sep 28 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Invalid user pick from 139.59.66.39
Sep 28 09:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: input_userauth_request: invalid user pick [preauth]
Sep 28 09:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22937]: pam_unix(cron:session): session closed for user root
Sep 28 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Failed password for invalid user pick from 139.59.66.39 port 40272 ssh2
Sep 28 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Received disconnect from 139.59.66.39 port 40272:11: Bye Bye [preauth]
Sep 28 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Disconnected from 139.59.66.39 port 40272 [preauth]
Sep 28 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for root from 5.161.255.90 port 8334 ssh2
Sep 28 09:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Received disconnect from 5.161.255.90 port 8334:11: Bye Bye [preauth]
Sep 28 09:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Disconnected from 5.161.255.90 port 8334 [preauth]
Sep 28 09:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Failed password for invalid user ftpuser from 196.251.69.141 port 47292 ssh2
Sep 28 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Connection closed by 196.251.69.141 port 47292 [preauth]
Sep 28 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Invalid user test from 154.72.233.36
Sep 28 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: input_userauth_request: invalid user test [preauth]
Sep 28 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Failed password for invalid user test from 154.72.233.36 port 58882 ssh2
Sep 28 09:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Received disconnect from 154.72.233.36 port 58882:11: Bye Bye [preauth]
Sep 28 09:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Disconnected from 154.72.233.36 port 58882 [preauth]
Sep 28 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24763]: Successful su for rubyman by root
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24763]: + ??? root:rubyman
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307608 of user rubyman.
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24763]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307608.
Sep 28 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Failed password for root from 115.78.226.174 port 51502 ssh2
Sep 28 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Received disconnect from 115.78.226.174 port 51502:11: Bye Bye [preauth]
Sep 28 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Disconnected from 115.78.226.174 port 51502 [preauth]
Sep 28 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21327]: pam_unix(cron:session): session closed for user root
Sep 28 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24683]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Invalid user federica from 209.38.91.249
Sep 28 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: input_userauth_request: invalid user federica [preauth]
Sep 28 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Failed password for invalid user federica from 209.38.91.249 port 52454 ssh2
Sep 28 09:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Received disconnect from 209.38.91.249 port 52454:11: Bye Bye [preauth]
Sep 28 09:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Disconnected from 209.38.91.249 port 52454 [preauth]
Sep 28 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session closed for user root
Sep 28 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: Failed password for invalid user ftpuser from 196.251.69.141 port 55170 ssh2
Sep 28 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25062]: Connection closed by 196.251.69.141 port 55170 [preauth]
Sep 28 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Invalid user try from 164.68.105.9
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: input_userauth_request: invalid user try [preauth]
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Invalid user fengyun from 139.59.66.39
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: input_userauth_request: invalid user fengyun [preauth]
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for invalid user try from 164.68.105.9 port 56158 ssh2
Sep 28 09:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Connection closed by 164.68.105.9 port 56158 [preauth]
Sep 28 09:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Failed password for invalid user fengyun from 139.59.66.39 port 36464 ssh2
Sep 28 09:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Received disconnect from 139.59.66.39 port 36464:11: Bye Bye [preauth]
Sep 28 09:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25078]: Disconnected from 139.59.66.39 port 36464 [preauth]
Sep 28 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: Invalid user test from 5.161.255.90
Sep 28 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: input_userauth_request: invalid user test [preauth]
Sep 28 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: Failed password for invalid user test from 5.161.255.90 port 33470 ssh2
Sep 28 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: Received disconnect from 5.161.255.90 port 33470:11: Bye Bye [preauth]
Sep 28 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25115]: Disconnected from 5.161.255.90 port 33470 [preauth]
Sep 28 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Invalid user eren from 154.72.233.36
Sep 28 09:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: input_userauth_request: invalid user eren [preauth]
Sep 28 09:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Failed password for invalid user eren from 154.72.233.36 port 45024 ssh2
Sep 28 09:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Received disconnect from 154.72.233.36 port 45024:11: Bye Bye [preauth]
Sep 28 09:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Disconnected from 154.72.233.36 port 45024 [preauth]
Sep 28 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25151]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: Successful su for rubyman by root
Sep 28 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: + ??? root:rubyman
Sep 28 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307613 of user rubyman.
Sep 28 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307613.
Sep 28 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session closed for user root
Sep 28 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25153]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Invalid user user2 from 115.78.226.174
Sep 28 09:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: input_userauth_request: invalid user user2 [preauth]
Sep 28 09:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Failed password for invalid user user2 from 115.78.226.174 port 34886 ssh2
Sep 28 09:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Received disconnect from 115.78.226.174 port 34886:11: Bye Bye [preauth]
Sep 28 09:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Disconnected from 115.78.226.174 port 34886 [preauth]
Sep 28 09:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: Failed password for invalid user ftpuser from 196.251.69.141 port 34114 ssh2
Sep 28 09:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25695]: Connection closed by 196.251.69.141 port 34114 [preauth]
Sep 28 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24167]: pam_unix(cron:session): session closed for user root
Sep 28 09:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 09:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Failed password for root from 209.38.91.249 port 35614 ssh2
Sep 28 09:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Received disconnect from 209.38.91.249 port 35614:11: Bye Bye [preauth]
Sep 28 09:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Disconnected from 209.38.91.249 port 35614 [preauth]
Sep 28 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: Invalid user foundry from 139.59.66.39
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: input_userauth_request: invalid user foundry [preauth]
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Invalid user pedrito from 5.161.255.90
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: input_userauth_request: invalid user pedrito [preauth]
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: Failed password for invalid user foundry from 139.59.66.39 port 39244 ssh2
Sep 28 09:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: Received disconnect from 139.59.66.39 port 39244:11: Bye Bye [preauth]
Sep 28 09:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25903]: Disconnected from 139.59.66.39 port 39244 [preauth]
Sep 28 09:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Failed password for invalid user pedrito from 5.161.255.90 port 58608 ssh2
Sep 28 09:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Received disconnect from 5.161.255.90 port 58608:11: Bye Bye [preauth]
Sep 28 09:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Disconnected from 5.161.255.90 port 58608 [preauth]
Sep 28 09:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Failed password for root from 154.72.233.36 port 40220 ssh2
Sep 28 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Received disconnect from 154.72.233.36 port 40220:11: Bye Bye [preauth]
Sep 28 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Disconnected from 154.72.233.36 port 40220 [preauth]
Sep 28 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26029]: Successful su for rubyman by root
Sep 28 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26029]: + ??? root:rubyman
Sep 28 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307616 of user rubyman.
Sep 28 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26029]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307616.
Sep 28 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session closed for user root
Sep 28 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Failed password for invalid user ftpuser from 196.251.69.141 port 40764 ssh2
Sep 28 09:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Connection closed by 196.251.69.141 port 40764 [preauth]
Sep 28 09:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Invalid user minecraft from 115.78.226.174
Sep 28 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Failed password for invalid user minecraft from 115.78.226.174 port 46509 ssh2
Sep 28 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Received disconnect from 115.78.226.174 port 46509:11: Bye Bye [preauth]
Sep 28 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Disconnected from 115.78.226.174 port 46509 [preauth]
Sep 28 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user root
Sep 28 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Failed password for invalid user ftpuser from 196.251.69.141 port 47544 ssh2
Sep 28 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Connection closed by 196.251.69.141 port 47544 [preauth]
Sep 28 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Invalid user x from 154.72.233.36
Sep 28 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: input_userauth_request: invalid user x [preauth]
Sep 28 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Invalid user minecraft from 209.38.91.249
Sep 28 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Failed password for root from 5.161.255.90 port 19236 ssh2
Sep 28 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Received disconnect from 5.161.255.90 port 19236:11: Bye Bye [preauth]
Sep 28 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Disconnected from 5.161.255.90 port 19236 [preauth]
Sep 28 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Failed password for invalid user x from 154.72.233.36 port 45556 ssh2
Sep 28 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Received disconnect from 154.72.233.36 port 45556:11: Bye Bye [preauth]
Sep 28 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26503]: Disconnected from 154.72.233.36 port 45556 [preauth]
Sep 28 09:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Failed password for invalid user minecraft from 209.38.91.249 port 45886 ssh2
Sep 28 09:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Received disconnect from 209.38.91.249 port 45886:11: Bye Bye [preauth]
Sep 28 09:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26505]: Disconnected from 209.38.91.249 port 45886 [preauth]
Sep 28 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26526]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: Successful su for rubyman by root
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: + ??? root:rubyman
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307620 of user rubyman.
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307620.
Sep 28 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Failed password for root from 139.59.66.39 port 55618 ssh2
Sep 28 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Received disconnect from 139.59.66.39 port 55618:11: Bye Bye [preauth]
Sep 28 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Disconnected from 139.59.66.39 port 55618 [preauth]
Sep 28 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22936]: pam_unix(cron:session): session closed for user root
Sep 28 09:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Invalid user test from 115.78.226.174
Sep 28 09:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: input_userauth_request: invalid user test [preauth]
Sep 28 09:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Failed password for invalid user test from 115.78.226.174 port 58133 ssh2
Sep 28 09:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Received disconnect from 115.78.226.174 port 58133:11: Bye Bye [preauth]
Sep 28 09:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Disconnected from 115.78.226.174 port 58133 [preauth]
Sep 28 09:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25157]: pam_unix(cron:session): session closed for user root
Sep 28 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Invalid user admin from 139.19.117.131
Sep 28 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: input_userauth_request: invalid user admin [preauth]
Sep 28 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Failed password for invalid user ftpuser from 196.251.69.141 port 54940 ssh2
Sep 28 09:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Connection closed by 196.251.69.141 port 54940 [preauth]
Sep 28 09:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Connection closed by 139.19.117.131 port 52706 [preauth]
Sep 28 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Invalid user forest from 154.72.233.36
Sep 28 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: input_userauth_request: invalid user forest [preauth]
Sep 28 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Failed password for invalid user forest from 154.72.233.36 port 58498 ssh2
Sep 28 09:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Received disconnect from 154.72.233.36 port 58498:11: Bye Bye [preauth]
Sep 28 09:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27081]: Disconnected from 154.72.233.36 port 58498 [preauth]
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session closed for user root
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: Successful su for rubyman by root
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: + ??? root:rubyman
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307629 of user rubyman.
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27181]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307629.
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Invalid user miladmim from 5.161.255.90
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: input_userauth_request: invalid user miladmim [preauth]
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Failed password for invalid user miladmim from 5.161.255.90 port 44382 ssh2
Sep 28 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Received disconnect from 5.161.255.90 port 44382:11: Bye Bye [preauth]
Sep 28 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Disconnected from 5.161.255.90 port 44382 [preauth]
Sep 28 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session closed for user root
Sep 28 09:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session closed for user root
Sep 28 09:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27094]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Invalid user neo from 209.38.91.249
Sep 28 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: input_userauth_request: invalid user neo [preauth]
Sep 28 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Failed password for invalid user neo from 209.38.91.249 port 57460 ssh2
Sep 28 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Received disconnect from 209.38.91.249 port 57460:11: Bye Bye [preauth]
Sep 28 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Disconnected from 209.38.91.249 port 57460 [preauth]
Sep 28 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: Invalid user csgo from 139.59.66.39
Sep 28 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: input_userauth_request: invalid user csgo [preauth]
Sep 28 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: Failed password for invalid user csgo from 139.59.66.39 port 50730 ssh2
Sep 28 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: Received disconnect from 139.59.66.39 port 50730:11: Bye Bye [preauth]
Sep 28 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27479]: Disconnected from 139.59.66.39 port 50730 [preauth]
Sep 28 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: Failed password for invalid user ftpuser from 196.251.69.141 port 33946 ssh2
Sep 28 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27495]: Connection closed by 196.251.69.141 port 33946 [preauth]
Sep 28 09:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session closed for user root
Sep 28 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: Invalid user federica from 115.78.226.174
Sep 28 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: input_userauth_request: invalid user federica [preauth]
Sep 28 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: Failed password for invalid user federica from 115.78.226.174 port 41527 ssh2
Sep 28 09:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: Received disconnect from 115.78.226.174 port 41527:11: Bye Bye [preauth]
Sep 28 09:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27717]: Disconnected from 115.78.226.174 port 41527 [preauth]
Sep 28 09:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: Invalid user jak from 154.72.233.36
Sep 28 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: input_userauth_request: invalid user jak [preauth]
Sep 28 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: Failed password for invalid user jak from 154.72.233.36 port 41100 ssh2
Sep 28 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: Received disconnect from 154.72.233.36 port 41100:11: Bye Bye [preauth]
Sep 28 09:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27771]: Disconnected from 154.72.233.36 port 41100 [preauth]
Sep 28 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27785]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: Successful su for rubyman by root
Sep 28 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: + ??? root:rubyman
Sep 28 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307630 of user rubyman.
Sep 28 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27865]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307630.
Sep 28 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24166]: pam_unix(cron:session): session closed for user root
Sep 28 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27786]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: Invalid user iksi from 5.161.255.90
Sep 28 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: input_userauth_request: invalid user iksi [preauth]
Sep 28 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Failed password for invalid user ftpuser from 196.251.69.141 port 41246 ssh2
Sep 28 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Connection closed by 196.251.69.141 port 41246 [preauth]
Sep 28 09:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: Failed password for invalid user iksi from 5.161.255.90 port 5008 ssh2
Sep 28 09:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: Received disconnect from 5.161.255.90 port 5008:11: Bye Bye [preauth]
Sep 28 09:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28086]: Disconnected from 5.161.255.90 port 5008 [preauth]
Sep 28 09:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session closed for user root
Sep 28 09:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Invalid user tech from 209.38.91.249
Sep 28 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: input_userauth_request: invalid user tech [preauth]
Sep 28 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Invalid user test from 139.59.66.39
Sep 28 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: input_userauth_request: invalid user test [preauth]
Sep 28 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for invalid user tech from 209.38.91.249 port 51204 ssh2
Sep 28 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Received disconnect from 209.38.91.249 port 51204:11: Bye Bye [preauth]
Sep 28 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Disconnected from 209.38.91.249 port 51204 [preauth]
Sep 28 09:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Failed password for invalid user test from 139.59.66.39 port 59768 ssh2
Sep 28 09:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Received disconnect from 139.59.66.39 port 59768:11: Bye Bye [preauth]
Sep 28 09:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Disconnected from 139.59.66.39 port 59768 [preauth]
Sep 28 09:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Invalid user tomcat from 115.78.226.174
Sep 28 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Failed password for invalid user tomcat from 115.78.226.174 port 53151 ssh2
Sep 28 09:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Received disconnect from 115.78.226.174 port 53151:11: Bye Bye [preauth]
Sep 28 09:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Disconnected from 115.78.226.174 port 53151 [preauth]
Sep 28 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: Invalid user ftpuser from 196.251.69.141
Sep 28 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 09:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: Failed password for invalid user ftpuser from 196.251.69.141 port 48160 ssh2
Sep 28 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: Connection closed by 196.251.69.141 port 48160 [preauth]
Sep 28 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Invalid user mapr from 154.72.233.36
Sep 28 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: input_userauth_request: invalid user mapr [preauth]
Sep 28 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Failed password for invalid user mapr from 154.72.233.36 port 47784 ssh2
Sep 28 09:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Received disconnect from 154.72.233.36 port 47784:11: Bye Bye [preauth]
Sep 28 09:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Disconnected from 154.72.233.36 port 47784 [preauth]
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28254]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28323]: Successful su for rubyman by root
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28323]: + ??? root:rubyman
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307635 of user rubyman.
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28323]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307635.
Sep 28 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session closed for user root
Sep 28 09:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28255]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Invalid user user2 from 5.161.255.90
Sep 28 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: input_userauth_request: invalid user user2 [preauth]
Sep 28 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Failed password for invalid user user2 from 5.161.255.90 port 30146 ssh2
Sep 28 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Received disconnect from 5.161.255.90 port 30146:11: Bye Bye [preauth]
Sep 28 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Disconnected from 5.161.255.90 port 30146 [preauth]
Sep 28 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session closed for user root
Sep 28 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: input_userauth_request: invalid user mysql [preauth]
Sep 28 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Failed password for invalid user mysql from 196.251.69.141 port 55466 ssh2
Sep 28 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Connection closed by 196.251.69.141 port 55466 [preauth]
Sep 28 09:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Invalid user pedrito from 139.59.66.39
Sep 28 09:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: input_userauth_request: invalid user pedrito [preauth]
Sep 28 09:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 09:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Invalid user aliyun from 115.78.226.174
Sep 28 09:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: input_userauth_request: invalid user aliyun [preauth]
Sep 28 09:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Failed password for invalid user pedrito from 139.59.66.39 port 43862 ssh2
Sep 28 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Received disconnect from 139.59.66.39 port 43862:11: Bye Bye [preauth]
Sep 28 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Disconnected from 139.59.66.39 port 43862 [preauth]
Sep 28 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: Invalid user test3 from 154.72.233.36
Sep 28 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: input_userauth_request: invalid user test3 [preauth]
Sep 28 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for invalid user aliyun from 115.78.226.174 port 36542 ssh2
Sep 28 09:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Received disconnect from 115.78.226.174 port 36542:11: Bye Bye [preauth]
Sep 28 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Disconnected from 115.78.226.174 port 36542 [preauth]
Sep 28 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: Invalid user foundry from 209.38.91.249
Sep 28 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: input_userauth_request: invalid user foundry [preauth]
Sep 28 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: Failed password for invalid user test3 from 154.72.233.36 port 46176 ssh2
Sep 28 09:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: Received disconnect from 154.72.233.36 port 46176:11: Bye Bye [preauth]
Sep 28 09:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28826]: Disconnected from 154.72.233.36 port 46176 [preauth]
Sep 28 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: Failed password for invalid user foundry from 209.38.91.249 port 60060 ssh2
Sep 28 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: Received disconnect from 209.38.91.249 port 60060:11: Bye Bye [preauth]
Sep 28 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28828]: Disconnected from 209.38.91.249 port 60060 [preauth]
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28855]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29004]: Successful su for rubyman by root
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29004]: + ??? root:rubyman
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307638 of user rubyman.
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29004]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307638.
Sep 28 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25154]: pam_unix(cron:session): session closed for user root
Sep 28 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 09:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Failed password for root from 46.101.170.54 port 57798 ssh2
Sep 28 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Connection closed by 46.101.170.54 port 57798 [preauth]
Sep 28 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: Invalid user neo from 5.161.255.90
Sep 28 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: input_userauth_request: invalid user neo [preauth]
Sep 28 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: Failed password for invalid user neo from 5.161.255.90 port 55288 ssh2
Sep 28 09:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: Received disconnect from 5.161.255.90 port 55288:11: Bye Bye [preauth]
Sep 28 09:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: Disconnected from 5.161.255.90 port 55288 [preauth]
Sep 28 09:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 09:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: input_userauth_request: invalid user mysql [preauth]
Sep 28 09:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 09:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Failed password for invalid user mysql from 196.251.69.141 port 34014 ssh2
Sep 28 09:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Connection closed by 196.251.69.141 port 34014 [preauth]
Sep 28 09:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user root
Sep 28 09:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Invalid user contabilidad from 154.72.233.36
Sep 28 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: input_userauth_request: invalid user contabilidad [preauth]
Sep 28 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Failed password for invalid user contabilidad from 154.72.233.36 port 49304 ssh2
Sep 28 09:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Received disconnect from 154.72.233.36 port 49304:11: Bye Bye [preauth]
Sep 28 09:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Disconnected from 154.72.233.36 port 49304 [preauth]
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user p13x
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: Successful su for rubyman by root
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: + ??? root:rubyman
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307644 of user rubyman.
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29499]: pam_unix(su:session): session closed for user rubyman
Sep 28 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307644.
Sep 28 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session closed for user root
Sep 28 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Failed password for root from 139.59.66.39 port 58720 ssh2
Sep 28 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Received disconnect from 139.59.66.39 port 58720:11: Bye Bye [preauth]
Sep 28 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Disconnected from 139.59.66.39 port 58720 [preauth]
Sep 28 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user samftp
Sep 28 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29694]: Failed password for root from 115.78.226.174 port 48169 ssh2
Sep 28 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29694]: Received disconnect from 115.78.226.174 port 48169:11: Bye Bye [preauth]
Sep 28 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29694]: Disconnected from 115.78.226.174 port 48169 [preauth]
Sep 28 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Invalid user pick from 209.38.91.249
Sep 28 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: input_userauth_request: invalid user pick [preauth]
Sep 28 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Failed password for invalid user pick from 209.38.91.249 port 43792 ssh2
Sep 28 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Received disconnect from 209.38.91.249 port 43792:11: Bye Bye [preauth]
Sep 28 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Disconnected from 209.38.91.249 port 43792 [preauth]
Sep 28 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 09:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: input_userauth_request: invalid user mysql [preauth]
Sep 28 09:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 09:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Failed password for invalid user mysql from 196.251.69.141 port 40990 ssh2
Sep 28 09:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Connection closed by 196.251.69.141 port 40990 [preauth]
Sep 28 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Invalid user aliyun from 5.161.255.90
Sep 28 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: input_userauth_request: invalid user aliyun [preauth]
Sep 28 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 09:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Failed password for invalid user aliyun from 5.161.255.90 port 15916 ssh2
Sep 28 09:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Received disconnect from 5.161.255.90 port 15916:11: Bye Bye [preauth]
Sep 28 09:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Disconnected from 5.161.255.90 port 15916 [preauth]
Sep 28 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session closed for user root
Sep 28 09:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Invalid user ftpuser1 from 154.72.233.36
Sep 28 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: input_userauth_request: invalid user ftpuser1 [preauth]
Sep 28 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Failed password for invalid user ftpuser1 from 154.72.233.36 port 54550 ssh2
Sep 28 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Received disconnect from 154.72.233.36 port 54550:11: Bye Bye [preauth]
Sep 28 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Disconnected from 154.72.233.36 port 54550 [preauth]
Sep 28 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: input_userauth_request: invalid user mysql [preauth]
Sep 28 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: Failed password for invalid user mysql from 196.251.69.141 port 47504 ssh2
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29895]: Connection closed by 196.251.69.141 port 47504 [preauth]
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session closed for user root
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user root
Sep 28 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: Successful su for rubyman by root
Sep 28 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: + ??? root:rubyman
Sep 28 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307646 of user rubyman.
Sep 28 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307646.
Sep 28 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session closed for user root
Sep 28 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26530]: pam_unix(cron:session): session closed for user root
Sep 28 10:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: Did not receive identification string from 109.205.61.79
Sep 28 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Invalid user neo from 139.59.66.39
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: input_userauth_request: invalid user neo [preauth]
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Invalid user miladmim from 115.78.226.174
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: input_userauth_request: invalid user miladmim [preauth]
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Failed password for invalid user neo from 139.59.66.39 port 45192 ssh2
Sep 28 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Failed password for invalid user miladmim from 115.78.226.174 port 59792 ssh2
Sep 28 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Received disconnect from 139.59.66.39 port 45192:11: Bye Bye [preauth]
Sep 28 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Disconnected from 139.59.66.39 port 45192 [preauth]
Sep 28 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Received disconnect from 115.78.226.174 port 59792:11: Bye Bye [preauth]
Sep 28 10:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Disconnected from 115.78.226.174 port 59792 [preauth]
Sep 28 10:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Failed password for root from 209.38.91.249 port 40244 ssh2
Sep 28 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Received disconnect from 209.38.91.249 port 40244:11: Bye Bye [preauth]
Sep 28 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Disconnected from 209.38.91.249 port 40244 [preauth]
Sep 28 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28855]: pam_unix(cron:session): session closed for user root
Sep 28 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90  user=root
Sep 28 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: Failed password for root from 5.161.255.90 port 41052 ssh2
Sep 28 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: Received disconnect from 5.161.255.90 port 41052:11: Bye Bye [preauth]
Sep 28 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: Disconnected from 5.161.255.90 port 41052 [preauth]
Sep 28 10:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: input_userauth_request: invalid user mysql [preauth]
Sep 28 10:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 10:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Failed password for invalid user mysql from 196.251.69.141 port 54064 ssh2
Sep 28 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Invalid user fabio from 154.72.233.36
Sep 28 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: input_userauth_request: invalid user fabio [preauth]
Sep 28 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Connection closed by 196.251.69.141 port 54064 [preauth]
Sep 28 10:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for invalid user fabio from 154.72.233.36 port 40866 ssh2
Sep 28 10:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Received disconnect from 154.72.233.36 port 40866:11: Bye Bye [preauth]
Sep 28 10:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Disconnected from 154.72.233.36 port 40866 [preauth]
Sep 28 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: Successful su for rubyman by root
Sep 28 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: + ??? root:rubyman
Sep 28 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307656 of user rubyman.
Sep 28 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30714]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307656.
Sep 28 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session closed for user root
Sep 28 10:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30640]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: Invalid user tech from 115.78.226.174
Sep 28 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: input_userauth_request: invalid user tech [preauth]
Sep 28 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: Failed password for invalid user tech from 115.78.226.174 port 43175 ssh2
Sep 28 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: Received disconnect from 115.78.226.174 port 43175:11: Bye Bye [preauth]
Sep 28 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30955]: Disconnected from 115.78.226.174 port 43175 [preauth]
Sep 28 10:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: input_userauth_request: invalid user mysql [preauth]
Sep 28 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Invalid user tech from 139.59.66.39
Sep 28 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: input_userauth_request: invalid user tech [preauth]
Sep 28 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 10:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: Failed password for invalid user mysql from 196.251.69.141 port 32838 ssh2
Sep 28 10:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: Connection closed by 196.251.69.141 port 32838 [preauth]
Sep 28 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Failed password for invalid user tech from 139.59.66.39 port 46394 ssh2
Sep 28 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Received disconnect from 139.59.66.39 port 46394:11: Bye Bye [preauth]
Sep 28 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Disconnected from 139.59.66.39 port 46394 [preauth]
Sep 28 10:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session closed for user root
Sep 28 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Invalid user vcsa from 5.161.255.90
Sep 28 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: input_userauth_request: invalid user vcsa [preauth]
Sep 28 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.161.255.90
Sep 28 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Failed password for invalid user vcsa from 5.161.255.90 port 1682 ssh2
Sep 28 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Received disconnect from 5.161.255.90 port 1682:11: Bye Bye [preauth]
Sep 28 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Disconnected from 5.161.255.90 port 1682 [preauth]
Sep 28 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: Invalid user vcsa from 209.38.91.249
Sep 28 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: input_userauth_request: invalid user vcsa [preauth]
Sep 28 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 10:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Invalid user robot from 154.72.233.36
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: input_userauth_request: invalid user robot [preauth]
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: Failed password for invalid user vcsa from 209.38.91.249 port 49846 ssh2
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: Received disconnect from 209.38.91.249 port 49846:11: Bye Bye [preauth]
Sep 28 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: Disconnected from 209.38.91.249 port 49846 [preauth]
Sep 28 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Failed password for invalid user robot from 154.72.233.36 port 47480 ssh2
Sep 28 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Received disconnect from 154.72.233.36 port 47480:11: Bye Bye [preauth]
Sep 28 10:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Disconnected from 154.72.233.36 port 47480 [preauth]
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31117]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31114]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: Successful su for rubyman by root
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: + ??? root:rubyman
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307658 of user rubyman.
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307658.
Sep 28 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session closed for user root
Sep 28 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31115]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: input_userauth_request: invalid user mysql [preauth]
Sep 28 10:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 10:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Failed password for invalid user mysql from 196.251.69.141 port 39344 ssh2
Sep 28 10:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Connection closed by 196.251.69.141 port 39344 [preauth]
Sep 28 10:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Invalid user pick from 115.78.226.174
Sep 28 10:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: input_userauth_request: invalid user pick [preauth]
Sep 28 10:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 10:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Failed password for invalid user pick from 115.78.226.174 port 54801 ssh2
Sep 28 10:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Received disconnect from 115.78.226.174 port 54801:11: Bye Bye [preauth]
Sep 28 10:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Disconnected from 115.78.226.174 port 54801 [preauth]
Sep 28 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user root
Sep 28 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39  user=root
Sep 28 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Failed password for root from 139.59.66.39 port 57334 ssh2
Sep 28 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Received disconnect from 139.59.66.39 port 57334:11: Bye Bye [preauth]
Sep 28 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Disconnected from 139.59.66.39 port 57334 [preauth]
Sep 28 10:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: Invalid user admin from 93.152.230.176
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: input_userauth_request: invalid user admin [preauth]
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Invalid user tv from 154.72.233.36
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: input_userauth_request: invalid user tv [preauth]
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: Failed password for invalid user admin from 93.152.230.176 port 35549 ssh2
Sep 28 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: Received disconnect from 93.152.230.176 port 35549:11: Client disconnecting normally [preauth]
Sep 28 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31582]: Disconnected from 93.152.230.176 port 35549 [preauth]
Sep 28 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Failed password for invalid user tv from 154.72.233.36 port 47790 ssh2
Sep 28 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Received disconnect from 154.72.233.36 port 47790:11: Bye Bye [preauth]
Sep 28 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Disconnected from 154.72.233.36 port 47790 [preauth]
Sep 28 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31610]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: input_userauth_request: invalid user mysql [preauth]
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: Successful su for rubyman by root
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: + ??? root:rubyman
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307661 of user rubyman.
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307661.
Sep 28 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: Failed password for invalid user mysql from 196.251.69.141 port 41632 ssh2
Sep 28 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: Connection closed by 196.251.69.141 port 41632 [preauth]
Sep 28 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28256]: pam_unix(cron:session): session closed for user root
Sep 28 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: Invalid user paul from 209.38.91.249
Sep 28 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: input_userauth_request: invalid user paul [preauth]
Sep 28 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: Failed password for invalid user paul from 209.38.91.249 port 48188 ssh2
Sep 28 10:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: Received disconnect from 209.38.91.249 port 48188:11: Bye Bye [preauth]
Sep 28 10:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31774]: Disconnected from 209.38.91.249 port 48188 [preauth]
Sep 28 10:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31613]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Invalid user edvaldo from 138.68.58.124
Sep 28 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: input_userauth_request: invalid user edvaldo [preauth]
Sep 28 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 28 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Failed password for invalid user edvaldo from 138.68.58.124 port 39142 ssh2
Sep 28 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Connection closed by 138.68.58.124 port 39142 [preauth]
Sep 28 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session closed for user root
Sep 28 10:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174  user=root
Sep 28 10:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Failed password for root from 115.78.226.174 port 38193 ssh2
Sep 28 10:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Received disconnect from 115.78.226.174 port 38193:11: Bye Bye [preauth]
Sep 28 10:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Disconnected from 115.78.226.174 port 38193 [preauth]
Sep 28 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: User mysql from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: input_userauth_request: invalid user mysql [preauth]
Sep 28 10:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=mysql
Sep 28 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Failed password for invalid user mysql from 196.251.69.141 port 45764 ssh2
Sep 28 10:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Connection closed by 196.251.69.141 port 45764 [preauth]
Sep 28 10:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: Invalid user notes from 154.72.233.36
Sep 28 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: input_userauth_request: invalid user notes [preauth]
Sep 28 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: Failed password for invalid user notes from 154.72.233.36 port 64970 ssh2
Sep 28 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: Received disconnect from 154.72.233.36 port 64970:11: Bye Bye [preauth]
Sep 28 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32038]: Disconnected from 154.72.233.36 port 64970 [preauth]
Sep 28 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user steam from 139.59.66.39
Sep 28 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user steam [preauth]
Sep 28 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user steam from 139.59.66.39 port 46902 ssh2
Sep 28 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Received disconnect from 139.59.66.39 port 46902:11: Bye Bye [preauth]
Sep 28 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Disconnected from 139.59.66.39 port 46902 [preauth]
Sep 28 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32054]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: Successful su for rubyman by root
Sep 28 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: + ??? root:rubyman
Sep 28 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307665 of user rubyman.
Sep 28 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307665.
Sep 28 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28847]: pam_unix(cron:session): session closed for user root
Sep 28 10:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 10:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for root from 209.38.91.249 port 54014 ssh2
Sep 28 10:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Received disconnect from 209.38.91.249 port 54014:11: Bye Bye [preauth]
Sep 28 10:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Disconnected from 209.38.91.249 port 54014 [preauth]
Sep 28 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31117]: pam_unix(cron:session): session closed for user root
Sep 28 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Failed password for invalid user backup from 196.251.69.141 port 49318 ssh2
Sep 28 10:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Connection closed by 196.251.69.141 port 49318 [preauth]
Sep 28 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Invalid user foundry from 115.78.226.174
Sep 28 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: input_userauth_request: invalid user foundry [preauth]
Sep 28 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.226.174
Sep 28 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for invalid user foundry from 115.78.226.174 port 49817 ssh2
Sep 28 10:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Received disconnect from 115.78.226.174 port 49817:11: Bye Bye [preauth]
Sep 28 10:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Disconnected from 115.78.226.174 port 49817 [preauth]
Sep 28 10:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Failed password for root from 154.72.233.36 port 44458 ssh2
Sep 28 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Received disconnect from 154.72.233.36 port 44458:11: Bye Bye [preauth]
Sep 28 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Disconnected from 154.72.233.36 port 44458 [preauth]
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32497]: pam_unix(cron:session): session closed for user root
Sep 28 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: Successful su for rubyman by root
Sep 28 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: + ??? root:rubyman
Sep 28 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307671 of user rubyman.
Sep 28 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307671.
Sep 28 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32494]: pam_unix(cron:session): session closed for user root
Sep 28 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session closed for user root
Sep 28 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32493]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Invalid user miladmim from 139.59.66.39
Sep 28 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: input_userauth_request: invalid user miladmim [preauth]
Sep 28 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 10:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Failed password for invalid user miladmim from 139.59.66.39 port 38066 ssh2
Sep 28 10:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Received disconnect from 139.59.66.39 port 38066:11: Bye Bye [preauth]
Sep 28 10:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[323]: Disconnected from 139.59.66.39 port 38066 [preauth]
Sep 28 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for invalid user backup from 196.251.69.141 port 51034 ssh2
Sep 28 10:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Connection closed by 196.251.69.141 port 51034 [preauth]
Sep 28 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31615]: pam_unix(cron:session): session closed for user root
Sep 28 10:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 10:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[459]: Failed password for root from 209.38.91.249 port 39306 ssh2
Sep 28 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[459]: Received disconnect from 209.38.91.249 port 39306:11: Bye Bye [preauth]
Sep 28 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[459]: Disconnected from 209.38.91.249 port 39306 [preauth]
Sep 28 10:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 10:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Failed password for root from 154.72.233.36 port 59154 ssh2
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Received disconnect from 154.72.233.36 port 59154:11: Bye Bye [preauth]
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Disconnected from 154.72.233.36 port 59154 [preauth]
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: Successful su for rubyman by root
Sep 28 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: + ??? root:rubyman
Sep 28 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307676 of user rubyman.
Sep 28 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307676.
Sep 28 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user root
Sep 28 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: Failed password for invalid user backup from 196.251.69.141 port 52720 ssh2
Sep 28 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: Connection closed by 196.251.69.141 port 52720 [preauth]
Sep 28 10:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Invalid user test from 139.59.66.39
Sep 28 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: input_userauth_request: invalid user test [preauth]
Sep 28 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.66.39
Sep 28 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Failed password for invalid user test from 139.59.66.39 port 57594 ssh2
Sep 28 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Received disconnect from 139.59.66.39 port 57594:11: Bye Bye [preauth]
Sep 28 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Disconnected from 139.59.66.39 port 57594 [preauth]
Sep 28 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session closed for user root
Sep 28 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for invalid user backup from 196.251.69.141 port 54682 ssh2
Sep 28 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Connection closed by 196.251.69.141 port 54682 [preauth]
Sep 28 10:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: Invalid user user33 from 154.72.233.36
Sep 28 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: input_userauth_request: invalid user user33 [preauth]
Sep 28 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: Failed password for invalid user user33 from 154.72.233.36 port 45558 ssh2
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: Received disconnect from 154.72.233.36 port 45558:11: Bye Bye [preauth]
Sep 28 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1062]: Disconnected from 154.72.233.36 port 45558 [preauth]
Sep 28 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1132]: Successful su for rubyman by root
Sep 28 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1132]: + ??? root:rubyman
Sep 28 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307679 of user rubyman.
Sep 28 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1132]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307679.
Sep 28 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Invalid user miladmim from 209.38.91.249
Sep 28 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: input_userauth_request: invalid user miladmim [preauth]
Sep 28 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30641]: pam_unix(cron:session): session closed for user root
Sep 28 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Failed password for invalid user miladmim from 209.38.91.249 port 44730 ssh2
Sep 28 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Received disconnect from 209.38.91.249 port 44730:11: Bye Bye [preauth]
Sep 28 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Disconnected from 209.38.91.249 port 44730 [preauth]
Sep 28 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session closed for user root
Sep 28 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Failed password for invalid user backup from 196.251.69.141 port 56918 ssh2
Sep 28 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Connection closed by 196.251.69.141 port 56918 [preauth]
Sep 28 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36  user=root
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1544]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Failed password for root from 154.72.233.36 port 61692 ssh2
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1612]: Successful su for rubyman by root
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1612]: + ??? root:rubyman
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307684 of user rubyman.
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1612]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307684.
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Received disconnect from 154.72.233.36 port 61692:11: Bye Bye [preauth]
Sep 28 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Disconnected from 154.72.233.36 port 61692 [preauth]
Sep 28 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31116]: pam_unix(cron:session): session closed for user root
Sep 28 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1547]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Failed password for invalid user backup from 196.251.69.141 port 59136 ssh2
Sep 28 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Connection closed by 196.251.69.141 port 59136 [preauth]
Sep 28 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Invalid user fengyun from 209.38.91.249
Sep 28 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: input_userauth_request: invalid user fengyun [preauth]
Sep 28 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 10:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Failed password for invalid user fengyun from 209.38.91.249 port 44472 ssh2
Sep 28 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Received disconnect from 209.38.91.249 port 44472:11: Bye Bye [preauth]
Sep 28 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Disconnected from 209.38.91.249 port 44472 [preauth]
Sep 28 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[522]: pam_unix(cron:session): session closed for user root
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1999]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2002]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Invalid user personal from 154.72.233.36
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: input_userauth_request: invalid user personal [preauth]
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.233.36
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2149]: Successful su for rubyman by root
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2149]: + ??? root:rubyman
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307687 of user rubyman.
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2149]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307687.
Sep 28 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1999]: pam_unix(cron:session): session closed for user root
Sep 28 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Failed password for invalid user personal from 154.72.233.36 port 47598 ssh2
Sep 28 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Received disconnect from 154.72.233.36 port 47598:11: Bye Bye [preauth]
Sep 28 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Disconnected from 154.72.233.36 port 47598 [preauth]
Sep 28 10:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31614]: pam_unix(cron:session): session closed for user root
Sep 28 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2003]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Failed password for invalid user backup from 196.251.69.141 port 60650 ssh2
Sep 28 10:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Connection closed by 196.251.69.141 port 60650 [preauth]
Sep 28 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1070]: pam_unix(cron:session): session closed for user root
Sep 28 10:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249  user=root
Sep 28 10:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: Failed password for root from 209.38.91.249 port 38784 ssh2
Sep 28 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: Received disconnect from 209.38.91.249 port 38784:11: Bye Bye [preauth]
Sep 28 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: Disconnected from 209.38.91.249 port 38784 [preauth]
Sep 28 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Failed password for invalid user backup from 196.251.69.141 port 34100 ssh2
Sep 28 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Connection closed by 196.251.69.141 port 34100 [preauth]
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user root
Sep 28 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2546]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2622]: Successful su for rubyman by root
Sep 28 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2622]: + ??? root:rubyman
Sep 28 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307694 of user rubyman.
Sep 28 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2622]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307694.
Sep 28 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session closed for user root
Sep 28 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session closed for user root
Sep 28 10:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.141.9
Sep 28 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session closed for user root
Sep 28 10:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: User backup from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: input_userauth_request: invalid user backup [preauth]
Sep 28 10:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=backup
Sep 28 10:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Failed password for invalid user backup from 196.251.69.141 port 35058 ssh2
Sep 28 10:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Connection closed by 196.251.69.141 port 35058 [preauth]
Sep 28 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: Successful su for rubyman by root
Sep 28 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: + ??? root:rubyman
Sep 28 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307699 of user rubyman.
Sep 28 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307699.
Sep 28 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session closed for user root
Sep 28 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Invalid user test from 209.38.91.249
Sep 28 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: input_userauth_request: invalid user test [preauth]
Sep 28 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.91.249
Sep 28 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Failed password for invalid user test from 209.38.91.249 port 53992 ssh2
Sep 28 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Received disconnect from 209.38.91.249 port 53992:11: Bye Bye [preauth]
Sep 28 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Disconnected from 209.38.91.249 port 53992 [preauth]
Sep 28 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Failed password for invalid user www-data from 196.251.69.141 port 35846 ssh2
Sep 28 10:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Connection closed by 196.251.69.141 port 35846 [preauth]
Sep 28 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2005]: pam_unix(cron:session): session closed for user root
Sep 28 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3527]: Successful su for rubyman by root
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3527]: + ??? root:rubyman
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307703 of user rubyman.
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3527]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307703.
Sep 28 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session closed for user root
Sep 28 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Failed password for invalid user www-data from 196.251.69.141 port 37002 ssh2
Sep 28 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Connection closed by 196.251.69.141 port 37002 [preauth]
Sep 28 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Invalid user roland from 190.103.202.7
Sep 28 10:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: input_userauth_request: invalid user roland [preauth]
Sep 28 10:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 10:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Failed password for invalid user roland from 190.103.202.7 port 57366 ssh2
Sep 28 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Connection closed by 190.103.202.7 port 57366 [preauth]
Sep 28 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session closed for user root
Sep 28 10:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user www-data from 196.251.69.141 port 38036 ssh2
Sep 28 10:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Connection closed by 196.251.69.141 port 38036 [preauth]
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3960]: Successful su for rubyman by root
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3960]: + ??? root:rubyman
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307707 of user rubyman.
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3960]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307707.
Sep 28 10:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1068]: pam_unix(cron:session): session closed for user root
Sep 28 10:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Failed password for invalid user www-data from 196.251.69.141 port 38908 ssh2
Sep 28 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Connection closed by 196.251.69.141 port 38908 [preauth]
Sep 28 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session closed for user root
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4340]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4338]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: Successful su for rubyman by root
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: + ??? root:rubyman
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307711 of user rubyman.
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307711.
Sep 28 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1549]: pam_unix(cron:session): session closed for user root
Sep 28 10:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: Failed password for invalid user www-data from 196.251.69.141 port 40056 ssh2
Sep 28 10:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: Connection closed by 196.251.69.141 port 40056 [preauth]
Sep 28 10:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session closed for user root
Sep 28 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user root
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: Successful su for rubyman by root
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: + ??? root:rubyman
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307716 of user rubyman.
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307716.
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Failed password for invalid user www-data from 196.251.69.141 port 40868 ssh2
Sep 28 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session closed for user root
Sep 28 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Connection closed by 196.251.69.141 port 40868 [preauth]
Sep 28 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2004]: pam_unix(cron:session): session closed for user root
Sep 28 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user root
Sep 28 10:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for invalid user www-data from 196.251.69.141 port 41664 ssh2
Sep 28 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Connection closed by 196.251.69.141 port 41664 [preauth]
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5259]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5423]: Successful su for rubyman by root
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5423]: + ??? root:rubyman
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307721 of user rubyman.
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5423]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307721.
Sep 28 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session closed for user root
Sep 28 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session closed for user root
Sep 28 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Failed password for invalid user www-data from 196.251.69.141 port 42598 ssh2
Sep 28 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Connection closed by 196.251.69.141 port 42598 [preauth]
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session closed for user root
Sep 28 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: Successful su for rubyman by root
Sep 28 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: + ??? root:rubyman
Sep 28 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307724 of user rubyman.
Sep 28 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5877]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307724.
Sep 28 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session closed for user root
Sep 28 10:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: User www-data from 196.251.69.141 not allowed because not listed in AllowUsers
Sep 28 10:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=www-data
Sep 28 10:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Failed password for invalid user www-data from 196.251.69.141 port 43392 ssh2
Sep 28 10:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Connection closed by 196.251.69.141 port 43392 [preauth]
Sep 28 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user root
Sep 28 10:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6252]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6248]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: Successful su for rubyman by root
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: + ??? root:rubyman
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307731 of user rubyman.
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307731.
Sep 28 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Invalid user webmaster from 196.251.69.141
Sep 28 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Failed password for invalid user webmaster from 196.251.69.141 port 43930 ssh2
Sep 28 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Connection closed by 196.251.69.141 port 43930 [preauth]
Sep 28 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session closed for user root
Sep 28 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6249]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Invalid user shant from 80.94.95.112
Sep 28 10:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: input_userauth_request: invalid user shant [preauth]
Sep 28 10:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for invalid user shant from 80.94.95.112 port 64879 ssh2
Sep 28 10:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for invalid user shant from 80.94.95.112 port 64879 ssh2
Sep 28 10:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for invalid user shant from 80.94.95.112 port 64879 ssh2
Sep 28 10:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for invalid user shant from 80.94.95.112 port 64879 ssh2
Sep 28 10:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for invalid user shant from 80.94.95.112 port 64879 ssh2
Sep 28 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Received disconnect from 80.94.95.112 port 64879:11: Bye [preauth]
Sep 28 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Disconnected from 80.94.95.112 port 64879 [preauth]
Sep 28 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session closed for user root
Sep 28 10:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Invalid user webmaster from 196.251.69.141
Sep 28 10:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Failed password for invalid user webmaster from 196.251.69.141 port 44670 ssh2
Sep 28 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6750]: Connection closed by 196.251.69.141 port 44670 [preauth]
Sep 28 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6785]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6783]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6847]: Successful su for rubyman by root
Sep 28 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6847]: + ??? root:rubyman
Sep 28 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307735 of user rubyman.
Sep 28 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6847]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307735.
Sep 28 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user root
Sep 28 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: Invalid user webmaster from 196.251.69.141
Sep 28 10:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: Failed password for invalid user webmaster from 196.251.69.141 port 45292 ssh2
Sep 28 10:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7217]: Connection closed by 196.251.69.141 port 45292 [preauth]
Sep 28 10:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session closed for user root
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session closed for user root
Sep 28 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7312]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: Successful su for rubyman by root
Sep 28 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: + ??? root:rubyman
Sep 28 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307737 of user rubyman.
Sep 28 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307737.
Sep 28 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4340]: pam_unix(cron:session): session closed for user root
Sep 28 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session closed for user root
Sep 28 10:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Invalid user webmaster from 196.251.69.141
Sep 28 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Failed password for invalid user webmaster from 196.251.69.141 port 45954 ssh2
Sep 28 10:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Connection closed by 196.251.69.141 port 45954 [preauth]
Sep 28 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6252]: pam_unix(cron:session): session closed for user root
Sep 28 10:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Invalid user biz from 152.32.129.140
Sep 28 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: input_userauth_request: invalid user biz [preauth]
Sep 28 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Failed password for invalid user biz from 152.32.129.140 port 42896 ssh2
Sep 28 10:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Received disconnect from 152.32.129.140 port 42896:11: Bye Bye [preauth]
Sep 28 10:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Disconnected from 152.32.129.140 port 42896 [preauth]
Sep 28 10:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Invalid user webmaster from 196.251.69.141
Sep 28 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Failed password for invalid user webmaster from 196.251.69.141 port 46514 ssh2
Sep 28 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Connection closed by 196.251.69.141 port 46514 [preauth]
Sep 28 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7899]: Successful su for rubyman by root
Sep 28 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7899]: + ??? root:rubyman
Sep 28 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307745 of user rubyman.
Sep 28 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7899]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307745.
Sep 28 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user root
Sep 28 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session closed for user root
Sep 28 10:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Invalid user webmaster from 196.251.69.141
Sep 28 10:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Failed password for invalid user webmaster from 196.251.69.141 port 47194 ssh2
Sep 28 10:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Connection closed by 196.251.69.141 port 47194 [preauth]
Sep 28 10:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 28 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: Failed password for root from 164.68.105.9 port 38888 ssh2
Sep 28 10:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: Connection closed by 164.68.105.9 port 38888 [preauth]
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8389]: Successful su for rubyman by root
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8389]: + ??? root:rubyman
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307748 of user rubyman.
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8389]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307748.
Sep 28 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5261]: pam_unix(cron:session): session closed for user root
Sep 28 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Invalid user webmaster from 196.251.69.141
Sep 28 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Failed password for invalid user webmaster from 196.251.69.141 port 47600 ssh2
Sep 28 10:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Connection closed by 196.251.69.141 port 47600 [preauth]
Sep 28 10:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session closed for user root
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8884]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8885]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: Successful su for rubyman by root
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: + ??? root:rubyman
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307751 of user rubyman.
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307751.
Sep 28 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session closed for user root
Sep 28 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8883]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Invalid user webmaster from 196.251.69.141
Sep 28 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Failed password for invalid user webmaster from 196.251.69.141 port 48182 ssh2
Sep 28 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Connection closed by 196.251.69.141 port 48182 [preauth]
Sep 28 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Invalid user user001 from 152.32.129.140
Sep 28 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: input_userauth_request: invalid user user001 [preauth]
Sep 28 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7812]: pam_unix(cron:session): session closed for user root
Sep 28 10:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Failed password for invalid user user001 from 152.32.129.140 port 30780 ssh2
Sep 28 10:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Received disconnect from 152.32.129.140 port 30780:11: Bye Bye [preauth]
Sep 28 10:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Disconnected from 152.32.129.140 port 30780 [preauth]
Sep 28 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: Invalid user webmaster from 196.251.69.141
Sep 28 10:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: input_userauth_request: invalid user webmaster [preauth]
Sep 28 10:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: Failed password for invalid user webmaster from 196.251.69.141 port 48444 ssh2
Sep 28 10:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: Connection closed by 196.251.69.141 port 48444 [preauth]
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9440]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9441]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: Successful su for rubyman by root
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: + ??? root:rubyman
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307755 of user rubyman.
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307755.
Sep 28 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6250]: pam_unix(cron:session): session closed for user root
Sep 28 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session closed for user root
Sep 28 10:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: Invalid user nagios from 196.251.69.141
Sep 28 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: Failed password for invalid user nagios from 196.251.69.141 port 49024 ssh2
Sep 28 10:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: Connection closed by 196.251.69.141 port 49024 [preauth]
Sep 28 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Connection closed by 152.32.129.140 port 54778 [preauth]
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session closed for user root
Sep 28 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: Successful su for rubyman by root
Sep 28 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: + ??? root:rubyman
Sep 28 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307763 of user rubyman.
Sep 28 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307763.
Sep 28 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6785]: pam_unix(cron:session): session closed for user root
Sep 28 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session closed for user root
Sep 28 10:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Invalid user nagios from 196.251.69.141
Sep 28 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Failed password for invalid user nagios from 196.251.69.141 port 49404 ssh2
Sep 28 10:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Connection closed by 196.251.69.141 port 49404 [preauth]
Sep 28 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8885]: pam_unix(cron:session): session closed for user root
Sep 28 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10569]: Successful su for rubyman by root
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10569]: + ??? root:rubyman
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307765 of user rubyman.
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10569]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307765.
Sep 28 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Invalid user nagios from 196.251.69.141
Sep 28 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Failed password for invalid user nagios from 196.251.69.141 port 49774 ssh2
Sep 28 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10609]: Connection closed by 196.251.69.141 port 49774 [preauth]
Sep 28 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: Invalid user zhangke from 152.32.129.140
Sep 28 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: input_userauth_request: invalid user zhangke [preauth]
Sep 28 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session closed for user root
Sep 28 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: Failed password for invalid user zhangke from 152.32.129.140 port 23786 ssh2
Sep 28 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: Received disconnect from 152.32.129.140 port 23786:11: Bye Bye [preauth]
Sep 28 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10727]: Disconnected from 152.32.129.140 port 23786 [preauth]
Sep 28 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9441]: pam_unix(cron:session): session closed for user root
Sep 28 10:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: Invalid user nagios from 196.251.69.141
Sep 28 10:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: Failed password for invalid user nagios from 196.251.69.141 port 50132 ssh2
Sep 28 10:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10903]: Connection closed by 196.251.69.141 port 50132 [preauth]
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10932]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: Successful su for rubyman by root
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: + ??? root:rubyman
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307769 of user rubyman.
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11000]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307769.
Sep 28 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session closed for user root
Sep 28 10:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10934]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Invalid user anderson from 152.32.129.140
Sep 28 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: input_userauth_request: invalid user anderson [preauth]
Sep 28 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Failed password for invalid user anderson from 152.32.129.140 port 47782 ssh2
Sep 28 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Received disconnect from 152.32.129.140 port 47782:11: Bye Bye [preauth]
Sep 28 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Disconnected from 152.32.129.140 port 47782 [preauth]
Sep 28 10:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Invalid user nagios from 196.251.69.141
Sep 28 10:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Failed password for invalid user nagios from 196.251.69.141 port 50316 ssh2
Sep 28 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Connection closed by 196.251.69.141 port 50316 [preauth]
Sep 28 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session closed for user root
Sep 28 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11435]: Successful su for rubyman by root
Sep 28 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11435]: + ??? root:rubyman
Sep 28 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307774 of user rubyman.
Sep 28 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11435]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307774.
Sep 28 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user root
Sep 28 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Invalid user nagios from 196.251.69.141
Sep 28 10:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Failed password for invalid user nagios from 196.251.69.141 port 50660 ssh2
Sep 28 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Connection closed by 196.251.69.141 port 50660 [preauth]
Sep 28 10:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Invalid user veera from 152.32.129.140
Sep 28 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: input_userauth_request: invalid user veera [preauth]
Sep 28 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Failed password for invalid user veera from 152.32.129.140 port 16776 ssh2
Sep 28 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Received disconnect from 152.32.129.140 port 16776:11: Bye Bye [preauth]
Sep 28 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Disconnected from 152.32.129.140 port 16776 [preauth]
Sep 28 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session closed for user root
Sep 28 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Invalid user nagios from 196.251.69.141
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11893]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: Successful su for rubyman by root
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: + ??? root:rubyman
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307777 of user rubyman.
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11961]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307777.
Sep 28 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Failed password for invalid user nagios from 196.251.69.141 port 51126 ssh2
Sep 28 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Connection closed by 196.251.69.141 port 51126 [preauth]
Sep 28 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8884]: pam_unix(cron:session): session closed for user root
Sep 28 10:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11894]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Failed password for root from 103.115.50.217 port 51318 ssh2
Sep 28 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Received disconnect from 103.115.50.217 port 51318:11: Bye Bye [preauth]
Sep 28 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12223]: Disconnected from 103.115.50.217 port 51318 [preauth]
Sep 28 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session closed for user root
Sep 28 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 28 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Failed password for root from 93.152.230.176 port 50972 ssh2
Sep 28 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Received disconnect from 93.152.230.176 port 50972:11: Client disconnecting normally [preauth]
Sep 28 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Disconnected from 93.152.230.176 port 50972 [preauth]
Sep 28 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Invalid user clouduser from 152.32.129.140
Sep 28 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: input_userauth_request: invalid user clouduser [preauth]
Sep 28 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Invalid user nagios from 196.251.69.141
Sep 28 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Failed password for invalid user clouduser from 152.32.129.140 port 40786 ssh2
Sep 28 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Received disconnect from 152.32.129.140 port 40786:11: Bye Bye [preauth]
Sep 28 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Disconnected from 152.32.129.140 port 40786 [preauth]
Sep 28 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Failed password for invalid user nagios from 196.251.69.141 port 51080 ssh2
Sep 28 10:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Connection closed by 196.251.69.141 port 51080 [preauth]
Sep 28 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Invalid user  from 146.190.246.86
Sep 28 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: input_userauth_request: invalid user  [preauth]
Sep 28 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12331]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session closed for user root
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12416]: Successful su for rubyman by root
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12416]: + ??? root:rubyman
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307784 of user rubyman.
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12416]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307784.
Sep 28 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9440]: pam_unix(cron:session): session closed for user root
Sep 28 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12331]: pam_unix(cron:session): session closed for user root
Sep 28 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Connection closed by 146.190.246.86 port 53112 [preauth]
Sep 28 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 28 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Failed password for root from 20.163.71.109 port 36772 ssh2
Sep 28 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Connection closed by 20.163.71.109 port 36772 [preauth]
Sep 28 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: Invalid user nagios from 196.251.69.141
Sep 28 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: Failed password for invalid user nagios from 196.251.69.141 port 51178 ssh2
Sep 28 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12700]: Connection closed by 196.251.69.141 port 51178 [preauth]
Sep 28 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11375]: pam_unix(cron:session): session closed for user root
Sep 28 10:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Invalid user dolphin from 146.190.246.86
Sep 28 10:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Failed password for invalid user dolphin from 146.190.246.86 port 55612 ssh2
Sep 28 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Connection closed by 146.190.246.86 port 55612 [preauth]
Sep 28 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Failed password for root from 152.32.129.140 port 64778 ssh2
Sep 28 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Received disconnect from 152.32.129.140 port 64778:11: Bye Bye [preauth]
Sep 28 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Disconnected from 152.32.129.140 port 64778 [preauth]
Sep 28 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Invalid user factorio from 146.190.246.86
Sep 28 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: input_userauth_request: invalid user factorio [preauth]
Sep 28 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for invalid user factorio from 146.190.246.86 port 44004 ssh2
Sep 28 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Connection closed by 146.190.246.86 port 44004 [preauth]
Sep 28 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12822]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12899]: Successful su for rubyman by root
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12899]: + ??? root:rubyman
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307788 of user rubyman.
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12899]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307788.
Sep 28 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session closed for user root
Sep 28 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: Invalid user arkserver from 146.190.246.86
Sep 28 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: Failed password for invalid user arkserver from 146.190.246.86 port 49360 ssh2
Sep 28 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: Connection closed by 146.190.246.86 port 49360 [preauth]
Sep 28 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Invalid user tomcat from 196.251.69.141
Sep 28 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Failed password for invalid user tomcat from 196.251.69.141 port 51536 ssh2
Sep 28 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Connection closed by 196.251.69.141 port 51536 [preauth]
Sep 28 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Invalid user lighthouse from 146.190.246.86
Sep 28 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 10:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for invalid user lighthouse from 146.190.246.86 port 37530 ssh2
Sep 28 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Connection closed by 146.190.246.86 port 37530 [preauth]
Sep 28 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Invalid user nft from 146.190.246.86
Sep 28 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: input_userauth_request: invalid user nft [preauth]
Sep 28 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11896]: pam_unix(cron:session): session closed for user root
Sep 28 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Failed password for invalid user nft from 146.190.246.86 port 34966 ssh2
Sep 28 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Connection closed by 146.190.246.86 port 34966 [preauth]
Sep 28 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Invalid user oscar from 146.190.246.86
Sep 28 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: input_userauth_request: invalid user oscar [preauth]
Sep 28 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Failed password for invalid user oscar from 146.190.246.86 port 60754 ssh2
Sep 28 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Connection closed by 146.190.246.86 port 60754 [preauth]
Sep 28 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Invalid user plexuser from 152.32.129.140
Sep 28 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: input_userauth_request: invalid user plexuser [preauth]
Sep 28 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Failed password for invalid user plexuser from 152.32.129.140 port 33772 ssh2
Sep 28 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Received disconnect from 152.32.129.140 port 33772:11: Bye Bye [preauth]
Sep 28 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Disconnected from 152.32.129.140 port 33772 [preauth]
Sep 28 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: Invalid user tomcat from 196.251.69.141
Sep 28 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: Failed password for invalid user tomcat from 196.251.69.141 port 51848 ssh2
Sep 28 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13268]: Connection closed by 196.251.69.141 port 51848 [preauth]
Sep 28 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: Failed password for root from 146.190.246.86 port 40872 ssh2
Sep 28 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: Connection closed by 146.190.246.86 port 40872 [preauth]
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13292]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13291]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13288]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13364]: Successful su for rubyman by root
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13364]: + ??? root:rubyman
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307791 of user rubyman.
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13364]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307791.
Sep 28 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session closed for user root
Sep 28 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13289]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Invalid user admin from 146.190.246.86
Sep 28 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: input_userauth_request: invalid user admin [preauth]
Sep 28 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Failed password for invalid user admin from 146.190.246.86 port 36294 ssh2
Sep 28 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Connection closed by 146.190.246.86 port 36294 [preauth]
Sep 28 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Invalid user es from 146.190.246.86
Sep 28 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: input_userauth_request: invalid user es [preauth]
Sep 28 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Failed password for invalid user es from 146.190.246.86 port 55860 ssh2
Sep 28 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Connection closed by 146.190.246.86 port 55860 [preauth]
Sep 28 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Invalid user user from 62.60.131.157
Sep 28 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: input_userauth_request: invalid user user [preauth]
Sep 28 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for invalid user user from 62.60.131.157 port 41771 ssh2
Sep 28 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for invalid user user from 62.60.131.157 port 41771 ssh2
Sep 28 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for invalid user user from 62.60.131.157 port 41771 ssh2
Sep 28 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for invalid user user from 62.60.131.157 port 41771 ssh2
Sep 28 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Invalid user node from 146.190.246.86
Sep 28 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: input_userauth_request: invalid user node [preauth]
Sep 28 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session closed for user root
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for invalid user user from 62.60.131.157 port 41771 ssh2
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Failed password for invalid user node from 146.190.246.86 port 60952 ssh2
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Connection closed by 146.190.246.86 port 60952 [preauth]
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Received disconnect from 62.60.131.157 port 41771:11: Bye [preauth]
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Disconnected from 62.60.131.157 port 41771 [preauth]
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Invalid user tomcat from 196.251.69.141
Sep 28 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Failed password for invalid user tomcat from 196.251.69.141 port 52068 ssh2
Sep 28 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Connection closed by 196.251.69.141 port 52068 [preauth]
Sep 28 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Invalid user steam from 146.190.246.86
Sep 28 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: input_userauth_request: invalid user steam [preauth]
Sep 28 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Failed password for invalid user steam from 146.190.246.86 port 46528 ssh2
Sep 28 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13690]: Connection closed by 146.190.246.86 port 46528 [preauth]
Sep 28 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Failed password for root from 152.32.129.140 port 57766 ssh2
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Received disconnect from 152.32.129.140 port 57766:11: Bye Bye [preauth]
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Disconnected from 152.32.129.140 port 57766 [preauth]
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Invalid user ubuntu from 146.190.246.86
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: Successful su for rubyman by root
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: + ??? root:rubyman
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307796 of user rubyman.
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307796.
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user ubuntu from 146.190.246.86 port 58768 ssh2
Sep 28 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Connection closed by 146.190.246.86 port 58768 [preauth]
Sep 28 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session closed for user root
Sep 28 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Invalid user kubernetes from 146.190.246.86
Sep 28 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: input_userauth_request: invalid user kubernetes [preauth]
Sep 28 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Failed password for invalid user kubernetes from 146.190.246.86 port 58744 ssh2
Sep 28 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Connection closed by 146.190.246.86 port 58744 [preauth]
Sep 28 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Invalid user send from 155.4.245.222
Sep 28 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: input_userauth_request: invalid user send [preauth]
Sep 28 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Failed password for invalid user send from 155.4.245.222 port 17355 ssh2
Sep 28 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Received disconnect from 155.4.245.222 port 17355:11: Bye Bye [preauth]
Sep 28 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Disconnected from 155.4.245.222 port 17355 [preauth]
Sep 28 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: User uucp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: input_userauth_request: invalid user uucp [preauth]
Sep 28 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=uucp
Sep 28 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Invalid user tomcat from 196.251.69.141
Sep 28 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Failed password for invalid user uucp from 146.190.246.86 port 38286 ssh2
Sep 28 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Connection closed by 146.190.246.86 port 38286 [preauth]
Sep 28 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for invalid user tomcat from 196.251.69.141 port 52246 ssh2
Sep 28 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Connection closed by 196.251.69.141 port 52246 [preauth]
Sep 28 10:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session closed for user root
Sep 28 10:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Invalid user www from 146.190.246.86
Sep 28 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: input_userauth_request: invalid user www [preauth]
Sep 28 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for invalid user www from 146.190.246.86 port 58760 ssh2
Sep 28 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 146.190.246.86 port 58760 [preauth]
Sep 28 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: Failed password for root from 103.115.50.217 port 34992 ssh2
Sep 28 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: Received disconnect from 103.115.50.217 port 34992:11: Bye Bye [preauth]
Sep 28 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: Disconnected from 103.115.50.217 port 34992 [preauth]
Sep 28 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Invalid user mapr from 146.190.246.86
Sep 28 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: input_userauth_request: invalid user mapr [preauth]
Sep 28 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Failed password for invalid user mapr from 146.190.246.86 port 57966 ssh2
Sep 28 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Connection closed by 146.190.246.86 port 57966 [preauth]
Sep 28 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Invalid user plex from 146.190.246.86
Sep 28 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: input_userauth_request: invalid user plex [preauth]
Sep 28 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: Successful su for rubyman by root
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: + ??? root:rubyman
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307799 of user rubyman.
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307799.
Sep 28 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Failed password for invalid user plex from 146.190.246.86 port 32904 ssh2
Sep 28 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Connection closed by 146.190.246.86 port 32904 [preauth]
Sep 28 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11372]: pam_unix(cron:session): session closed for user root
Sep 28 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Invalid user tomcat from 196.251.69.141
Sep 28 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Failed password for invalid user tomcat from 196.251.69.141 port 53728 ssh2
Sep 28 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Connection closed by 196.251.69.141 port 53728 [preauth]
Sep 28 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Failed password for root from 152.32.129.140 port 26766 ssh2
Sep 28 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Received disconnect from 152.32.129.140 port 26766:11: Bye Bye [preauth]
Sep 28 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Disconnected from 152.32.129.140 port 26766 [preauth]
Sep 28 10:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: Failed password for root from 146.190.246.86 port 50448 ssh2
Sep 28 10:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: Connection closed by 146.190.246.86 port 50448 [preauth]
Sep 28 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: Failed password for root from 146.190.246.86 port 60116 ssh2
Sep 28 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: Connection closed by 146.190.246.86 port 60116 [preauth]
Sep 28 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13292]: pam_unix(cron:session): session closed for user root
Sep 28 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Invalid user sftp from 146.190.246.86
Sep 28 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: input_userauth_request: invalid user sftp [preauth]
Sep 28 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Failed password for invalid user sftp from 146.190.246.86 port 47772 ssh2
Sep 28 10:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Connection closed by 146.190.246.86 port 47772 [preauth]
Sep 28 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Invalid user huawei from 146.190.246.86
Sep 28 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Failed password for invalid user huawei from 146.190.246.86 port 49988 ssh2
Sep 28 10:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Connection closed by 146.190.246.86 port 49988 [preauth]
Sep 28 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Invalid user tomcat from 196.251.69.141
Sep 28 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Failed password for invalid user tomcat from 196.251.69.141 port 52846 ssh2
Sep 28 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Connection closed by 196.251.69.141 port 52846 [preauth]
Sep 28 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Invalid user noah from 103.115.50.217
Sep 28 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: input_userauth_request: invalid user noah [preauth]
Sep 28 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Failed password for invalid user noah from 103.115.50.217 port 53672 ssh2
Sep 28 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Received disconnect from 103.115.50.217 port 53672:11: Bye Bye [preauth]
Sep 28 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Disconnected from 103.115.50.217 port 53672 [preauth]
Sep 28 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Invalid user huawei from 146.190.246.86
Sep 28 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Failed password for invalid user huawei from 146.190.246.86 port 55448 ssh2
Sep 28 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Connection closed by 146.190.246.86 port 55448 [preauth]
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14692]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14693]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14694]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14694]: pam_unix(cron:session): session closed for user root
Sep 28 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14762]: Successful su for rubyman by root
Sep 28 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14762]: + ??? root:rubyman
Sep 28 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307805 of user rubyman.
Sep 28 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14762]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307805.
Sep 28 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11895]: pam_unix(cron:session): session closed for user root
Sep 28 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14691]: pam_unix(cron:session): session closed for user root
Sep 28 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Invalid user steam from 146.190.246.86
Sep 28 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: input_userauth_request: invalid user steam [preauth]
Sep 28 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Failed password for invalid user steam from 146.190.246.86 port 55270 ssh2
Sep 28 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Connection closed by 146.190.246.86 port 55270 [preauth]
Sep 28 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Invalid user hive from 146.190.246.86
Sep 28 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: input_userauth_request: invalid user hive [preauth]
Sep 28 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user hive from 146.190.246.86 port 43590 ssh2
Sep 28 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Connection closed by 146.190.246.86 port 43590 [preauth]
Sep 28 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Failed password for root from 152.32.129.140 port 50772 ssh2
Sep 28 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Received disconnect from 152.32.129.140 port 50772:11: Bye Bye [preauth]
Sep 28 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Disconnected from 152.32.129.140 port 50772 [preauth]
Sep 28 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13734]: pam_unix(cron:session): session closed for user root
Sep 28 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: Invalid user esadmin from 146.190.246.86
Sep 28 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: input_userauth_request: invalid user esadmin [preauth]
Sep 28 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: Failed password for invalid user esadmin from 146.190.246.86 port 35802 ssh2
Sep 28 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: Connection closed by 146.190.246.86 port 35802 [preauth]
Sep 28 10:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Invalid user tomcat from 196.251.69.141
Sep 28 10:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: Invalid user ubuntu from 155.4.245.222
Sep 28 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Failed password for invalid user tomcat from 196.251.69.141 port 53112 ssh2
Sep 28 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Connection closed by 196.251.69.141 port 53112 [preauth]
Sep 28 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: Failed password for invalid user ubuntu from 155.4.245.222 port 65244 ssh2
Sep 28 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: Received disconnect from 155.4.245.222 port 65244:11: Bye Bye [preauth]
Sep 28 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15101]: Disconnected from 155.4.245.222 port 65244 [preauth]
Sep 28 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Invalid user vagrant from 146.190.246.86
Sep 28 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Failed password for invalid user vagrant from 146.190.246.86 port 41470 ssh2
Sep 28 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Connection closed by 146.190.246.86 port 41470 [preauth]
Sep 28 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Invalid user deploy from 146.190.246.86
Sep 28 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: input_userauth_request: invalid user deploy [preauth]
Sep 28 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Failed password for invalid user deploy from 146.190.246.86 port 38452 ssh2
Sep 28 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Connection closed by 146.190.246.86 port 38452 [preauth]
Sep 28 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15158]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: Successful su for rubyman by root
Sep 28 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: + ??? root:rubyman
Sep 28 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307810 of user rubyman.
Sep 28 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307810.
Sep 28 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session closed for user root
Sep 28 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15159]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Invalid user hadoop from 146.190.246.86
Sep 28 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for root from 103.115.50.217 port 45426 ssh2
Sep 28 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Received disconnect from 103.115.50.217 port 45426:11: Bye Bye [preauth]
Sep 28 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Disconnected from 103.115.50.217 port 45426 [preauth]
Sep 28 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Failed password for invalid user hadoop from 146.190.246.86 port 56416 ssh2
Sep 28 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Connection closed by 146.190.246.86 port 56416 [preauth]
Sep 28 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: Invalid user tomcat from 196.251.69.141
Sep 28 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Invalid user oracle from 146.190.246.86
Sep 28 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: input_userauth_request: invalid user oracle [preauth]
Sep 28 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: Failed password for invalid user tomcat from 196.251.69.141 port 53450 ssh2
Sep 28 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15474]: Connection closed by 196.251.69.141 port 53450 [preauth]
Sep 28 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Failed password for invalid user oracle from 146.190.246.86 port 36398 ssh2
Sep 28 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Connection closed by 146.190.246.86 port 36398 [preauth]
Sep 28 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Invalid user huawei from 146.190.246.86
Sep 28 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session closed for user root
Sep 28 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Failed password for invalid user huawei from 146.190.246.86 port 56884 ssh2
Sep 28 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Connection closed by 146.190.246.86 port 56884 [preauth]
Sep 28 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Failed password for root from 152.32.129.140 port 19770 ssh2
Sep 28 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Received disconnect from 152.32.129.140 port 19770:11: Bye Bye [preauth]
Sep 28 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Disconnected from 152.32.129.140 port 19770 [preauth]
Sep 28 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15568]: Failed password for root from 146.190.246.86 port 46420 ssh2
Sep 28 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15568]: Connection closed by 146.190.246.86 port 46420 [preauth]
Sep 28 10:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: Invalid user paulo from 155.4.245.222
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: input_userauth_request: invalid user paulo [preauth]
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Invalid user php from 146.190.246.86
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: input_userauth_request: invalid user php [preauth]
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: Failed password for invalid user paulo from 155.4.245.222 port 21534 ssh2
Sep 28 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: Received disconnect from 155.4.245.222 port 21534:11: Bye Bye [preauth]
Sep 28 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15598]: Disconnected from 155.4.245.222 port 21534 [preauth]
Sep 28 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Failed password for invalid user php from 146.190.246.86 port 41482 ssh2
Sep 28 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Connection closed by 146.190.246.86 port 41482 [preauth]
Sep 28 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15615]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: Successful su for rubyman by root
Sep 28 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: + ??? root:rubyman
Sep 28 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307815 of user rubyman.
Sep 28 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307815.
Sep 28 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: Invalid user tomcat from 196.251.69.141
Sep 28 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: Failed password for invalid user tomcat from 196.251.69.141 port 53684 ssh2
Sep 28 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session closed for user root
Sep 28 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15612]: Connection closed by 196.251.69.141 port 53684 [preauth]
Sep 28 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15616]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Invalid user nagios from 146.190.246.86
Sep 28 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Failed password for invalid user nagios from 146.190.246.86 port 46038 ssh2
Sep 28 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Connection closed by 146.190.246.86 port 46038 [preauth]
Sep 28 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Invalid user mohamed from 103.115.50.217
Sep 28 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: input_userauth_request: invalid user mohamed [preauth]
Sep 28 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Failed password for invalid user mohamed from 103.115.50.217 port 35942 ssh2
Sep 28 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Received disconnect from 103.115.50.217 port 35942:11: Bye Bye [preauth]
Sep 28 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15916]: Disconnected from 103.115.50.217 port 35942 [preauth]
Sep 28 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: Invalid user admin from 146.190.246.86
Sep 28 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: input_userauth_request: invalid user admin [preauth]
Sep 28 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: Failed password for invalid user admin from 146.190.246.86 port 38286 ssh2
Sep 28 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15918]: Connection closed by 146.190.246.86 port 38286 [preauth]
Sep 28 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Invalid user redis from 146.190.246.86
Sep 28 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: input_userauth_request: invalid user redis [preauth]
Sep 28 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Failed password for invalid user redis from 146.190.246.86 port 53336 ssh2
Sep 28 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Connection closed by 146.190.246.86 port 53336 [preauth]
Sep 28 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14693]: pam_unix(cron:session): session closed for user root
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: Invalid user zabbix from 146.190.246.86
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Invalid user weblogic from 196.251.69.141
Sep 28 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: Failed password for invalid user zabbix from 146.190.246.86 port 48596 ssh2
Sep 28 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: Connection closed by 146.190.246.86 port 48596 [preauth]
Sep 28 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Failed password for root from 152.32.129.140 port 43766 ssh2
Sep 28 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Received disconnect from 152.32.129.140 port 43766:11: Bye Bye [preauth]
Sep 28 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Disconnected from 152.32.129.140 port 43766 [preauth]
Sep 28 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Failed password for invalid user weblogic from 196.251.69.141 port 53574 ssh2
Sep 28 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Connection closed by 196.251.69.141 port 53574 [preauth]
Sep 28 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Invalid user rancher from 146.190.246.86
Sep 28 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: input_userauth_request: invalid user rancher [preauth]
Sep 28 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Failed password for invalid user rancher from 146.190.246.86 port 58952 ssh2
Sep 28 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Connection closed by 146.190.246.86 port 58952 [preauth]
Sep 28 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16061]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16120]: Successful su for rubyman by root
Sep 28 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16120]: + ??? root:rubyman
Sep 28 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307819 of user rubyman.
Sep 28 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16120]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307819.
Sep 28 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13291]: pam_unix(cron:session): session closed for user root
Sep 28 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: User ftp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: input_userauth_request: invalid user ftp [preauth]
Sep 28 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=ftp
Sep 28 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for invalid user ftp from 146.190.246.86 port 44190 ssh2
Sep 28 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Connection closed by 146.190.246.86 port 44190 [preauth]
Sep 28 10:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Failed password for root from 155.4.245.222 port 33951 ssh2
Sep 28 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Received disconnect from 155.4.245.222 port 33951:11: Bye Bye [preauth]
Sep 28 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Disconnected from 155.4.245.222 port 33951 [preauth]
Sep 28 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Invalid user sftp from 146.190.246.86
Sep 28 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: input_userauth_request: invalid user sftp [preauth]
Sep 28 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: Invalid user webhost from 103.115.50.217
Sep 28 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: input_userauth_request: invalid user webhost [preauth]
Sep 28 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Failed password for invalid user sftp from 146.190.246.86 port 44458 ssh2
Sep 28 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Connection closed by 146.190.246.86 port 44458 [preauth]
Sep 28 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: Failed password for invalid user webhost from 103.115.50.217 port 53992 ssh2
Sep 28 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: Received disconnect from 103.115.50.217 port 53992:11: Bye Bye [preauth]
Sep 28 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16371]: Disconnected from 103.115.50.217 port 53992 [preauth]
Sep 28 10:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Invalid user weblogic from 196.251.69.141
Sep 28 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Invalid user vnc from 146.190.246.86
Sep 28 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: input_userauth_request: invalid user vnc [preauth]
Sep 28 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Failed password for invalid user weblogic from 196.251.69.141 port 54046 ssh2
Sep 28 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Connection closed by 196.251.69.141 port 54046 [preauth]
Sep 28 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for invalid user vnc from 146.190.246.86 port 58448 ssh2
Sep 28 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 146.190.246.86 port 58448 [preauth]
Sep 28 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session closed for user root
Sep 28 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Invalid user sonar from 146.190.246.86
Sep 28 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: input_userauth_request: invalid user sonar [preauth]
Sep 28 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for invalid user sonar from 146.190.246.86 port 41040 ssh2
Sep 28 10:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 146.190.246.86 port 41040 [preauth]
Sep 28 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Invalid user mike from 152.32.129.140
Sep 28 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: input_userauth_request: invalid user mike [preauth]
Sep 28 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Failed password for invalid user mike from 152.32.129.140 port 12762 ssh2
Sep 28 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Received disconnect from 152.32.129.140 port 12762:11: Bye Bye [preauth]
Sep 28 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Disconnected from 152.32.129.140 port 12762 [preauth]
Sep 28 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: Failed password for root from 146.190.246.86 port 46580 ssh2
Sep 28 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: Connection closed by 146.190.246.86 port 46580 [preauth]
Sep 28 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16509]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: Successful su for rubyman by root
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: + ??? root:rubyman
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307822 of user rubyman.
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307822.
Sep 28 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16507]: pam_unix(cron:session): session closed for user root
Sep 28 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session closed for user root
Sep 28 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: Failed password for root from 146.190.246.86 port 36198 ssh2
Sep 28 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16864]: Connection closed by 146.190.246.86 port 36198 [preauth]
Sep 28 10:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: Invalid user weblogic from 196.251.69.141
Sep 28 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: Failed password for invalid user weblogic from 196.251.69.141 port 54018 ssh2
Sep 28 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16900]: Connection closed by 196.251.69.141 port 54018 [preauth]
Sep 28 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: Failed password for root from 146.190.246.86 port 58778 ssh2
Sep 28 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: Connection closed by 146.190.246.86 port 58778 [preauth]
Sep 28 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for root from 103.115.50.217 port 43788 ssh2
Sep 28 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Received disconnect from 103.115.50.217 port 43788:11: Bye Bye [preauth]
Sep 28 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Disconnected from 103.115.50.217 port 43788 [preauth]
Sep 28 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Invalid user rclone from 146.190.246.86
Sep 28 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: input_userauth_request: invalid user rclone [preauth]
Sep 28 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Failed password for invalid user rclone from 146.190.246.86 port 47518 ssh2
Sep 28 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Connection closed by 146.190.246.86 port 47518 [preauth]
Sep 28 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Invalid user test from 155.4.245.222
Sep 28 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: input_userauth_request: invalid user test [preauth]
Sep 28 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session closed for user root
Sep 28 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Failed password for invalid user test from 155.4.245.222 port 1717 ssh2
Sep 28 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Received disconnect from 155.4.245.222 port 1717:11: Bye Bye [preauth]
Sep 28 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Disconnected from 155.4.245.222 port 1717 [preauth]
Sep 28 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: Failed password for root from 146.190.246.86 port 36440 ssh2
Sep 28 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: Connection closed by 146.190.246.86 port 36440 [preauth]
Sep 28 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Failed password for root from 146.190.246.86 port 38416 ssh2
Sep 28 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17053]: Connection closed by 146.190.246.86 port 38416 [preauth]
Sep 28 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Invalid user weblogic from 196.251.69.141
Sep 28 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: Invalid user postgresql from 152.32.129.140
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: input_userauth_request: invalid user postgresql [preauth]
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17078]: pam_unix(cron:session): session closed for user root
Sep 28 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17070]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: Successful su for rubyman by root
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: + ??? root:rubyman
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307831 of user rubyman.
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17158]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307831.
Sep 28 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Failed password for invalid user weblogic from 196.251.69.141 port 54752 ssh2
Sep 28 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17058]: Connection closed by 196.251.69.141 port 54752 [preauth]
Sep 28 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: Failed password for invalid user postgresql from 152.32.129.140 port 36760 ssh2
Sep 28 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: Received disconnect from 152.32.129.140 port 36760:11: Bye Bye [preauth]
Sep 28 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17066]: Disconnected from 152.32.129.140 port 36760 [preauth]
Sep 28 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session closed for user root
Sep 28 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session closed for user root
Sep 28 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Invalid user elk from 146.190.246.86
Sep 28 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: input_userauth_request: invalid user elk [preauth]
Sep 28 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user elk from 146.190.246.86 port 54290 ssh2
Sep 28 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Connection closed by 146.190.246.86 port 54290 [preauth]
Sep 28 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17071]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Invalid user airflow from 146.190.246.86
Sep 28 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: input_userauth_request: invalid user airflow [preauth]
Sep 28 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Failed password for invalid user airflow from 146.190.246.86 port 36392 ssh2
Sep 28 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Connection closed by 146.190.246.86 port 36392 [preauth]
Sep 28 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Invalid user monitoring from 103.115.50.217
Sep 28 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: input_userauth_request: invalid user monitoring [preauth]
Sep 28 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Invalid user lighthouse from 146.190.246.86
Sep 28 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Failed password for invalid user monitoring from 103.115.50.217 port 33856 ssh2
Sep 28 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Received disconnect from 103.115.50.217 port 33856:11: Bye Bye [preauth]
Sep 28 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Disconnected from 103.115.50.217 port 33856 [preauth]
Sep 28 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Failed password for invalid user lighthouse from 146.190.246.86 port 48122 ssh2
Sep 28 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17462]: Connection closed by 146.190.246.86 port 48122 [preauth]
Sep 28 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16061]: pam_unix(cron:session): session closed for user root
Sep 28 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Invalid user bot from 146.190.246.86
Sep 28 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: input_userauth_request: invalid user bot [preauth]
Sep 28 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Failed password for invalid user bot from 146.190.246.86 port 46208 ssh2
Sep 28 10:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Connection closed by 146.190.246.86 port 46208 [preauth]
Sep 28 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: Invalid user weblogic from 196.251.69.141
Sep 28 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: Failed password for invalid user weblogic from 196.251.69.141 port 54574 ssh2
Sep 28 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: Connection closed by 196.251.69.141 port 54574 [preauth]
Sep 28 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Invalid user upload from 155.4.245.222
Sep 28 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: input_userauth_request: invalid user upload [preauth]
Sep 28 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Failed password for invalid user upload from 155.4.245.222 port 35095 ssh2
Sep 28 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Received disconnect from 155.4.245.222 port 35095:11: Bye Bye [preauth]
Sep 28 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Disconnected from 155.4.245.222 port 35095 [preauth]
Sep 28 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Invalid user ubuntu from 146.190.246.86
Sep 28 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Failed password for invalid user ubuntu from 146.190.246.86 port 53930 ssh2
Sep 28 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Connection closed by 146.190.246.86 port 53930 [preauth]
Sep 28 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: Successful su for rubyman by root
Sep 28 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: + ??? root:rubyman
Sep 28 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307834 of user rubyman.
Sep 28 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17646]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307834.
Sep 28 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14692]: pam_unix(cron:session): session closed for user root
Sep 28 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Invalid user huawei from 146.190.246.86
Sep 28 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Invalid user katie from 152.32.129.140
Sep 28 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: input_userauth_request: invalid user katie [preauth]
Sep 28 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Failed password for invalid user huawei from 146.190.246.86 port 57516 ssh2
Sep 28 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Connection closed by 146.190.246.86 port 57516 [preauth]
Sep 28 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Failed password for invalid user katie from 152.32.129.140 port 60752 ssh2
Sep 28 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Received disconnect from 152.32.129.140 port 60752:11: Bye Bye [preauth]
Sep 28 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Disconnected from 152.32.129.140 port 60752 [preauth]
Sep 28 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: Invalid user test from 146.190.246.86
Sep 28 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: input_userauth_request: invalid user test [preauth]
Sep 28 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: Failed password for invalid user test from 146.190.246.86 port 58368 ssh2
Sep 28 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17986]: Connection closed by 146.190.246.86 port 58368 [preauth]
Sep 28 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Invalid user redis from 146.190.246.86
Sep 28 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: input_userauth_request: invalid user redis [preauth]
Sep 28 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Invalid user weblogic from 196.251.69.141
Sep 28 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user root
Sep 28 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Failed password for invalid user redis from 146.190.246.86 port 50352 ssh2
Sep 28 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Connection closed by 146.190.246.86 port 50352 [preauth]
Sep 28 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Failed password for invalid user weblogic from 196.251.69.141 port 54686 ssh2
Sep 28 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18029]: Connection closed by 196.251.69.141 port 54686 [preauth]
Sep 28 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: Failed password for root from 103.115.50.217 port 51248 ssh2
Sep 28 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: Received disconnect from 103.115.50.217 port 51248:11: Bye Bye [preauth]
Sep 28 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: Disconnected from 103.115.50.217 port 51248 [preauth]
Sep 28 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Invalid user sol from 146.190.246.86
Sep 28 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: input_userauth_request: invalid user sol [preauth]
Sep 28 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Failed password for invalid user sol from 146.190.246.86 port 55314 ssh2
Sep 28 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Connection closed by 146.190.246.86 port 55314 [preauth]
Sep 28 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Invalid user bigdata from 146.190.246.86
Sep 28 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: input_userauth_request: invalid user bigdata [preauth]
Sep 28 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for invalid user bigdata from 146.190.246.86 port 37948 ssh2
Sep 28 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Connection closed by 146.190.246.86 port 37948 [preauth]
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18261]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: Successful su for rubyman by root
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: + ??? root:rubyman
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307836 of user rubyman.
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307836.
Sep 28 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Invalid user yinghe from 155.4.245.222
Sep 28 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: input_userauth_request: invalid user yinghe [preauth]
Sep 28 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for invalid user yinghe from 155.4.245.222 port 4181 ssh2
Sep 28 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session closed for user root
Sep 28 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Received disconnect from 155.4.245.222 port 4181:11: Bye Bye [preauth]
Sep 28 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Disconnected from 155.4.245.222 port 4181 [preauth]
Sep 28 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18262]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Invalid user nurupo from 146.190.246.86
Sep 28 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: input_userauth_request: invalid user nurupo [preauth]
Sep 28 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Failed password for invalid user nurupo from 146.190.246.86 port 49558 ssh2
Sep 28 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Connection closed by 146.190.246.86 port 49558 [preauth]
Sep 28 10:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Invalid user distro from 152.32.129.140
Sep 28 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: input_userauth_request: invalid user distro [preauth]
Sep 28 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Failed password for invalid user distro from 152.32.129.140 port 29748 ssh2
Sep 28 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Received disconnect from 152.32.129.140 port 29748:11: Bye Bye [preauth]
Sep 28 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Disconnected from 152.32.129.140 port 29748 [preauth]
Sep 28 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Invalid user weblogic from 196.251.69.141
Sep 28 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Failed password for root from 146.190.246.86 port 37338 ssh2
Sep 28 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Connection closed by 146.190.246.86 port 37338 [preauth]
Sep 28 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Failed password for invalid user weblogic from 196.251.69.141 port 54684 ssh2
Sep 28 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Connection closed by 196.251.69.141 port 54684 [preauth]
Sep 28 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Invalid user www from 146.190.246.86
Sep 28 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: input_userauth_request: invalid user www [preauth]
Sep 28 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Failed password for invalid user www from 146.190.246.86 port 35284 ssh2
Sep 28 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Connection closed by 146.190.246.86 port 35284 [preauth]
Sep 28 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17077]: pam_unix(cron:session): session closed for user root
Sep 28 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Invalid user ubuntu from 103.115.50.217
Sep 28 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Failed password for invalid user ubuntu from 103.115.50.217 port 39986 ssh2
Sep 28 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Received disconnect from 103.115.50.217 port 39986:11: Bye Bye [preauth]
Sep 28 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Disconnected from 103.115.50.217 port 39986 [preauth]
Sep 28 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Failed password for root from 146.190.246.86 port 33954 ssh2
Sep 28 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Connection closed by 146.190.246.86 port 33954 [preauth]
Sep 28 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: Invalid user ubuntu from 146.190.246.86
Sep 28 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: Failed password for invalid user ubuntu from 146.190.246.86 port 51648 ssh2
Sep 28 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18849]: Connection closed by 146.190.246.86 port 51648 [preauth]
Sep 28 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18866]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18940]: Successful su for rubyman by root
Sep 28 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18940]: + ??? root:rubyman
Sep 28 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307842 of user rubyman.
Sep 28 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18940]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307842.
Sep 28 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session closed for user root
Sep 28 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Invalid user weblogic from 196.251.69.141
Sep 28 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Invalid user nginx from 146.190.246.86
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: input_userauth_request: invalid user nginx [preauth]
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Failed password for invalid user weblogic from 196.251.69.141 port 55002 ssh2
Sep 28 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Connection closed by 196.251.69.141 port 55002 [preauth]
Sep 28 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Failed password for invalid user nginx from 146.190.246.86 port 50638 ssh2
Sep 28 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Connection closed by 146.190.246.86 port 50638 [preauth]
Sep 28 10:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Failed password for root from 155.4.245.222 port 57380 ssh2
Sep 28 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Received disconnect from 155.4.245.222 port 57380:11: Bye Bye [preauth]
Sep 28 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Disconnected from 155.4.245.222 port 57380 [preauth]
Sep 28 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: Failed password for root from 152.32.129.140 port 53740 ssh2
Sep 28 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: Received disconnect from 152.32.129.140 port 53740:11: Bye Bye [preauth]
Sep 28 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: Disconnected from 152.32.129.140 port 53740 [preauth]
Sep 28 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 46166 ssh2
Sep 28 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Connection closed by 146.190.246.86 port 46166 [preauth]
Sep 28 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Invalid user hadoop from 146.190.246.86
Sep 28 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session closed for user root
Sep 28 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Failed password for invalid user hadoop from 146.190.246.86 port 57518 ssh2
Sep 28 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Connection closed by 146.190.246.86 port 57518 [preauth]
Sep 28 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Invalid user thai from 103.115.50.217
Sep 28 10:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: input_userauth_request: invalid user thai [preauth]
Sep 28 10:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Failed password for invalid user thai from 103.115.50.217 port 57254 ssh2
Sep 28 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Received disconnect from 103.115.50.217 port 57254:11: Bye Bye [preauth]
Sep 28 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Disconnected from 103.115.50.217 port 57254 [preauth]
Sep 28 10:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: Failed password for root from 146.190.246.86 port 35790 ssh2
Sep 28 10:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: Connection closed by 146.190.246.86 port 35790 [preauth]
Sep 28 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: Invalid user config from 93.152.230.176
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: input_userauth_request: invalid user config [preauth]
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Invalid user weblogic from 196.251.69.141
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: Failed password for invalid user config from 93.152.230.176 port 12311 ssh2
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: Received disconnect from 93.152.230.176 port 12311:11: Client disconnecting normally [preauth]
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19443]: Disconnected from 93.152.230.176 port 12311 [preauth]
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Failed password for invalid user weblogic from 196.251.69.141 port 54922 ssh2
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Invalid user user from 146.190.246.86
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: input_userauth_request: invalid user user [preauth]
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Connection closed by 196.251.69.141 port 54922 [preauth]
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Failed password for invalid user user from 146.190.246.86 port 47200 ssh2
Sep 28 10:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Connection closed by 146.190.246.86 port 47200 [preauth]
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19559]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19690]: Successful su for rubyman by root
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19690]: + ??? root:rubyman
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307844 of user rubyman.
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19690]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307844.
Sep 28 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session closed for user root
Sep 28 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Invalid user ubuntu from 146.190.246.86
Sep 28 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Failed password for invalid user ubuntu from 146.190.246.86 port 41814 ssh2
Sep 28 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Connection closed by 146.190.246.86 port 41814 [preauth]
Sep 28 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Invalid user ozankoyuk from 146.190.246.86
Sep 28 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: input_userauth_request: invalid user ozankoyuk [preauth]
Sep 28 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for invalid user ozankoyuk from 146.190.246.86 port 56274 ssh2
Sep 28 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 146.190.246.86 port 56274 [preauth]
Sep 28 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: Failed password for root from 152.32.129.140 port 22734 ssh2
Sep 28 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: Received disconnect from 152.32.129.140 port 22734:11: Bye Bye [preauth]
Sep 28 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20044]: Disconnected from 152.32.129.140 port 22734 [preauth]
Sep 28 10:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Failed password for root from 155.4.245.222 port 54586 ssh2
Sep 28 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Received disconnect from 155.4.245.222 port 54586:11: Bye Bye [preauth]
Sep 28 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Disconnected from 155.4.245.222 port 54586 [preauth]
Sep 28 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: Invalid user jack from 146.190.246.86
Sep 28 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: input_userauth_request: invalid user jack [preauth]
Sep 28 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session closed for user root
Sep 28 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: Failed password for invalid user jack from 146.190.246.86 port 59670 ssh2
Sep 28 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20091]: Connection closed by 146.190.246.86 port 59670 [preauth]
Sep 28 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Invalid user git from 196.251.69.141
Sep 28 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: input_userauth_request: invalid user git [preauth]
Sep 28 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: Invalid user testuser from 146.190.246.86
Sep 28 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: input_userauth_request: invalid user testuser [preauth]
Sep 28 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for invalid user git from 196.251.69.141 port 55670 ssh2
Sep 28 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 196.251.69.141 port 55670 [preauth]
Sep 28 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Invalid user mathias from 103.115.50.217
Sep 28 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: input_userauth_request: invalid user mathias [preauth]
Sep 28 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: Failed password for invalid user testuser from 146.190.246.86 port 51654 ssh2
Sep 28 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: Connection closed by 146.190.246.86 port 51654 [preauth]
Sep 28 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Failed password for invalid user mathias from 103.115.50.217 port 45858 ssh2
Sep 28 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Received disconnect from 103.115.50.217 port 45858:11: Bye Bye [preauth]
Sep 28 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Disconnected from 103.115.50.217 port 45858 [preauth]
Sep 28 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Invalid user deploy from 146.190.246.86
Sep 28 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: input_userauth_request: invalid user deploy [preauth]
Sep 28 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.181.129.215  user=root
Sep 28 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Failed password for invalid user deploy from 146.190.246.86 port 53132 ssh2
Sep 28 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Connection closed by 146.190.246.86 port 53132 [preauth]
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Failed password for root from 81.181.129.215 port 42366 ssh2
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Connection closed by 81.181.129.215 port 42366 [preauth]
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20210]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20211]: pam_unix(cron:session): session closed for user root
Sep 28 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20200]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: Successful su for rubyman by root
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: + ??? root:rubyman
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307853 of user rubyman.
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20299]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307853.
Sep 28 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.181.129.215  user=root
Sep 28 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: Failed password for root from 81.181.129.215 port 42382 ssh2
Sep 28 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: Connection closed by 81.181.129.215 port 42382 [preauth]
Sep 28 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session closed for user root
Sep 28 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user root
Sep 28 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.181.129.215  user=root
Sep 28 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: Failed password for root from 81.181.129.215 port 55184 ssh2
Sep 28 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: Connection closed by 81.181.129.215 port 55184 [preauth]
Sep 28 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Invalid user satisfactory from 146.190.246.86
Sep 28 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Failed password for invalid user satisfactory from 146.190.246.86 port 53624 ssh2
Sep 28 10:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Connection closed by 146.190.246.86 port 53624 [preauth]
Sep 28 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Invalid user hadoop from 146.190.246.86
Sep 28 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Failed password for invalid user hadoop from 146.190.246.86 port 57026 ssh2
Sep 28 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Connection closed by 146.190.246.86 port 57026 [preauth]
Sep 28 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Invalid user git from 196.251.69.141
Sep 28 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: input_userauth_request: invalid user git [preauth]
Sep 28 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Failed password for invalid user git from 196.251.69.141 port 55686 ssh2
Sep 28 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: Failed password for root from 152.32.129.140 port 46730 ssh2
Sep 28 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: Received disconnect from 152.32.129.140 port 46730:11: Bye Bye [preauth]
Sep 28 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: Disconnected from 152.32.129.140 port 46730 [preauth]
Sep 28 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Connection closed by 196.251.69.141 port 55686 [preauth]
Sep 28 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Invalid user nagios from 146.190.246.86
Sep 28 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: input_userauth_request: invalid user nagios [preauth]
Sep 28 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18866]: pam_unix(cron:session): session closed for user root
Sep 28 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Failed password for invalid user nagios from 146.190.246.86 port 37732 ssh2
Sep 28 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Connection closed by 146.190.246.86 port 37732 [preauth]
Sep 28 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Invalid user git from 155.4.245.222
Sep 28 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: input_userauth_request: invalid user git [preauth]
Sep 28 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Invalid user nvidia from 146.190.246.86
Sep 28 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Failed password for invalid user git from 155.4.245.222 port 42739 ssh2
Sep 28 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Received disconnect from 155.4.245.222 port 42739:11: Bye Bye [preauth]
Sep 28 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Disconnected from 155.4.245.222 port 42739 [preauth]
Sep 28 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Failed password for invalid user nvidia from 146.190.246.86 port 56628 ssh2
Sep 28 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Connection closed by 146.190.246.86 port 56628 [preauth]
Sep 28 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Failed password for root from 103.115.50.217 port 33826 ssh2
Sep 28 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Received disconnect from 103.115.50.217 port 33826:11: Bye Bye [preauth]
Sep 28 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Disconnected from 103.115.50.217 port 33826 [preauth]
Sep 28 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Invalid user yarn from 146.190.246.86
Sep 28 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: input_userauth_request: invalid user yarn [preauth]
Sep 28 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Failed password for invalid user yarn from 146.190.246.86 port 53526 ssh2
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20728]: Connection closed by 146.190.246.86 port 53526 [preauth]
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: Successful su for rubyman by root
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: + ??? root:rubyman
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307854 of user rubyman.
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307854.
Sep 28 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session closed for user root
Sep 28 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Invalid user solana from 146.190.246.86
Sep 28 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: input_userauth_request: invalid user solana [preauth]
Sep 28 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Failed password for invalid user solana from 146.190.246.86 port 40720 ssh2
Sep 28 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Connection closed by 146.190.246.86 port 40720 [preauth]
Sep 28 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Invalid user git from 196.251.69.141
Sep 28 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: input_userauth_request: invalid user git [preauth]
Sep 28 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Failed password for invalid user git from 196.251.69.141 port 55940 ssh2
Sep 28 10:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Connection closed by 196.251.69.141 port 55940 [preauth]
Sep 28 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Invalid user nginx from 146.190.246.86
Sep 28 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: input_userauth_request: invalid user nginx [preauth]
Sep 28 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Failed password for invalid user nginx from 146.190.246.86 port 39270 ssh2
Sep 28 10:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Connection closed by 146.190.246.86 port 39270 [preauth]
Sep 28 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session closed for user root
Sep 28 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Invalid user gbase from 146.190.246.86
Sep 28 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: input_userauth_request: invalid user gbase [preauth]
Sep 28 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Failed password for invalid user gbase from 146.190.246.86 port 56886 ssh2
Sep 28 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Connection closed by 146.190.246.86 port 56886 [preauth]
Sep 28 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Invalid user neko from 152.32.129.140
Sep 28 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: input_userauth_request: invalid user neko [preauth]
Sep 28 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Failed password for invalid user neko from 152.32.129.140 port 15728 ssh2
Sep 28 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Received disconnect from 152.32.129.140 port 15728:11: Bye Bye [preauth]
Sep 28 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Disconnected from 152.32.129.140 port 15728 [preauth]
Sep 28 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Invalid user nginx from 146.190.246.86
Sep 28 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: input_userauth_request: invalid user nginx [preauth]
Sep 28 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Failed password for invalid user nginx from 146.190.246.86 port 54158 ssh2
Sep 28 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Connection closed by 146.190.246.86 port 54158 [preauth]
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Invalid user huawei from 146.190.246.86
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Invalid user user from 103.115.50.217
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: input_userauth_request: invalid user user [preauth]
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Failed password for invalid user huawei from 146.190.246.86 port 56816 ssh2
Sep 28 10:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Connection closed by 146.190.246.86 port 56816 [preauth]
Sep 28 10:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Failed password for invalid user user from 103.115.50.217 port 49280 ssh2
Sep 28 10:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Received disconnect from 103.115.50.217 port 49280:11: Bye Bye [preauth]
Sep 28 10:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21178]: Disconnected from 103.115.50.217 port 49280 [preauth]
Sep 28 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: Successful su for rubyman by root
Sep 28 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: + ??? root:rubyman
Sep 28 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307858 of user rubyman.
Sep 28 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307858.
Sep 28 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session closed for user root
Sep 28 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Invalid user git from 196.251.69.141
Sep 28 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: input_userauth_request: invalid user git [preauth]
Sep 28 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21193]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Failed password for invalid user git from 196.251.69.141 port 56250 ssh2
Sep 28 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Connection closed by 196.251.69.141 port 56250 [preauth]
Sep 28 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Failed password for root from 146.190.246.86 port 42256 ssh2
Sep 28 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Connection closed by 146.190.246.86 port 42256 [preauth]
Sep 28 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Invalid user exim from 155.4.245.222
Sep 28 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: input_userauth_request: invalid user exim [preauth]
Sep 28 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Failed password for invalid user exim from 155.4.245.222 port 27863 ssh2
Sep 28 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Received disconnect from 155.4.245.222 port 27863:11: Bye Bye [preauth]
Sep 28 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Disconnected from 155.4.245.222 port 27863 [preauth]
Sep 28 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Invalid user dstserver from 146.190.246.86
Sep 28 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: input_userauth_request: invalid user dstserver [preauth]
Sep 28 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Failed password for invalid user dstserver from 146.190.246.86 port 57068 ssh2
Sep 28 10:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Connection closed by 146.190.246.86 port 57068 [preauth]
Sep 28 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Invalid user elsearch from 146.190.246.86
Sep 28 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Failed password for invalid user elsearch from 146.190.246.86 port 34104 ssh2
Sep 28 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Connection closed by 146.190.246.86 port 34104 [preauth]
Sep 28 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20210]: pam_unix(cron:session): session closed for user root
Sep 28 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Invalid user jellyfin from 146.190.246.86
Sep 28 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: input_userauth_request: invalid user jellyfin [preauth]
Sep 28 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Failed password for invalid user jellyfin from 146.190.246.86 port 46322 ssh2
Sep 28 10:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Connection closed by 146.190.246.86 port 46322 [preauth]
Sep 28 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Invalid user test from 152.32.129.140
Sep 28 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: input_userauth_request: invalid user test [preauth]
Sep 28 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Failed password for invalid user test from 152.32.129.140 port 39722 ssh2
Sep 28 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Received disconnect from 152.32.129.140 port 39722:11: Bye Bye [preauth]
Sep 28 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Disconnected from 152.32.129.140 port 39722 [preauth]
Sep 28 10:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Invalid user git from 196.251.69.141
Sep 28 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: input_userauth_request: invalid user git [preauth]
Sep 28 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Invalid user git from 146.190.246.86
Sep 28 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: input_userauth_request: invalid user git [preauth]
Sep 28 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Failed password for invalid user git from 196.251.69.141 port 56558 ssh2
Sep 28 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Connection closed by 196.251.69.141 port 56558 [preauth]
Sep 28 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Failed password for invalid user git from 146.190.246.86 port 46916 ssh2
Sep 28 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Connection closed by 146.190.246.86 port 46916 [preauth]
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21705]: Successful su for rubyman by root
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21705]: + ??? root:rubyman
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307862 of user rubyman.
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21705]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307862.
Sep 28 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session closed for user root
Sep 28 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: Failed password for root from 146.190.246.86 port 56152 ssh2
Sep 28 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: Connection closed by 146.190.246.86 port 56152 [preauth]
Sep 28 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Invalid user vagrant from 146.190.246.86
Sep 28 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Failed password for invalid user vagrant from 146.190.246.86 port 59036 ssh2
Sep 28 10:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Connection closed by 146.190.246.86 port 59036 [preauth]
Sep 28 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: Invalid user sumit from 103.115.50.217
Sep 28 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: input_userauth_request: invalid user sumit [preauth]
Sep 28 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: Failed password for invalid user sumit from 103.115.50.217 port 38040 ssh2
Sep 28 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: Received disconnect from 103.115.50.217 port 38040:11: Bye Bye [preauth]
Sep 28 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: Disconnected from 103.115.50.217 port 38040 [preauth]
Sep 28 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Invalid user rclone from 146.190.246.86
Sep 28 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: input_userauth_request: invalid user rclone [preauth]
Sep 28 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Failed password for invalid user rclone from 146.190.246.86 port 43562 ssh2
Sep 28 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Connection closed by 146.190.246.86 port 43562 [preauth]
Sep 28 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Invalid user mcserver from 155.4.245.222
Sep 28 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: input_userauth_request: invalid user mcserver [preauth]
Sep 28 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Failed password for invalid user mcserver from 155.4.245.222 port 17214 ssh2
Sep 28 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session closed for user root
Sep 28 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Received disconnect from 155.4.245.222 port 17214:11: Bye Bye [preauth]
Sep 28 10:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21994]: Disconnected from 155.4.245.222 port 17214 [preauth]
Sep 28 10:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Invalid user git from 196.251.69.141
Sep 28 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: input_userauth_request: invalid user git [preauth]
Sep 28 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: Failed password for root from 146.190.246.86 port 54438 ssh2
Sep 28 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: Connection closed by 146.190.246.86 port 54438 [preauth]
Sep 28 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Failed password for invalid user git from 196.251.69.141 port 56910 ssh2
Sep 28 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Connection closed by 196.251.69.141 port 56910 [preauth]
Sep 28 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Failed password for root from 146.190.246.86 port 53602 ssh2
Sep 28 10:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Connection closed by 146.190.246.86 port 53602 [preauth]
Sep 28 10:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Invalid user samr from 152.32.129.140
Sep 28 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: input_userauth_request: invalid user samr [preauth]
Sep 28 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22111]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Failed password for invalid user samr from 152.32.129.140 port 63722 ssh2
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Received disconnect from 152.32.129.140 port 63722:11: Bye Bye [preauth]
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22100]: Disconnected from 152.32.129.140 port 63722 [preauth]
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: Invalid user guest from 146.190.246.86
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: input_userauth_request: invalid user guest [preauth]
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22176]: Successful su for rubyman by root
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22176]: + ??? root:rubyman
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307866 of user rubyman.
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22176]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307866.
Sep 28 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: Failed password for invalid user guest from 146.190.246.86 port 51388 ssh2
Sep 28 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22106]: Connection closed by 146.190.246.86 port 51388 [preauth]
Sep 28 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session closed for user root
Sep 28 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22110]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for invalid user www-data from 146.190.246.86 port 33520 ssh2
Sep 28 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Connection closed by 146.190.246.86 port 33520 [preauth]
Sep 28 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Invalid user git from 196.251.69.141
Sep 28 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: input_userauth_request: invalid user git [preauth]
Sep 28 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Invalid user sol from 146.190.246.86
Sep 28 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: input_userauth_request: invalid user sol [preauth]
Sep 28 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Failed password for invalid user git from 196.251.69.141 port 56546 ssh2
Sep 28 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Connection closed by 196.251.69.141 port 56546 [preauth]
Sep 28 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Failed password for invalid user sol from 146.190.246.86 port 41308 ssh2
Sep 28 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Connection closed by 146.190.246.86 port 41308 [preauth]
Sep 28 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21196]: pam_unix(cron:session): session closed for user root
Sep 28 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Invalid user cyberpanel from 146.190.246.86
Sep 28 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Failed password for invalid user cyberpanel from 146.190.246.86 port 44600 ssh2
Sep 28 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Connection closed by 146.190.246.86 port 44600 [preauth]
Sep 28 10:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Invalid user user from 103.115.50.217
Sep 28 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: input_userauth_request: invalid user user [preauth]
Sep 28 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Failed password for invalid user user from 103.115.50.217 port 56460 ssh2
Sep 28 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Received disconnect from 103.115.50.217 port 56460:11: Bye Bye [preauth]
Sep 28 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Disconnected from 103.115.50.217 port 56460 [preauth]
Sep 28 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: Failed password for root from 146.190.246.86 port 43054 ssh2
Sep 28 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22528]: Connection closed by 146.190.246.86 port 43054 [preauth]
Sep 28 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: Invalid user huake from 155.4.245.222
Sep 28 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: input_userauth_request: invalid user huake [preauth]
Sep 28 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: Failed password for invalid user huake from 155.4.245.222 port 58715 ssh2
Sep 28 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: Received disconnect from 155.4.245.222 port 58715:11: Bye Bye [preauth]
Sep 28 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22543]: Disconnected from 155.4.245.222 port 58715 [preauth]
Sep 28 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Failed password for root from 146.190.246.86 port 53416 ssh2
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Connection closed by 146.190.246.86 port 53416 [preauth]
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session closed for user root
Sep 28 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22565]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: Successful su for rubyman by root
Sep 28 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: + ??? root:rubyman
Sep 28 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307874 of user rubyman.
Sep 28 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22652]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307874.
Sep 28 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22567]: pam_unix(cron:session): session closed for user root
Sep 28 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19561]: pam_unix(cron:session): session closed for user root
Sep 28 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Failed password for root from 152.32.129.140 port 32716 ssh2
Sep 28 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Received disconnect from 152.32.129.140 port 32716:11: Bye Bye [preauth]
Sep 28 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Disconnected from 152.32.129.140 port 32716 [preauth]
Sep 28 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22566]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Invalid user digi from 146.190.246.86
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: input_userauth_request: invalid user digi [preauth]
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: Invalid user git from 196.251.69.141
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: input_userauth_request: invalid user git [preauth]
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user digi from 146.190.246.86 port 37250 ssh2
Sep 28 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Connection closed by 146.190.246.86 port 37250 [preauth]
Sep 28 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: Failed password for invalid user git from 196.251.69.141 port 56444 ssh2
Sep 28 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23112]: Connection closed by 196.251.69.141 port 56444 [preauth]
Sep 28 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: Invalid user admin from 146.190.246.86
Sep 28 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: input_userauth_request: invalid user admin [preauth]
Sep 28 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: Failed password for invalid user admin from 146.190.246.86 port 51646 ssh2
Sep 28 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: Connection closed by 146.190.246.86 port 51646 [preauth]
Sep 28 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session closed for user root
Sep 28 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Failed password for root from 146.190.246.86 port 50470 ssh2
Sep 28 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Connection closed by 146.190.246.86 port 50470 [preauth]
Sep 28 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: Invalid user admin from 146.190.246.86
Sep 28 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: input_userauth_request: invalid user admin [preauth]
Sep 28 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: Failed password for invalid user admin from 146.190.246.86 port 47040 ssh2
Sep 28 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23290]: Connection closed by 146.190.246.86 port 47040 [preauth]
Sep 28 10:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: Invalid user git from 196.251.69.141
Sep 28 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: input_userauth_request: invalid user git [preauth]
Sep 28 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: Failed password for root from 146.190.246.86 port 41946 ssh2
Sep 28 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: Connection closed by 146.190.246.86 port 41946 [preauth]
Sep 28 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: Failed password for invalid user git from 196.251.69.141 port 55916 ssh2
Sep 28 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: Connection closed by 196.251.69.141 port 55916 [preauth]
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23342]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23343]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23338]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23420]: Successful su for rubyman by root
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23420]: + ??? root:rubyman
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307876 of user rubyman.
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23420]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307876.
Sep 28 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Invalid user rise from 103.115.50.217
Sep 28 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: input_userauth_request: invalid user rise [preauth]
Sep 28 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user rise from 103.115.50.217 port 45902 ssh2
Sep 28 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Received disconnect from 103.115.50.217 port 45902:11: Bye Bye [preauth]
Sep 28 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Disconnected from 103.115.50.217 port 45902 [preauth]
Sep 28 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session closed for user root
Sep 28 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23341]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Failed password for root from 146.190.246.86 port 59730 ssh2
Sep 28 10:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Connection closed by 146.190.246.86 port 59730 [preauth]
Sep 28 10:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: Invalid user david from 155.4.245.222
Sep 28 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: input_userauth_request: invalid user david [preauth]
Sep 28 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: Failed password for invalid user david from 155.4.245.222 port 19826 ssh2
Sep 28 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: Received disconnect from 155.4.245.222 port 19826:11: Bye Bye [preauth]
Sep 28 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23849]: Disconnected from 155.4.245.222 port 19826 [preauth]
Sep 28 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Invalid user zyx from 152.32.129.140
Sep 28 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: input_userauth_request: invalid user zyx [preauth]
Sep 28 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Failed password for invalid user zyx from 152.32.129.140 port 56712 ssh2
Sep 28 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Received disconnect from 152.32.129.140 port 56712:11: Bye Bye [preauth]
Sep 28 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Disconnected from 152.32.129.140 port 56712 [preauth]
Sep 28 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Invalid user samba from 146.190.246.86
Sep 28 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: input_userauth_request: invalid user samba [preauth]
Sep 28 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Failed password for invalid user samba from 146.190.246.86 port 42382 ssh2
Sep 28 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Connection closed by 146.190.246.86 port 42382 [preauth]
Sep 28 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Invalid user test from 146.190.246.86
Sep 28 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: input_userauth_request: invalid user test [preauth]
Sep 28 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Failed password for invalid user test from 146.190.246.86 port 32920 ssh2
Sep 28 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Connection closed by 146.190.246.86 port 32920 [preauth]
Sep 28 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22112]: pam_unix(cron:session): session closed for user root
Sep 28 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Invalid user svn from 196.251.69.141
Sep 28 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Failed password for invalid user svn from 196.251.69.141 port 55486 ssh2
Sep 28 10:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Connection closed by 196.251.69.141 port 55486 [preauth]
Sep 28 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Invalid user sonar from 146.190.246.86
Sep 28 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: input_userauth_request: invalid user sonar [preauth]
Sep 28 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Failed password for invalid user sonar from 146.190.246.86 port 41968 ssh2
Sep 28 10:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Connection closed by 146.190.246.86 port 41968 [preauth]
Sep 28 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Invalid user steam from 146.190.246.86
Sep 28 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: input_userauth_request: invalid user steam [preauth]
Sep 28 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for invalid user steam from 146.190.246.86 port 55664 ssh2
Sep 28 10:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 146.190.246.86 port 55664 [preauth]
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24031]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24027]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24114]: Successful su for rubyman by root
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24114]: + ??? root:rubyman
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307881 of user rubyman.
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24114]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307881.
Sep 28 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session closed for user root
Sep 28 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Invalid user steam from 146.190.246.86
Sep 28 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: input_userauth_request: invalid user steam [preauth]
Sep 28 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24028]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Invalid user ubuntu from 103.115.50.217
Sep 28 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Failed password for invalid user steam from 146.190.246.86 port 34738 ssh2
Sep 28 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Connection closed by 146.190.246.86 port 34738 [preauth]
Sep 28 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Failed password for invalid user ubuntu from 103.115.50.217 port 36426 ssh2
Sep 28 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Received disconnect from 103.115.50.217 port 36426:11: Bye Bye [preauth]
Sep 28 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Disconnected from 103.115.50.217 port 36426 [preauth]
Sep 28 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Invalid user centos from 146.190.246.86
Sep 28 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: input_userauth_request: invalid user centos [preauth]
Sep 28 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Failed password for invalid user centos from 146.190.246.86 port 51624 ssh2
Sep 28 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Connection closed by 146.190.246.86 port 51624 [preauth]
Sep 28 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: Invalid user botuser from 152.32.129.140
Sep 28 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: input_userauth_request: invalid user botuser [preauth]
Sep 28 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Invalid user svn from 196.251.69.141
Sep 28 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: Failed password for invalid user botuser from 152.32.129.140 port 25708 ssh2
Sep 28 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: Received disconnect from 152.32.129.140 port 25708:11: Bye Bye [preauth]
Sep 28 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24396]: Disconnected from 152.32.129.140 port 25708 [preauth]
Sep 28 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Failed password for invalid user svn from 196.251.69.141 port 55082 ssh2
Sep 28 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Connection closed by 196.251.69.141 port 55082 [preauth]
Sep 28 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Invalid user ds from 146.190.246.86
Sep 28 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: input_userauth_request: invalid user ds [preauth]
Sep 28 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 10:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Failed password for invalid user ds from 146.190.246.86 port 52018 ssh2
Sep 28 10:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Connection closed by 146.190.246.86 port 52018 [preauth]
Sep 28 10:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24431]: Failed password for root from 155.4.245.222 port 15825 ssh2
Sep 28 10:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24431]: Received disconnect from 155.4.245.222 port 15825:11: Bye Bye [preauth]
Sep 28 10:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24431]: Disconnected from 155.4.245.222 port 15825 [preauth]
Sep 28 10:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session closed for user root
Sep 28 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: Failed password for root from 146.190.246.86 port 40436 ssh2
Sep 28 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24475]: Connection closed by 146.190.246.86 port 40436 [preauth]
Sep 28 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Invalid user zabbix from 146.190.246.86
Sep 28 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Failed password for invalid user zabbix from 146.190.246.86 port 33626 ssh2
Sep 28 10:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24511]: Connection closed by 146.190.246.86 port 33626 [preauth]
Sep 28 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Invalid user wanglijuan from 164.68.105.9
Sep 28 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: input_userauth_request: invalid user wanglijuan [preauth]
Sep 28 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Failed password for invalid user wanglijuan from 164.68.105.9 port 34860 ssh2
Sep 28 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24539]: Connection closed by 164.68.105.9 port 34860 [preauth]
Sep 28 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24614]: Successful su for rubyman by root
Sep 28 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24614]: + ??? root:rubyman
Sep 28 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307886 of user rubyman.
Sep 28 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24614]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307886.
Sep 28 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Invalid user oscar from 146.190.246.86
Sep 28 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: input_userauth_request: invalid user oscar [preauth]
Sep 28 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21195]: pam_unix(cron:session): session closed for user root
Sep 28 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Failed password for invalid user oscar from 146.190.246.86 port 60978 ssh2
Sep 28 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Connection closed by 146.190.246.86 port 60978 [preauth]
Sep 28 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Invalid user svn from 196.251.69.141
Sep 28 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24545]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Failed password for invalid user svn from 196.251.69.141 port 54518 ssh2
Sep 28 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24808]: Connection closed by 196.251.69.141 port 54518 [preauth]
Sep 28 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Invalid user test from 103.115.50.217
Sep 28 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: input_userauth_request: invalid user test [preauth]
Sep 28 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Failed password for invalid user test from 103.115.50.217 port 54006 ssh2
Sep 28 10:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Received disconnect from 103.115.50.217 port 54006:11: Bye Bye [preauth]
Sep 28 10:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Disconnected from 103.115.50.217 port 54006 [preauth]
Sep 28 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Invalid user steam from 146.190.246.86
Sep 28 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: input_userauth_request: invalid user steam [preauth]
Sep 28 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Failed password for invalid user steam from 146.190.246.86 port 50660 ssh2
Sep 28 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Connection closed by 146.190.246.86 port 50660 [preauth]
Sep 28 10:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Invalid user palworld from 146.190.246.86
Sep 28 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: input_userauth_request: invalid user palworld [preauth]
Sep 28 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Failed password for invalid user palworld from 146.190.246.86 port 51964 ssh2
Sep 28 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Connection closed by 146.190.246.86 port 51964 [preauth]
Sep 28 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Failed password for root from 152.32.129.140 port 49704 ssh2
Sep 28 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Received disconnect from 152.32.129.140 port 49704:11: Bye Bye [preauth]
Sep 28 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Disconnected from 152.32.129.140 port 49704 [preauth]
Sep 28 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23343]: pam_unix(cron:session): session closed for user root
Sep 28 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Invalid user hadoop from 146.190.246.86
Sep 28 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Failed password for invalid user hadoop from 146.190.246.86 port 59666 ssh2
Sep 28 10:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Connection closed by 146.190.246.86 port 59666 [preauth]
Sep 28 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Invalid user sftp from 146.190.246.86
Sep 28 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: input_userauth_request: invalid user sftp [preauth]
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Invalid user blog from 155.4.245.222
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: input_userauth_request: invalid user blog [preauth]
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: Invalid user svn from 196.251.69.141
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Failed password for invalid user blog from 155.4.245.222 port 12646 ssh2
Sep 28 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for invalid user sftp from 146.190.246.86 port 39388 ssh2
Sep 28 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Connection closed by 146.190.246.86 port 39388 [preauth]
Sep 28 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Received disconnect from 155.4.245.222 port 12646:11: Bye Bye [preauth]
Sep 28 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Disconnected from 155.4.245.222 port 12646 [preauth]
Sep 28 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: Failed password for invalid user svn from 196.251.69.141 port 53942 ssh2
Sep 28 10:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24988]: Connection closed by 196.251.69.141 port 53942 [preauth]
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: Successful su for rubyman by root
Sep 28 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: + ??? root:rubyman
Sep 28 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307889 of user rubyman.
Sep 28 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307889.
Sep 28 10:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Failed password for root from 146.190.246.86 port 52660 ssh2
Sep 28 10:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Connection closed by 146.190.246.86 port 52660 [preauth]
Sep 28 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user root
Sep 28 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Failed password for root from 146.190.246.86 port 37520 ssh2
Sep 28 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Connection closed by 146.190.246.86 port 37520 [preauth]
Sep 28 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Invalid user ubuntu from 103.115.50.217
Sep 28 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Failed password for invalid user ubuntu from 103.115.50.217 port 41990 ssh2
Sep 28 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Received disconnect from 103.115.50.217 port 41990:11: Bye Bye [preauth]
Sep 28 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Disconnected from 103.115.50.217 port 41990 [preauth]
Sep 28 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Invalid user vbox from 146.190.246.86
Sep 28 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: input_userauth_request: invalid user vbox [preauth]
Sep 28 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Failed password for invalid user vbox from 146.190.246.86 port 45674 ssh2
Sep 28 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Connection closed by 146.190.246.86 port 45674 [preauth]
Sep 28 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Invalid user svn from 196.251.69.141
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24031]: pam_unix(cron:session): session closed for user root
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140  user=root
Sep 28 10:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: Invalid user admin from 146.190.246.86
Sep 28 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: input_userauth_request: invalid user admin [preauth]
Sep 28 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user svn from 196.251.69.141 port 53418 ssh2
Sep 28 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Connection closed by 196.251.69.141 port 53418 [preauth]
Sep 28 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Failed password for root from 152.32.129.140 port 18698 ssh2
Sep 28 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Received disconnect from 152.32.129.140 port 18698:11: Bye Bye [preauth]
Sep 28 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Disconnected from 152.32.129.140 port 18698 [preauth]
Sep 28 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: Failed password for invalid user admin from 146.190.246.86 port 35918 ssh2
Sep 28 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25662]: Connection closed by 146.190.246.86 port 35918 [preauth]
Sep 28 10:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Invalid user app from 146.190.246.86
Sep 28 10:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: input_userauth_request: invalid user app [preauth]
Sep 28 10:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Failed password for invalid user app from 146.190.246.86 port 33130 ssh2
Sep 28 10:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Connection closed by 146.190.246.86 port 33130 [preauth]
Sep 28 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Invalid user wang from 146.190.246.86
Sep 28 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: input_userauth_request: invalid user wang [preauth]
Sep 28 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session closed for user root
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Failed password for invalid user wang from 146.190.246.86 port 41600 ssh2
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Connection closed by 146.190.246.86 port 41600 [preauth]
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: Successful su for rubyman by root
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: + ??? root:rubyman
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307894 of user rubyman.
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307894.
Sep 28 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user root
Sep 28 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22111]: pam_unix(cron:session): session closed for user root
Sep 28 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Invalid user samuel from 155.4.245.222
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: input_userauth_request: invalid user samuel [preauth]
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Invalid user web from 146.190.246.86
Sep 28 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: input_userauth_request: invalid user web [preauth]
Sep 28 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Failed password for invalid user web from 146.190.246.86 port 55910 ssh2
Sep 28 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Connection closed by 146.190.246.86 port 55910 [preauth]
Sep 28 10:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Failed password for invalid user samuel from 155.4.245.222 port 34190 ssh2
Sep 28 10:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Received disconnect from 155.4.245.222 port 34190:11: Bye Bye [preauth]
Sep 28 10:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Disconnected from 155.4.245.222 port 34190 [preauth]
Sep 28 10:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Invalid user svn from 196.251.69.141
Sep 28 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26298]: Failed password for root from 103.115.50.217 port 59270 ssh2
Sep 28 10:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26298]: Received disconnect from 103.115.50.217 port 59270:11: Bye Bye [preauth]
Sep 28 10:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26298]: Disconnected from 103.115.50.217 port 59270 [preauth]
Sep 28 10:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Failed password for invalid user svn from 196.251.69.141 port 53140 ssh2
Sep 28 10:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26299]: Connection closed by 196.251.69.141 port 53140 [preauth]
Sep 28 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: Invalid user factorio from 146.190.246.86
Sep 28 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: input_userauth_request: invalid user factorio [preauth]
Sep 28 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: Failed password for invalid user factorio from 146.190.246.86 port 60608 ssh2
Sep 28 10:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26316]: Connection closed by 146.190.246.86 port 60608 [preauth]
Sep 28 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Invalid user redis from 146.190.246.86
Sep 28 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: input_userauth_request: invalid user redis [preauth]
Sep 28 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session closed for user root
Sep 28 10:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Failed password for invalid user redis from 146.190.246.86 port 45352 ssh2
Sep 28 10:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Connection closed by 146.190.246.86 port 45352 [preauth]
Sep 28 10:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Invalid user user-backup from 152.32.129.140
Sep 28 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: input_userauth_request: invalid user user-backup [preauth]
Sep 28 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Failed password for invalid user user-backup from 152.32.129.140 port 42692 ssh2
Sep 28 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Received disconnect from 152.32.129.140 port 42692:11: Bye Bye [preauth]
Sep 28 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Disconnected from 152.32.129.140 port 42692 [preauth]
Sep 28 10:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: Invalid user user from 146.190.246.86
Sep 28 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: input_userauth_request: invalid user user [preauth]
Sep 28 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: Failed password for invalid user user from 146.190.246.86 port 37932 ssh2
Sep 28 10:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: Connection closed by 146.190.246.86 port 37932 [preauth]
Sep 28 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Invalid user gitlab-psql from 146.190.246.86
Sep 28 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: input_userauth_request: invalid user gitlab-psql [preauth]
Sep 28 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Failed password for invalid user gitlab-psql from 146.190.246.86 port 42132 ssh2
Sep 28 10:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Connection closed by 146.190.246.86 port 42132 [preauth]
Sep 28 10:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Invalid user svn from 196.251.69.141
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26555]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26556]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26630]: Successful su for rubyman by root
Sep 28 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26630]: + ??? root:rubyman
Sep 28 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307899 of user rubyman.
Sep 28 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26630]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307899.
Sep 28 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Failed password for invalid user svn from 196.251.69.141 port 52598 ssh2
Sep 28 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Connection closed by 196.251.69.141 port 52598 [preauth]
Sep 28 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22568]: pam_unix(cron:session): session closed for user root
Sep 28 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Invalid user test from 146.190.246.86
Sep 28 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: input_userauth_request: invalid user test [preauth]
Sep 28 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Failed password for invalid user test from 146.190.246.86 port 60748 ssh2
Sep 28 10:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Connection closed by 146.190.246.86 port 60748 [preauth]
Sep 28 10:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Failed password for root from 103.115.50.217 port 48530 ssh2
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Received disconnect from 103.115.50.217 port 48530:11: Bye Bye [preauth]
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26972]: Disconnected from 103.115.50.217 port 48530 [preauth]
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Invalid user huawei from 146.190.246.86
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Failed password for invalid user huawei from 146.190.246.86 port 58106 ssh2
Sep 28 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Connection closed by 146.190.246.86 port 58106 [preauth]
Sep 28 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: Invalid user test from 155.4.245.222
Sep 28 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: input_userauth_request: invalid user test [preauth]
Sep 28 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: Failed password for invalid user test from 155.4.245.222 port 17010 ssh2
Sep 28 10:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: Received disconnect from 155.4.245.222 port 17010:11: Bye Bye [preauth]
Sep 28 10:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: Disconnected from 155.4.245.222 port 17010 [preauth]
Sep 28 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: Failed password for root from 146.190.246.86 port 42278 ssh2
Sep 28 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27042]: Connection closed by 146.190.246.86 port 42278 [preauth]
Sep 28 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session closed for user root
Sep 28 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Invalid user tomcat from 152.32.129.140
Sep 28 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Invalid user elasticsearch from 146.190.246.86
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Invalid user svn from 196.251.69.141
Sep 28 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Failed password for invalid user tomcat from 152.32.129.140 port 11684 ssh2
Sep 28 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Received disconnect from 152.32.129.140 port 11684:11: Bye Bye [preauth]
Sep 28 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27074]: Disconnected from 152.32.129.140 port 11684 [preauth]
Sep 28 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Failed password for invalid user elasticsearch from 146.190.246.86 port 38000 ssh2
Sep 28 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27089]: Connection closed by 146.190.246.86 port 38000 [preauth]
Sep 28 10:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Failed password for invalid user svn from 196.251.69.141 port 52040 ssh2
Sep 28 10:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Connection closed by 196.251.69.141 port 52040 [preauth]
Sep 28 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Invalid user vps from 146.190.246.86
Sep 28 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: input_userauth_request: invalid user vps [preauth]
Sep 28 10:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for invalid user vps from 146.190.246.86 port 34274 ssh2
Sep 28 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Connection closed by 146.190.246.86 port 34274 [preauth]
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27222]: Successful su for rubyman by root
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27222]: + ??? root:rubyman
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307904 of user rubyman.
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27222]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307904.
Sep 28 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23342]: pam_unix(cron:session): session closed for user root
Sep 28 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Invalid user ubuntu from 146.190.246.86
Sep 28 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Failed password for invalid user ubuntu from 146.190.246.86 port 55284 ssh2
Sep 28 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Connection closed by 146.190.246.86 port 55284 [preauth]
Sep 28 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Invalid user pal from 146.190.246.86
Sep 28 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: input_userauth_request: invalid user pal [preauth]
Sep 28 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Failed password for invalid user pal from 146.190.246.86 port 42188 ssh2
Sep 28 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Connection closed by 146.190.246.86 port 42188 [preauth]
Sep 28 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Invalid user bill from 103.115.50.217
Sep 28 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: input_userauth_request: invalid user bill [preauth]
Sep 28 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for invalid user bill from 103.115.50.217 port 38206 ssh2
Sep 28 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Received disconnect from 103.115.50.217 port 38206:11: Bye Bye [preauth]
Sep 28 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Disconnected from 103.115.50.217 port 38206 [preauth]
Sep 28 10:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Invalid user svn from 196.251.69.141
Sep 28 10:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: input_userauth_request: invalid user svn [preauth]
Sep 28 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Failed password for invalid user svn from 196.251.69.141 port 51678 ssh2
Sep 28 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Connection closed by 196.251.69.141 port 51678 [preauth]
Sep 28 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 146.190.246.86 port 40838 ssh2
Sep 28 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Connection closed by 146.190.246.86 port 40838 [preauth]
Sep 28 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user root
Sep 28 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27738]: Did not receive identification string from 93.182.173.38
Sep 28 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: input_userauth_request: invalid user www-data [preauth]
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: Invalid user aa11 from 155.4.245.222
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: input_userauth_request: invalid user aa11 [preauth]
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: Failed password for invalid user aa11 from 155.4.245.222 port 1869 ssh2
Sep 28 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: Failed password for invalid user www-data from 146.190.246.86 port 49944 ssh2
Sep 28 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27741]: Connection closed by 146.190.246.86 port 49944 [preauth]
Sep 28 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: Received disconnect from 155.4.245.222 port 1869:11: Bye Bye [preauth]
Sep 28 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27739]: Disconnected from 155.4.245.222 port 1869 [preauth]
Sep 28 10:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Invalid user test01 from 152.32.129.140
Sep 28 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: input_userauth_request: invalid user test01 [preauth]
Sep 28 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Failed password for invalid user test01 from 152.32.129.140 port 35680 ssh2
Sep 28 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Received disconnect from 152.32.129.140 port 35680:11: Bye Bye [preauth]
Sep 28 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27768]: Disconnected from 152.32.129.140 port 35680 [preauth]
Sep 28 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: Invalid user satisfactory from 146.190.246.86
Sep 28 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: Failed password for invalid user satisfactory from 146.190.246.86 port 59576 ssh2
Sep 28 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27779]: Connection closed by 146.190.246.86 port 59576 [preauth]
Sep 28 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: Invalid user ubnt from 93.152.230.176
Sep 28 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: input_userauth_request: invalid user ubnt [preauth]
Sep 28 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 10:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: Failed password for invalid user ubnt from 93.152.230.176 port 37992 ssh2
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: Received disconnect from 93.152.230.176 port 37992:11: Client disconnecting normally [preauth]
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27791]: Disconnected from 93.152.230.176 port 37992 [preauth]
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27807]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27879]: Successful su for rubyman by root
Sep 28 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27879]: + ??? root:rubyman
Sep 28 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307906 of user rubyman.
Sep 28 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27879]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307906.
Sep 28 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Invalid user git from 146.190.246.86
Sep 28 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: input_userauth_request: invalid user git [preauth]
Sep 28 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24029]: pam_unix(cron:session): session closed for user root
Sep 28 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Failed password for invalid user git from 146.190.246.86 port 60638 ssh2
Sep 28 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Connection closed by 146.190.246.86 port 60638 [preauth]
Sep 28 10:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27806]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Invalid user docker from 196.251.69.141
Sep 28 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: input_userauth_request: invalid user docker [preauth]
Sep 28 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for invalid user docker from 196.251.69.141 port 51304 ssh2
Sep 28 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 196.251.69.141 port 51304 [preauth]
Sep 28 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Invalid user Administrator from 146.190.246.86
Sep 28 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Failed password for invalid user Administrator from 146.190.246.86 port 58628 ssh2
Sep 28 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Connection closed by 146.190.246.86 port 58628 [preauth]
Sep 28 10:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 10:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Failed password for root from 103.115.50.217 port 55542 ssh2
Sep 28 10:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Received disconnect from 103.115.50.217 port 55542:11: Bye Bye [preauth]
Sep 28 10:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Disconnected from 103.115.50.217 port 55542 [preauth]
Sep 28 10:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: Invalid user huawei from 146.190.246.86
Sep 28 10:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: input_userauth_request: invalid user huawei [preauth]
Sep 28 10:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: Failed password for invalid user huawei from 146.190.246.86 port 35560 ssh2
Sep 28 10:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: Connection closed by 146.190.246.86 port 35560 [preauth]
Sep 28 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26556]: pam_unix(cron:session): session closed for user root
Sep 28 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Invalid user registry from 146.190.246.86
Sep 28 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: input_userauth_request: invalid user registry [preauth]
Sep 28 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Failed password for invalid user registry from 146.190.246.86 port 39586 ssh2
Sep 28 10:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Connection closed by 146.190.246.86 port 39586 [preauth]
Sep 28 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Invalid user gitlab from 146.190.246.86
Sep 28 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for invalid user gitlab from 146.190.246.86 port 48464 ssh2
Sep 28 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Connection closed by 146.190.246.86 port 48464 [preauth]
Sep 28 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Invalid user docker from 196.251.69.141
Sep 28 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: input_userauth_request: invalid user docker [preauth]
Sep 28 10:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Failed password for invalid user docker from 196.251.69.141 port 51096 ssh2
Sep 28 10:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Connection closed by 196.251.69.141 port 51096 [preauth]
Sep 28 10:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Invalid user discord from 155.4.245.222
Sep 28 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: input_userauth_request: invalid user discord [preauth]
Sep 28 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session closed for user p13x
Sep 28 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Invalid user testuser from 146.190.246.86
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: input_userauth_request: invalid user testuser [preauth]
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28351]: Successful su for rubyman by root
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28351]: + ??? root:rubyman
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307910 of user rubyman.
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28351]: pam_unix(su:session): session closed for user rubyman
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307910.
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Failed password for invalid user discord from 155.4.245.222 port 56343 ssh2
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Received disconnect from 155.4.245.222 port 56343:11: Bye Bye [preauth]
Sep 28 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Disconnected from 155.4.245.222 port 56343 [preauth]
Sep 28 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for invalid user testuser from 146.190.246.86 port 59078 ssh2
Sep 28 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Connection closed by 146.190.246.86 port 59078 [preauth]
Sep 28 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24546]: pam_unix(cron:session): session closed for user root
Sep 28 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28275]: pam_unix(cron:session): session closed for user samftp
Sep 28 10:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Invalid user ubuntu from 146.190.246.86
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Invalid user tss from 190.103.202.7
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: input_userauth_request: invalid user tss [preauth]
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Invalid user jackson from 152.32.129.140
Sep 28 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: input_userauth_request: invalid user jackson [preauth]
Sep 28 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.129.140
Sep 28 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Failed password for invalid user ubuntu from 146.190.246.86 port 47814 ssh2
Sep 28 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Connection closed by 146.190.246.86 port 47814 [preauth]
Sep 28 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Failed password for invalid user tss from 190.103.202.7 port 40762 ssh2
Sep 28 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Connection closed by 190.103.202.7 port 40762 [preauth]
Sep 28 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Failed password for invalid user jackson from 152.32.129.140 port 59690 ssh2
Sep 28 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Received disconnect from 152.32.129.140 port 59690:11: Bye Bye [preauth]
Sep 28 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Disconnected from 152.32.129.140 port 59690 [preauth]
Sep 28 10:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: Invalid user zookeeper from 146.190.246.86
Sep 28 10:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: input_userauth_request: invalid user zookeeper [preauth]
Sep 28 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: Failed password for invalid user zookeeper from 146.190.246.86 port 33332 ssh2
Sep 28 10:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: Connection closed by 146.190.246.86 port 33332 [preauth]
Sep 28 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Invalid user sherry from 103.115.50.217
Sep 28 10:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: input_userauth_request: invalid user sherry [preauth]
Sep 28 10:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 10:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Failed password for invalid user sherry from 103.115.50.217 port 44926 ssh2
Sep 28 10:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Received disconnect from 103.115.50.217 port 44926:11: Bye Bye [preauth]
Sep 28 10:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Disconnected from 103.115.50.217 port 44926 [preauth]
Sep 28 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user root
Sep 28 10:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Invalid user developer from 146.190.246.86
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: input_userauth_request: invalid user developer [preauth]
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Invalid user docker from 196.251.69.141
Sep 28 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: input_userauth_request: invalid user docker [preauth]
Sep 28 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user developer from 146.190.246.86 port 35048 ssh2
Sep 28 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Connection closed by 146.190.246.86 port 35048 [preauth]
Sep 28 10:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Failed password for invalid user docker from 196.251.69.141 port 50490 ssh2
Sep 28 10:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Connection closed by 196.251.69.141 port 50490 [preauth]
Sep 28 10:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 10:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 10:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 10:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 10:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 38382 ssh2
Sep 28 10:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Connection closed by 146.190.246.86 port 38382 [preauth]
Sep 28 10:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 10:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Failed password for root from 146.190.246.86 port 50120 ssh2
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Connection closed by 146.190.246.86 port 50120 [preauth]
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28891]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28887]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28887]: pam_unix(cron:session): session closed for user root
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session closed for user root
Sep 28 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: Successful su for rubyman by root
Sep 28 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: + ??? root:rubyman
Sep 28 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307915 of user rubyman.
Sep 28 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307915.
Sep 28 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25019]: pam_unix(cron:session): session closed for user root
Sep 28 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session closed for user root
Sep 28 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28886]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: input_userauth_request: invalid user www-data [preauth]
Sep 28 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Failed password for invalid user www-data from 146.190.246.86 port 36982 ssh2
Sep 28 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Connection closed by 146.190.246.86 port 36982 [preauth]
Sep 28 11:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Invalid user docker from 196.251.69.141
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Invalid user uftp from 146.190.246.86
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: input_userauth_request: invalid user uftp [preauth]
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Failed password for invalid user uftp from 146.190.246.86 port 44764 ssh2
Sep 28 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Connection closed by 146.190.246.86 port 44764 [preauth]
Sep 28 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Failed password for invalid user docker from 196.251.69.141 port 49724 ssh2
Sep 28 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29390]: Connection closed by 196.251.69.141 port 49724 [preauth]
Sep 28 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Invalid user mj from 155.4.245.222
Sep 28 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: input_userauth_request: invalid user mj [preauth]
Sep 28 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Failed password for invalid user mj from 155.4.245.222 port 24150 ssh2
Sep 28 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Received disconnect from 155.4.245.222 port 24150:11: Bye Bye [preauth]
Sep 28 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29419]: Disconnected from 155.4.245.222 port 24150 [preauth]
Sep 28 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Invalid user dovecot from 146.190.246.86
Sep 28 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: input_userauth_request: invalid user dovecot [preauth]
Sep 28 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session closed for user root
Sep 28 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Failed password for invalid user dovecot from 146.190.246.86 port 60794 ssh2
Sep 28 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Connection closed by 146.190.246.86 port 60794 [preauth]
Sep 28 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: Failed password for root from 103.115.50.217 port 33598 ssh2
Sep 28 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: Received disconnect from 103.115.50.217 port 33598:11: Bye Bye [preauth]
Sep 28 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: Disconnected from 103.115.50.217 port 33598 [preauth]
Sep 28 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Invalid user plex from 146.190.246.86
Sep 28 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: input_userauth_request: invalid user plex [preauth]
Sep 28 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Failed password for invalid user plex from 146.190.246.86 port 49244 ssh2
Sep 28 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Connection closed by 146.190.246.86 port 49244 [preauth]
Sep 28 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Invalid user jupyter from 146.190.246.86
Sep 28 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: input_userauth_request: invalid user jupyter [preauth]
Sep 28 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Failed password for invalid user jupyter from 146.190.246.86 port 45768 ssh2
Sep 28 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Connection closed by 146.190.246.86 port 45768 [preauth]
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29582]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: Successful su for rubyman by root
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: + ??? root:rubyman
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307923 of user rubyman.
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307923.
Sep 28 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user root
Sep 28 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Invalid user docker from 196.251.69.141
Sep 28 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: Invalid user nvidia from 146.190.246.86
Sep 28 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Failed password for invalid user docker from 196.251.69.141 port 49312 ssh2
Sep 28 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Connection closed by 196.251.69.141 port 49312 [preauth]
Sep 28 11:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: Failed password for invalid user nvidia from 146.190.246.86 port 57356 ssh2
Sep 28 11:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29888]: Connection closed by 146.190.246.86 port 57356 [preauth]
Sep 28 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Failed password for root from 146.190.246.86 port 36828 ssh2
Sep 28 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Connection closed by 146.190.246.86 port 36828 [preauth]
Sep 28 11:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session closed for user root
Sep 28 11:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Invalid user redis from 146.190.246.86
Sep 28 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Failed password for invalid user redis from 146.190.246.86 port 59480 ssh2
Sep 28 11:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Connection closed by 146.190.246.86 port 59480 [preauth]
Sep 28 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: Invalid user oneadmin from 103.115.50.217
Sep 28 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: input_userauth_request: invalid user oneadmin [preauth]
Sep 28 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 11:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: Failed password for invalid user oneadmin from 103.115.50.217 port 51984 ssh2
Sep 28 11:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: Received disconnect from 103.115.50.217 port 51984:11: Bye Bye [preauth]
Sep 28 11:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30012]: Disconnected from 103.115.50.217 port 51984 [preauth]
Sep 28 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Invalid user webadmin from 146.190.246.86
Sep 28 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 11:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: Invalid user user from 155.4.245.222
Sep 28 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: input_userauth_request: invalid user user [preauth]
Sep 28 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: Failed password for invalid user user from 155.4.245.222 port 53192 ssh2
Sep 28 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: Received disconnect from 155.4.245.222 port 53192:11: Bye Bye [preauth]
Sep 28 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: Disconnected from 155.4.245.222 port 53192 [preauth]
Sep 28 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for invalid user webadmin from 146.190.246.86 port 60144 ssh2
Sep 28 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Connection closed by 146.190.246.86 port 60144 [preauth]
Sep 28 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Invalid user docker from 196.251.69.141
Sep 28 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user docker from 196.251.69.141 port 48832 ssh2
Sep 28 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Connection closed by 196.251.69.141 port 48832 [preauth]
Sep 28 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Invalid user registry from 146.190.246.86
Sep 28 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: input_userauth_request: invalid user registry [preauth]
Sep 28 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30093]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for invalid user registry from 146.190.246.86 port 40668 ssh2
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Connection closed by 146.190.246.86 port 40668 [preauth]
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: Successful su for rubyman by root
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: + ??? root:rubyman
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307926 of user rubyman.
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307926.
Sep 28 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26555]: pam_unix(cron:session): session closed for user root
Sep 28 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30094]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Invalid user openvpn from 146.190.246.86
Sep 28 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Failed password for invalid user openvpn from 146.190.246.86 port 46474 ssh2
Sep 28 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Connection closed by 146.190.246.86 port 46474 [preauth]
Sep 28 11:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Failed password for root from 146.190.246.86 port 58296 ssh2
Sep 28 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Connection closed by 146.190.246.86 port 58296 [preauth]
Sep 28 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Invalid user docker from 196.251.69.141
Sep 28 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: Invalid user wireguard from 146.190.246.86
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: input_userauth_request: invalid user wireguard [preauth]
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28891]: pam_unix(cron:session): session closed for user root
Sep 28 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Failed password for invalid user docker from 196.251.69.141 port 48212 ssh2
Sep 28 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Connection closed by 196.251.69.141 port 48212 [preauth]
Sep 28 11:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: Failed password for invalid user wireguard from 146.190.246.86 port 50230 ssh2
Sep 28 11:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30601]: Connection closed by 146.190.246.86 port 50230 [preauth]
Sep 28 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Invalid user ceph from 103.115.50.217
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: input_userauth_request: invalid user ceph [preauth]
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Invalid user redis from 146.190.246.86
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Failed password for invalid user ceph from 103.115.50.217 port 40786 ssh2
Sep 28 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Received disconnect from 103.115.50.217 port 40786:11: Bye Bye [preauth]
Sep 28 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Disconnected from 103.115.50.217 port 40786 [preauth]
Sep 28 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Failed password for invalid user redis from 146.190.246.86 port 44648 ssh2
Sep 28 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Connection closed by 146.190.246.86 port 44648 [preauth]
Sep 28 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Invalid user web from 146.190.246.86
Sep 28 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: input_userauth_request: invalid user web [preauth]
Sep 28 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Failed password for invalid user web from 146.190.246.86 port 35870 ssh2
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Connection closed by 146.190.246.86 port 35870 [preauth]
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30697]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30696]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30694]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30760]: Successful su for rubyman by root
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30760]: + ??? root:rubyman
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307930 of user rubyman.
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30760]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307930.
Sep 28 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session closed for user root
Sep 28 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Failed password for root from 155.4.245.222 port 50746 ssh2
Sep 28 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Received disconnect from 155.4.245.222 port 50746:11: Bye Bye [preauth]
Sep 28 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Disconnected from 155.4.245.222 port 50746 [preauth]
Sep 28 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30695]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Invalid user worker from 146.190.246.86
Sep 28 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: input_userauth_request: invalid user worker [preauth]
Sep 28 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Failed password for invalid user worker from 146.190.246.86 port 51094 ssh2
Sep 28 11:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Connection closed by 146.190.246.86 port 51094 [preauth]
Sep 28 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Invalid user docker from 196.251.69.141
Sep 28 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Failed password for root from 46.101.170.54 port 44658 ssh2
Sep 28 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Connection closed by 46.101.170.54 port 44658 [preauth]
Sep 28 11:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Failed password for invalid user docker from 196.251.69.141 port 47370 ssh2
Sep 28 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: Invalid user app from 146.190.246.86
Sep 28 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: input_userauth_request: invalid user app [preauth]
Sep 28 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Connection closed by 196.251.69.141 port 47370 [preauth]
Sep 28 11:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: Failed password for invalid user app from 146.190.246.86 port 37758 ssh2
Sep 28 11:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: Connection closed by 146.190.246.86 port 37758 [preauth]
Sep 28 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user root
Sep 28 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Failed password for root from 146.190.246.86 port 33746 ssh2
Sep 28 11:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Connection closed by 146.190.246.86 port 33746 [preauth]
Sep 28 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for root from 146.190.246.86 port 56926 ssh2
Sep 28 11:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Connection closed by 146.190.246.86 port 56926 [preauth]
Sep 28 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for root from 103.115.50.217 port 59712 ssh2
Sep 28 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Received disconnect from 103.115.50.217 port 59712:11: Bye Bye [preauth]
Sep 28 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Disconnected from 103.115.50.217 port 59712 [preauth]
Sep 28 11:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Invalid user jack from 146.190.246.86
Sep 28 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: input_userauth_request: invalid user jack [preauth]
Sep 28 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Failed password for invalid user jack from 146.190.246.86 port 44774 ssh2
Sep 28 11:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Connection closed by 146.190.246.86 port 44774 [preauth]
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31170]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31235]: Successful su for rubyman by root
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31235]: + ??? root:rubyman
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307933 of user rubyman.
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31235]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307933.
Sep 28 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Invalid user docker from 196.251.69.141
Sep 28 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27807]: pam_unix(cron:session): session closed for user root
Sep 28 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Failed password for invalid user docker from 196.251.69.141 port 46792 ssh2
Sep 28 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Connection closed by 196.251.69.141 port 46792 [preauth]
Sep 28 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Failed password for invalid user ubuntu from 146.190.246.86 port 55130 ssh2
Sep 28 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Connection closed by 146.190.246.86 port 55130 [preauth]
Sep 28 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Failed password for root from 146.190.246.86 port 41860 ssh2
Sep 28 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Connection closed by 146.190.246.86 port 41860 [preauth]
Sep 28 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Invalid user user1 from 155.4.245.222
Sep 28 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: input_userauth_request: invalid user user1 [preauth]
Sep 28 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Failed password for invalid user user1 from 155.4.245.222 port 38513 ssh2
Sep 28 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Received disconnect from 155.4.245.222 port 38513:11: Bye Bye [preauth]
Sep 28 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31524]: Disconnected from 155.4.245.222 port 38513 [preauth]
Sep 28 11:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Invalid user arkserver from 146.190.246.86
Sep 28 11:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 11:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30096]: pam_unix(cron:session): session closed for user root
Sep 28 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Failed password for invalid user arkserver from 146.190.246.86 port 35930 ssh2
Sep 28 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Connection closed by 146.190.246.86 port 35930 [preauth]
Sep 28 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Invalid user oracle from 146.190.246.86
Sep 28 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Failed password for invalid user oracle from 146.190.246.86 port 44968 ssh2
Sep 28 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Connection closed by 146.190.246.86 port 44968 [preauth]
Sep 28 11:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Invalid user redis from 196.251.69.141
Sep 28 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Failed password for invalid user redis from 196.251.69.141 port 46010 ssh2
Sep 28 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Connection closed by 196.251.69.141 port 46010 [preauth]
Sep 28 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Invalid user omsagent from 146.190.246.86
Sep 28 11:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: input_userauth_request: invalid user omsagent [preauth]
Sep 28 11:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Failed password for invalid user omsagent from 146.190.246.86 port 58188 ssh2
Sep 28 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Connection closed by 146.190.246.86 port 58188 [preauth]
Sep 28 11:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217  user=root
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user root
Sep 28 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31665]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: Successful su for rubyman by root
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: + ??? root:rubyman
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307940 of user rubyman.
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307940.
Sep 28 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Failed password for root from 103.115.50.217 port 50312 ssh2
Sep 28 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Received disconnect from 103.115.50.217 port 50312:11: Bye Bye [preauth]
Sep 28 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Disconnected from 103.115.50.217 port 50312 [preauth]
Sep 28 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
Sep 28 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session closed for user root
Sep 28 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Invalid user ds from 146.190.246.86
Sep 28 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: input_userauth_request: invalid user ds [preauth]
Sep 28 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31666]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Failed password for invalid user ds from 146.190.246.86 port 59976 ssh2
Sep 28 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Connection closed by 146.190.246.86 port 59976 [preauth]
Sep 28 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: Invalid user esuser from 146.190.246.86
Sep 28 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: input_userauth_request: invalid user esuser [preauth]
Sep 28 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: Failed password for invalid user esuser from 146.190.246.86 port 41156 ssh2
Sep 28 11:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: Connection closed by 146.190.246.86 port 41156 [preauth]
Sep 28 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Invalid user ranger from 146.190.246.86
Sep 28 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: input_userauth_request: invalid user ranger [preauth]
Sep 28 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Invalid user redis from 196.251.69.141
Sep 28 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Failed password for invalid user ranger from 146.190.246.86 port 39940 ssh2
Sep 28 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Connection closed by 146.190.246.86 port 39940 [preauth]
Sep 28 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30697]: pam_unix(cron:session): session closed for user root
Sep 28 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Failed password for invalid user redis from 196.251.69.141 port 45464 ssh2
Sep 28 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Connection closed by 196.251.69.141 port 45464 [preauth]
Sep 28 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: Invalid user ethnode from 146.190.246.86
Sep 28 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: input_userauth_request: invalid user ethnode [preauth]
Sep 28 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Invalid user eugene from 155.4.245.222
Sep 28 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: input_userauth_request: invalid user eugene [preauth]
Sep 28 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: Failed password for invalid user ethnode from 146.190.246.86 port 37486 ssh2
Sep 28 11:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32094]: Connection closed by 146.190.246.86 port 37486 [preauth]
Sep 28 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Failed password for invalid user eugene from 155.4.245.222 port 55969 ssh2
Sep 28 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Received disconnect from 155.4.245.222 port 55969:11: Bye Bye [preauth]
Sep 28 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32091]: Disconnected from 155.4.245.222 port 55969 [preauth]
Sep 28 11:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Failed password for root from 146.190.246.86 port 57646 ssh2
Sep 28 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Connection closed by 146.190.246.86 port 57646 [preauth]
Sep 28 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32150]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32231]: Successful su for rubyman by root
Sep 28 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32231]: + ??? root:rubyman
Sep 28 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307943 of user rubyman.
Sep 28 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32231]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307943.
Sep 28 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Invalid user steam from 146.190.246.86
Sep 28 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: input_userauth_request: invalid user steam [preauth]
Sep 28 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Invalid user alessio from 103.115.50.217
Sep 28 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: input_userauth_request: invalid user alessio [preauth]
Sep 28 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 11:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session closed for user root
Sep 28 11:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Failed password for invalid user steam from 146.190.246.86 port 52130 ssh2
Sep 28 11:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Connection closed by 146.190.246.86 port 52130 [preauth]
Sep 28 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Failed password for invalid user alessio from 103.115.50.217 port 38954 ssh2
Sep 28 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32152]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Received disconnect from 103.115.50.217 port 38954:11: Bye Bye [preauth]
Sep 28 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Disconnected from 103.115.50.217 port 38954 [preauth]
Sep 28 11:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Invalid user redis from 196.251.69.141
Sep 28 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Invalid user sysadmin from 146.190.246.86
Sep 28 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Failed password for invalid user redis from 196.251.69.141 port 44666 ssh2
Sep 28 11:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Connection closed by 196.251.69.141 port 44666 [preauth]
Sep 28 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Failed password for invalid user sysadmin from 146.190.246.86 port 33486 ssh2
Sep 28 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Connection closed by 146.190.246.86 port 33486 [preauth]
Sep 28 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Invalid user www from 146.190.246.86
Sep 28 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: input_userauth_request: invalid user www [preauth]
Sep 28 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Failed password for invalid user www from 146.190.246.86 port 41546 ssh2
Sep 28 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Connection closed by 146.190.246.86 port 41546 [preauth]
Sep 28 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31173]: pam_unix(cron:session): session closed for user root
Sep 28 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Invalid user vagrant from 146.190.246.86
Sep 28 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Failed password for invalid user vagrant from 146.190.246.86 port 58958 ssh2
Sep 28 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Connection closed by 146.190.246.86 port 58958 [preauth]
Sep 28 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Invalid user steam from 146.190.246.86
Sep 28 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: input_userauth_request: invalid user steam [preauth]
Sep 28 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Failed password for invalid user steam from 146.190.246.86 port 51224 ssh2
Sep 28 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Connection closed by 146.190.246.86 port 51224 [preauth]
Sep 28 11:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Invalid user redis from 196.251.69.141
Sep 28 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Failed password for invalid user redis from 196.251.69.141 port 43976 ssh2
Sep 28 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Connection closed by 196.251.69.141 port 43976 [preauth]
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32681]: Successful su for rubyman by root
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32681]: + ??? root:rubyman
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307947 of user rubyman.
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32681]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307947.
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Invalid user joshua from 155.4.245.222
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: input_userauth_request: invalid user joshua [preauth]
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Invalid user solana from 146.190.246.86
Sep 28 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: input_userauth_request: invalid user solana [preauth]
Sep 28 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Failed password for invalid user joshua from 155.4.245.222 port 48909 ssh2
Sep 28 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Received disconnect from 155.4.245.222 port 48909:11: Bye Bye [preauth]
Sep 28 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Disconnected from 155.4.245.222 port 48909 [preauth]
Sep 28 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session closed for user root
Sep 28 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Failed password for invalid user solana from 146.190.246.86 port 33952 ssh2
Sep 28 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Connection closed by 146.190.246.86 port 33952 [preauth]
Sep 28 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Invalid user alice from 103.115.50.217
Sep 28 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: input_userauth_request: invalid user alice [preauth]
Sep 28 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Failed password for invalid user alice from 103.115.50.217 port 55862 ssh2
Sep 28 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Received disconnect from 103.115.50.217 port 55862:11: Bye Bye [preauth]
Sep 28 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Disconnected from 103.115.50.217 port 55862 [preauth]
Sep 28 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: Invalid user docker from 146.190.246.86
Sep 28 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: Failed password for invalid user docker from 146.190.246.86 port 46010 ssh2
Sep 28 11:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[463]: Connection closed by 146.190.246.86 port 46010 [preauth]
Sep 28 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Invalid user test from 146.190.246.86
Sep 28 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: input_userauth_request: invalid user test [preauth]
Sep 28 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Failed password for invalid user test from 146.190.246.86 port 38824 ssh2
Sep 28 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Connection closed by 146.190.246.86 port 38824 [preauth]
Sep 28 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user root
Sep 28 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Invalid user samba from 146.190.246.86
Sep 28 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: input_userauth_request: invalid user samba [preauth]
Sep 28 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Invalid user redis from 196.251.69.141
Sep 28 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Failed password for invalid user samba from 146.190.246.86 port 46480 ssh2
Sep 28 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Connection closed by 146.190.246.86 port 46480 [preauth]
Sep 28 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Failed password for invalid user redis from 196.251.69.141 port 43038 ssh2
Sep 28 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Connection closed by 196.251.69.141 port 43038 [preauth]
Sep 28 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: Invalid user lighthouse from 146.190.246.86
Sep 28 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: Failed password for invalid user lighthouse from 146.190.246.86 port 33972 ssh2
Sep 28 11:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: Connection closed by 146.190.246.86 port 33972 [preauth]
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: Successful su for rubyman by root
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: + ??? root:rubyman
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307952 of user rubyman.
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[665]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307952.
Sep 28 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Invalid user fil from 146.190.246.86
Sep 28 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: input_userauth_request: invalid user fil [preauth]
Sep 28 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30095]: pam_unix(cron:session): session closed for user root
Sep 28 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Failed password for invalid user fil from 146.190.246.86 port 60138 ssh2
Sep 28 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Connection closed by 146.190.246.86 port 60138 [preauth]
Sep 28 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Invalid user hik from 103.115.50.217
Sep 28 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: input_userauth_request: invalid user hik [preauth]
Sep 28 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.115.50.217
Sep 28 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Failed password for invalid user hik from 103.115.50.217 port 34604 ssh2
Sep 28 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Received disconnect from 103.115.50.217 port 34604:11: Bye Bye [preauth]
Sep 28 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Disconnected from 103.115.50.217 port 34604 [preauth]
Sep 28 11:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Failed password for root from 146.190.246.86 port 54596 ssh2
Sep 28 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[943]: Connection closed by 146.190.246.86 port 54596 [preauth]
Sep 28 11:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: Failed password for root from 155.4.245.222 port 17444 ssh2
Sep 28 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: Received disconnect from 155.4.245.222 port 17444:11: Bye Bye [preauth]
Sep 28 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: Disconnected from 155.4.245.222 port 17444 [preauth]
Sep 28 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: Invalid user redis from 196.251.69.141
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Invalid user huawei from 146.190.246.86
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: Failed password for invalid user redis from 196.251.69.141 port 42304 ssh2
Sep 28 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: Connection closed by 196.251.69.141 port 42304 [preauth]
Sep 28 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Failed password for invalid user huawei from 146.190.246.86 port 58272 ssh2
Sep 28 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Connection closed by 146.190.246.86 port 58272 [preauth]
Sep 28 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32158]: pam_unix(cron:session): session closed for user root
Sep 28 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user ubuntu from 146.190.246.86 port 46140 ssh2
Sep 28 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Connection closed by 146.190.246.86 port 46140 [preauth]
Sep 28 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Invalid user lighthouse from 146.190.246.86
Sep 28 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Failed password for invalid user lighthouse from 146.190.246.86 port 57762 ssh2
Sep 28 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Connection closed by 146.190.246.86 port 57762 [preauth]
Sep 28 11:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Connection closed by 172.236.228.208 port 17874 [preauth]
Sep 28 11:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Connection closed by 172.236.228.208 port 17882 [preauth]
Sep 28 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: fatal: Unable to negotiate with 172.236.228.208 port 3606: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Sep 28 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Invalid user airflow from 146.190.246.86
Sep 28 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: input_userauth_request: invalid user airflow [preauth]
Sep 28 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1162]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1320]: Successful su for rubyman by root
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1320]: + ??? root:rubyman
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307956 of user rubyman.
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1320]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307956.
Sep 28 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1160]: pam_unix(cron:session): session closed for user root
Sep 28 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Failed password for invalid user airflow from 146.190.246.86 port 47378 ssh2
Sep 28 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Connection closed by 146.190.246.86 port 47378 [preauth]
Sep 28 11:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30696]: pam_unix(cron:session): session closed for user root
Sep 28 11:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: Invalid user redis from 196.251.69.141
Sep 28 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: Failed password for invalid user redis from 196.251.69.141 port 41624 ssh2
Sep 28 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: Connection closed by 196.251.69.141 port 41624 [preauth]
Sep 28 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Invalid user arkserver from 146.190.246.86
Sep 28 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Failed password for invalid user arkserver from 146.190.246.86 port 54870 ssh2
Sep 28 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Connection closed by 146.190.246.86 port 54870 [preauth]
Sep 28 11:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Invalid user test from 146.190.246.86
Sep 28 11:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: input_userauth_request: invalid user test [preauth]
Sep 28 11:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Failed password for invalid user test from 146.190.246.86 port 42572 ssh2
Sep 28 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Connection closed by 146.190.246.86 port 42572 [preauth]
Sep 28 11:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session closed for user root
Sep 28 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Failed password for root from 155.4.245.222 port 60723 ssh2
Sep 28 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Received disconnect from 155.4.245.222 port 60723:11: Bye Bye [preauth]
Sep 28 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Disconnected from 155.4.245.222 port 60723 [preauth]
Sep 28 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Invalid user dovecot from 146.190.246.86
Sep 28 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: input_userauth_request: invalid user dovecot [preauth]
Sep 28 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Failed password for invalid user dovecot from 146.190.246.86 port 42502 ssh2
Sep 28 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Connection closed by 146.190.246.86 port 42502 [preauth]
Sep 28 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Invalid user redis from 196.251.69.141
Sep 28 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Failed password for root from 146.190.246.86 port 41744 ssh2
Sep 28 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Connection closed by 146.190.246.86 port 41744 [preauth]
Sep 28 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Failed password for invalid user redis from 196.251.69.141 port 40612 ssh2
Sep 28 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Connection closed by 196.251.69.141 port 40612 [preauth]
Sep 28 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Invalid user oracle from 146.190.246.86
Sep 28 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session closed for user root
Sep 28 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1765]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: Successful su for rubyman by root
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: + ??? root:rubyman
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307963 of user rubyman.
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307963.
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Failed password for invalid user oracle from 146.190.246.86 port 40460 ssh2
Sep 28 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Connection closed by 146.190.246.86 port 40460 [preauth]
Sep 28 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session closed for user root
Sep 28 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session closed for user root
Sep 28 11:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1766]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Did not receive identification string from 64.225.17.83
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: Invalid user sol from 146.190.246.86
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: input_userauth_request: invalid user sol [preauth]
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: Failed password for invalid user sol from 146.190.246.86 port 33388 ssh2
Sep 28 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: Connection closed by 146.190.246.86 port 33388 [preauth]
Sep 28 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Invalid user oracle from 146.190.246.86
Sep 28 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Failed password for invalid user oracle from 146.190.246.86 port 53372 ssh2
Sep 28 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Connection closed by 146.190.246.86 port 53372 [preauth]
Sep 28 11:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Invalid user redis from 196.251.69.141
Sep 28 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Failed password for invalid user redis from 196.251.69.141 port 39438 ssh2
Sep 28 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Connection closed by 196.251.69.141 port 39438 [preauth]
Sep 28 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session closed for user root
Sep 28 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Invalid user vbox from 146.190.246.86
Sep 28 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: input_userauth_request: invalid user vbox [preauth]
Sep 28 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Failed password for invalid user vbox from 146.190.246.86 port 44374 ssh2
Sep 28 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2182]: Connection closed by 146.190.246.86 port 44374 [preauth]
Sep 28 11:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: Failed password for root from 146.190.246.86 port 35826 ssh2
Sep 28 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: Connection closed by 146.190.246.86 port 35826 [preauth]
Sep 28 11:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Invalid user dot from 155.4.245.222
Sep 28 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: input_userauth_request: invalid user dot [preauth]
Sep 28 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for invalid user dot from 155.4.245.222 port 53875 ssh2
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Received disconnect from 155.4.245.222 port 53875:11: Bye Bye [preauth]
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Disconnected from 155.4.245.222 port 53875 [preauth]
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Invalid user demo from 146.190.246.86
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: input_userauth_request: invalid user demo [preauth]
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Failed password for invalid user demo from 146.190.246.86 port 51026 ssh2
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Connection closed by 146.190.246.86 port 51026 [preauth]
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2259]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: Successful su for rubyman by root
Sep 28 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: + ??? root:rubyman
Sep 28 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307967 of user rubyman.
Sep 28 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307967.
Sep 28 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user root
Sep 28 11:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2260]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: Invalid user azureuser from 146.190.246.86
Sep 28 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: input_userauth_request: invalid user azureuser [preauth]
Sep 28 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Invalid user mongodb from 196.251.69.141
Sep 28 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: Failed password for invalid user azureuser from 146.190.246.86 port 48020 ssh2
Sep 28 11:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: Connection closed by 146.190.246.86 port 48020 [preauth]
Sep 28 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Failed password for invalid user mongodb from 196.251.69.141 port 38090 ssh2
Sep 28 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Connection closed by 196.251.69.141 port 38090 [preauth]
Sep 28 11:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: Invalid user sysadmin from 146.190.246.86
Sep 28 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: Failed password for invalid user sysadmin from 146.190.246.86 port 34950 ssh2
Sep 28 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: Connection closed by 146.190.246.86 port 34950 [preauth]
Sep 28 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.164.114
Sep 28 11:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Invalid user admin from 93.152.230.176
Sep 28 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1165]: pam_unix(cron:session): session closed for user root
Sep 28 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: User sys from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: input_userauth_request: invalid user sys [preauth]
Sep 28 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=sys
Sep 28 11:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for invalid user admin from 93.152.230.176 port 35119 ssh2
Sep 28 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Received disconnect from 93.152.230.176 port 35119:11: Client disconnecting normally [preauth]
Sep 28 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Disconnected from 93.152.230.176 port 35119 [preauth]
Sep 28 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for invalid user sys from 146.190.246.86 port 36454 ssh2
Sep 28 11:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Connection closed by 146.190.246.86 port 36454 [preauth]
Sep 28 11:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Invalid user hadoop from 146.190.246.86
Sep 28 11:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 11:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for invalid user hadoop from 146.190.246.86 port 43140 ssh2
Sep 28 11:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Connection closed by 146.190.246.86 port 43140 [preauth]
Sep 28 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: Invalid user mongodb from 196.251.69.141
Sep 28 11:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: Failed password for invalid user mongodb from 196.251.69.141 port 37040 ssh2
Sep 28 11:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: Connection closed by 196.251.69.141 port 37040 [preauth]
Sep 28 11:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Failed password for invalid user ubuntu from 146.190.246.86 port 41200 ssh2
Sep 28 11:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Connection closed by 146.190.246.86 port 41200 [preauth]
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2802]: Successful su for rubyman by root
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2802]: + ??? root:rubyman
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307970 of user rubyman.
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2802]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307970.
Sep 28 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32157]: pam_unix(cron:session): session closed for user root
Sep 28 11:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Invalid user redis from 146.190.246.86
Sep 28 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for invalid user redis from 146.190.246.86 port 48448 ssh2
Sep 28 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Connection closed by 146.190.246.86 port 48448 [preauth]
Sep 28 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Invalid user cpc from 155.4.245.222
Sep 28 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: input_userauth_request: invalid user cpc [preauth]
Sep 28 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: Invalid user postgres from 146.190.246.86
Sep 28 11:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: input_userauth_request: invalid user postgres [preauth]
Sep 28 11:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Failed password for invalid user cpc from 155.4.245.222 port 57603 ssh2
Sep 28 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: Failed password for invalid user postgres from 146.190.246.86 port 59788 ssh2
Sep 28 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: Connection closed by 146.190.246.86 port 59788 [preauth]
Sep 28 11:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Received disconnect from 155.4.245.222 port 57603:11: Bye Bye [preauth]
Sep 28 11:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Disconnected from 155.4.245.222 port 57603 [preauth]
Sep 28 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Invalid user postgres from 146.190.246.86
Sep 28 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: input_userauth_request: invalid user postgres [preauth]
Sep 28 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session closed for user root
Sep 28 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Failed password for invalid user postgres from 146.190.246.86 port 59002 ssh2
Sep 28 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3092]: Connection closed by 146.190.246.86 port 59002 [preauth]
Sep 28 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Invalid user mongodb from 196.251.69.141
Sep 28 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Failed password for invalid user mongodb from 196.251.69.141 port 35660 ssh2
Sep 28 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Connection closed by 196.251.69.141 port 35660 [preauth]
Sep 28 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: Invalid user caddy from 146.190.246.86
Sep 28 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: input_userauth_request: invalid user caddy [preauth]
Sep 28 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: Failed password for invalid user caddy from 146.190.246.86 port 43424 ssh2
Sep 28 11:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3145]: Connection closed by 146.190.246.86 port 43424 [preauth]
Sep 28 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Invalid user latitude from 146.190.246.86
Sep 28 11:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: input_userauth_request: invalid user latitude [preauth]
Sep 28 11:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Failed password for invalid user latitude from 146.190.246.86 port 45350 ssh2
Sep 28 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Connection closed by 146.190.246.86 port 45350 [preauth]
Sep 28 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: Successful su for rubyman by root
Sep 28 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: + ??? root:rubyman
Sep 28 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307974 of user rubyman.
Sep 28 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307974.
Sep 28 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session closed for user root
Sep 28 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Invalid user data from 146.190.246.86
Sep 28 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: input_userauth_request: invalid user data [preauth]
Sep 28 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user data from 146.190.246.86 port 54210 ssh2
Sep 28 11:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Connection closed by 146.190.246.86 port 54210 [preauth]
Sep 28 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Invalid user mongodb from 196.251.69.141
Sep 28 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Invalid user madsonic from 146.190.246.86
Sep 28 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: input_userauth_request: invalid user madsonic [preauth]
Sep 28 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Failed password for invalid user mongodb from 196.251.69.141 port 34144 ssh2
Sep 28 11:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Connection closed by 196.251.69.141 port 34144 [preauth]
Sep 28 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Failed password for invalid user madsonic from 146.190.246.86 port 43346 ssh2
Sep 28 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Connection closed by 146.190.246.86 port 43346 [preauth]
Sep 28 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session closed for user root
Sep 28 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Invalid user elasticsearch from 146.190.246.86
Sep 28 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Failed password for invalid user elasticsearch from 146.190.246.86 port 49888 ssh2
Sep 28 11:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Connection closed by 146.190.246.86 port 49888 [preauth]
Sep 28 11:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Sep 28 11:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Failed password for root from 155.4.245.222 port 54958 ssh2
Sep 28 11:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Received disconnect from 155.4.245.222 port 54958:11: Bye Bye [preauth]
Sep 28 11:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Disconnected from 155.4.245.222 port 54958 [preauth]
Sep 28 11:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Invalid user zookeeper from 146.190.246.86
Sep 28 11:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: input_userauth_request: invalid user zookeeper [preauth]
Sep 28 11:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user zookeeper from 146.190.246.86 port 59374 ssh2
Sep 28 11:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Connection closed by 146.190.246.86 port 59374 [preauth]
Sep 28 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Failed password for root from 146.190.246.86 port 43130 ssh2
Sep 28 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Connection closed by 146.190.246.86 port 43130 [preauth]
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: Successful su for rubyman by root
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: + ??? root:rubyman
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307978 of user rubyman.
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307978.
Sep 28 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Invalid user mongodb from 196.251.69.141
Sep 28 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session closed for user root
Sep 28 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Failed password for invalid user mongodb from 196.251.69.141 port 32838 ssh2
Sep 28 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Connection closed by 196.251.69.141 port 32838 [preauth]
Sep 28 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: Invalid user apache from 146.190.246.86
Sep 28 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: Failed password for invalid user apache from 146.190.246.86 port 37878 ssh2
Sep 28 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: Connection closed by 146.190.246.86 port 37878 [preauth]
Sep 28 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Invalid user vagrant from 146.190.246.86
Sep 28 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Failed password for invalid user vagrant from 146.190.246.86 port 43468 ssh2
Sep 28 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3939]: Connection closed by 146.190.246.86 port 43468 [preauth]
Sep 28 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session closed for user root
Sep 28 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Invalid user ds from 146.190.246.86
Sep 28 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: input_userauth_request: invalid user ds [preauth]
Sep 28 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Failed password for invalid user ds from 146.190.246.86 port 32980 ssh2
Sep 28 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Connection closed by 146.190.246.86 port 32980 [preauth]
Sep 28 11:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Invalid user php from 146.190.246.86
Sep 28 11:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: input_userauth_request: invalid user php [preauth]
Sep 28 11:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user php from 146.190.246.86 port 48258 ssh2
Sep 28 11:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Connection closed by 146.190.246.86 port 48258 [preauth]
Sep 28 11:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Invalid user mongodb from 196.251.69.141
Sep 28 11:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Failed password for invalid user mongodb from 196.251.69.141 port 59894 ssh2
Sep 28 11:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Connection closed by 196.251.69.141 port 59894 [preauth]
Sep 28 11:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Did not receive identification string from 43.224.124.144
Sep 28 11:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Invalid user sysadmin from 146.190.246.86
Sep 28 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Failed password for invalid user sysadmin from 146.190.246.86 port 41774 ssh2
Sep 28 11:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Connection closed by 146.190.246.86 port 41774 [preauth]
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user root
Sep 28 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: Successful su for rubyman by root
Sep 28 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: + ??? root:rubyman
Sep 28 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307982 of user rubyman.
Sep 28 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4155]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307982.
Sep 28 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: Invalid user ais from 155.4.245.222
Sep 28 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: input_userauth_request: invalid user ais [preauth]
Sep 28 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session closed for user root
Sep 28 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user root
Sep 28 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: Failed password for invalid user ais from 155.4.245.222 port 7624 ssh2
Sep 28 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: Received disconnect from 155.4.245.222 port 7624:11: Bye Bye [preauth]
Sep 28 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4069]: Disconnected from 155.4.245.222 port 7624 [preauth]
Sep 28 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Invalid user master from 146.190.246.86
Sep 28 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: input_userauth_request: invalid user master [preauth]
Sep 28 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Failed password for invalid user master from 146.190.246.86 port 54732 ssh2
Sep 28 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Connection closed by 146.190.246.86 port 54732 [preauth]
Sep 28 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Invalid user nagios from 146.190.246.86
Sep 28 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: input_userauth_request: invalid user nagios [preauth]
Sep 28 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Failed password for invalid user nagios from 146.190.246.86 port 49126 ssh2
Sep 28 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Connection closed by 146.190.246.86 port 49126 [preauth]
Sep 28 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Invalid user mongodb from 196.251.69.141
Sep 28 11:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Failed password for invalid user mongodb from 196.251.69.141 port 58584 ssh2
Sep 28 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Connection closed by 196.251.69.141 port 58584 [preauth]
Sep 28 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Invalid user dolphin from 146.190.246.86
Sep 28 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session closed for user root
Sep 28 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Failed password for invalid user dolphin from 146.190.246.86 port 44048 ssh2
Sep 28 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Connection closed by 146.190.246.86 port 44048 [preauth]
Sep 28 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Invalid user es from 146.190.246.86
Sep 28 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: input_userauth_request: invalid user es [preauth]
Sep 28 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Failed password for invalid user es from 146.190.246.86 port 51776 ssh2
Sep 28 11:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Connection closed by 146.190.246.86 port 51776 [preauth]
Sep 28 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Invalid user latitude from 146.190.246.86
Sep 28 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: input_userauth_request: invalid user latitude [preauth]
Sep 28 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Failed password for invalid user latitude from 146.190.246.86 port 45082 ssh2
Sep 28 11:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Connection closed by 146.190.246.86 port 45082 [preauth]
Sep 28 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4556]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4636]: Successful su for rubyman by root
Sep 28 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4636]: + ??? root:rubyman
Sep 28 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307988 of user rubyman.
Sep 28 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4636]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307988.
Sep 28 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session closed for user root
Sep 28 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Invalid user ranger from 146.190.246.86
Sep 28 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: input_userauth_request: invalid user ranger [preauth]
Sep 28 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Invalid user mongodb from 196.251.69.141
Sep 28 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Failed password for invalid user ranger from 146.190.246.86 port 40548 ssh2
Sep 28 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Connection closed by 146.190.246.86 port 40548 [preauth]
Sep 28 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Failed password for invalid user mongodb from 196.251.69.141 port 56816 ssh2
Sep 28 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Connection closed by 196.251.69.141 port 56816 [preauth]
Sep 28 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Invalid user emby from 146.190.246.86
Sep 28 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: input_userauth_request: invalid user emby [preauth]
Sep 28 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Failed password for invalid user emby from 146.190.246.86 port 60946 ssh2
Sep 28 11:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Connection closed by 146.190.246.86 port 60946 [preauth]
Sep 28 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Invalid user user1 from 155.4.245.222
Sep 28 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: input_userauth_request: invalid user user1 [preauth]
Sep 28 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Sep 28 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Failed password for invalid user user1 from 155.4.245.222 port 50896 ssh2
Sep 28 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Received disconnect from 155.4.245.222 port 50896:11: Bye Bye [preauth]
Sep 28 11:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4905]: Disconnected from 155.4.245.222 port 50896 [preauth]
Sep 28 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session closed for user root
Sep 28 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Invalid user admin from 146.190.246.86
Sep 28 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Failed password for invalid user admin from 146.190.246.86 port 39694 ssh2
Sep 28 11:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Connection closed by 146.190.246.86 port 39694 [preauth]
Sep 28 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Invalid user gerbera from 146.190.246.86
Sep 28 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: input_userauth_request: invalid user gerbera [preauth]
Sep 28 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Failed password for invalid user gerbera from 146.190.246.86 port 43040 ssh2
Sep 28 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Connection closed by 146.190.246.86 port 43040 [preauth]
Sep 28 11:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Invalid user mongodb from 196.251.69.141
Sep 28 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Failed password for invalid user mongodb from 196.251.69.141 port 55698 ssh2
Sep 28 11:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Connection closed by 196.251.69.141 port 55698 [preauth]
Sep 28 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5024]: Failed password for root from 146.190.246.86 port 57194 ssh2
Sep 28 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5024]: Connection closed by 146.190.246.86 port 57194 [preauth]
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5028]: pam_unix(cron:session): session closed for user root
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5031]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5108]: Successful su for rubyman by root
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5108]: + ??? root:rubyman
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307993 of user rubyman.
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5108]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307993.
Sep 28 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2261]: pam_unix(cron:session): session closed for user root
Sep 28 11:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5032]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Invalid user esuser from 146.190.246.86
Sep 28 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: input_userauth_request: invalid user esuser [preauth]
Sep 28 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Failed password for invalid user esuser from 146.190.246.86 port 36900 ssh2
Sep 28 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Connection closed by 146.190.246.86 port 36900 [preauth]
Sep 28 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Invalid user user from 146.190.246.86
Sep 28 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: input_userauth_request: invalid user user [preauth]
Sep 28 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Failed password for invalid user user from 146.190.246.86 port 58530 ssh2
Sep 28 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Connection closed by 146.190.246.86 port 58530 [preauth]
Sep 28 11:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session closed for user root
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Invalid user apache from 196.251.69.141
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Invalid user mongodb from 146.190.246.86
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Failed password for invalid user apache from 196.251.69.141 port 53968 ssh2
Sep 28 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Connection closed by 196.251.69.141 port 53968 [preauth]
Sep 28 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for invalid user mongodb from 146.190.246.86 port 43520 ssh2
Sep 28 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Connection closed by 146.190.246.86 port 43520 [preauth]
Sep 28 11:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Invalid user NBIUser from 146.190.246.86
Sep 28 11:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: input_userauth_request: invalid user NBIUser [preauth]
Sep 28 11:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Failed password for invalid user NBIUser from 146.190.246.86 port 47030 ssh2
Sep 28 11:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Connection closed by 146.190.246.86 port 47030 [preauth]
Sep 28 11:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Invalid user solr from 146.190.246.86
Sep 28 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: input_userauth_request: invalid user solr [preauth]
Sep 28 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5576]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5573]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Failed password for invalid user solr from 146.190.246.86 port 59732 ssh2
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5570]: Connection closed by 146.190.246.86 port 59732 [preauth]
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5643]: Successful su for rubyman by root
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5643]: + ??? root:rubyman
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 307997 of user rubyman.
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5643]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 307997.
Sep 28 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session closed for user root
Sep 28 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5839]: Did not receive identification string from 80.94.95.117
Sep 28 11:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5574]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: Invalid user ozankoyuk from 146.190.246.86
Sep 28 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: input_userauth_request: invalid user ozankoyuk [preauth]
Sep 28 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: Failed password for invalid user ozankoyuk from 146.190.246.86 port 60574 ssh2
Sep 28 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5869]: Connection closed by 146.190.246.86 port 60574 [preauth]
Sep 28 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: Invalid user apache from 196.251.69.141
Sep 28 11:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: Failed password for invalid user apache from 196.251.69.141 port 53092 ssh2
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Invalid user virtualbox from 146.190.246.86
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: input_userauth_request: invalid user virtualbox [preauth]
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: Connection closed by 196.251.69.141 port 53092 [preauth]
Sep 28 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Failed password for invalid user virtualbox from 146.190.246.86 port 52260 ssh2
Sep 28 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Connection closed by 146.190.246.86 port 52260 [preauth]
Sep 28 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Invalid user palworld from 146.190.246.86
Sep 28 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: input_userauth_request: invalid user palworld [preauth]
Sep 28 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user root
Sep 28 11:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Failed password for invalid user palworld from 146.190.246.86 port 34932 ssh2
Sep 28 11:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Connection closed by 146.190.246.86 port 34932 [preauth]
Sep 28 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Invalid user es from 146.190.246.86
Sep 28 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: input_userauth_request: invalid user es [preauth]
Sep 28 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Failed password for invalid user es from 146.190.246.86 port 56208 ssh2
Sep 28 11:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Connection closed by 146.190.246.86 port 56208 [preauth]
Sep 28 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Invalid user nexus from 146.190.246.86
Sep 28 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: input_userauth_request: invalid user nexus [preauth]
Sep 28 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for invalid user nexus from 146.190.246.86 port 60002 ssh2
Sep 28 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Connection closed by 146.190.246.86 port 60002 [preauth]
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: Successful su for rubyman by root
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: + ??? root:rubyman
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308002 of user rubyman.
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308002.
Sep 28 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Invalid user apache from 196.251.69.141
Sep 28 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session closed for user root
Sep 28 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed password for invalid user apache from 196.251.69.141 port 51574 ssh2
Sep 28 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Connection closed by 196.251.69.141 port 51574 [preauth]
Sep 28 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Failed password for root from 146.190.246.86 port 32810 ssh2
Sep 28 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Connection closed by 146.190.246.86 port 32810 [preauth]
Sep 28 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Failed password for root from 146.190.246.86 port 47466 ssh2
Sep 28 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Connection closed by 146.190.246.86 port 47466 [preauth]
Sep 28 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Failed password for root from 146.190.246.86 port 46414 ssh2
Sep 28 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Connection closed by 146.190.246.86 port 46414 [preauth]
Sep 28 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5034]: pam_unix(cron:session): session closed for user root
Sep 28 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Invalid user dev from 146.190.246.86
Sep 28 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: input_userauth_request: invalid user dev [preauth]
Sep 28 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Failed password for invalid user dev from 146.190.246.86 port 57970 ssh2
Sep 28 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6416]: Connection closed by 146.190.246.86 port 57970 [preauth]
Sep 28 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Invalid user apache from 196.251.69.141
Sep 28 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for invalid user apache from 196.251.69.141 port 49804 ssh2
Sep 28 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Connection closed by 196.251.69.141 port 49804 [preauth]
Sep 28 11:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: Invalid user user from 146.190.246.86
Sep 28 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: input_userauth_request: invalid user user [preauth]
Sep 28 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: Failed password for invalid user user from 146.190.246.86 port 48390 ssh2
Sep 28 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6457]: Connection closed by 146.190.246.86 port 48390 [preauth]
Sep 28 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Invalid user mcguitaruser from 20.163.71.109
Sep 28 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: input_userauth_request: invalid user mcguitaruser [preauth]
Sep 28 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Failed password for invalid user mcguitaruser from 20.163.71.109 port 47004 ssh2
Sep 28 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Connection closed by 20.163.71.109 port 47004 [preauth]
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session closed for user root
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6573]: Successful su for rubyman by root
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6573]: + ??? root:rubyman
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308005 of user rubyman.
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6573]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308005.
Sep 28 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Invalid user sftpuser from 146.190.246.86
Sep 28 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: input_userauth_request: invalid user sftpuser [preauth]
Sep 28 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session closed for user root
Sep 28 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session closed for user root
Sep 28 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for invalid user sftpuser from 146.190.246.86 port 44106 ssh2
Sep 28 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Connection closed by 146.190.246.86 port 44106 [preauth]
Sep 28 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: User ftp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: input_userauth_request: invalid user ftp [preauth]
Sep 28 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=ftp
Sep 28 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Failed password for invalid user ftp from 146.190.246.86 port 54146 ssh2
Sep 28 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Connection closed by 146.190.246.86 port 54146 [preauth]
Sep 28 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Invalid user nagios from 146.190.246.86
Sep 28 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: input_userauth_request: invalid user nagios [preauth]
Sep 28 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Invalid user apache from 196.251.69.141
Sep 28 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Failed password for invalid user nagios from 146.190.246.86 port 48454 ssh2
Sep 28 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Connection closed by 146.190.246.86 port 48454 [preauth]
Sep 28 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Failed password for invalid user apache from 196.251.69.141 port 48506 ssh2
Sep 28 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Connection closed by 196.251.69.141 port 48506 [preauth]
Sep 28 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5576]: pam_unix(cron:session): session closed for user root
Sep 28 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: User bin from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: input_userauth_request: invalid user bin [preauth]
Sep 28 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=bin
Sep 28 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Failed password for invalid user bin from 146.190.246.86 port 55898 ssh2
Sep 28 11:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Connection closed by 146.190.246.86 port 55898 [preauth]
Sep 28 11:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: Invalid user docker from 146.190.246.86
Sep 28 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: Failed password for invalid user docker from 146.190.246.86 port 38500 ssh2
Sep 28 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7052]: Connection closed by 146.190.246.86 port 38500 [preauth]
Sep 28 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: Successful su for rubyman by root
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: + ??? root:rubyman
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308011 of user rubyman.
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308011.
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: Invalid user ranger from 146.190.246.86
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: input_userauth_request: invalid user ranger [preauth]
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: Failed password for invalid user ranger from 146.190.246.86 port 38852 ssh2
Sep 28 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7260]: Connection closed by 146.190.246.86 port 38852 [preauth]
Sep 28 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session closed for user root
Sep 28 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7089]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: Invalid user apache from 196.251.69.141
Sep 28 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: Failed password for invalid user apache from 196.251.69.141 port 47172 ssh2
Sep 28 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: Connection closed by 196.251.69.141 port 47172 [preauth]
Sep 28 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Invalid user openvpn from 146.190.246.86
Sep 28 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Failed password for invalid user openvpn from 146.190.246.86 port 54536 ssh2
Sep 28 11:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Connection closed by 146.190.246.86 port 54536 [preauth]
Sep 28 11:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for root from 146.190.246.86 port 37270 ssh2
Sep 28 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Connection closed by 146.190.246.86 port 37270 [preauth]
Sep 28 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session closed for user root
Sep 28 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Invalid user blockchain from 146.190.246.86
Sep 28 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: input_userauth_request: invalid user blockchain [preauth]
Sep 28 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Failed password for invalid user blockchain from 146.190.246.86 port 53480 ssh2
Sep 28 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7568]: Connection closed by 146.190.246.86 port 53480 [preauth]
Sep 28 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Invalid user webuser from 146.190.246.86
Sep 28 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: input_userauth_request: invalid user webuser [preauth]
Sep 28 11:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for invalid user webuser from 146.190.246.86 port 48430 ssh2
Sep 28 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Connection closed by 146.190.246.86 port 48430 [preauth]
Sep 28 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Invalid user apache from 196.251.69.141
Sep 28 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Failed password for invalid user apache from 196.251.69.141 port 45994 ssh2
Sep 28 11:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Connection closed by 196.251.69.141 port 45994 [preauth]
Sep 28 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: Invalid user steam from 146.190.246.86
Sep 28 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: input_userauth_request: invalid user steam [preauth]
Sep 28 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7707]: Successful su for rubyman by root
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7707]: + ??? root:rubyman
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308016 of user rubyman.
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7707]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308016.
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: Failed password for invalid user steam from 146.190.246.86 port 50124 ssh2
Sep 28 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7629]: Connection closed by 146.190.246.86 port 50124 [preauth]
Sep 28 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session closed for user root
Sep 28 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Invalid user vps from 146.190.246.86
Sep 28 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: input_userauth_request: invalid user vps [preauth]
Sep 28 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Failed password for invalid user vps from 146.190.246.86 port 56938 ssh2
Sep 28 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Connection closed by 146.190.246.86 port 56938 [preauth]
Sep 28 11:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Invalid user tomcat from 146.190.246.86
Sep 28 11:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 11:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Failed password for invalid user tomcat from 146.190.246.86 port 39686 ssh2
Sep 28 11:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Connection closed by 146.190.246.86 port 39686 [preauth]
Sep 28 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: Invalid user appuser from 146.190.246.86
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: input_userauth_request: invalid user appuser [preauth]
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: Invalid user apache from 196.251.69.141
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session closed for user root
Sep 28 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: Failed password for invalid user appuser from 146.190.246.86 port 54598 ssh2
Sep 28 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8042]: Connection closed by 146.190.246.86 port 54598 [preauth]
Sep 28 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: Failed password for invalid user apache from 196.251.69.141 port 44210 ssh2
Sep 28 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8025]: Connection closed by 196.251.69.141 port 44210 [preauth]
Sep 28 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: Invalid user odoo from 146.190.246.86
Sep 28 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: input_userauth_request: invalid user odoo [preauth]
Sep 28 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: Failed password for invalid user odoo from 146.190.246.86 port 43410 ssh2
Sep 28 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8091]: Connection closed by 146.190.246.86 port 43410 [preauth]
Sep 28 11:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: Invalid user esuser from 146.190.246.86
Sep 28 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: input_userauth_request: invalid user esuser [preauth]
Sep 28 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: Failed password for invalid user esuser from 146.190.246.86 port 34372 ssh2
Sep 28 11:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8119]: Connection closed by 146.190.246.86 port 34372 [preauth]
Sep 28 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8142]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8217]: Successful su for rubyman by root
Sep 28 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8217]: + ??? root:rubyman
Sep 28 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308020 of user rubyman.
Sep 28 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8217]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308020.
Sep 28 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5033]: pam_unix(cron:session): session closed for user root
Sep 28 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8143]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Invalid user samba from 146.190.246.86
Sep 28 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: input_userauth_request: invalid user samba [preauth]
Sep 28 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user samba from 146.190.246.86 port 50076 ssh2
Sep 28 11:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Connection closed by 146.190.246.86 port 50076 [preauth]
Sep 28 11:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Invalid user apache from 196.251.69.141
Sep 28 11:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Failed password for invalid user apache from 196.251.69.141 port 42748 ssh2
Sep 28 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Connection closed by 196.251.69.141 port 42748 [preauth]
Sep 28 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Invalid user test from 146.190.246.86
Sep 28 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: input_userauth_request: invalid user test [preauth]
Sep 28 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Failed password for invalid user test from 146.190.246.86 port 40116 ssh2
Sep 28 11:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Connection closed by 146.190.246.86 port 40116 [preauth]
Sep 28 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7091]: pam_unix(cron:session): session closed for user root
Sep 28 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: Failed password for root from 146.190.246.86 port 43482 ssh2
Sep 28 11:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: Connection closed by 146.190.246.86 port 43482 [preauth]
Sep 28 11:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8577]: Failed password for root from 146.190.246.86 port 38632 ssh2
Sep 28 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8577]: Connection closed by 146.190.246.86 port 38632 [preauth]
Sep 28 11:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: Invalid user nagios from 146.190.246.86
Sep 28 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: input_userauth_request: invalid user nagios [preauth]
Sep 28 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Invalid user nginx from 196.251.69.141
Sep 28 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: Failed password for invalid user nagios from 146.190.246.86 port 49620 ssh2
Sep 28 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8604]: Connection closed by 146.190.246.86 port 49620 [preauth]
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for invalid user nginx from 196.251.69.141 port 41132 ssh2
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 196.251.69.141 port 41132 [preauth]
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: Successful su for rubyman by root
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: + ??? root:rubyman
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308023 of user rubyman.
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8696]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308023.
Sep 28 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5575]: pam_unix(cron:session): session closed for user root
Sep 28 11:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Invalid user minecraft from 146.190.246.86
Sep 28 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Failed password for invalid user minecraft from 146.190.246.86 port 54154 ssh2
Sep 28 11:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Connection closed by 146.190.246.86 port 54154 [preauth]
Sep 28 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Invalid user docker from 146.190.246.86
Sep 28 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: input_userauth_request: invalid user docker [preauth]
Sep 28 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Failed password for invalid user docker from 146.190.246.86 port 60016 ssh2
Sep 28 11:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Connection closed by 146.190.246.86 port 60016 [preauth]
Sep 28 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Invalid user caddy from 146.190.246.86
Sep 28 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: input_userauth_request: invalid user caddy [preauth]
Sep 28 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Failed password for invalid user caddy from 146.190.246.86 port 43254 ssh2
Sep 28 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Connection closed by 146.190.246.86 port 43254 [preauth]
Sep 28 11:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session closed for user root
Sep 28 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: Invalid user nginx from 196.251.69.141
Sep 28 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Invalid user plex from 146.190.246.86
Sep 28 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: input_userauth_request: invalid user plex [preauth]
Sep 28 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: Failed password for invalid user nginx from 196.251.69.141 port 39700 ssh2
Sep 28 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9121]: Connection closed by 196.251.69.141 port 39700 [preauth]
Sep 28 11:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Failed password for invalid user plex from 146.190.246.86 port 52474 ssh2
Sep 28 11:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Connection closed by 146.190.246.86 port 52474 [preauth]
Sep 28 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: Invalid user grafana from 146.190.246.86
Sep 28 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: input_userauth_request: invalid user grafana [preauth]
Sep 28 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: Failed password for invalid user grafana from 146.190.246.86 port 36532 ssh2
Sep 28 11:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9267]: Connection closed by 146.190.246.86 port 36532 [preauth]
Sep 28 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Invalid user orangepi from 93.152.230.176
Sep 28 11:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: input_userauth_request: invalid user orangepi [preauth]
Sep 28 11:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session closed for user root
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Failed password for invalid user orangepi from 93.152.230.176 port 30012 ssh2
Sep 28 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Received disconnect from 93.152.230.176 port 30012:11: Client disconnecting normally [preauth]
Sep 28 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Disconnected from 93.152.230.176 port 30012 [preauth]
Sep 28 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: Successful su for rubyman by root
Sep 28 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: + ??? root:rubyman
Sep 28 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308028 of user rubyman.
Sep 28 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308028.
Sep 28 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session closed for user root
Sep 28 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user root
Sep 28 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Failed password for invalid user ubuntu from 146.190.246.86 port 45236 ssh2
Sep 28 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Connection closed by 146.190.246.86 port 45236 [preauth]
Sep 28 11:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Invalid user wireguard from 146.190.246.86
Sep 28 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: input_userauth_request: invalid user wireguard [preauth]
Sep 28 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Failed password for invalid user wireguard from 146.190.246.86 port 38848 ssh2
Sep 28 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Connection closed by 146.190.246.86 port 38848 [preauth]
Sep 28 11:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Invalid user nginx from 196.251.69.141
Sep 28 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user nginx from 196.251.69.141 port 38144 ssh2
Sep 28 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Connection closed by 196.251.69.141 port 38144 [preauth]
Sep 28 11:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 11:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 11:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 34090 ssh2
Sep 28 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: Connection closed by 146.190.246.86 port 34090 [preauth]
Sep 28 11:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8145]: pam_unix(cron:session): session closed for user root
Sep 28 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Failed password for root from 146.190.246.86 port 41526 ssh2
Sep 28 11:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Connection closed by 146.190.246.86 port 41526 [preauth]
Sep 28 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Invalid user rsync from 146.190.246.86
Sep 28 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: input_userauth_request: invalid user rsync [preauth]
Sep 28 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Failed password for invalid user rsync from 146.190.246.86 port 34750 ssh2
Sep 28 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Connection closed by 146.190.246.86 port 34750 [preauth]
Sep 28 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9898]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9975]: Successful su for rubyman by root
Sep 28 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9975]: + ??? root:rubyman
Sep 28 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308035 of user rubyman.
Sep 28 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9975]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308035.
Sep 28 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Invalid user nginx from 196.251.69.141
Sep 28 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session closed for user root
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Failed password for root from 146.190.246.86 port 56666 ssh2
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Connection closed by 146.190.246.86 port 56666 [preauth]
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Invalid user admin from 78.128.112.74
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9899]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Failed password for invalid user nginx from 196.251.69.141 port 36654 ssh2
Sep 28 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10143]: Connection closed by 196.251.69.141 port 36654 [preauth]
Sep 28 11:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for invalid user admin from 78.128.112.74 port 54648 ssh2
Sep 28 11:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Connection closed by 78.128.112.74 port 54648 [preauth]
Sep 28 11:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Invalid user cassandra from 146.190.246.86
Sep 28 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: input_userauth_request: invalid user cassandra [preauth]
Sep 28 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Failed password for invalid user cassandra from 146.190.246.86 port 41408 ssh2
Sep 28 11:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Connection closed by 146.190.246.86 port 41408 [preauth]
Sep 28 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: Invalid user palworld from 146.190.246.86
Sep 28 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: input_userauth_request: invalid user palworld [preauth]
Sep 28 11:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: Failed password for invalid user palworld from 146.190.246.86 port 35540 ssh2
Sep 28 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10274]: Connection closed by 146.190.246.86 port 35540 [preauth]
Sep 28 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8628]: pam_unix(cron:session): session closed for user root
Sep 28 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 58190 ssh2
Sep 28 11:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Connection closed by 146.190.246.86 port 58190 [preauth]
Sep 28 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Invalid user nginx from 196.251.69.141
Sep 28 11:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Invalid user dolphin from 146.190.246.86
Sep 28 11:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 11:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Failed password for invalid user nginx from 196.251.69.141 port 35312 ssh2
Sep 28 11:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Connection closed by 196.251.69.141 port 35312 [preauth]
Sep 28 11:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Failed password for invalid user dolphin from 146.190.246.86 port 49330 ssh2
Sep 28 11:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Connection closed by 146.190.246.86 port 49330 [preauth]
Sep 28 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10390]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10389]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10386]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: Successful su for rubyman by root
Sep 28 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: + ??? root:rubyman
Sep 28 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308038 of user rubyman.
Sep 28 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308038.
Sep 28 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session closed for user root
Sep 28 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Failed password for root from 146.190.246.86 port 38290 ssh2
Sep 28 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 146.190.246.86 port 38290 [preauth]
Sep 28 11:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10387]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Invalid user huawei from 146.190.246.86
Sep 28 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Failed password for invalid user huawei from 146.190.246.86 port 55106 ssh2
Sep 28 11:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Connection closed by 146.190.246.86 port 55106 [preauth]
Sep 28 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for root from 146.190.246.86 port 44630 ssh2
Sep 28 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Connection closed by 146.190.246.86 port 44630 [preauth]
Sep 28 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Invalid user nginx from 196.251.69.141
Sep 28 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for invalid user nginx from 196.251.69.141 port 33474 ssh2
Sep 28 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Connection closed by 196.251.69.141 port 33474 [preauth]
Sep 28 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Sep 28 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: User mysql from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: input_userauth_request: invalid user mysql [preauth]
Sep 28 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=mysql
Sep 28 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Failed password for invalid user mysql from 146.190.246.86 port 36596 ssh2
Sep 28 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Connection closed by 146.190.246.86 port 36596 [preauth]
Sep 28 11:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Invalid user hadoop from 146.190.246.86
Sep 28 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for invalid user hadoop from 146.190.246.86 port 44632 ssh2
Sep 28 11:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 146.190.246.86 port 44632 [preauth]
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Invalid user deepspeed from 146.190.246.86
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: input_userauth_request: invalid user deepspeed [preauth]
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: Successful su for rubyman by root
Sep 28 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: + ??? root:rubyman
Sep 28 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308042 of user rubyman.
Sep 28 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308042.
Sep 28 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Failed password for invalid user deepspeed from 146.190.246.86 port 57436 ssh2
Sep 28 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Connection closed by 146.190.246.86 port 57436 [preauth]
Sep 28 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7634]: pam_unix(cron:session): session closed for user root
Sep 28 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Invalid user dst from 146.190.246.86
Sep 28 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: input_userauth_request: invalid user dst [preauth]
Sep 28 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for invalid user dst from 146.190.246.86 port 37446 ssh2
Sep 28 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Connection closed by 146.190.246.86 port 37446 [preauth]
Sep 28 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Invalid user nginx from 196.251.69.141
Sep 28 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Failed password for invalid user nginx from 196.251.69.141 port 60254 ssh2
Sep 28 11:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Connection closed by 196.251.69.141 port 60254 [preauth]
Sep 28 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Invalid user wordpress from 146.190.246.86
Sep 28 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Failed password for invalid user wordpress from 146.190.246.86 port 57248 ssh2
Sep 28 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Connection closed by 146.190.246.86 port 57248 [preauth]
Sep 28 11:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session closed for user root
Sep 28 11:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Invalid user wang from 146.190.246.86
Sep 28 11:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: input_userauth_request: invalid user wang [preauth]
Sep 28 11:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Failed password for invalid user wang from 146.190.246.86 port 39864 ssh2
Sep 28 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11198]: Connection closed by 146.190.246.86 port 39864 [preauth]
Sep 28 11:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Invalid user wordpress from 146.190.246.86
Sep 28 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Failed password for invalid user wordpress from 146.190.246.86 port 52614 ssh2
Sep 28 11:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Connection closed by 146.190.246.86 port 52614 [preauth]
Sep 28 11:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Invalid user nginx from 196.251.69.141
Sep 28 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for invalid user nginx from 196.251.69.141 port 58622 ssh2
Sep 28 11:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Connection closed by 196.251.69.141 port 58622 [preauth]
Sep 28 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Invalid user tom from 146.190.246.86
Sep 28 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: input_userauth_request: invalid user tom [preauth]
Sep 28 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Failed password for invalid user tom from 146.190.246.86 port 46264 ssh2
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Connection closed by 146.190.246.86 port 46264 [preauth]
Sep 28 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11350]: Successful su for rubyman by root
Sep 28 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11350]: + ??? root:rubyman
Sep 28 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308046 of user rubyman.
Sep 28 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11350]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308046.
Sep 28 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8144]: pam_unix(cron:session): session closed for user root
Sep 28 11:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Failed password for root from 146.190.246.86 port 39930 ssh2
Sep 28 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Connection closed by 146.190.246.86 port 39930 [preauth]
Sep 28 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: User ftp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: input_userauth_request: invalid user ftp [preauth]
Sep 28 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=ftp
Sep 28 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Failed password for invalid user ftp from 146.190.246.86 port 36496 ssh2
Sep 28 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Connection closed by 146.190.246.86 port 36496 [preauth]
Sep 28 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10390]: pam_unix(cron:session): session closed for user root
Sep 28 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Failed password for root from 146.190.246.86 port 33760 ssh2
Sep 28 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Connection closed by 146.190.246.86 port 33760 [preauth]
Sep 28 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Invalid user nginx from 196.251.69.141
Sep 28 11:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: input_userauth_request: invalid user nginx [preauth]
Sep 28 11:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Failed password for invalid user nginx from 196.251.69.141 port 57088 ssh2
Sep 28 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Connection closed by 196.251.69.141 port 57088 [preauth]
Sep 28 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Invalid user admin from 146.190.246.86
Sep 28 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Failed password for invalid user admin from 146.190.246.86 port 45150 ssh2
Sep 28 11:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Connection closed by 146.190.246.86 port 45150 [preauth]
Sep 28 11:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Failed password for root from 146.190.246.86 port 37626 ssh2
Sep 28 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Connection closed by 146.190.246.86 port 37626 [preauth]
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11822]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11825]: pam_unix(cron:session): session closed for user root
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: Successful su for rubyman by root
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: + ??? root:rubyman
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308053 of user rubyman.
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308053.
Sep 28 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11822]: pam_unix(cron:session): session closed for user root
Sep 28 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session closed for user root
Sep 28 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11820]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Invalid user steam from 146.190.246.86
Sep 28 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: input_userauth_request: invalid user steam [preauth]
Sep 28 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Failed password for invalid user steam from 146.190.246.86 port 57972 ssh2
Sep 28 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Connection closed by 146.190.246.86 port 57972 [preauth]
Sep 28 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Invalid user operator from 196.251.69.141
Sep 28 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for invalid user ubuntu from 146.190.246.86 port 54142 ssh2
Sep 28 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Connection closed by 146.190.246.86 port 54142 [preauth]
Sep 28 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Failed password for invalid user operator from 196.251.69.141 port 55244 ssh2
Sep 28 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Connection closed by 196.251.69.141 port 55244 [preauth]
Sep 28 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Invalid user webuser from 146.190.246.86
Sep 28 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: input_userauth_request: invalid user webuser [preauth]
Sep 28 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user root
Sep 28 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Failed password for invalid user webuser from 146.190.246.86 port 52252 ssh2
Sep 28 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Connection closed by 146.190.246.86 port 52252 [preauth]
Sep 28 11:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Invalid user oracle from 146.190.246.86
Sep 28 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Failed password for invalid user oracle from 146.190.246.86 port 41946 ssh2
Sep 28 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Connection closed by 146.190.246.86 port 41946 [preauth]
Sep 28 11:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12285]: Failed password for root from 146.190.246.86 port 40660 ssh2
Sep 28 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12285]: Connection closed by 146.190.246.86 port 40660 [preauth]
Sep 28 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: Successful su for rubyman by root
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: + ??? root:rubyman
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308056 of user rubyman.
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308056.
Sep 28 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Invalid user operator from 196.251.69.141
Sep 28 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for invalid user operator from 196.251.69.141 port 53946 ssh2
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Connection closed by 196.251.69.141 port 53946 [preauth]
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Invalid user user from 146.190.246.86
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: input_userauth_request: invalid user user [preauth]
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user root
Sep 28 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Failed password for invalid user user from 146.190.246.86 port 42114 ssh2
Sep 28 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Connection closed by 146.190.246.86 port 42114 [preauth]
Sep 28 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Invalid user oracle from 146.190.246.86
Sep 28 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Failed password for invalid user oracle from 146.190.246.86 port 40118 ssh2
Sep 28 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12608]: Connection closed by 146.190.246.86 port 40118 [preauth]
Sep 28 11:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Invalid user tom from 146.190.246.86
Sep 28 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: input_userauth_request: invalid user tom [preauth]
Sep 28 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Failed password for invalid user tom from 146.190.246.86 port 46984 ssh2
Sep 28 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Connection closed by 146.190.246.86 port 46984 [preauth]
Sep 28 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user root
Sep 28 11:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Invalid user terraria from 146.190.246.86
Sep 28 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: input_userauth_request: invalid user terraria [preauth]
Sep 28 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Failed password for invalid user terraria from 146.190.246.86 port 35684 ssh2
Sep 28 11:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Connection closed by 146.190.246.86 port 35684 [preauth]
Sep 28 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Invalid user operator from 196.251.69.141
Sep 28 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Failed password for invalid user operator from 196.251.69.141 port 52208 ssh2
Sep 28 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Connection closed by 196.251.69.141 port 52208 [preauth]
Sep 28 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Invalid user gitlab from 146.190.246.86
Sep 28 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Failed password for invalid user gitlab from 146.190.246.86 port 33322 ssh2
Sep 28 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Connection closed by 146.190.246.86 port 33322 [preauth]
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12766]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12831]: Successful su for rubyman by root
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12831]: + ??? root:rubyman
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308059 of user rubyman.
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12831]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308059.
Sep 28 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session closed for user root
Sep 28 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: Invalid user vagrant from 146.190.246.86
Sep 28 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12764]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: Failed password for invalid user vagrant from 146.190.246.86 port 49320 ssh2
Sep 28 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13025]: Connection closed by 146.190.246.86 port 49320 [preauth]
Sep 28 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Invalid user opc from 146.190.246.86
Sep 28 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: input_userauth_request: invalid user opc [preauth]
Sep 28 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Failed password for invalid user opc from 146.190.246.86 port 40472 ssh2
Sep 28 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Connection closed by 146.190.246.86 port 40472 [preauth]
Sep 28 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Invalid user operator from 196.251.69.141
Sep 28 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: Invalid user test from 146.190.246.86
Sep 28 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: input_userauth_request: invalid user test [preauth]
Sep 28 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Failed password for invalid user operator from 196.251.69.141 port 50652 ssh2
Sep 28 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Connection closed by 196.251.69.141 port 50652 [preauth]
Sep 28 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: Failed password for invalid user test from 146.190.246.86 port 48948 ssh2
Sep 28 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: Connection closed by 146.190.246.86 port 48948 [preauth]
Sep 28 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11824]: pam_unix(cron:session): session closed for user root
Sep 28 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Invalid user dev from 146.190.246.86
Sep 28 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: input_userauth_request: invalid user dev [preauth]
Sep 28 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Failed password for invalid user dev from 146.190.246.86 port 34944 ssh2
Sep 28 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13154]: Connection closed by 146.190.246.86 port 34944 [preauth]
Sep 28 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Invalid user ts from 146.190.246.86
Sep 28 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: input_userauth_request: invalid user ts [preauth]
Sep 28 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Failed password for invalid user ts from 146.190.246.86 port 52280 ssh2
Sep 28 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Connection closed by 146.190.246.86 port 52280 [preauth]
Sep 28 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13287]: Successful su for rubyman by root
Sep 28 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13287]: + ??? root:rubyman
Sep 28 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308063 of user rubyman.
Sep 28 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13287]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308063.
Sep 28 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Invalid user gmod from 146.190.246.86
Sep 28 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: input_userauth_request: invalid user gmod [preauth]
Sep 28 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10389]: pam_unix(cron:session): session closed for user root
Sep 28 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Failed password for invalid user gmod from 146.190.246.86 port 46754 ssh2
Sep 28 11:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Connection closed by 146.190.246.86 port 46754 [preauth]
Sep 28 11:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Invalid user operator from 196.251.69.141
Sep 28 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Failed password for invalid user operator from 196.251.69.141 port 49130 ssh2
Sep 28 11:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Connection closed by 196.251.69.141 port 49130 [preauth]
Sep 28 11:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Failed password for root from 146.190.246.86 port 48160 ssh2
Sep 28 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Connection closed by 146.190.246.86 port 48160 [preauth]
Sep 28 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: Invalid user redis from 146.190.246.86
Sep 28 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: Failed password for invalid user redis from 146.190.246.86 port 50668 ssh2
Sep 28 11:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13562]: Connection closed by 146.190.246.86 port 50668 [preauth]
Sep 28 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Invalid user wanggang from 190.103.202.7
Sep 28 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: input_userauth_request: invalid user wanggang [preauth]
Sep 28 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session closed for user root
Sep 28 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Failed password for invalid user wanggang from 190.103.202.7 port 50000 ssh2
Sep 28 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Connection closed by 190.103.202.7 port 50000 [preauth]
Sep 28 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Invalid user hadoop from 146.190.246.86
Sep 28 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Failed password for invalid user hadoop from 146.190.246.86 port 40228 ssh2
Sep 28 11:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Connection closed by 146.190.246.86 port 40228 [preauth]
Sep 28 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Invalid user dev from 146.190.246.86
Sep 28 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: input_userauth_request: invalid user dev [preauth]
Sep 28 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for invalid user dev from 146.190.246.86 port 52036 ssh2
Sep 28 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 146.190.246.86 port 52036 [preauth]
Sep 28 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: Invalid user operator from 196.251.69.141
Sep 28 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: Failed password for invalid user operator from 196.251.69.141 port 47606 ssh2
Sep 28 11:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13637]: Connection closed by 196.251.69.141 port 47606 [preauth]
Sep 28 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13659]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13657]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13729]: Successful su for rubyman by root
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13729]: + ??? root:rubyman
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308067 of user rubyman.
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13729]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308067.
Sep 28 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Invalid user redis from 146.190.246.86
Sep 28 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Failed password for invalid user redis from 146.190.246.86 port 53666 ssh2
Sep 28 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Connection closed by 146.190.246.86 port 53666 [preauth]
Sep 28 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user root
Sep 28 11:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Invalid user amandabackup from 146.190.246.86
Sep 28 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: input_userauth_request: invalid user amandabackup [preauth]
Sep 28 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Failed password for invalid user amandabackup from 146.190.246.86 port 46314 ssh2
Sep 28 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Connection closed by 146.190.246.86 port 46314 [preauth]
Sep 28 11:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Failed password for root from 146.190.246.86 port 57302 ssh2
Sep 28 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Connection closed by 146.190.246.86 port 57302 [preauth]
Sep 28 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12766]: pam_unix(cron:session): session closed for user root
Sep 28 11:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Invalid user operator from 196.251.69.141
Sep 28 11:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Invalid user grafana from 146.190.246.86
Sep 28 11:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: input_userauth_request: invalid user grafana [preauth]
Sep 28 11:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Failed password for invalid user operator from 196.251.69.141 port 46078 ssh2
Sep 28 11:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Connection closed by 196.251.69.141 port 46078 [preauth]
Sep 28 11:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Failed password for invalid user grafana from 146.190.246.86 port 46346 ssh2
Sep 28 11:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Connection closed by 146.190.246.86 port 46346 [preauth]
Sep 28 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for root from 146.190.246.86 port 54332 ssh2
Sep 28 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Connection closed by 146.190.246.86 port 54332 [preauth]
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session closed for user root
Sep 28 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: Successful su for rubyman by root
Sep 28 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: + ??? root:rubyman
Sep 28 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308071 of user rubyman.
Sep 28 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308071.
Sep 28 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user Administrator from 146.190.246.86
Sep 28 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session closed for user root
Sep 28 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
Sep 28 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user Administrator from 146.190.246.86 port 60462 ssh2
Sep 28 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 146.190.246.86 port 60462 [preauth]
Sep 28 11:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Invalid user dolphin from 146.190.246.86
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: Invalid user operator from 196.251.69.141
Sep 28 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: Failed password for invalid user operator from 196.251.69.141 port 44558 ssh2
Sep 28 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: Connection closed by 196.251.69.141 port 44558 [preauth]
Sep 28 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Failed password for invalid user dolphin from 146.190.246.86 port 45438 ssh2
Sep 28 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Connection closed by 146.190.246.86 port 45438 [preauth]
Sep 28 11:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: Failed password for root from 146.190.246.86 port 32874 ssh2
Sep 28 11:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: Connection closed by 146.190.246.86 port 32874 [preauth]
Sep 28 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session closed for user root
Sep 28 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Invalid user centos from 146.190.246.86
Sep 28 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Failed password for invalid user centos from 146.190.246.86 port 53414 ssh2
Sep 28 11:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Connection closed by 146.190.246.86 port 53414 [preauth]
Sep 28 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: Invalid user satisfactory from 146.190.246.86
Sep 28 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: Failed password for invalid user satisfactory from 146.190.246.86 port 53754 ssh2
Sep 28 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: Connection closed by 146.190.246.86 port 53754 [preauth]
Sep 28 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Invalid user operator from 196.251.69.141
Sep 28 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: input_userauth_request: invalid user operator [preauth]
Sep 28 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14651]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Failed password for invalid user operator from 196.251.69.141 port 42768 ssh2
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Connection closed by 196.251.69.141 port 42768 [preauth]
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14716]: Successful su for rubyman by root
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14716]: + ??? root:rubyman
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308077 of user rubyman.
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14716]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308077.
Sep 28 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Invalid user palworld from 146.190.246.86
Sep 28 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: input_userauth_request: invalid user palworld [preauth]
Sep 28 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Failed password for invalid user palworld from 146.190.246.86 port 46412 ssh2
Sep 28 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Connection closed by 146.190.246.86 port 46412 [preauth]
Sep 28 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11823]: pam_unix(cron:session): session closed for user root
Sep 28 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14652]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: Invalid user odoo from 146.190.246.86
Sep 28 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: input_userauth_request: invalid user odoo [preauth]
Sep 28 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: Failed password for invalid user odoo from 146.190.246.86 port 41076 ssh2
Sep 28 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14943]: Connection closed by 146.190.246.86 port 41076 [preauth]
Sep 28 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Invalid user sftp from 146.190.246.86
Sep 28 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: input_userauth_request: invalid user sftp [preauth]
Sep 28 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Failed password for invalid user sftp from 146.190.246.86 port 45542 ssh2
Sep 28 11:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Connection closed by 146.190.246.86 port 45542 [preauth]
Sep 28 11:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Invalid user user from 62.60.131.157
Sep 28 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: input_userauth_request: invalid user user [preauth]
Sep 28 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user user from 62.60.131.157 port 14588 ssh2
Sep 28 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user user from 62.60.131.157 port 14588 ssh2
Sep 28 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session closed for user root
Sep 28 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user user from 62.60.131.157 port 14588 ssh2
Sep 28 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user user from 62.60.131.157 port 14588 ssh2
Sep 28 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for root from 146.190.246.86 port 46998 ssh2
Sep 28 11:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Connection closed by 146.190.246.86 port 46998 [preauth]
Sep 28 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user user from 62.60.131.157 port 14588 ssh2
Sep 28 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Received disconnect from 62.60.131.157 port 14588:11: Bye [preauth]
Sep 28 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Disconnected from 62.60.131.157 port 14588 [preauth]
Sep 28 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: Invalid user developer from 196.251.69.141
Sep 28 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: Failed password for invalid user developer from 196.251.69.141 port 41112 ssh2
Sep 28 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15044]: Connection closed by 196.251.69.141 port 41112 [preauth]
Sep 28 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: Failed password for root from 146.190.246.86 port 45780 ssh2
Sep 28 11:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: Connection closed by 146.190.246.86 port 45780 [preauth]
Sep 28 11:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: Invalid user ampache from 146.190.246.86
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: input_userauth_request: invalid user ampache [preauth]
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: Successful su for rubyman by root
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: + ??? root:rubyman
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308081 of user rubyman.
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308081.
Sep 28 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: Failed password for invalid user ampache from 146.190.246.86 port 38266 ssh2
Sep 28 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15089]: Connection closed by 146.190.246.86 port 38266 [preauth]
Sep 28 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session closed for user root
Sep 28 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15093]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Invalid user esuser from 146.190.246.86
Sep 28 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: input_userauth_request: invalid user esuser [preauth]
Sep 28 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Failed password for invalid user esuser from 146.190.246.86 port 54378 ssh2
Sep 28 11:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Connection closed by 146.190.246.86 port 54378 [preauth]
Sep 28 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Invalid user rancher from 146.190.246.86
Sep 28 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: input_userauth_request: invalid user rancher [preauth]
Sep 28 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Failed password for invalid user rancher from 146.190.246.86 port 35656 ssh2
Sep 28 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Invalid user developer from 196.251.69.141
Sep 28 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Connection closed by 146.190.246.86 port 35656 [preauth]
Sep 28 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user developer from 196.251.69.141 port 39600 ssh2
Sep 28 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Connection closed by 196.251.69.141 port 39600 [preauth]
Sep 28 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user root
Sep 28 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Invalid user logstash from 146.190.246.86
Sep 28 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: input_userauth_request: invalid user logstash [preauth]
Sep 28 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Failed password for invalid user logstash from 146.190.246.86 port 46612 ssh2
Sep 28 11:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Connection closed by 146.190.246.86 port 46612 [preauth]
Sep 28 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Invalid user www from 146.190.246.86
Sep 28 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: input_userauth_request: invalid user www [preauth]
Sep 28 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Failed password for invalid user www from 146.190.246.86 port 55708 ssh2
Sep 28 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Connection closed by 146.190.246.86 port 55708 [preauth]
Sep 28 11:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Invalid user demo from 146.190.246.86
Sep 28 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: input_userauth_request: invalid user demo [preauth]
Sep 28 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15520]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Failed password for invalid user demo from 146.190.246.86 port 60602 ssh2
Sep 28 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Connection closed by 146.190.246.86 port 60602 [preauth]
Sep 28 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15594]: Successful su for rubyman by root
Sep 28 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15594]: + ??? root:rubyman
Sep 28 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308087 of user rubyman.
Sep 28 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15594]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308087.
Sep 28 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12765]: pam_unix(cron:session): session closed for user root
Sep 28 11:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15521]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Invalid user developer from 196.251.69.141
Sep 28 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: Invalid user es from 146.190.246.86
Sep 28 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: input_userauth_request: invalid user es [preauth]
Sep 28 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Failed password for invalid user developer from 196.251.69.141 port 37320 ssh2
Sep 28 11:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15793]: Connection closed by 196.251.69.141 port 37320 [preauth]
Sep 28 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: Failed password for invalid user es from 146.190.246.86 port 51738 ssh2
Sep 28 11:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: Connection closed by 146.190.246.86 port 51738 [preauth]
Sep 28 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Invalid user sol from 146.190.246.86
Sep 28 11:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: input_userauth_request: invalid user sol [preauth]
Sep 28 11:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Failed password for invalid user sol from 146.190.246.86 port 41732 ssh2
Sep 28 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Connection closed by 146.190.246.86 port 41732 [preauth]
Sep 28 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Invalid user support from 93.152.230.176
Sep 28 11:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: input_userauth_request: invalid user support [preauth]
Sep 28 11:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Failed password for invalid user support from 93.152.230.176 port 6929 ssh2
Sep 28 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Received disconnect from 93.152.230.176 port 6929:11: Client disconnecting normally [preauth]
Sep 28 11:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Disconnected from 93.152.230.176 port 6929 [preauth]
Sep 28 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Invalid user oracle from 146.190.246.86
Sep 28 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14654]: pam_unix(cron:session): session closed for user root
Sep 28 11:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Failed password for invalid user oracle from 146.190.246.86 port 36850 ssh2
Sep 28 11:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15874]: Connection closed by 146.190.246.86 port 36850 [preauth]
Sep 28 11:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Invalid user hadoop from 146.190.246.86
Sep 28 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Failed password for invalid user hadoop from 146.190.246.86 port 60502 ssh2
Sep 28 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Connection closed by 146.190.246.86 port 60502 [preauth]
Sep 28 11:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Invalid user developer from 196.251.69.141
Sep 28 11:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Failed password for invalid user developer from 196.251.69.141 port 35546 ssh2
Sep 28 11:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Connection closed by 196.251.69.141 port 35546 [preauth]
Sep 28 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 35922 ssh2
Sep 28 11:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 146.190.246.86 port 35922 [preauth]
Sep 28 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16123]: Successful su for rubyman by root
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16123]: + ??? root:rubyman
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308091 of user rubyman.
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16123]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308091.
Sep 28 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user root
Sep 28 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user root
Sep 28 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: Invalid user oscar from 146.190.246.86
Sep 28 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: input_userauth_request: invalid user oscar [preauth]
Sep 28 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: Failed password for invalid user oscar from 146.190.246.86 port 34518 ssh2
Sep 28 11:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: Connection closed by 146.190.246.86 port 34518 [preauth]
Sep 28 11:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: Failed password for root from 146.190.246.86 port 42470 ssh2
Sep 28 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: Connection closed by 146.190.246.86 port 42470 [preauth]
Sep 28 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session closed for user root
Sep 28 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Failed password for invalid user ubuntu from 146.190.246.86 port 52204 ssh2
Sep 28 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Connection closed by 146.190.246.86 port 52204 [preauth]
Sep 28 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Invalid user developer from 196.251.69.141
Sep 28 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Failed password for invalid user developer from 196.251.69.141 port 33670 ssh2
Sep 28 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Connection closed by 196.251.69.141 port 33670 [preauth]
Sep 28 11:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Invalid user apache from 146.190.246.86
Sep 28 11:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: input_userauth_request: invalid user apache [preauth]
Sep 28 11:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Failed password for invalid user apache from 146.190.246.86 port 43040 ssh2
Sep 28 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Connection closed by 146.190.246.86 port 43040 [preauth]
Sep 28 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: Invalid user elasticsearch from 146.190.246.86
Sep 28 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: Failed password for invalid user elasticsearch from 146.190.246.86 port 44184 ssh2
Sep 28 11:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: Connection closed by 146.190.246.86 port 44184 [preauth]
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16509]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user root
Sep 28 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16507]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: Successful su for rubyman by root
Sep 28 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: + ??? root:rubyman
Sep 28 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308095 of user rubyman.
Sep 28 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308095.
Sep 28 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16509]: pam_unix(cron:session): session closed for user root
Sep 28 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13659]: pam_unix(cron:session): session closed for user root
Sep 28 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16508]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Failed password for root from 146.190.246.86 port 51684 ssh2
Sep 28 11:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Connection closed by 146.190.246.86 port 51684 [preauth]
Sep 28 11:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: Invalid user developer from 196.251.69.141
Sep 28 11:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: Failed password for invalid user developer from 196.251.69.141 port 60232 ssh2
Sep 28 11:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: Connection closed by 196.251.69.141 port 60232 [preauth]
Sep 28 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Invalid user cyberpanel from 146.190.246.86
Sep 28 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Failed password for invalid user cyberpanel from 146.190.246.86 port 42318 ssh2
Sep 28 11:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Connection closed by 146.190.246.86 port 42318 [preauth]
Sep 28 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Invalid user satisfactory from 146.190.246.86
Sep 28 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Failed password for invalid user satisfactory from 146.190.246.86 port 51816 ssh2
Sep 28 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Connection closed by 146.190.246.86 port 51816 [preauth]
Sep 28 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session closed for user root
Sep 28 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Invalid user jack from 146.190.246.86
Sep 28 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: input_userauth_request: invalid user jack [preauth]
Sep 28 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Failed password for invalid user jack from 146.190.246.86 port 57758 ssh2
Sep 28 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Connection closed by 146.190.246.86 port 57758 [preauth]
Sep 28 11:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: Invalid user kafka from 46.101.170.54
Sep 28 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: input_userauth_request: invalid user kafka [preauth]
Sep 28 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: Failed password for invalid user kafka from 46.101.170.54 port 58912 ssh2
Sep 28 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16977]: Connection closed by 46.101.170.54 port 58912 [preauth]
Sep 28 11:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16988]: Failed password for root from 146.190.246.86 port 44992 ssh2
Sep 28 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16988]: Connection closed by 146.190.246.86 port 44992 [preauth]
Sep 28 11:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Invalid user developer from 196.251.69.141
Sep 28 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17077]: Successful su for rubyman by root
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17077]: + ??? root:rubyman
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308103 of user rubyman.
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17077]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308103.
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for invalid user developer from 196.251.69.141 port 58078 ssh2
Sep 28 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Connection closed by 196.251.69.141 port 58078 [preauth]
Sep 28 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user root
Sep 28 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Invalid user terraria from 146.190.246.86
Sep 28 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: input_userauth_request: invalid user terraria [preauth]
Sep 28 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Failed password for invalid user terraria from 146.190.246.86 port 51626 ssh2
Sep 28 11:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Connection closed by 146.190.246.86 port 51626 [preauth]
Sep 28 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Invalid user wordpress from 146.190.246.86
Sep 28 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Failed password for invalid user wordpress from 146.190.246.86 port 34272 ssh2
Sep 28 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Connection closed by 146.190.246.86 port 34272 [preauth]
Sep 28 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Invalid user nexus from 146.190.246.86
Sep 28 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: input_userauth_request: invalid user nexus [preauth]
Sep 28 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user root
Sep 28 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Failed password for invalid user nexus from 146.190.246.86 port 38284 ssh2
Sep 28 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Connection closed by 146.190.246.86 port 38284 [preauth]
Sep 28 11:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Invalid user developer from 196.251.69.141
Sep 28 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Invalid user mongodb from 146.190.246.86
Sep 28 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Failed password for invalid user developer from 196.251.69.141 port 55700 ssh2
Sep 28 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Connection closed by 196.251.69.141 port 55700 [preauth]
Sep 28 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Failed password for invalid user mongodb from 146.190.246.86 port 60846 ssh2
Sep 28 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Connection closed by 146.190.246.86 port 60846 [preauth]
Sep 28 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Invalid user ftpuser from 146.190.246.86
Sep 28 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Failed password for invalid user ftpuser from 146.190.246.86 port 40534 ssh2
Sep 28 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Connection closed by 146.190.246.86 port 40534 [preauth]
Sep 28 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17466]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17534]: Successful su for rubyman by root
Sep 28 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17534]: + ??? root:rubyman
Sep 28 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308106 of user rubyman.
Sep 28 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17534]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308106.
Sep 28 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14653]: pam_unix(cron:session): session closed for user root
Sep 28 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17468]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Invalid user steam from 146.190.246.86
Sep 28 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: input_userauth_request: invalid user steam [preauth]
Sep 28 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user steam from 146.190.246.86 port 55552 ssh2
Sep 28 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Connection closed by 146.190.246.86 port 55552 [preauth]
Sep 28 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Invalid user tom from 146.190.246.86
Sep 28 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: input_userauth_request: invalid user tom [preauth]
Sep 28 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Failed password for invalid user tom from 146.190.246.86 port 45674 ssh2
Sep 28 11:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Connection closed by 146.190.246.86 port 45674 [preauth]
Sep 28 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Invalid user developer from 196.251.69.141
Sep 28 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Failed password for invalid user developer from 196.251.69.141 port 54122 ssh2
Sep 28 11:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Connection closed by 196.251.69.141 port 54122 [preauth]
Sep 28 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Invalid user ark from 146.190.246.86
Sep 28 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: input_userauth_request: invalid user ark [preauth]
Sep 28 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Failed password for invalid user ark from 146.190.246.86 port 58152 ssh2
Sep 28 11:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Connection closed by 146.190.246.86 port 58152 [preauth]
Sep 28 11:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user root
Sep 28 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Failed password for root from 146.190.246.86 port 45808 ssh2
Sep 28 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Connection closed by 146.190.246.86 port 45808 [preauth]
Sep 28 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Invalid user palworld from 146.190.246.86
Sep 28 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: input_userauth_request: invalid user palworld [preauth]
Sep 28 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Failed password for invalid user palworld from 146.190.246.86 port 58114 ssh2
Sep 28 11:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Connection closed by 146.190.246.86 port 58114 [preauth]
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18093]: Successful su for rubyman by root
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18093]: + ??? root:rubyman
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308110 of user rubyman.
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18093]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308110.
Sep 28 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session closed for user root
Sep 28 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: Invalid user kodi from 146.190.246.86
Sep 28 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: input_userauth_request: invalid user kodi [preauth]
Sep 28 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Invalid user deploy from 196.251.69.141
Sep 28 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: Failed password for invalid user kodi from 146.190.246.86 port 48128 ssh2
Sep 28 11:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18532]: Connection closed by 146.190.246.86 port 48128 [preauth]
Sep 28 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Failed password for invalid user deploy from 196.251.69.141 port 52308 ssh2
Sep 28 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Connection closed by 196.251.69.141 port 52308 [preauth]
Sep 28 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Failed password for root from 20.163.71.109 port 44580 ssh2
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Connection closed by 20.163.71.109 port 44580 [preauth]
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Invalid user samba from 146.190.246.86
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: input_userauth_request: invalid user samba [preauth]
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Failed password for invalid user samba from 146.190.246.86 port 37366 ssh2
Sep 28 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Connection closed by 146.190.246.86 port 37366 [preauth]
Sep 28 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: Invalid user ftpuser from 146.190.246.86
Sep 28 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session closed for user root
Sep 28 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: Failed password for invalid user ftpuser from 146.190.246.86 port 42340 ssh2
Sep 28 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18636]: Connection closed by 146.190.246.86 port 42340 [preauth]
Sep 28 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for root from 146.190.246.86 port 40492 ssh2
Sep 28 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Connection closed by 146.190.246.86 port 40492 [preauth]
Sep 28 11:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Invalid user deploy from 196.251.69.141
Sep 28 11:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: User uucp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: input_userauth_request: invalid user uucp [preauth]
Sep 28 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=uucp
Sep 28 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Failed password for invalid user deploy from 196.251.69.141 port 50058 ssh2
Sep 28 11:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Connection closed by 196.251.69.141 port 50058 [preauth]
Sep 28 11:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user uucp from 146.190.246.86 port 39282 ssh2
Sep 28 11:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Connection closed by 146.190.246.86 port 39282 [preauth]
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18808]: Successful su for rubyman by root
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18808]: + ??? root:rubyman
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308112 of user rubyman.
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18808]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308112.
Sep 28 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session closed for user root
Sep 28 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Invalid user worker from 146.190.246.86
Sep 28 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: input_userauth_request: invalid user worker [preauth]
Sep 28 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Failed password for invalid user worker from 146.190.246.86 port 41038 ssh2
Sep 28 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Connection closed by 146.190.246.86 port 41038 [preauth]
Sep 28 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Invalid user dst from 146.190.246.86
Sep 28 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: input_userauth_request: invalid user dst [preauth]
Sep 28 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user dst from 146.190.246.86 port 40126 ssh2
Sep 28 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Connection closed by 146.190.246.86 port 40126 [preauth]
Sep 28 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17471]: pam_unix(cron:session): session closed for user root
Sep 28 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Failed password for root from 146.190.246.86 port 43036 ssh2
Sep 28 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19117]: Connection closed by 146.190.246.86 port 43036 [preauth]
Sep 28 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Invalid user redis from 146.190.246.86
Sep 28 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: input_userauth_request: invalid user redis [preauth]
Sep 28 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Failed password for invalid user redis from 146.190.246.86 port 47532 ssh2
Sep 28 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Connection closed by 146.190.246.86 port 47532 [preauth]
Sep 28 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Invalid user deploy from 196.251.69.141
Sep 28 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Failed password for invalid user deploy from 196.251.69.141 port 48418 ssh2
Sep 28 11:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Connection closed by 196.251.69.141 port 48418 [preauth]
Sep 28 11:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: Failed password for root from 146.190.246.86 port 58006 ssh2
Sep 28 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: Connection closed by 146.190.246.86 port 58006 [preauth]
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user root
Sep 28 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19220]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19352]: Successful su for rubyman by root
Sep 28 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19352]: + ??? root:rubyman
Sep 28 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308117 of user rubyman.
Sep 28 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19352]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308117.
Sep 28 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19222]: pam_unix(cron:session): session closed for user root
Sep 28 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session closed for user root
Sep 28 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: User bin from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: input_userauth_request: invalid user bin [preauth]
Sep 28 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=bin
Sep 28 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Failed password for invalid user bin from 146.190.246.86 port 40400 ssh2
Sep 28 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Connection closed by 146.190.246.86 port 40400 [preauth]
Sep 28 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Invalid user testuser from 146.190.246.86
Sep 28 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: input_userauth_request: invalid user testuser [preauth]
Sep 28 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Failed password for invalid user testuser from 146.190.246.86 port 34418 ssh2
Sep 28 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Connection closed by 146.190.246.86 port 34418 [preauth]
Sep 28 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user root
Sep 28 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: Invalid user omsagent from 146.190.246.86
Sep 28 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: input_userauth_request: invalid user omsagent [preauth]
Sep 28 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: Failed password for invalid user omsagent from 146.190.246.86 port 40966 ssh2
Sep 28 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: Connection closed by 146.190.246.86 port 40966 [preauth]
Sep 28 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Invalid user chain from 146.190.246.86
Sep 28 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: input_userauth_request: invalid user chain [preauth]
Sep 28 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Failed password for invalid user chain from 146.190.246.86 port 46914 ssh2
Sep 28 11:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20041]: Connection closed by 146.190.246.86 port 46914 [preauth]
Sep 28 11:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Invalid user centos from 146.190.246.86
Sep 28 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Failed password for invalid user centos from 146.190.246.86 port 44504 ssh2
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Connection closed by 146.190.246.86 port 44504 [preauth]
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20158]: Successful su for rubyman by root
Sep 28 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20158]: + ??? root:rubyman
Sep 28 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308122 of user rubyman.
Sep 28 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20158]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308122.
Sep 28 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session closed for user root
Sep 28 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Invalid user deploy from 196.251.69.141
Sep 28 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: User mysql from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: input_userauth_request: invalid user mysql [preauth]
Sep 28 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=mysql
Sep 28 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for invalid user deploy from 196.251.69.141 port 46460 ssh2
Sep 28 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Connection closed by 196.251.69.141 port 46460 [preauth]
Sep 28 11:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Failed password for invalid user mysql from 146.190.246.86 port 52148 ssh2
Sep 28 11:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Connection closed by 146.190.246.86 port 52148 [preauth]
Sep 28 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: Invalid user admin from 146.190.246.86
Sep 28 11:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: Failed password for invalid user admin from 146.190.246.86 port 54458 ssh2
Sep 28 11:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20460]: Connection closed by 146.190.246.86 port 54458 [preauth]
Sep 28 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session closed for user root
Sep 28 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Failed password for invalid user ubuntu from 146.190.246.86 port 48064 ssh2
Sep 28 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Connection closed by 146.190.246.86 port 48064 [preauth]
Sep 28 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Invalid user dstserver from 146.190.246.86
Sep 28 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: input_userauth_request: invalid user dstserver [preauth]
Sep 28 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Failed password for invalid user dstserver from 146.190.246.86 port 48124 ssh2
Sep 28 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Connection closed by 146.190.246.86 port 48124 [preauth]
Sep 28 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: Successful su for rubyman by root
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: + ??? root:rubyman
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308126 of user rubyman.
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308126.
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Invalid user wang from 146.190.246.86
Sep 28 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: input_userauth_request: invalid user wang [preauth]
Sep 28 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Failed password for invalid user wang from 146.190.246.86 port 54054 ssh2
Sep 28 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session closed for user root
Sep 28 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Connection closed by 146.190.246.86 port 54054 [preauth]
Sep 28 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20573]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: Failed password for root from 146.190.246.86 port 55910 ssh2
Sep 28 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: Connection closed by 146.190.246.86 port 55910 [preauth]
Sep 28 11:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Invalid user vps from 146.190.246.86
Sep 28 11:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: input_userauth_request: invalid user vps [preauth]
Sep 28 11:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Failed password for invalid user vps from 146.190.246.86 port 54944 ssh2
Sep 28 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Connection closed by 146.190.246.86 port 54944 [preauth]
Sep 28 11:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session closed for user root
Sep 28 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Invalid user deploy from 196.251.69.141
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Failed password for invalid user ubuntu from 146.190.246.86 port 60358 ssh2
Sep 28 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Connection closed by 146.190.246.86 port 60358 [preauth]
Sep 28 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Failed password for invalid user deploy from 196.251.69.141 port 39790 ssh2
Sep 28 11:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Connection closed by 196.251.69.141 port 39790 [preauth]
Sep 28 11:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Invalid user web from 146.190.246.86
Sep 28 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: input_userauth_request: invalid user web [preauth]
Sep 28 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Failed password for invalid user web from 146.190.246.86 port 44602 ssh2
Sep 28 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Connection closed by 146.190.246.86 port 44602 [preauth]
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21105]: Successful su for rubyman by root
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21105]: + ??? root:rubyman
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308130 of user rubyman.
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21105]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308130.
Sep 28 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Invalid user demo from 146.190.246.86
Sep 28 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: input_userauth_request: invalid user demo [preauth]
Sep 28 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session closed for user root
Sep 28 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Failed password for invalid user demo from 146.190.246.86 port 35458 ssh2
Sep 28 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Connection closed by 146.190.246.86 port 35458 [preauth]
Sep 28 11:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Invalid user vbox from 146.190.246.86
Sep 28 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: input_userauth_request: invalid user vbox [preauth]
Sep 28 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Failed password for invalid user vbox from 146.190.246.86 port 38366 ssh2
Sep 28 11:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Connection closed by 146.190.246.86 port 38366 [preauth]
Sep 28 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 146.190.246.86 port 60720 ssh2
Sep 28 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Connection closed by 146.190.246.86 port 60720 [preauth]
Sep 28 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user root
Sep 28 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 55124 ssh2
Sep 28 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21407]: Connection closed by 146.190.246.86 port 55124 [preauth]
Sep 28 11:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: Invalid user ftpuser from 146.190.246.86
Sep 28 11:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 11:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: Failed password for invalid user ftpuser from 146.190.246.86 port 54542 ssh2
Sep 28 11:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: Connection closed by 146.190.246.86 port 54542 [preauth]
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21477]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21474]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21537]: Successful su for rubyman by root
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21537]: + ??? root:rubyman
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308135 of user rubyman.
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21537]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308135.
Sep 28 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session closed for user root
Sep 28 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Failed password for root from 146.190.246.86 port 57232 ssh2
Sep 28 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Connection closed by 146.190.246.86 port 57232 [preauth]
Sep 28 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Invalid user deploy from 196.251.69.141
Sep 28 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Failed password for invalid user deploy from 196.251.69.141 port 59516 ssh2
Sep 28 11:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Connection closed by 196.251.69.141 port 59516 [preauth]
Sep 28 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Failed password for root from 146.190.246.86 port 58216 ssh2
Sep 28 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21778]: Connection closed by 146.190.246.86 port 58216 [preauth]
Sep 28 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Invalid user amanda from 146.190.246.86
Sep 28 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: input_userauth_request: invalid user amanda [preauth]
Sep 28 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Failed password for invalid user amanda from 146.190.246.86 port 37218 ssh2
Sep 28 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Connection closed by 146.190.246.86 port 37218 [preauth]
Sep 28 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session closed for user root
Sep 28 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: Invalid user deploy from 146.190.246.86
Sep 28 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: Failed password for invalid user deploy from 146.190.246.86 port 53786 ssh2
Sep 28 11:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: Connection closed by 146.190.246.86 port 53786 [preauth]
Sep 28 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Invalid user admin from 146.190.246.86
Sep 28 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Failed password for invalid user admin from 146.190.246.86 port 47590 ssh2
Sep 28 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Connection closed by 146.190.246.86 port 47590 [preauth]
Sep 28 11:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Did not receive identification string from 196.251.69.141
Sep 28 11:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Invalid user deploy from 196.251.69.141
Sep 28 11:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21933]: pam_unix(cron:session): session closed for user root
Sep 28 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21928]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Failed password for invalid user deploy from 196.251.69.141 port 33700 ssh2
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22004]: Successful su for rubyman by root
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22004]: + ??? root:rubyman
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308139 of user rubyman.
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22004]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308139.
Sep 28 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Connection closed by 196.251.69.141 port 33700 [preauth]
Sep 28 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21930]: pam_unix(cron:session): session closed for user root
Sep 28 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session closed for user root
Sep 28 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: Invalid user huawei from 146.190.246.86
Sep 28 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: Failed password for invalid user huawei from 146.190.246.86 port 40480 ssh2
Sep 28 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22178]: Connection closed by 146.190.246.86 port 40480 [preauth]
Sep 28 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Invalid user webadmin from 146.190.246.86
Sep 28 11:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 11:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Failed password for invalid user webadmin from 146.190.246.86 port 48238 ssh2
Sep 28 11:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Connection closed by 146.190.246.86 port 48238 [preauth]
Sep 28 11:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Invalid user elk from 146.190.246.86
Sep 28 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: input_userauth_request: invalid user elk [preauth]
Sep 28 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Failed password for invalid user elk from 146.190.246.86 port 34098 ssh2
Sep 28 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Connection closed by 146.190.246.86 port 34098 [preauth]
Sep 28 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session closed for user root
Sep 28 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: Invalid user ramon from 212.192.31.32
Sep 28 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: input_userauth_request: invalid user ramon [preauth]
Sep 28 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: Invalid user deploy from 196.251.69.141
Sep 28 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: Failed password for invalid user ramon from 212.192.31.32 port 54072 ssh2
Sep 28 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: Received disconnect from 212.192.31.32 port 54072:11: Bye Bye [preauth]
Sep 28 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: Disconnected from 212.192.31.32 port 54072 [preauth]
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Invalid user node from 146.190.246.86
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: input_userauth_request: invalid user node [preauth]
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: Failed password for invalid user deploy from 196.251.69.141 port 34642 ssh2
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: Connection closed by 196.251.69.141 port 34642 [preauth]
Sep 28 11:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Failed password for invalid user node from 146.190.246.86 port 46812 ssh2
Sep 28 11:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Connection closed by 146.190.246.86 port 46812 [preauth]
Sep 28 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Invalid user ubuntu from 146.190.246.86
Sep 28 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Failed password for invalid user ubuntu from 146.190.246.86 port 58430 ssh2
Sep 28 11:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22406]: Connection closed by 146.190.246.86 port 58430 [preauth]
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22424]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: Successful su for rubyman by root
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: + ??? root:rubyman
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308144 of user rubyman.
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308144.
Sep 28 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Invalid user app from 146.190.246.86
Sep 28 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: input_userauth_request: invalid user app [preauth]
Sep 28 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session closed for user root
Sep 28 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Failed password for invalid user app from 146.190.246.86 port 51218 ssh2
Sep 28 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Connection closed by 146.190.246.86 port 51218 [preauth]
Sep 28 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22426]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Invalid user deploy from 196.251.69.141
Sep 28 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: input_userauth_request: invalid user deploy [preauth]
Sep 28 11:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Failed password for invalid user deploy from 196.251.69.141 port 37090 ssh2
Sep 28 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22931]: Connection closed by 196.251.69.141 port 37090 [preauth]
Sep 28 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: Invalid user jenkins from 146.190.246.86
Sep 28 11:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: input_userauth_request: invalid user jenkins [preauth]
Sep 28 11:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: Failed password for invalid user jenkins from 146.190.246.86 port 55678 ssh2
Sep 28 11:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22943]: Connection closed by 146.190.246.86 port 55678 [preauth]
Sep 28 11:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Invalid user vagrant from 146.190.246.86
Sep 28 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21477]: pam_unix(cron:session): session closed for user root
Sep 28 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Failed password for invalid user vagrant from 146.190.246.86 port 59560 ssh2
Sep 28 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Connection closed by 146.190.246.86 port 59560 [preauth]
Sep 28 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Invalid user xd from 93.152.230.176
Sep 28 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: input_userauth_request: invalid user xd [preauth]
Sep 28 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 11:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Failed password for invalid user xd from 93.152.230.176 port 53453 ssh2
Sep 28 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Received disconnect from 93.152.230.176 port 53453:11: Client disconnecting normally [preauth]
Sep 28 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Disconnected from 93.152.230.176 port 53453 [preauth]
Sep 28 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Invalid user developer from 146.190.246.86
Sep 28 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: input_userauth_request: invalid user developer [preauth]
Sep 28 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Failed password for invalid user developer from 146.190.246.86 port 54310 ssh2
Sep 28 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Connection closed by 146.190.246.86 port 54310 [preauth]
Sep 28 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Invalid user demo from 146.190.246.86
Sep 28 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: input_userauth_request: invalid user demo [preauth]
Sep 28 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Failed password for invalid user ec2-user from 196.251.69.141 port 39706 ssh2
Sep 28 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Connection closed by 196.251.69.141 port 39706 [preauth]
Sep 28 11:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Failed password for invalid user demo from 146.190.246.86 port 41588 ssh2
Sep 28 11:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Connection closed by 146.190.246.86 port 41588 [preauth]
Sep 28 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: Successful su for rubyman by root
Sep 28 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: + ??? root:rubyman
Sep 28 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308151 of user rubyman.
Sep 28 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308151.
Sep 28 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session closed for user root
Sep 28 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23385]: Failed password for root from 146.190.246.86 port 40978 ssh2
Sep 28 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23385]: Connection closed by 146.190.246.86 port 40978 [preauth]
Sep 28 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 11:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: Failed password for root from 36.70.25.238 port 40302 ssh2
Sep 28 11:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: Received disconnect from 36.70.25.238 port 40302:11: Bye Bye [preauth]
Sep 28 11:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: Disconnected from 36.70.25.238 port 40302 [preauth]
Sep 28 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: Invalid user ark from 146.190.246.86
Sep 28 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: input_userauth_request: invalid user ark [preauth]
Sep 28 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Invalid user j from 202.83.162.167
Sep 28 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: input_userauth_request: invalid user j [preauth]
Sep 28 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: Failed password for invalid user ark from 146.190.246.86 port 45528 ssh2
Sep 28 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23495]: Connection closed by 146.190.246.86 port 45528 [preauth]
Sep 28 11:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Failed password for invalid user j from 202.83.162.167 port 52014 ssh2
Sep 28 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Received disconnect from 202.83.162.167 port 52014:11: Bye Bye [preauth]
Sep 28 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Disconnected from 202.83.162.167 port 52014 [preauth]
Sep 28 11:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 11:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 11:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Failed password for invalid user ec2-user from 196.251.69.141 port 42476 ssh2
Sep 28 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Connection closed by 196.251.69.141 port 42476 [preauth]
Sep 28 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 40760 ssh2
Sep 28 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Connection closed by 146.190.246.86 port 40760 [preauth]
Sep 28 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session closed for user root
Sep 28 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: User bin from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: input_userauth_request: invalid user bin [preauth]
Sep 28 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=bin
Sep 28 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: Failed password for invalid user bin from 146.190.246.86 port 33364 ssh2
Sep 28 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: Connection closed by 146.190.246.86 port 33364 [preauth]
Sep 28 11:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Failed password for root from 146.190.246.86 port 51842 ssh2
Sep 28 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Connection closed by 146.190.246.86 port 51842 [preauth]
Sep 28 11:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24013]: Successful su for rubyman by root
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24013]: + ??? root:rubyman
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308152 of user rubyman.
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24013]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308152.
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for invalid user ec2-user from 196.251.69.141 port 44688 ssh2
Sep 28 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Connection closed by 196.251.69.141 port 44688 [preauth]
Sep 28 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Failed password for root from 146.190.246.86 port 50306 ssh2
Sep 28 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Connection closed by 146.190.246.86 port 50306 [preauth]
Sep 28 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session closed for user root
Sep 28 11:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Invalid user logstash from 146.190.246.86
Sep 28 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: input_userauth_request: invalid user logstash [preauth]
Sep 28 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Failed password for invalid user logstash from 146.190.246.86 port 40980 ssh2
Sep 28 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Connection closed by 146.190.246.86 port 40980 [preauth]
Sep 28 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Invalid user huawei from 146.190.246.86
Sep 28 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Failed password for invalid user huawei from 146.190.246.86 port 43044 ssh2
Sep 28 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Connection closed by 146.190.246.86 port 43044 [preauth]
Sep 28 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user root
Sep 28 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Invalid user elasticsearch from 146.190.246.86
Sep 28 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Failed password for invalid user ec2-user from 196.251.69.141 port 46962 ssh2
Sep 28 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24346]: Connection closed by 196.251.69.141 port 46962 [preauth]
Sep 28 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Failed password for invalid user elasticsearch from 146.190.246.86 port 46894 ssh2
Sep 28 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Connection closed by 146.190.246.86 port 46894 [preauth]
Sep 28 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Invalid user dietpi from 35.187.196.97
Sep 28 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: input_userauth_request: invalid user dietpi [preauth]
Sep 28 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 11:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Failed password for invalid user dietpi from 35.187.196.97 port 58302 ssh2
Sep 28 11:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Received disconnect from 35.187.196.97 port 58302:11: Bye Bye [preauth]
Sep 28 11:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Disconnected from 35.187.196.97 port 58302 [preauth]
Sep 28 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Invalid user opc from 146.190.246.86
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: input_userauth_request: invalid user opc [preauth]
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Invalid user odoo15 from 45.172.152.74
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: input_userauth_request: invalid user odoo15 [preauth]
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 11:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Failed password for invalid user opc from 146.190.246.86 port 50750 ssh2
Sep 28 11:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Connection closed by 146.190.246.86 port 50750 [preauth]
Sep 28 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for invalid user odoo15 from 45.172.152.74 port 53630 ssh2
Sep 28 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Received disconnect from 45.172.152.74 port 53630:11: Bye Bye [preauth]
Sep 28 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Disconnected from 45.172.152.74 port 53630 [preauth]
Sep 28 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user nurupo from 146.190.246.86
Sep 28 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user nurupo [preauth]
Sep 28 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user nurupo from 146.190.246.86 port 59692 ssh2
Sep 28 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Connection closed by 146.190.246.86 port 59692 [preauth]
Sep 28 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24520]: Successful su for rubyman by root
Sep 28 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24520]: + ??? root:rubyman
Sep 28 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308156 of user rubyman.
Sep 28 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24520]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308156.
Sep 28 11:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21034]: pam_unix(cron:session): session closed for user root
Sep 28 11:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for root from 146.190.246.86 port 43482 ssh2
Sep 28 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Connection closed by 146.190.246.86 port 43482 [preauth]
Sep 28 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Failed password for invalid user ec2-user from 196.251.69.141 port 48968 ssh2
Sep 28 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Connection closed by 196.251.69.141 port 48968 [preauth]
Sep 28 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24782]: Invalid user admin from 139.19.117.131
Sep 28 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24782]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: Invalid user admin from 146.190.246.86
Sep 28 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: input_userauth_request: invalid user admin [preauth]
Sep 28 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: Failed password for invalid user admin from 146.190.246.86 port 58050 ssh2
Sep 28 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: Connection closed by 146.190.246.86 port 58050 [preauth]
Sep 28 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24782]: Connection closed by 139.19.117.131 port 46352 [preauth]
Sep 28 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Failed password for root from 212.192.31.32 port 45732 ssh2
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Received disconnect from 212.192.31.32 port 45732:11: Bye Bye [preauth]
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Disconnected from 212.192.31.32 port 45732 [preauth]
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Invalid user ds from 146.190.246.86
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: input_userauth_request: invalid user ds [preauth]
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session closed for user root
Sep 28 11:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Failed password for invalid user ds from 146.190.246.86 port 41772 ssh2
Sep 28 11:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Connection closed by 146.190.246.86 port 41772 [preauth]
Sep 28 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Invalid user lighthouse from 146.190.246.86
Sep 28 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Failed password for invalid user lighthouse from 146.190.246.86 port 42114 ssh2
Sep 28 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Connection closed by 146.190.246.86 port 42114 [preauth]
Sep 28 11:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Failed password for invalid user ec2-user from 196.251.69.141 port 51358 ssh2
Sep 28 11:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Connection closed by 196.251.69.141 port 51358 [preauth]
Sep 28 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Invalid user elsearch from 146.190.246.86
Sep 28 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Failed password for invalid user elsearch from 146.190.246.86 port 40650 ssh2
Sep 28 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Connection closed by 146.190.246.86 port 40650 [preauth]
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user root
Sep 28 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: Successful su for rubyman by root
Sep 28 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: + ??? root:rubyman
Sep 28 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308161 of user rubyman.
Sep 28 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308161.
Sep 28 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21476]: pam_unix(cron:session): session closed for user root
Sep 28 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user root
Sep 28 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: User sys from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: input_userauth_request: invalid user sys [preauth]
Sep 28 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=sys
Sep 28 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Failed password for invalid user sys from 146.190.246.86 port 56268 ssh2
Sep 28 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Connection closed by 146.190.246.86 port 56268 [preauth]
Sep 28 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Invalid user node from 146.190.246.86
Sep 28 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: input_userauth_request: invalid user node [preauth]
Sep 28 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Failed password for invalid user node from 146.190.246.86 port 38960 ssh2
Sep 28 11:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Connection closed by 146.190.246.86 port 38960 [preauth]
Sep 28 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Failed password for invalid user ec2-user from 196.251.69.141 port 53478 ssh2
Sep 28 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Connection closed by 196.251.69.141 port 53478 [preauth]
Sep 28 11:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Invalid user b from 202.83.162.167
Sep 28 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: input_userauth_request: invalid user b [preauth]
Sep 28 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Failed password for root from 212.192.31.32 port 60432 ssh2
Sep 28 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Received disconnect from 212.192.31.32 port 60432:11: Bye Bye [preauth]
Sep 28 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Disconnected from 212.192.31.32 port 60432 [preauth]
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Failed password for invalid user b from 202.83.162.167 port 32788 ssh2
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Received disconnect from 202.83.162.167 port 32788:11: Bye Bye [preauth]
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Disconnected from 202.83.162.167 port 32788 [preauth]
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: User mysql from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: input_userauth_request: invalid user mysql [preauth]
Sep 28 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=mysql
Sep 28 11:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Failed password for invalid user mysql from 146.190.246.86 port 59280 ssh2
Sep 28 11:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Connection closed by 146.190.246.86 port 59280 [preauth]
Sep 28 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23942]: pam_unix(cron:session): session closed for user root
Sep 28 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Invalid user nico from 185.223.124.133
Sep 28 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: input_userauth_request: invalid user nico [preauth]
Sep 28 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 11:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Failed password for invalid user nico from 185.223.124.133 port 48286 ssh2
Sep 28 11:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Received disconnect from 185.223.124.133 port 48286:11: Bye Bye [preauth]
Sep 28 11:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Disconnected from 185.223.124.133 port 48286 [preauth]
Sep 28 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Invalid user huawei from 146.190.246.86
Sep 28 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Failed password for invalid user huawei from 146.190.246.86 port 43846 ssh2
Sep 28 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Connection closed by 146.190.246.86 port 43846 [preauth]
Sep 28 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: Invalid user mapr from 146.190.246.86
Sep 28 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: input_userauth_request: invalid user mapr [preauth]
Sep 28 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: Failed password for invalid user mapr from 146.190.246.86 port 45656 ssh2
Sep 28 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25642]: Connection closed by 146.190.246.86 port 45656 [preauth]
Sep 28 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Failed password for invalid user ec2-user from 196.251.69.141 port 55668 ssh2
Sep 28 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Connection closed by 196.251.69.141 port 55668 [preauth]
Sep 28 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25740]: Successful su for rubyman by root
Sep 28 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25740]: + ??? root:rubyman
Sep 28 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308167 of user rubyman.
Sep 28 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25740]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308167.
Sep 28 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Invalid user oracle from 146.190.246.86
Sep 28 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: input_userauth_request: invalid user oracle [preauth]
Sep 28 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21931]: pam_unix(cron:session): session closed for user root
Sep 28 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Failed password for invalid user oracle from 146.190.246.86 port 50690 ssh2
Sep 28 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Connection closed by 146.190.246.86 port 50690 [preauth]
Sep 28 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Invalid user guest from 146.190.246.86
Sep 28 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: input_userauth_request: invalid user guest [preauth]
Sep 28 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for invalid user guest from 146.190.246.86 port 53120 ssh2
Sep 28 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 146.190.246.86 port 53120 [preauth]
Sep 28 11:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Invalid user phpmyadmin from 146.190.246.86
Sep 28 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: input_userauth_request: invalid user phpmyadmin [preauth]
Sep 28 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Failed password for root from 212.192.31.32 port 33408 ssh2
Sep 28 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Received disconnect from 212.192.31.32 port 33408:11: Bye Bye [preauth]
Sep 28 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Disconnected from 212.192.31.32 port 33408 [preauth]
Sep 28 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Failed password for invalid user phpmyadmin from 146.190.246.86 port 43484 ssh2
Sep 28 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Connection closed by 146.190.246.86 port 43484 [preauth]
Sep 28 11:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Invalid user ec2-user from 196.251.69.141
Sep 28 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session closed for user root
Sep 28 11:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Failed password for invalid user ec2-user from 196.251.69.141 port 58084 ssh2
Sep 28 11:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Connection closed by 196.251.69.141 port 58084 [preauth]
Sep 28 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Invalid user gitlab-runner from 146.190.246.86
Sep 28 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 28 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Failed password for invalid user gitlab-runner from 146.190.246.86 port 36284 ssh2
Sep 28 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26185]: Connection closed by 146.190.246.86 port 36284 [preauth]
Sep 28 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 11:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Failed password for root from 202.83.162.167 port 37296 ssh2
Sep 28 11:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Received disconnect from 202.83.162.167 port 37296:11: Bye Bye [preauth]
Sep 28 11:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Disconnected from 202.83.162.167 port 37296 [preauth]
Sep 28 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Failed password for root from 36.70.25.238 port 43492 ssh2
Sep 28 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Received disconnect from 36.70.25.238 port 43492:11: Bye Bye [preauth]
Sep 28 11:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Disconnected from 36.70.25.238 port 43492 [preauth]
Sep 28 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Failed password for root from 146.190.246.86 port 44612 ssh2
Sep 28 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Connection closed by 146.190.246.86 port 44612 [preauth]
Sep 28 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Invalid user qadmin from 35.187.196.97
Sep 28 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: input_userauth_request: invalid user qadmin [preauth]
Sep 28 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Failed password for invalid user qadmin from 35.187.196.97 port 38250 ssh2
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26333]: Successful su for rubyman by root
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26333]: + ??? root:rubyman
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308170 of user rubyman.
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26333]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308170.
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Invalid user gpadmin from 146.190.246.86
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Received disconnect from 35.187.196.97 port 38250:11: Bye Bye [preauth]
Sep 28 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26242]: Disconnected from 35.187.196.97 port 38250 [preauth]
Sep 28 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session closed for user root
Sep 28 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for invalid user gpadmin from 146.190.246.86 port 33876 ssh2
Sep 28 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Connection closed by 146.190.246.86 port 33876 [preauth]
Sep 28 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 11:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Failed password for root from 45.172.152.74 port 54552 ssh2
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Received disconnect from 45.172.152.74 port 54552:11: Bye Bye [preauth]
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Disconnected from 45.172.152.74 port 54552 [preauth]
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Invalid user centos from 196.251.69.141
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Failed password for invalid user centos from 196.251.69.141 port 60372 ssh2
Sep 28 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Connection closed by 196.251.69.141 port 60372 [preauth]
Sep 28 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: User sys from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: input_userauth_request: invalid user sys [preauth]
Sep 28 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=sys
Sep 28 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Failed password for invalid user sys from 146.190.246.86 port 51240 ssh2
Sep 28 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Connection closed by 146.190.246.86 port 51240 [preauth]
Sep 28 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Invalid user user1 from 146.190.246.86
Sep 28 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: input_userauth_request: invalid user user1 [preauth]
Sep 28 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Invalid user deployer from 212.192.31.32
Sep 28 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: input_userauth_request: invalid user deployer [preauth]
Sep 28 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 11:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Failed password for invalid user user1 from 146.190.246.86 port 55066 ssh2
Sep 28 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Connection closed by 146.190.246.86 port 55066 [preauth]
Sep 28 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Failed password for invalid user deployer from 212.192.31.32 port 34892 ssh2
Sep 28 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Received disconnect from 212.192.31.32 port 34892:11: Bye Bye [preauth]
Sep 28 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Disconnected from 212.192.31.32 port 34892 [preauth]
Sep 28 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session closed for user root
Sep 28 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26782]: User uucp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26782]: input_userauth_request: invalid user uucp [preauth]
Sep 28 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=uucp
Sep 28 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Failed password for root from 185.126.2.179 port 39204 ssh2
Sep 28 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Received disconnect from 185.126.2.179 port 39204:11: Bye Bye [preauth]
Sep 28 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Disconnected from 185.126.2.179 port 39204 [preauth]
Sep 28 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26782]: Failed password for invalid user uucp from 146.190.246.86 port 36112 ssh2
Sep 28 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26782]: Connection closed by 146.190.246.86 port 36112 [preauth]
Sep 28 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Invalid user centos from 196.251.69.141
Sep 28 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Failed password for invalid user centos from 196.251.69.141 port 33938 ssh2
Sep 28 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Connection closed by 196.251.69.141 port 33938 [preauth]
Sep 28 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Invalid user airflow from 146.190.246.86
Sep 28 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: input_userauth_request: invalid user airflow [preauth]
Sep 28 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Failed password for invalid user airflow from 146.190.246.86 port 45206 ssh2
Sep 28 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Connection closed by 146.190.246.86 port 45206 [preauth]
Sep 28 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Failed password for root from 185.223.124.133 port 39608 ssh2
Sep 28 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Received disconnect from 185.223.124.133 port 39608:11: Bye Bye [preauth]
Sep 28 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Disconnected from 185.223.124.133 port 39608 [preauth]
Sep 28 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: Invalid user steam from 146.190.246.86
Sep 28 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: input_userauth_request: invalid user steam [preauth]
Sep 28 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Invalid user librenms from 202.83.162.167
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: input_userauth_request: invalid user librenms [preauth]
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: Failed password for invalid user steam from 146.190.246.86 port 54294 ssh2
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26891]: Connection closed by 146.190.246.86 port 54294 [preauth]
Sep 28 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26898]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27019]: Successful su for rubyman by root
Sep 28 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27019]: + ??? root:rubyman
Sep 28 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308174 of user rubyman.
Sep 28 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27019]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308174.
Sep 28 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Failed password for invalid user librenms from 202.83.162.167 port 50110 ssh2
Sep 28 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Received disconnect from 202.83.162.167 port 50110:11: Bye Bye [preauth]
Sep 28 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Disconnected from 202.83.162.167 port 50110 [preauth]
Sep 28 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session closed for user root
Sep 28 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Invalid user bigbluebutton from 36.70.25.238
Sep 28 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: input_userauth_request: invalid user bigbluebutton [preauth]
Sep 28 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Failed password for root from 146.190.246.86 port 45122 ssh2
Sep 28 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Connection closed by 146.190.246.86 port 45122 [preauth]
Sep 28 11:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Failed password for invalid user bigbluebutton from 36.70.25.238 port 60332 ssh2
Sep 28 11:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Received disconnect from 36.70.25.238 port 60332:11: Bye Bye [preauth]
Sep 28 11:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Disconnected from 36.70.25.238 port 60332 [preauth]
Sep 28 11:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Invalid user activemq from 45.172.152.74
Sep 28 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: input_userauth_request: invalid user activemq [preauth]
Sep 28 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: Invalid user centos from 196.251.69.141
Sep 28 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Failed password for invalid user activemq from 45.172.152.74 port 54914 ssh2
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Received disconnect from 45.172.152.74 port 54914:11: Bye Bye [preauth]
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Disconnected from 45.172.152.74 port 54914 [preauth]
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Invalid user test from 212.192.31.32
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: input_userauth_request: invalid user test [preauth]
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: Failed password for invalid user centos from 196.251.69.141 port 35990 ssh2
Sep 28 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Failed password for invalid user test from 212.192.31.32 port 52106 ssh2
Sep 28 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27276]: Connection closed by 196.251.69.141 port 35990 [preauth]
Sep 28 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Received disconnect from 212.192.31.32 port 52106:11: Bye Bye [preauth]
Sep 28 11:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Disconnected from 212.192.31.32 port 52106 [preauth]
Sep 28 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Invalid user huawei from 146.190.246.86
Sep 28 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Failed password for invalid user huawei from 146.190.246.86 port 55168 ssh2
Sep 28 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Connection closed by 146.190.246.86 port 55168 [preauth]
Sep 28 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session closed for user root
Sep 28 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Failed password for root from 146.190.246.86 port 35290 ssh2
Sep 28 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Connection closed by 146.190.246.86 port 35290 [preauth]
Sep 28 11:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Invalid user weblogic from 146.190.246.86
Sep 28 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Failed password for invalid user weblogic from 146.190.246.86 port 50200 ssh2
Sep 28 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Connection closed by 146.190.246.86 port 50200 [preauth]
Sep 28 11:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: Invalid user centos from 196.251.69.141
Sep 28 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Invalid user huawei from 146.190.246.86
Sep 28 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: input_userauth_request: invalid user huawei [preauth]
Sep 28 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: Failed password for invalid user centos from 196.251.69.141 port 38042 ssh2
Sep 28 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27419]: Connection closed by 196.251.69.141 port 38042 [preauth]
Sep 28 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Invalid user test2 from 185.223.124.133
Sep 28 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: input_userauth_request: invalid user test2 [preauth]
Sep 28 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Failed password for invalid user huawei from 146.190.246.86 port 44242 ssh2
Sep 28 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Connection closed by 146.190.246.86 port 44242 [preauth]
Sep 28 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Invalid user debian from 35.187.196.97
Sep 28 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: input_userauth_request: invalid user debian [preauth]
Sep 28 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Failed password for invalid user test2 from 185.223.124.133 port 56132 ssh2
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27443]: pam_unix(cron:session): session closed for user p13x
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Received disconnect from 185.223.124.133 port 56132:11: Bye Bye [preauth]
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Disconnected from 185.223.124.133 port 56132 [preauth]
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: Successful su for rubyman by root
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: + ??? root:rubyman
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308178 of user rubyman.
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27543]: pam_unix(su:session): session closed for user rubyman
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308178.
Sep 28 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Failed password for invalid user debian from 35.187.196.97 port 43166 ssh2
Sep 28 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Received disconnect from 35.187.196.97 port 43166:11: Bye Bye [preauth]
Sep 28 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Disconnected from 35.187.196.97 port 43166 [preauth]
Sep 28 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23941]: pam_unix(cron:session): session closed for user root
Sep 28 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27444]: pam_unix(cron:session): session closed for user samftp
Sep 28 11:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Invalid user ec2-user from 146.190.246.86
Sep 28 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Failed password for invalid user ec2-user from 146.190.246.86 port 47002 ssh2
Sep 28 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Connection closed by 146.190.246.86 port 47002 [preauth]
Sep 28 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Failed password for root from 202.83.162.167 port 40844 ssh2
Sep 28 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Received disconnect from 202.83.162.167 port 40844:11: Bye Bye [preauth]
Sep 28 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27909]: Disconnected from 202.83.162.167 port 40844 [preauth]
Sep 28 11:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Failed password for root from 212.192.31.32 port 42986 ssh2
Sep 28 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Received disconnect from 212.192.31.32 port 42986:11: Bye Bye [preauth]
Sep 28 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Disconnected from 212.192.31.32 port 42986 [preauth]
Sep 28 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for root from 146.190.246.86 port 52894 ssh2
Sep 28 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Connection closed by 146.190.246.86 port 52894 [preauth]
Sep 28 11:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Failed password for root from 45.172.152.74 port 57738 ssh2
Sep 28 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Received disconnect from 45.172.152.74 port 57738:11: Bye Bye [preauth]
Sep 28 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Disconnected from 45.172.152.74 port 57738 [preauth]
Sep 28 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Invalid user centos from 196.251.69.141
Sep 28 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: input_userauth_request: invalid user centos [preauth]
Sep 28 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 11:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Failed password for invalid user centos from 196.251.69.141 port 40014 ssh2
Sep 28 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Connection closed by 196.251.69.141 port 40014 [preauth]
Sep 28 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Invalid user webshell from 146.190.246.86
Sep 28 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: input_userauth_request: invalid user webshell [preauth]
Sep 28 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session closed for user root
Sep 28 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Failed password for invalid user webshell from 146.190.246.86 port 46032 ssh2
Sep 28 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Connection closed by 146.190.246.86 port 46032 [preauth]
Sep 28 11:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Invalid user odoo15 from 36.70.25.238
Sep 28 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: input_userauth_request: invalid user odoo15 [preauth]
Sep 28 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 11:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for invalid user odoo15 from 36.70.25.238 port 39580 ssh2
Sep 28 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Received disconnect from 36.70.25.238 port 39580:11: Bye Bye [preauth]
Sep 28 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Disconnected from 36.70.25.238 port 39580 [preauth]
Sep 28 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 11:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Failed password for root from 185.126.2.179 port 34890 ssh2
Sep 28 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Received disconnect from 185.126.2.179 port 34890:11: Bye Bye [preauth]
Sep 28 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Disconnected from 185.126.2.179 port 34890 [preauth]
Sep 28 11:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Failed password for root from 146.190.246.86 port 50746 ssh2
Sep 28 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Connection closed by 146.190.246.86 port 50746 [preauth]
Sep 28 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Invalid user elastic from 146.190.246.86
Sep 28 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: input_userauth_request: invalid user elastic [preauth]
Sep 28 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Failed password for invalid user elastic from 146.190.246.86 port 40820 ssh2
Sep 28 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Connection closed by 146.190.246.86 port 40820 [preauth]
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28094]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28094]: pam_unix(cron:session): session closed for user root
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user root
Sep 28 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28091]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28206]: Successful su for rubyman by root
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28206]: + ??? root:rubyman
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308185 of user rubyman.
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28206]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308185.
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Invalid user centos from 196.251.69.141
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Invalid user imran from 185.223.124.133
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: input_userauth_request: invalid user imran [preauth]
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24455]: pam_unix(cron:session): session closed for user root
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session closed for user root
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Failed password for invalid user imran from 185.223.124.133 port 51522 ssh2
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Failed password for invalid user centos from 196.251.69.141 port 41644 ssh2
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for root from 212.192.31.32 port 37794 ssh2
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Received disconnect from 212.192.31.32 port 37794:11: Bye Bye [preauth]
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Disconnected from 212.192.31.32 port 37794 [preauth]
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Connection closed by 196.251.69.141 port 41644 [preauth]
Sep 28 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Invalid user redis from 146.190.246.86
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: input_userauth_request: invalid user redis [preauth]
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Received disconnect from 185.223.124.133 port 51522:11: Bye Bye [preauth]
Sep 28 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Disconnected from 185.223.124.133 port 51522 [preauth]
Sep 28 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: Invalid user sysbio from 164.68.105.9
Sep 28 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: input_userauth_request: invalid user sysbio [preauth]
Sep 28 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Failed password for invalid user redis from 146.190.246.86 port 47052 ssh2
Sep 28 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Connection closed by 146.190.246.86 port 47052 [preauth]
Sep 28 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: Failed password for invalid user sysbio from 164.68.105.9 port 50814 ssh2
Sep 28 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28092]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28432]: Connection closed by 164.68.105.9 port 50814 [preauth]
Sep 28 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Invalid user master from 146.190.246.86
Sep 28 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: input_userauth_request: invalid user master [preauth]
Sep 28 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Failed password for invalid user master from 146.190.246.86 port 48596 ssh2
Sep 28 12:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Failed password for root from 202.83.162.167 port 35708 ssh2
Sep 28 12:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Connection closed by 146.190.246.86 port 48596 [preauth]
Sep 28 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Received disconnect from 202.83.162.167 port 35708:11: Bye Bye [preauth]
Sep 28 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Disconnected from 202.83.162.167 port 35708 [preauth]
Sep 28 12:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Invalid user test2 from 45.172.152.74
Sep 28 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: input_userauth_request: invalid user test2 [preauth]
Sep 28 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Failed password for invalid user test2 from 45.172.152.74 port 40310 ssh2
Sep 28 12:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Received disconnect from 45.172.152.74 port 40310:11: Bye Bye [preauth]
Sep 28 12:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28653]: Disconnected from 45.172.152.74 port 40310 [preauth]
Sep 28 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Invalid user node from 146.190.246.86
Sep 28 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: input_userauth_request: invalid user node [preauth]
Sep 28 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Failed password for invalid user node from 146.190.246.86 port 57626 ssh2
Sep 28 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Connection closed by 146.190.246.86 port 57626 [preauth]
Sep 28 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session closed for user root
Sep 28 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Invalid user centos from 196.251.69.141
Sep 28 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Failed password for invalid user centos from 196.251.69.141 port 43814 ssh2
Sep 28 12:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Connection closed by 196.251.69.141 port 43814 [preauth]
Sep 28 12:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Invalid user palworld from 146.190.246.86
Sep 28 12:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: input_userauth_request: invalid user palworld [preauth]
Sep 28 12:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Failed password for invalid user palworld from 146.190.246.86 port 41710 ssh2
Sep 28 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Connection closed by 146.190.246.86 port 41710 [preauth]
Sep 28 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Invalid user test from 146.190.246.86
Sep 28 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: input_userauth_request: invalid user test [preauth]
Sep 28 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user test from 146.190.246.86 port 46978 ssh2
Sep 28 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Connection closed by 146.190.246.86 port 46978 [preauth]
Sep 28 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Invalid user liyang from 35.187.196.97
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: input_userauth_request: invalid user liyang [preauth]
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: Invalid user casa from 36.70.25.238
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: input_userauth_request: invalid user casa [preauth]
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Failed password for invalid user liyang from 35.187.196.97 port 34948 ssh2
Sep 28 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for root from 212.192.31.32 port 45464 ssh2
Sep 28 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Received disconnect from 212.192.31.32 port 45464:11: Bye Bye [preauth]
Sep 28 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Disconnected from 212.192.31.32 port 45464 [preauth]
Sep 28 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: Failed password for invalid user casa from 36.70.25.238 port 47916 ssh2
Sep 28 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: Received disconnect from 36.70.25.238 port 47916:11: Bye Bye [preauth]
Sep 28 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28801]: Disconnected from 36.70.25.238 port 47916 [preauth]
Sep 28 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Received disconnect from 35.187.196.97 port 34948:11: Bye Bye [preauth]
Sep 28 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Disconnected from 35.187.196.97 port 34948 [preauth]
Sep 28 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: Successful su for rubyman by root
Sep 28 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: + ??? root:rubyman
Sep 28 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308189 of user rubyman.
Sep 28 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308189.
Sep 28 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Invalid user openvpn from 146.190.246.86
Sep 28 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user root
Sep 28 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Failed password for invalid user openvpn from 146.190.246.86 port 58160 ssh2
Sep 28 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Connection closed by 146.190.246.86 port 58160 [preauth]
Sep 28 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Invalid user centos from 196.251.69.141
Sep 28 12:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Failed password for invalid user centos from 196.251.69.141 port 45634 ssh2
Sep 28 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for root from 185.223.124.133 port 56952 ssh2
Sep 28 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Connection closed by 196.251.69.141 port 45634 [preauth]
Sep 28 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Received disconnect from 185.223.124.133 port 56952:11: Bye Bye [preauth]
Sep 28 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Disconnected from 185.223.124.133 port 56952 [preauth]
Sep 28 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: Invalid user es from 146.190.246.86
Sep 28 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: input_userauth_request: invalid user es [preauth]
Sep 28 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: Failed password for invalid user es from 146.190.246.86 port 44688 ssh2
Sep 28 12:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: Connection closed by 146.190.246.86 port 44688 [preauth]
Sep 28 12:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Invalid user bigbluebutton from 185.126.2.179
Sep 28 12:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: input_userauth_request: invalid user bigbluebutton [preauth]
Sep 28 12:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Failed password for invalid user bigbluebutton from 185.126.2.179 port 55406 ssh2
Sep 28 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Received disconnect from 185.126.2.179 port 55406:11: Bye Bye [preauth]
Sep 28 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Disconnected from 185.126.2.179 port 55406 [preauth]
Sep 28 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Failed password for root from 202.83.162.167 port 42692 ssh2
Sep 28 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Received disconnect from 202.83.162.167 port 42692:11: Bye Bye [preauth]
Sep 28 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Disconnected from 202.83.162.167 port 42692 [preauth]
Sep 28 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Failed password for root from 146.190.246.86 port 52430 ssh2
Sep 28 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Connection closed by 146.190.246.86 port 52430 [preauth]
Sep 28 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27447]: pam_unix(cron:session): session closed for user root
Sep 28 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Failed password for root from 45.172.152.74 port 58834 ssh2
Sep 28 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Received disconnect from 45.172.152.74 port 58834:11: Bye Bye [preauth]
Sep 28 12:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Disconnected from 45.172.152.74 port 58834 [preauth]
Sep 28 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: Invalid user Administrator from 146.190.246.86
Sep 28 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: Failed password for invalid user Administrator from 146.190.246.86 port 53002 ssh2
Sep 28 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: Connection closed by 146.190.246.86 port 53002 [preauth]
Sep 28 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Invalid user centos from 196.251.69.141
Sep 28 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Failed password for invalid user centos from 196.251.69.141 port 47380 ssh2
Sep 28 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Connection closed by 196.251.69.141 port 47380 [preauth]
Sep 28 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Invalid user amandabackup from 146.190.246.86
Sep 28 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: input_userauth_request: invalid user amandabackup [preauth]
Sep 28 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Failed password for root from 212.192.31.32 port 40186 ssh2
Sep 28 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Received disconnect from 212.192.31.32 port 40186:11: Bye Bye [preauth]
Sep 28 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Disconnected from 212.192.31.32 port 40186 [preauth]
Sep 28 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for invalid user amandabackup from 146.190.246.86 port 47346 ssh2
Sep 28 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 146.190.246.86 port 47346 [preauth]
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29424]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29422]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: Successful su for rubyman by root
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: + ??? root:rubyman
Sep 28 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308193 of user rubyman.
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308193.
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Invalid user ark from 146.190.246.86
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: input_userauth_request: invalid user ark [preauth]
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Failed password for invalid user ark from 146.190.246.86 port 57158 ssh2
Sep 28 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Connection closed by 146.190.246.86 port 57158 [preauth]
Sep 28 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user root
Sep 28 12:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29423]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Failed password for root from 146.190.246.86 port 46006 ssh2
Sep 28 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Connection closed by 146.190.246.86 port 46006 [preauth]
Sep 28 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Invalid user debian from 196.251.69.141
Sep 28 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Invalid user arif from 36.70.25.238
Sep 28 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: input_userauth_request: invalid user arif [preauth]
Sep 28 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Failed password for invalid user debian from 196.251.69.141 port 49336 ssh2
Sep 28 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Failed password for invalid user arif from 36.70.25.238 port 40156 ssh2
Sep 28 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Received disconnect from 36.70.25.238 port 40156:11: Bye Bye [preauth]
Sep 28 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Disconnected from 36.70.25.238 port 40156 [preauth]
Sep 28 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Connection closed by 196.251.69.141 port 49336 [preauth]
Sep 28 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Invalid user ds from 146.190.246.86
Sep 28 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: input_userauth_request: invalid user ds [preauth]
Sep 28 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Failed password for invalid user ds from 146.190.246.86 port 42684 ssh2
Sep 28 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Connection closed by 146.190.246.86 port 42684 [preauth]
Sep 28 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Invalid user odoo15 from 185.223.124.133
Sep 28 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: input_userauth_request: invalid user odoo15 [preauth]
Sep 28 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user odoo15 from 185.223.124.133 port 39772 ssh2
Sep 28 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Received disconnect from 185.223.124.133 port 39772:11: Bye Bye [preauth]
Sep 28 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Disconnected from 185.223.124.133 port 39772 [preauth]
Sep 28 12:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session closed for user root
Sep 28 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Invalid user yuan from 202.83.162.167
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: input_userauth_request: invalid user yuan [preauth]
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Invalid user git from 146.190.246.86
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: input_userauth_request: invalid user git [preauth]
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Failed password for invalid user yuan from 202.83.162.167 port 35054 ssh2
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for invalid user git from 146.190.246.86 port 47214 ssh2
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Connection closed by 146.190.246.86 port 47214 [preauth]
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Invalid user theta from 45.172.152.74
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: input_userauth_request: invalid user theta [preauth]
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Received disconnect from 202.83.162.167 port 35054:11: Bye Bye [preauth]
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29819]: Disconnected from 202.83.162.167 port 35054 [preauth]
Sep 28 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for invalid user theta from 45.172.152.74 port 45434 ssh2
Sep 28 12:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Received disconnect from 45.172.152.74 port 45434:11: Bye Bye [preauth]
Sep 28 12:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Disconnected from 45.172.152.74 port 45434 [preauth]
Sep 28 12:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Invalid user erp from 35.187.196.97
Sep 28 12:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: input_userauth_request: invalid user erp [preauth]
Sep 28 12:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Invalid user luciano from 212.192.31.32
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: input_userauth_request: invalid user luciano [preauth]
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Failed password for invalid user erp from 35.187.196.97 port 54008 ssh2
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Received disconnect from 35.187.196.97 port 54008:11: Bye Bye [preauth]
Sep 28 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Disconnected from 35.187.196.97 port 54008 [preauth]
Sep 28 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Failed password for invalid user luciano from 212.192.31.32 port 35872 ssh2
Sep 28 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Received disconnect from 212.192.31.32 port 35872:11: Bye Bye [preauth]
Sep 28 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Disconnected from 212.192.31.32 port 35872 [preauth]
Sep 28 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Invalid user elasticsearch from 146.190.246.86
Sep 28 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Failed password for invalid user elasticsearch from 146.190.246.86 port 48676 ssh2
Sep 28 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Connection closed by 146.190.246.86 port 48676 [preauth]
Sep 28 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Invalid user debian from 196.251.69.141
Sep 28 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Failed password for invalid user debian from 196.251.69.141 port 51424 ssh2
Sep 28 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Connection closed by 196.251.69.141 port 51424 [preauth]
Sep 28 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Invalid user steam from 146.190.246.86
Sep 28 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: input_userauth_request: invalid user steam [preauth]
Sep 28 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Failed password for invalid user steam from 146.190.246.86 port 60968 ssh2
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Connection closed by 146.190.246.86 port 60968 [preauth]
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: Successful su for rubyman by root
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: + ??? root:rubyman
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308198 of user rubyman.
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308198.
Sep 28 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session closed for user root
Sep 28 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Failed password for root from 185.126.2.179 port 47682 ssh2
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Received disconnect from 185.126.2.179 port 47682:11: Bye Bye [preauth]
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Disconnected from 185.126.2.179 port 47682 [preauth]
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Invalid user wordpress from 146.190.246.86
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Failed password for invalid user wordpress from 146.190.246.86 port 39778 ssh2
Sep 28 12:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Connection closed by 146.190.246.86 port 39778 [preauth]
Sep 28 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: Invalid user gitlab-psql from 146.190.246.86
Sep 28 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: input_userauth_request: invalid user gitlab-psql [preauth]
Sep 28 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: Failed password for invalid user gitlab-psql from 146.190.246.86 port 34598 ssh2
Sep 28 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: Connection closed by 146.190.246.86 port 34598 [preauth]
Sep 28 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Invalid user  from 128.199.244.190
Sep 28 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: input_userauth_request: invalid user  [preauth]
Sep 28 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Invalid user debian from 196.251.69.141
Sep 28 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Failed password for invalid user debian from 196.251.69.141 port 53138 ssh2
Sep 28 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Connection closed by 196.251.69.141 port 53138 [preauth]
Sep 28 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Connection closed by 128.199.244.190 port 33878 [preauth]
Sep 28 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session closed for user root
Sep 28 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Invalid user elastic from 146.190.246.86
Sep 28 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: input_userauth_request: invalid user elastic [preauth]
Sep 28 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Failed password for invalid user elastic from 146.190.246.86 port 59246 ssh2
Sep 28 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Connection closed by 146.190.246.86 port 59246 [preauth]
Sep 28 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Invalid user bryan from 36.70.25.238
Sep 28 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: input_userauth_request: invalid user bryan [preauth]
Sep 28 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Invalid user ftpuser2 from 212.192.31.32
Sep 28 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: input_userauth_request: invalid user ftpuser2 [preauth]
Sep 28 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Failed password for invalid user bryan from 36.70.25.238 port 45332 ssh2
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Invalid user tfj from 185.223.124.133
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: input_userauth_request: invalid user tfj [preauth]
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Received disconnect from 36.70.25.238 port 45332:11: Bye Bye [preauth]
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Disconnected from 36.70.25.238 port 45332 [preauth]
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Failed password for invalid user ftpuser2 from 212.192.31.32 port 38072 ssh2
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Received disconnect from 212.192.31.32 port 38072:11: Bye Bye [preauth]
Sep 28 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Disconnected from 212.192.31.32 port 38072 [preauth]
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Failed password for invalid user tfj from 185.223.124.133 port 36110 ssh2
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Received disconnect from 185.223.124.133 port 36110:11: Bye Bye [preauth]
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30394]: Disconnected from 185.223.124.133 port 36110 [preauth]
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Invalid user wordpress from 146.190.246.86
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Failed password for invalid user wordpress from 146.190.246.86 port 55930 ssh2
Sep 28 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Connection closed by 146.190.246.86 port 55930 [preauth]
Sep 28 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Invalid user hp from 202.83.162.167
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: input_userauth_request: invalid user hp [preauth]
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for root from 45.172.152.74 port 34246 ssh2
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Received disconnect from 45.172.152.74 port 34246:11: Bye Bye [preauth]
Sep 28 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Disconnected from 45.172.152.74 port 34246 [preauth]
Sep 28 12:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Failed password for invalid user hp from 202.83.162.167 port 48532 ssh2
Sep 28 12:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Received disconnect from 202.83.162.167 port 48532:11: Bye Bye [preauth]
Sep 28 12:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30435]: Disconnected from 202.83.162.167 port 48532 [preauth]
Sep 28 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Invalid user app from 146.190.246.86
Sep 28 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: input_userauth_request: invalid user app [preauth]
Sep 28 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Failed password for invalid user app from 146.190.246.86 port 34788 ssh2
Sep 28 12:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Connection closed by 146.190.246.86 port 34788 [preauth]
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30512]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30507]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30625]: Successful su for rubyman by root
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30625]: + ??? root:rubyman
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308202 of user rubyman.
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30625]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308202.
Sep 28 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Invalid user debian from 196.251.69.141
Sep 28 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Failed password for invalid user debian from 196.251.69.141 port 55010 ssh2
Sep 28 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session closed for user root
Sep 28 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Connection closed by 196.251.69.141 port 55010 [preauth]
Sep 28 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30509]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Failed password for root from 146.190.246.86 port 44792 ssh2
Sep 28 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Connection closed by 146.190.246.86 port 44792 [preauth]
Sep 28 12:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Invalid user gmodserver from 146.190.246.86
Sep 28 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: input_userauth_request: invalid user gmodserver [preauth]
Sep 28 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Failed password for invalid user gmodserver from 146.190.246.86 port 40988 ssh2
Sep 28 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Connection closed by 146.190.246.86 port 40988 [preauth]
Sep 28 12:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Invalid user satisfactory from 146.190.246.86
Sep 28 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Failed password for invalid user satisfactory from 146.190.246.86 port 38054 ssh2
Sep 28 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Connection closed by 146.190.246.86 port 38054 [preauth]
Sep 28 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user root
Sep 28 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: Invalid user nvidia from 35.187.196.97
Sep 28 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: Failed password for invalid user nvidia from 35.187.196.97 port 39478 ssh2
Sep 28 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: Received disconnect from 35.187.196.97 port 39478:11: Bye Bye [preauth]
Sep 28 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30906]: Disconnected from 35.187.196.97 port 39478 [preauth]
Sep 28 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Invalid user debian from 196.251.69.141
Sep 28 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30941]: Failed password for root from 212.192.31.32 port 41372 ssh2
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Invalid user user from 93.152.230.176
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: input_userauth_request: invalid user user [preauth]
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30941]: Received disconnect from 212.192.31.32 port 41372:11: Bye Bye [preauth]
Sep 28 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30941]: Disconnected from 212.192.31.32 port 41372 [preauth]
Sep 28 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Failed password for invalid user debian from 196.251.69.141 port 56812 ssh2
Sep 28 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Connection closed by 196.251.69.141 port 56812 [preauth]
Sep 28 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Failed password for invalid user user from 93.152.230.176 port 4521 ssh2
Sep 28 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Received disconnect from 93.152.230.176 port 4521:11: Client disconnecting normally [preauth]
Sep 28 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Disconnected from 93.152.230.176 port 4521 [preauth]
Sep 28 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Invalid user user1 from 146.190.246.86
Sep 28 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: input_userauth_request: invalid user user1 [preauth]
Sep 28 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Failed password for invalid user user1 from 146.190.246.86 port 39200 ssh2
Sep 28 12:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Connection closed by 146.190.246.86 port 39200 [preauth]
Sep 28 12:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Invalid user arif from 185.126.2.179
Sep 28 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: input_userauth_request: invalid user arif [preauth]
Sep 28 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Failed password for invalid user arif from 185.126.2.179 port 39956 ssh2
Sep 28 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Received disconnect from 185.126.2.179 port 39956:11: Bye Bye [preauth]
Sep 28 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Disconnected from 185.126.2.179 port 39956 [preauth]
Sep 28 12:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Invalid user bigbluebutton from 45.172.152.74
Sep 28 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: input_userauth_request: invalid user bigbluebutton [preauth]
Sep 28 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Failed password for invalid user bigbluebutton from 45.172.152.74 port 47012 ssh2
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: Failed password for root from 185.223.124.133 port 41566 ssh2
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Received disconnect from 45.172.152.74 port 47012:11: Bye Bye [preauth]
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Disconnected from 45.172.152.74 port 47012 [preauth]
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: Received disconnect from 185.223.124.133 port 41566:11: Bye Bye [preauth]
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: Disconnected from 185.223.124.133 port 41566 [preauth]
Sep 28 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for root from 146.190.246.86 port 48194 ssh2
Sep 28 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Connection closed by 146.190.246.86 port 48194 [preauth]
Sep 28 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session closed for user root
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31035]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: Successful su for rubyman by root
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: + ??? root:rubyman
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308209 of user rubyman.
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308209.
Sep 28 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Failed password for root from 202.83.162.167 port 42174 ssh2
Sep 28 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Received disconnect from 202.83.162.167 port 42174:11: Bye Bye [preauth]
Sep 28 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Disconnected from 202.83.162.167 port 42174 [preauth]
Sep 28 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user root
Sep 28 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27446]: pam_unix(cron:session): session closed for user root
Sep 28 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Invalid user hikvision from 146.190.246.86
Sep 28 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: input_userauth_request: invalid user hikvision [preauth]
Sep 28 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Failed password for invalid user hikvision from 146.190.246.86 port 53876 ssh2
Sep 28 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Connection closed by 146.190.246.86 port 53876 [preauth]
Sep 28 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31036]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Invalid user debian from 196.251.69.141
Sep 28 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Failed password for invalid user debian from 196.251.69.141 port 58650 ssh2
Sep 28 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Connection closed by 196.251.69.141 port 58650 [preauth]
Sep 28 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: User uucp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: input_userauth_request: invalid user uucp [preauth]
Sep 28 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=uucp
Sep 28 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Failed password for invalid user uucp from 146.190.246.86 port 50042 ssh2
Sep 28 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Connection closed by 146.190.246.86 port 50042 [preauth]
Sep 28 12:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 12:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: input_userauth_request: invalid user www-data [preauth]
Sep 28 12:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 12:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Failed password for invalid user www-data from 146.190.246.86 port 54540 ssh2
Sep 28 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Connection closed by 146.190.246.86 port 54540 [preauth]
Sep 28 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Invalid user test1234 from 212.192.31.32
Sep 28 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: input_userauth_request: invalid user test1234 [preauth]
Sep 28 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Failed password for invalid user test1234 from 212.192.31.32 port 51422 ssh2
Sep 28 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Received disconnect from 212.192.31.32 port 51422:11: Bye Bye [preauth]
Sep 28 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Disconnected from 212.192.31.32 port 51422 [preauth]
Sep 28 12:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session closed for user root
Sep 28 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: Invalid user ranger from 146.190.246.86
Sep 28 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: input_userauth_request: invalid user ranger [preauth]
Sep 28 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: Failed password for invalid user ranger from 146.190.246.86 port 40296 ssh2
Sep 28 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31508]: Connection closed by 146.190.246.86 port 40296 [preauth]
Sep 28 12:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Invalid user debian from 196.251.69.141
Sep 28 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Failed password for invalid user debian from 196.251.69.141 port 60406 ssh2
Sep 28 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Connection closed by 196.251.69.141 port 60406 [preauth]
Sep 28 12:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: Invalid user ubuntu from 146.190.246.86
Sep 28 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: Failed password for invalid user ubuntu from 146.190.246.86 port 36600 ssh2
Sep 28 12:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31553]: Connection closed by 146.190.246.86 port 36600 [preauth]
Sep 28 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: Invalid user imran from 45.172.152.74
Sep 28 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: input_userauth_request: invalid user imran [preauth]
Sep 28 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: Failed password for invalid user imran from 45.172.152.74 port 54750 ssh2
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: Received disconnect from 45.172.152.74 port 54750:11: Bye Bye [preauth]
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: Disconnected from 45.172.152.74 port 54750 [preauth]
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Invalid user lee from 185.223.124.133
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: input_userauth_request: invalid user lee [preauth]
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31588]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31586]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: Successful su for rubyman by root
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: + ??? root:rubyman
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308213 of user rubyman.
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31656]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308213.
Sep 28 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Failed password for invalid user lee from 185.223.124.133 port 59070 ssh2
Sep 28 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Received disconnect from 185.223.124.133 port 59070:11: Bye Bye [preauth]
Sep 28 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Disconnected from 185.223.124.133 port 59070 [preauth]
Sep 28 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Invalid user tomcat from 146.190.246.86
Sep 28 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for invalid user tomcat from 146.190.246.86 port 55700 ssh2
Sep 28 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Connection closed by 146.190.246.86 port 55700 [preauth]
Sep 28 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session closed for user root
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31587]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Invalid user ubuntu from 36.70.25.238
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: Invalid user fabien from 202.83.162.167
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: input_userauth_request: invalid user fabien [preauth]
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Failed password for invalid user ubuntu from 36.70.25.238 port 37422 ssh2
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Received disconnect from 36.70.25.238 port 37422:11: Bye Bye [preauth]
Sep 28 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Disconnected from 36.70.25.238 port 37422 [preauth]
Sep 28 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: Failed password for invalid user fabien from 202.83.162.167 port 45130 ssh2
Sep 28 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: Received disconnect from 202.83.162.167 port 45130:11: Bye Bye [preauth]
Sep 28 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: Disconnected from 202.83.162.167 port 45130 [preauth]
Sep 28 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Invalid user php from 146.190.246.86
Sep 28 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: input_userauth_request: invalid user php [preauth]
Sep 28 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Failed password for invalid user php from 146.190.246.86 port 33978 ssh2
Sep 28 12:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Connection closed by 146.190.246.86 port 33978 [preauth]
Sep 28 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Invalid user debian from 196.251.69.141
Sep 28 12:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: Invalid user fahim from 35.187.196.97
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: input_userauth_request: invalid user fahim [preauth]
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Failed password for invalid user debian from 196.251.69.141 port 34258 ssh2
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: Failed password for invalid user fahim from 35.187.196.97 port 39396 ssh2
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Connection closed by 196.251.69.141 port 34258 [preauth]
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: Received disconnect from 35.187.196.97 port 39396:11: Bye Bye [preauth]
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31900]: Disconnected from 35.187.196.97 port 39396 [preauth]
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Failed password for root from 185.126.2.179 port 60462 ssh2
Sep 28 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Received disconnect from 185.126.2.179 port 60462:11: Bye Bye [preauth]
Sep 28 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Disconnected from 185.126.2.179 port 60462 [preauth]
Sep 28 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Failed password for root from 212.192.31.32 port 54050 ssh2
Sep 28 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Received disconnect from 212.192.31.32 port 54050:11: Bye Bye [preauth]
Sep 28 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31914]: Disconnected from 212.192.31.32 port 54050 [preauth]
Sep 28 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: Invalid user steam from 146.190.246.86
Sep 28 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: input_userauth_request: invalid user steam [preauth]
Sep 28 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: Failed password for invalid user steam from 146.190.246.86 port 51136 ssh2
Sep 28 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: Connection closed by 146.190.246.86 port 51136 [preauth]
Sep 28 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30512]: pam_unix(cron:session): session closed for user root
Sep 28 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Failed password for root from 146.190.246.86 port 47218 ssh2
Sep 28 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Connection closed by 146.190.246.86 port 47218 [preauth]
Sep 28 12:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Invalid user admin from 146.190.246.86
Sep 28 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Failed password for invalid user admin from 146.190.246.86 port 33522 ssh2
Sep 28 12:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32024]: Connection closed by 146.190.246.86 port 33522 [preauth]
Sep 28 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Invalid user debian from 196.251.69.141
Sep 28 12:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: input_userauth_request: invalid user debian [preauth]
Sep 28 12:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Failed password for invalid user debian from 196.251.69.141 port 35862 ssh2
Sep 28 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Connection closed by 196.251.69.141 port 35862 [preauth]
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32050]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: Invalid user gmod from 146.190.246.86
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: input_userauth_request: invalid user gmod [preauth]
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32120]: Successful su for rubyman by root
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32120]: + ??? root:rubyman
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308215 of user rubyman.
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32120]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308215.
Sep 28 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: Failed password for invalid user gmod from 146.190.246.86 port 58848 ssh2
Sep 28 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32097]: Connection closed by 146.190.246.86 port 58848 [preauth]
Sep 28 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session closed for user root
Sep 28 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for root from 45.172.152.74 port 59400 ssh2
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Invalid user laser from 185.223.124.133
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: input_userauth_request: invalid user laser [preauth]
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Received disconnect from 45.172.152.74 port 59400:11: Bye Bye [preauth]
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Disconnected from 45.172.152.74 port 59400 [preauth]
Sep 28 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32051]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Failed password for invalid user laser from 185.223.124.133 port 43596 ssh2
Sep 28 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Received disconnect from 185.223.124.133 port 43596:11: Bye Bye [preauth]
Sep 28 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Disconnected from 185.223.124.133 port 43596 [preauth]
Sep 28 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: Invalid user gitlab from 146.190.246.86
Sep 28 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: Failed password for invalid user gitlab from 146.190.246.86 port 49086 ssh2
Sep 28 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32337]: Connection closed by 146.190.246.86 port 49086 [preauth]
Sep 28 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Invalid user coder from 212.192.31.32
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: input_userauth_request: invalid user coder [preauth]
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Invalid user juliana from 202.83.162.167
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: input_userauth_request: invalid user juliana [preauth]
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Failed password for invalid user coder from 212.192.31.32 port 51798 ssh2
Sep 28 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Received disconnect from 212.192.31.32 port 51798:11: Bye Bye [preauth]
Sep 28 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Disconnected from 212.192.31.32 port 51798 [preauth]
Sep 28 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Failed password for invalid user juliana from 202.83.162.167 port 34580 ssh2
Sep 28 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Received disconnect from 202.83.162.167 port 34580:11: Bye Bye [preauth]
Sep 28 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32367]: Disconnected from 202.83.162.167 port 34580 [preauth]
Sep 28 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Invalid user huawei from 146.190.246.86
Sep 28 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: input_userauth_request: invalid user huawei [preauth]
Sep 28 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Failed password for invalid user huawei from 146.190.246.86 port 46072 ssh2
Sep 28 12:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Connection closed by 146.190.246.86 port 46072 [preauth]
Sep 28 12:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Invalid user fedora from 196.251.69.141
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Failed password for root from 36.70.25.238 port 33052 ssh2
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Received disconnect from 36.70.25.238 port 33052:11: Bye Bye [preauth]
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Disconnected from 36.70.25.238 port 33052 [preauth]
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for invalid user fedora from 196.251.69.141 port 37784 ssh2
Sep 28 12:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 196.251.69.141 port 37784 [preauth]
Sep 28 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session closed for user root
Sep 28 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Invalid user phpmyadmin from 146.190.246.86
Sep 28 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: input_userauth_request: invalid user phpmyadmin [preauth]
Sep 28 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Failed password for invalid user phpmyadmin from 146.190.246.86 port 42506 ssh2
Sep 28 12:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Connection closed by 146.190.246.86 port 42506 [preauth]
Sep 28 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: Invalid user redis from 146.190.246.86
Sep 28 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: input_userauth_request: invalid user redis [preauth]
Sep 28 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: Failed password for invalid user redis from 146.190.246.86 port 48356 ssh2
Sep 28 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: Connection closed by 146.190.246.86 port 48356 [preauth]
Sep 28 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32514]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: Successful su for rubyman by root
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: + ??? root:rubyman
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308219 of user rubyman.
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32574]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308219.
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: Failed password for root from 146.190.246.86 port 47948 ssh2
Sep 28 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32506]: Connection closed by 146.190.246.86 port 47948 [preauth]
Sep 28 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: Invalid user fedora from 196.251.69.141
Sep 28 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29424]: pam_unix(cron:session): session closed for user root
Sep 28 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: Failed password for invalid user fedora from 196.251.69.141 port 39618 ssh2
Sep 28 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Connection closed by 185.126.2.179 port 52738 [preauth]
Sep 28 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: Connection closed by 196.251.69.141 port 39618 [preauth]
Sep 28 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Invalid user cassandra from 146.190.246.86
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: input_userauth_request: invalid user cassandra [preauth]
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Invalid user git from 185.223.124.133
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: input_userauth_request: invalid user git [preauth]
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: Failed password for root from 45.172.152.74 port 56346 ssh2
Sep 28 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: Received disconnect from 45.172.152.74 port 56346:11: Bye Bye [preauth]
Sep 28 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: Disconnected from 45.172.152.74 port 56346 [preauth]
Sep 28 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Failed password for invalid user cassandra from 146.190.246.86 port 51924 ssh2
Sep 28 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Connection closed by 146.190.246.86 port 51924 [preauth]
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Invalid user blog from 35.187.196.97
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: input_userauth_request: invalid user blog [preauth]
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Failed password for invalid user git from 185.223.124.133 port 43198 ssh2
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Received disconnect from 185.223.124.133 port 43198:11: Bye Bye [preauth]
Sep 28 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Disconnected from 185.223.124.133 port 43198 [preauth]
Sep 28 12:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Failed password for invalid user blog from 35.187.196.97 port 39530 ssh2
Sep 28 12:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Received disconnect from 35.187.196.97 port 39530:11: Bye Bye [preauth]
Sep 28 12:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Disconnected from 35.187.196.97 port 39530 [preauth]
Sep 28 12:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[357]: Failed password for root from 212.192.31.32 port 36576 ssh2
Sep 28 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[357]: Received disconnect from 212.192.31.32 port 36576:11: Bye Bye [preauth]
Sep 28 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[357]: Disconnected from 212.192.31.32 port 36576 [preauth]
Sep 28 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Invalid user testuser from 146.190.246.86
Sep 28 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: input_userauth_request: invalid user testuser [preauth]
Sep 28 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Failed password for invalid user testuser from 146.190.246.86 port 57372 ssh2
Sep 28 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Connection closed by 146.190.246.86 port 57372 [preauth]
Sep 28 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Invalid user git from 146.190.246.86
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: input_userauth_request: invalid user git [preauth]
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Invalid user mtest from 202.83.162.167
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: input_userauth_request: invalid user mtest [preauth]
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session closed for user root
Sep 28 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Failed password for invalid user git from 146.190.246.86 port 44898 ssh2
Sep 28 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Connection closed by 146.190.246.86 port 44898 [preauth]
Sep 28 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Failed password for invalid user mtest from 202.83.162.167 port 46074 ssh2
Sep 28 12:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Received disconnect from 202.83.162.167 port 46074:11: Bye Bye [preauth]
Sep 28 12:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Disconnected from 202.83.162.167 port 46074 [preauth]
Sep 28 12:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: Invalid user fedora from 196.251.69.141
Sep 28 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: Failed password for invalid user fedora from 196.251.69.141 port 41348 ssh2
Sep 28 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: Connection closed by 196.251.69.141 port 41348 [preauth]
Sep 28 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Invalid user elasticsearch from 146.190.246.86
Sep 28 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Failed password for invalid user elasticsearch from 146.190.246.86 port 52962 ssh2
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Connection closed by 146.190.246.86 port 52962 [preauth]
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Invalid user git from 36.70.25.238
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: input_userauth_request: invalid user git [preauth]
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[468]: Failed password for root from 128.199.244.190 port 60244 ssh2
Sep 28 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[468]: Connection closed by 128.199.244.190 port 60244 [preauth]
Sep 28 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Invalid user pi from 128.199.244.190
Sep 28 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: input_userauth_request: invalid user pi [preauth]
Sep 28 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Failed password for invalid user git from 36.70.25.238 port 56830 ssh2
Sep 28 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Received disconnect from 36.70.25.238 port 56830:11: Bye Bye [preauth]
Sep 28 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Disconnected from 36.70.25.238 port 56830 [preauth]
Sep 28 12:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Failed password for invalid user pi from 128.199.244.190 port 55102 ssh2
Sep 28 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Connection closed by 128.199.244.190 port 55102 [preauth]
Sep 28 12:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: Invalid user hive from 128.199.244.190
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: input_userauth_request: invalid user hive [preauth]
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Invalid user palworld from 146.190.246.86
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: input_userauth_request: invalid user palworld [preauth]
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Failed password for invalid user palworld from 146.190.246.86 port 42102 ssh2
Sep 28 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Connection closed by 146.190.246.86 port 42102 [preauth]
Sep 28 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: Failed password for invalid user hive from 128.199.244.190 port 55114 ssh2
Sep 28 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[503]: Connection closed by 128.199.244.190 port 55114 [preauth]
Sep 28 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Invalid user git from 128.199.244.190
Sep 28 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: input_userauth_request: invalid user git [preauth]
Sep 28 12:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[537]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[536]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[534]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: Successful su for rubyman by root
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: + ??? root:rubyman
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308223 of user rubyman.
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308223.
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Failed password for invalid user git from 128.199.244.190 port 55120 ssh2
Sep 28 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session closed for user root
Sep 28 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Connection closed by 128.199.244.190 port 55120 [preauth]
Sep 28 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: Invalid user wang from 128.199.244.190
Sep 28 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: input_userauth_request: invalid user wang [preauth]
Sep 28 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29929]: pam_unix(cron:session): session closed for user root
Sep 28 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: Failed password for invalid user wang from 128.199.244.190 port 39974 ssh2
Sep 28 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[535]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Failed password for root from 146.190.246.86 port 51436 ssh2
Sep 28 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Connection closed by 146.190.246.86 port 51436 [preauth]
Sep 28 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Invalid user nginx from 128.199.244.190
Sep 28 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: input_userauth_request: invalid user nginx [preauth]
Sep 28 12:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[529]: Connection closed by 128.199.244.190 port 39974 [preauth]
Sep 28 12:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Invalid user fedora from 196.251.69.141
Sep 28 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Failed password for invalid user nginx from 128.199.244.190 port 39984 ssh2
Sep 28 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: Invalid user mongo from 128.199.244.190
Sep 28 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: input_userauth_request: invalid user mongo [preauth]
Sep 28 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Connection closed by 128.199.244.190 port 39984 [preauth]
Sep 28 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Failed password for invalid user fedora from 196.251.69.141 port 42884 ssh2
Sep 28 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Connection closed by 196.251.69.141 port 42884 [preauth]
Sep 28 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for root from 212.192.31.32 port 60360 ssh2
Sep 28 12:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Received disconnect from 212.192.31.32 port 60360:11: Bye Bye [preauth]
Sep 28 12:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Disconnected from 212.192.31.32 port 60360 [preauth]
Sep 28 12:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Invalid user ubuntu from 45.172.152.74
Sep 28 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: Failed password for invalid user mongo from 128.199.244.190 port 38898 ssh2
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: Invalid user fil from 146.190.246.86
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: input_userauth_request: invalid user fil [preauth]
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Invalid user user from 128.199.244.190
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: input_userauth_request: invalid user user [preauth]
Sep 28 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for invalid user ubuntu from 45.172.152.74 port 35812 ssh2
Sep 28 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Received disconnect from 45.172.152.74 port 35812:11: Bye Bye [preauth]
Sep 28 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Disconnected from 45.172.152.74 port 35812 [preauth]
Sep 28 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: Connection closed by 128.199.244.190 port 38898 [preauth]
Sep 28 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: Failed password for invalid user fil from 146.190.246.86 port 33824 ssh2
Sep 28 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1050]: Connection closed by 146.190.246.86 port 33824 [preauth]
Sep 28 12:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Failed password for invalid user user from 128.199.244.190 port 38908 ssh2
Sep 28 12:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Invalid user oracle from 128.199.244.190
Sep 28 12:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Connection closed by 128.199.244.190 port 38908 [preauth]
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Invalid user laravel from 185.223.124.133
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: input_userauth_request: invalid user laravel [preauth]
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Failed password for invalid user laravel from 185.223.124.133 port 46516 ssh2
Sep 28 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Failed password for invalid user oracle from 128.199.244.190 port 47574 ssh2
Sep 28 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Invalid user gpadmin from 128.199.244.190
Sep 28 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Connection closed by 128.199.244.190 port 47574 [preauth]
Sep 28 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Received disconnect from 185.223.124.133 port 46516:11: Bye Bye [preauth]
Sep 28 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Disconnected from 185.223.124.133 port 46516 [preauth]
Sep 28 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Invalid user nagios from 146.190.246.86
Sep 28 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: input_userauth_request: invalid user nagios [preauth]
Sep 28 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Failed password for invalid user nagios from 146.190.246.86 port 51700 ssh2
Sep 28 12:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Connection closed by 146.190.246.86 port 51700 [preauth]
Sep 28 12:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for invalid user gpadmin from 128.199.244.190 port 47578 ssh2
Sep 28 12:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Connection closed by 128.199.244.190 port 47578 [preauth]
Sep 28 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32053]: pam_unix(cron:session): session closed for user root
Sep 28 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Failed password for root from 128.199.244.190 port 47584 ssh2
Sep 28 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Invalid user esroot from 128.199.244.190
Sep 28 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: input_userauth_request: invalid user esroot [preauth]
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Invalid user moussa from 185.126.2.179
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: input_userauth_request: invalid user moussa [preauth]
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Connection closed by 128.199.244.190 port 47584 [preauth]
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Failed password for invalid user moussa from 185.126.2.179 port 45018 ssh2
Sep 28 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Failed password for invalid user esroot from 128.199.244.190 port 54540 ssh2
Sep 28 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Received disconnect from 185.126.2.179 port 45018:11: Bye Bye [preauth]
Sep 28 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Disconnected from 185.126.2.179 port 45018 [preauth]
Sep 28 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Invalid user gitlab from 128.199.244.190
Sep 28 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Connection closed by 128.199.244.190 port 54540 [preauth]
Sep 28 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for invalid user gitlab from 128.199.244.190 port 54546 ssh2
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Invalid user apache from 128.199.244.190
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: input_userauth_request: invalid user apache [preauth]
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: Failed password for root from 146.190.246.86 port 47658 ssh2
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1144]: Connection closed by 146.190.246.86 port 47658 [preauth]
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Connection closed by 128.199.244.190 port 54546 [preauth]
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Failed password for invalid user apache from 128.199.244.190 port 54786 ssh2
Sep 28 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Connection closed by 128.199.244.190 port 54786 [preauth]
Sep 28 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Invalid user fedora from 196.251.69.141
Sep 28 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Invalid user ftp1 from 202.83.162.167
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: input_userauth_request: invalid user ftp1 [preauth]
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user fedora from 196.251.69.141 port 44584 ssh2
Sep 28 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Failed password for root from 128.199.244.190 port 54798 ssh2
Sep 28 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Failed password for invalid user ftp1 from 202.83.162.167 port 46718 ssh2
Sep 28 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Connection closed by 196.251.69.141 port 44584 [preauth]
Sep 28 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Received disconnect from 202.83.162.167 port 46718:11: Bye Bye [preauth]
Sep 28 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1172]: Disconnected from 202.83.162.167 port 46718 [preauth]
Sep 28 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Connection closed by 128.199.244.190 port 54798 [preauth]
Sep 28 12:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Invalid user cyberpanel from 146.190.246.86
Sep 28 12:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 12:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for root from 128.199.244.190 port 55728 ssh2
Sep 28 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Failed password for invalid user cyberpanel from 146.190.246.86 port 40556 ssh2
Sep 28 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Connection closed by 146.190.246.86 port 40556 [preauth]
Sep 28 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Connection closed by 128.199.244.190 port 55728 [preauth]
Sep 28 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Invalid user user from 128.199.244.190
Sep 28 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: input_userauth_request: invalid user user [preauth]
Sep 28 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for invalid user user from 128.199.244.190 port 55744 ssh2
Sep 28 12:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 128.199.244.190 port 55744 [preauth]
Sep 28 12:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Invalid user lighthouse from 128.199.244.190
Sep 28 12:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Failed password for invalid user lighthouse from 128.199.244.190 port 57084 ssh2
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1219]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1222]: pam_unix(cron:session): session closed for user root
Sep 28 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1217]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Connection closed by 128.199.244.190 port 57084 [preauth]
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: Successful su for rubyman by root
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: + ??? root:rubyman
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308229 of user rubyman.
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1302]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308229.
Sep 28 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Invalid user db2inst1 from 190.103.202.7
Sep 28 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: input_userauth_request: invalid user db2inst1 [preauth]
Sep 28 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Invalid user flask from 128.199.244.190
Sep 28 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: input_userauth_request: invalid user flask [preauth]
Sep 28 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30510]: pam_unix(cron:session): session closed for user root
Sep 28 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1219]: pam_unix(cron:session): session closed for user root
Sep 28 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Failed password for invalid user db2inst1 from 190.103.202.7 port 46816 ssh2
Sep 28 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Failed password for root from 146.190.246.86 port 34398 ssh2
Sep 28 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1362]: Connection closed by 146.190.246.86 port 34398 [preauth]
Sep 28 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Connection closed by 190.103.202.7 port 46816 [preauth]
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Invalid user activemq from 36.70.25.238
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: input_userauth_request: invalid user activemq [preauth]
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Failed password for invalid user flask from 128.199.244.190 port 57090 ssh2
Sep 28 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Connection closed by 128.199.244.190 port 57090 [preauth]
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Failed password for invalid user activemq from 36.70.25.238 port 57246 ssh2
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Received disconnect from 36.70.25.238 port 57246:11: Bye Bye [preauth]
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: Disconnected from 36.70.25.238 port 57246 [preauth]
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Invalid user user1 from 128.199.244.190
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: input_userauth_request: invalid user user1 [preauth]
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Invalid user test from 35.187.196.97
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: input_userauth_request: invalid user test [preauth]
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Failed password for invalid user test from 35.187.196.97 port 50194 ssh2
Sep 28 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for invalid user user1 from 128.199.244.190 port 45518 ssh2
Sep 28 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Received disconnect from 35.187.196.97 port 50194:11: Bye Bye [preauth]
Sep 28 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Disconnected from 35.187.196.97 port 50194 [preauth]
Sep 28 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Connection closed by 128.199.244.190 port 45518 [preauth]
Sep 28 12:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: Invalid user hadoop from 128.199.244.190
Sep 28 12:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 12:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Invalid user phpmyadmin from 146.190.246.86
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: input_userauth_request: invalid user phpmyadmin [preauth]
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: Failed password for invalid user hadoop from 128.199.244.190 port 45526 ssh2
Sep 28 12:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1589]: Connection closed by 128.199.244.190 port 45526 [preauth]
Sep 28 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Invalid user oracle from 128.199.244.190
Sep 28 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Failed password for invalid user phpmyadmin from 146.190.246.86 port 60130 ssh2
Sep 28 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Connection closed by 146.190.246.86 port 60130 [preauth]
Sep 28 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Failed password for root from 212.192.31.32 port 47352 ssh2
Sep 28 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Received disconnect from 212.192.31.32 port 47352:11: Bye Bye [preauth]
Sep 28 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Disconnected from 212.192.31.32 port 47352 [preauth]
Sep 28 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Failed password for invalid user oracle from 128.199.244.190 port 45542 ssh2
Sep 28 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Connection closed by 128.199.244.190 port 45542 [preauth]
Sep 28 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: Invalid user test from 128.199.244.190
Sep 28 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: input_userauth_request: invalid user test [preauth]
Sep 28 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: Failed password for invalid user test from 128.199.244.190 port 45670 ssh2
Sep 28 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: Connection closed by 128.199.244.190 port 45670 [preauth]
Sep 28 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: Invalid user fedora from 196.251.69.141
Sep 28 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Invalid user logstash from 146.190.246.86
Sep 28 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: input_userauth_request: invalid user logstash [preauth]
Sep 28 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: Failed password for invalid user fedora from 196.251.69.141 port 46508 ssh2
Sep 28 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: Connection closed by 196.251.69.141 port 46508 [preauth]
Sep 28 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: Failed password for root from 128.199.244.190 port 45676 ssh2
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Invalid user casa from 45.172.152.74
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: input_userauth_request: invalid user casa [preauth]
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Failed password for invalid user logstash from 146.190.246.86 port 38470 ssh2
Sep 28 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Connection closed by 146.190.246.86 port 38470 [preauth]
Sep 28 12:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: Connection closed by 128.199.244.190 port 45676 [preauth]
Sep 28 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Invalid user developer from 128.199.244.190
Sep 28 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: input_userauth_request: invalid user developer [preauth]
Sep 28 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for invalid user casa from 45.172.152.74 port 49994 ssh2
Sep 28 12:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Received disconnect from 45.172.152.74 port 49994:11: Bye Bye [preauth]
Sep 28 12:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Disconnected from 45.172.152.74 port 49994 [preauth]
Sep 28 12:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Failed password for invalid user developer from 128.199.244.190 port 48028 ssh2
Sep 28 12:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Connection closed by 128.199.244.190 port 48028 [preauth]
Sep 28 12:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32514]: pam_unix(cron:session): session closed for user root
Sep 28 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Failed password for root from 128.199.244.190 port 48032 ssh2
Sep 28 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Connection closed by 128.199.244.190 port 48032 [preauth]
Sep 28 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Invalid user ethnode from 146.190.246.86
Sep 28 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: input_userauth_request: invalid user ethnode [preauth]
Sep 28 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: User mysql from 128.199.244.190 not allowed because not listed in AllowUsers
Sep 28 12:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: input_userauth_request: invalid user mysql [preauth]
Sep 28 12:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=mysql
Sep 28 12:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Failed password for invalid user ethnode from 146.190.246.86 port 37612 ssh2
Sep 28 12:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Connection closed by 146.190.246.86 port 37612 [preauth]
Sep 28 12:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: Failed password for invalid user mysql from 128.199.244.190 port 55104 ssh2
Sep 28 12:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: Connection closed by 128.199.244.190 port 55104 [preauth]
Sep 28 12:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Invalid user tesoreria from 185.223.124.133
Sep 28 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: input_userauth_request: invalid user tesoreria [preauth]
Sep 28 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Failed password for root from 128.199.244.190 port 55116 ssh2
Sep 28 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Connection closed by 128.199.244.190 port 55116 [preauth]
Sep 28 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Failed password for invalid user tesoreria from 185.223.124.133 port 46746 ssh2
Sep 28 12:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Received disconnect from 185.223.124.133 port 46746:11: Bye Bye [preauth]
Sep 28 12:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Disconnected from 185.223.124.133 port 46746 [preauth]
Sep 28 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Invalid user tom from 128.199.244.190
Sep 28 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: input_userauth_request: invalid user tom [preauth]
Sep 28 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Failed password for invalid user tom from 128.199.244.190 port 55126 ssh2
Sep 28 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Connection closed by 128.199.244.190 port 55126 [preauth]
Sep 28 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Failed password for root from 146.190.246.86 port 38978 ssh2
Sep 28 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Connection closed by 146.190.246.86 port 38978 [preauth]
Sep 28 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Failed password for root from 128.199.244.190 port 49286 ssh2
Sep 28 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Connection closed by 128.199.244.190 port 49286 [preauth]
Sep 28 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Invalid user oscar from 128.199.244.190
Sep 28 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: input_userauth_request: invalid user oscar [preauth]
Sep 28 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Failed password for invalid user oscar from 128.199.244.190 port 49298 ssh2
Sep 28 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Connection closed by 128.199.244.190 port 49298 [preauth]
Sep 28 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Invalid user fedora from 196.251.69.141
Sep 28 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: input_userauth_request: invalid user www-data [preauth]
Sep 28 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1809]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Invalid user test from 202.83.162.167
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: input_userauth_request: invalid user test [preauth]
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: Successful su for rubyman by root
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: + ??? root:rubyman
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308234 of user rubyman.
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1883]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308234.
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Failed password for invalid user fedora from 196.251.69.141 port 47624 ssh2
Sep 28 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Connection closed by 196.251.69.141 port 47624 [preauth]
Sep 28 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: Failed password for invalid user www-data from 146.190.246.86 port 49844 ssh2
Sep 28 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: Connection closed by 146.190.246.86 port 49844 [preauth]
Sep 28 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for root from 128.199.244.190 port 50414 ssh2
Sep 28 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Failed password for invalid user test from 202.83.162.167 port 54706 ssh2
Sep 28 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Received disconnect from 202.83.162.167 port 54706:11: Bye Bye [preauth]
Sep 28 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Disconnected from 202.83.162.167 port 54706 [preauth]
Sep 28 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Connection closed by 128.199.244.190 port 50414 [preauth]
Sep 28 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session closed for user root
Sep 28 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Failed password for root from 128.199.244.190 port 50426 ssh2
Sep 28 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1811]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Connection closed by 128.199.244.190 port 50426 [preauth]
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Failed password for root from 185.126.2.179 port 37288 ssh2
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user user1 from 128.199.244.190
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user user1 [preauth]
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Received disconnect from 185.126.2.179 port 37288:11: Bye Bye [preauth]
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Disconnected from 185.126.2.179 port 37288 [preauth]
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Invalid user flussonic from 146.190.246.86
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: input_userauth_request: invalid user flussonic [preauth]
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user user1 from 128.199.244.190 port 41838 ssh2
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 128.199.244.190 port 41838 [preauth]
Sep 28 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Invalid user localhost from 212.192.31.32
Sep 28 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: input_userauth_request: invalid user localhost [preauth]
Sep 28 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for invalid user flussonic from 146.190.246.86 port 53340 ssh2
Sep 28 12:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Connection closed by 146.190.246.86 port 53340 [preauth]
Sep 28 12:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Failed password for invalid user localhost from 212.192.31.32 port 58748 ssh2
Sep 28 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Received disconnect from 212.192.31.32 port 58748:11: Bye Bye [preauth]
Sep 28 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Disconnected from 212.192.31.32 port 58748 [preauth]
Sep 28 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Failed password for root from 128.199.244.190 port 41840 ssh2
Sep 28 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Connection closed by 128.199.244.190 port 41840 [preauth]
Sep 28 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Invalid user flink from 128.199.244.190
Sep 28 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: input_userauth_request: invalid user flink [preauth]
Sep 28 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Failed password for invalid user flink from 128.199.244.190 port 58132 ssh2
Sep 28 12:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Connection closed by 128.199.244.190 port 58132 [preauth]
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: Invalid user leo1 from 146.190.246.86
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: input_userauth_request: invalid user leo1 [preauth]
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Invalid user apache from 128.199.244.190
Sep 28 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: input_userauth_request: invalid user apache [preauth]
Sep 28 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: Failed password for invalid user leo1 from 146.190.246.86 port 43438 ssh2
Sep 28 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2150]: Connection closed by 146.190.246.86 port 43438 [preauth]
Sep 28 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Failed password for invalid user apache from 128.199.244.190 port 58144 ssh2
Sep 28 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Connection closed by 128.199.244.190 port 58144 [preauth]
Sep 28 12:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Invalid user theta from 36.70.25.238
Sep 28 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: input_userauth_request: invalid user theta [preauth]
Sep 28 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Failed password for root from 128.199.244.190 port 58158 ssh2
Sep 28 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Connection closed by 128.199.244.190 port 58158 [preauth]
Sep 28 12:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Failed password for invalid user theta from 36.70.25.238 port 55298 ssh2
Sep 28 12:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Received disconnect from 36.70.25.238 port 55298:11: Bye Bye [preauth]
Sep 28 12:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Disconnected from 36.70.25.238 port 55298 [preauth]
Sep 28 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Invalid user nginx from 128.199.244.190
Sep 28 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: input_userauth_request: invalid user nginx [preauth]
Sep 28 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Invalid user fedora from 196.251.69.141
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Invalid user guest from 146.190.246.86
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: input_userauth_request: invalid user guest [preauth]
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[537]: pam_unix(cron:session): session closed for user root
Sep 28 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Failed password for invalid user nginx from 128.199.244.190 port 56108 ssh2
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Failed password for invalid user guest from 146.190.246.86 port 41466 ssh2
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Failed password for invalid user fedora from 196.251.69.141 port 49374 ssh2
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Connection closed by 146.190.246.86 port 41466 [preauth]
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Connection closed by 196.251.69.141 port 49374 [preauth]
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Connection closed by 128.199.244.190 port 56108 [preauth]
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: Invalid user esuser from 128.199.244.190
Sep 28 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: input_userauth_request: invalid user esuser [preauth]
Sep 28 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for root from 35.187.196.97 port 53708 ssh2
Sep 28 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Received disconnect from 35.187.196.97 port 53708:11: Bye Bye [preauth]
Sep 28 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Disconnected from 35.187.196.97 port 53708 [preauth]
Sep 28 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for root from 45.172.152.74 port 50122 ssh2
Sep 28 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Received disconnect from 45.172.152.74 port 50122:11: Bye Bye [preauth]
Sep 28 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Disconnected from 45.172.152.74 port 50122 [preauth]
Sep 28 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: Failed password for invalid user esuser from 128.199.244.190 port 56116 ssh2
Sep 28 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2225]: Connection closed by 128.199.244.190 port 56116 [preauth]
Sep 28 12:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 128.199.244.190 port 45122 ssh2
Sep 28 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Connection closed by 128.199.244.190 port 45122 [preauth]
Sep 28 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Invalid user vagrant from 146.190.246.86
Sep 28 12:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 12:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Invalid user git from 128.199.244.190
Sep 28 12:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: input_userauth_request: invalid user git [preauth]
Sep 28 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user vagrant from 146.190.246.86 port 56884 ssh2
Sep 28 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Connection closed by 146.190.246.86 port 56884 [preauth]
Sep 28 12:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Failed password for invalid user git from 128.199.244.190 port 45136 ssh2
Sep 28 12:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Connection closed by 128.199.244.190 port 45136 [preauth]
Sep 28 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Invalid user postgres from 128.199.244.190
Sep 28 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: input_userauth_request: invalid user postgres [preauth]
Sep 28 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for invalid user postgres from 128.199.244.190 port 43876 ssh2
Sep 28 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Connection closed by 128.199.244.190 port 43876 [preauth]
Sep 28 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Invalid user svnuser from 128.199.244.190
Sep 28 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: input_userauth_request: invalid user svnuser [preauth]
Sep 28 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Failed password for invalid user svnuser from 128.199.244.190 port 43888 ssh2
Sep 28 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Connection closed by 128.199.244.190 port 43888 [preauth]
Sep 28 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Invalid user dolphinscheduler from 128.199.244.190
Sep 28 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2295]: Failed password for root from 185.223.124.133 port 42160 ssh2
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: User ftp from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: input_userauth_request: invalid user ftp [preauth]
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=ftp
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2295]: Received disconnect from 185.223.124.133 port 42160:11: Bye Bye [preauth]
Sep 28 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2295]: Disconnected from 185.223.124.133 port 42160 [preauth]
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: Successful su for rubyman by root
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: + ??? root:rubyman
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308238 of user rubyman.
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308238.
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Failed password for invalid user dolphinscheduler from 128.199.244.190 port 38742 ssh2
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Failed password for invalid user ftp from 146.190.246.86 port 36558 ssh2
Sep 28 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Connection closed by 146.190.246.86 port 36558 [preauth]
Sep 28 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Connection closed by 128.199.244.190 port 38742 [preauth]
Sep 28 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31588]: pam_unix(cron:session): session closed for user root
Sep 28 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: Invalid user bodega from 212.192.31.32
Sep 28 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: input_userauth_request: invalid user bodega [preauth]
Sep 28 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: Failed password for root from 128.199.244.190 port 38744 ssh2
Sep 28 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: Connection closed by 128.199.244.190 port 38744 [preauth]
Sep 28 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: Failed password for invalid user bodega from 212.192.31.32 port 41200 ssh2
Sep 28 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: Received disconnect from 212.192.31.32 port 41200:11: Bye Bye [preauth]
Sep 28 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2564]: Disconnected from 212.192.31.32 port 41200 [preauth]
Sep 28 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Invalid user plexserver from 128.199.244.190
Sep 28 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: input_userauth_request: invalid user plexserver [preauth]
Sep 28 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Invalid user fedora from 196.251.69.141
Sep 28 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: input_userauth_request: invalid user fedora [preauth]
Sep 28 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Invalid user yarn from 146.190.246.86
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: input_userauth_request: invalid user yarn [preauth]
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Failed password for invalid user plexserver from 128.199.244.190 port 51380 ssh2
Sep 28 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Invalid user sonar from 128.199.244.190
Sep 28 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: input_userauth_request: invalid user sonar [preauth]
Sep 28 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Connection closed by 128.199.244.190 port 51380 [preauth]
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Invalid user chart from 202.83.162.167
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: input_userauth_request: invalid user chart [preauth]
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Failed password for invalid user fedora from 196.251.69.141 port 50980 ssh2
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Connection closed by 196.251.69.141 port 50980 [preauth]
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Failed password for invalid user yarn from 146.190.246.86 port 52992 ssh2
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Connection closed by 146.190.246.86 port 52992 [preauth]
Sep 28 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for invalid user chart from 202.83.162.167 port 49092 ssh2
Sep 28 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Failed password for invalid user sonar from 128.199.244.190 port 51386 ssh2
Sep 28 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Received disconnect from 202.83.162.167 port 49092:11: Bye Bye [preauth]
Sep 28 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Disconnected from 202.83.162.167 port 49092 [preauth]
Sep 28 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Connection closed by 128.199.244.190 port 51386 [preauth]
Sep 28 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Invalid user app from 128.199.244.190
Sep 28 12:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: input_userauth_request: invalid user app [preauth]
Sep 28 12:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Failed password for invalid user app from 128.199.244.190 port 51394 ssh2
Sep 28 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Connection closed by 128.199.244.190 port 51394 [preauth]
Sep 28 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Invalid user tools from 128.199.244.190
Sep 28 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: input_userauth_request: invalid user tools [preauth]
Sep 28 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Failed password for invalid user tools from 128.199.244.190 port 32972 ssh2
Sep 28 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Failed password for root from 146.190.246.86 port 33072 ssh2
Sep 28 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Connection closed by 146.190.246.86 port 33072 [preauth]
Sep 28 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Connection closed by 128.199.244.190 port 32972 [preauth]
Sep 28 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Invalid user lighthouse from 128.199.244.190
Sep 28 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for invalid user lighthouse from 128.199.244.190 port 32980 ssh2
Sep 28 12:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Connection closed by 128.199.244.190 port 32980 [preauth]
Sep 28 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: User mysql from 128.199.244.190 not allowed because not listed in AllowUsers
Sep 28 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: input_userauth_request: invalid user mysql [preauth]
Sep 28 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=mysql
Sep 28 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user mysql from 128.199.244.190 port 45668 ssh2
Sep 28 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Connection closed by 128.199.244.190 port 45668 [preauth]
Sep 28 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: input_userauth_request: invalid user www-data [preauth]
Sep 28 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1221]: pam_unix(cron:session): session closed for user root
Sep 28 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for invalid user www-data from 146.190.246.86 port 45140 ssh2
Sep 28 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Connection closed by 146.190.246.86 port 45140 [preauth]
Sep 28 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2684]: Failed password for root from 128.199.244.190 port 45680 ssh2
Sep 28 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2684]: Connection closed by 128.199.244.190 port 45680 [preauth]
Sep 28 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Invalid user gpadmin from 128.199.244.190
Sep 28 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Failed password for invalid user gpadmin from 128.199.244.190 port 38910 ssh2
Sep 28 12:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2720]: Connection closed by 128.199.244.190 port 38910 [preauth]
Sep 28 12:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: Invalid user oracle from 128.199.244.190
Sep 28 12:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Invalid user moussa from 45.172.152.74
Sep 28 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: input_userauth_request: invalid user moussa [preauth]
Sep 28 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Failed password for invalid user moussa from 45.172.152.74 port 36770 ssh2
Sep 28 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Received disconnect from 45.172.152.74 port 36770:11: Bye Bye [preauth]
Sep 28 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Disconnected from 45.172.152.74 port 36770 [preauth]
Sep 28 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: Failed password for invalid user oracle from 128.199.244.190 port 38922 ssh2
Sep 28 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2723]: Connection closed by 128.199.244.190 port 38922 [preauth]
Sep 28 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Invalid user redhat from 196.251.69.141
Sep 28 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Invalid user solana from 146.190.246.86
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Failed password for root from 185.126.2.179 port 57794 ssh2
Sep 28 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Received disconnect from 185.126.2.179 port 57794:11: Bye Bye [preauth]
Sep 28 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Disconnected from 185.126.2.179 port 57794 [preauth]
Sep 28 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Failed password for invalid user redhat from 196.251.69.141 port 52398 ssh2
Sep 28 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Failed password for invalid user solana from 146.190.246.86 port 45830 ssh2
Sep 28 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Connection closed by 196.251.69.141 port 52398 [preauth]
Sep 28 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2759]: Connection closed by 146.190.246.86 port 45830 [preauth]
Sep 28 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for root from 128.199.244.190 port 38924 ssh2
Sep 28 12:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Connection closed by 128.199.244.190 port 38924 [preauth]
Sep 28 12:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Invalid user laser from 36.70.25.238
Sep 28 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: input_userauth_request: invalid user laser [preauth]
Sep 28 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Invalid user www from 128.199.244.190
Sep 28 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: input_userauth_request: invalid user www [preauth]
Sep 28 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Failed password for invalid user laser from 36.70.25.238 port 47230 ssh2
Sep 28 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Received disconnect from 36.70.25.238 port 47230:11: Bye Bye [preauth]
Sep 28 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Disconnected from 36.70.25.238 port 47230 [preauth]
Sep 28 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user www from 128.199.244.190 port 41424 ssh2
Sep 28 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Connection closed by 128.199.244.190 port 41424 [preauth]
Sep 28 12:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Invalid user charan from 212.192.31.32
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: input_userauth_request: invalid user charan [preauth]
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Invalid user centos from 146.190.246.86
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Failed password for root from 128.199.244.190 port 41430 ssh2
Sep 28 12:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Connection closed by 128.199.244.190 port 41430 [preauth]
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Failed password for invalid user charan from 212.192.31.32 port 43906 ssh2
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Received disconnect from 212.192.31.32 port 43906:11: Bye Bye [preauth]
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Disconnected from 212.192.31.32 port 43906 [preauth]
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Invalid user oscar from 128.199.244.190
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: input_userauth_request: invalid user oscar [preauth]
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user centos from 146.190.246.86 port 53816 ssh2
Sep 28 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Connection closed by 146.190.246.86 port 53816 [preauth]
Sep 28 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2866]: Successful su for rubyman by root
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2866]: + ??? root:rubyman
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308242 of user rubyman.
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2866]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308242.
Sep 28 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Failed password for invalid user oscar from 128.199.244.190 port 54606 ssh2
Sep 28 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2788]: Connection closed by 128.199.244.190 port 54606 [preauth]
Sep 28 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Invalid user test from 128.199.244.190
Sep 28 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: input_userauth_request: invalid user test [preauth]
Sep 28 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32052]: pam_unix(cron:session): session closed for user root
Sep 28 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Failed password for invalid user test from 128.199.244.190 port 54616 ssh2
Sep 28 12:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Connection closed by 128.199.244.190 port 54616 [preauth]
Sep 28 12:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: Invalid user admin from 128.199.244.190
Sep 28 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: Failed password for invalid user admin from 128.199.244.190 port 55428 ssh2
Sep 28 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3060]: Connection closed by 128.199.244.190 port 55428 [preauth]
Sep 28 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Failed password for root from 146.190.246.86 port 60446 ssh2
Sep 28 12:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Connection closed by 146.190.246.86 port 60446 [preauth]
Sep 28 12:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Failed password for root from 128.199.244.190 port 55434 ssh2
Sep 28 12:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3085]: Connection closed by 128.199.244.190 port 55434 [preauth]
Sep 28 12:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: Invalid user app from 128.199.244.190
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: input_userauth_request: invalid user app [preauth]
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Invalid user samy from 35.187.196.97
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: input_userauth_request: invalid user samy [preauth]
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: Failed password for invalid user app from 128.199.244.190 port 55438 ssh2
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Failed password for invalid user samy from 35.187.196.97 port 39448 ssh2
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3113]: Connection closed by 128.199.244.190 port 55438 [preauth]
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Invalid user newftpuser from 185.223.124.133
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: input_userauth_request: invalid user newftpuser [preauth]
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Received disconnect from 35.187.196.97 port 39448:11: Bye Bye [preauth]
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Disconnected from 35.187.196.97 port 39448 [preauth]
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Invalid user redhat from 196.251.69.141
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Invalid user test from 202.83.162.167
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: input_userauth_request: invalid user test [preauth]
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Invalid user awsgui from 146.190.246.86
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: input_userauth_request: invalid user awsgui [preauth]
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Invalid user elastic from 128.199.244.190
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: input_userauth_request: invalid user elastic [preauth]
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Failed password for invalid user newftpuser from 185.223.124.133 port 58332 ssh2
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Received disconnect from 185.223.124.133 port 58332:11: Bye Bye [preauth]
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Disconnected from 185.223.124.133 port 58332 [preauth]
Sep 28 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Failed password for invalid user redhat from 196.251.69.141 port 53764 ssh2
Sep 28 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Failed password for invalid user test from 202.83.162.167 port 45442 ssh2
Sep 28 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Connection closed by 196.251.69.141 port 53764 [preauth]
Sep 28 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Received disconnect from 202.83.162.167 port 45442:11: Bye Bye [preauth]
Sep 28 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Disconnected from 202.83.162.167 port 45442 [preauth]
Sep 28 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Failed password for invalid user awsgui from 146.190.246.86 port 57996 ssh2
Sep 28 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Connection closed by 146.190.246.86 port 57996 [preauth]
Sep 28 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Failed password for invalid user elastic from 128.199.244.190 port 50856 ssh2
Sep 28 12:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Connection closed by 128.199.244.190 port 50856 [preauth]
Sep 28 12:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Failed password for root from 128.199.244.190 port 50868 ssh2
Sep 28 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Connection closed by 128.199.244.190 port 50868 [preauth]
Sep 28 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Invalid user guest from 128.199.244.190
Sep 28 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: input_userauth_request: invalid user guest [preauth]
Sep 28 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Failed password for invalid user guest from 128.199.244.190 port 52568 ssh2
Sep 28 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Connection closed by 128.199.244.190 port 52568 [preauth]
Sep 28 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Invalid user master from 146.190.246.86
Sep 28 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: input_userauth_request: invalid user master [preauth]
Sep 28 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session closed for user root
Sep 28 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Failed password for invalid user master from 146.190.246.86 port 44564 ssh2
Sep 28 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Connection closed by 146.190.246.86 port 44564 [preauth]
Sep 28 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3171]: Failed password for root from 128.199.244.190 port 52584 ssh2
Sep 28 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3171]: Connection closed by 128.199.244.190 port 52584 [preauth]
Sep 28 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Invalid user sonar from 128.199.244.190
Sep 28 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: input_userauth_request: invalid user sonar [preauth]
Sep 28 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Failed password for invalid user sonar from 128.199.244.190 port 36480 ssh2
Sep 28 12:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Connection closed by 128.199.244.190 port 36480 [preauth]
Sep 28 12:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: Invalid user jumpserver from 128.199.244.190
Sep 28 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: input_userauth_request: invalid user jumpserver [preauth]
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: Invalid user website from 146.190.246.86
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: input_userauth_request: invalid user website [preauth]
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: Failed password for invalid user jumpserver from 128.199.244.190 port 36490 ssh2
Sep 28 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: Failed password for invalid user website from 146.190.246.86 port 37314 ssh2
Sep 28 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3218]: Connection closed by 146.190.246.86 port 37314 [preauth]
Sep 28 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3205]: Connection closed by 128.199.244.190 port 36490 [preauth]
Sep 28 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: Invalid user tom from 128.199.244.190
Sep 28 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: input_userauth_request: invalid user tom [preauth]
Sep 28 12:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: Failed password for invalid user tom from 128.199.244.190 port 36494 ssh2
Sep 28 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Failed password for root from 45.172.152.74 port 51928 ssh2
Sep 28 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3234]: Connection closed by 128.199.244.190 port 36494 [preauth]
Sep 28 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Received disconnect from 45.172.152.74 port 51928:11: Bye Bye [preauth]
Sep 28 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Disconnected from 45.172.152.74 port 51928 [preauth]
Sep 28 12:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Failed password for root from 212.192.31.32 port 33054 ssh2
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Received disconnect from 212.192.31.32 port 33054:11: Bye Bye [preauth]
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Disconnected from 212.192.31.32 port 33054 [preauth]
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: Invalid user redhat from 196.251.69.141
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Failed password for root from 128.199.244.190 port 44452 ssh2
Sep 28 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Connection closed by 128.199.244.190 port 44452 [preauth]
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Invalid user odoo from 146.190.246.86
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: input_userauth_request: invalid user odoo [preauth]
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: Failed password for invalid user redhat from 196.251.69.141 port 55102 ssh2
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Invalid user git from 128.199.244.190
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: input_userauth_request: invalid user git [preauth]
Sep 28 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: Connection closed by 196.251.69.141 port 55102 [preauth]
Sep 28 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Failed password for invalid user odoo from 146.190.246.86 port 44144 ssh2
Sep 28 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Connection closed by 146.190.246.86 port 44144 [preauth]
Sep 28 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Failed password for invalid user git from 128.199.244.190 port 44462 ssh2
Sep 28 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Connection closed by 128.199.244.190 port 44462 [preauth]
Sep 28 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Invalid user ranger from 128.199.244.190
Sep 28 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: input_userauth_request: invalid user ranger [preauth]
Sep 28 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: Successful su for rubyman by root
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: + ??? root:rubyman
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308247 of user rubyman.
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308247.
Sep 28 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Failed password for invalid user ranger from 128.199.244.190 port 51868 ssh2
Sep 28 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Connection closed by 128.199.244.190 port 51868 [preauth]
Sep 28 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session closed for user root
Sep 28 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Failed password for root from 128.199.244.190 port 51874 ssh2
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Invalid user webadmin from 146.190.246.86
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Connection closed by 128.199.244.190 port 51874 [preauth]
Sep 28 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Failed password for invalid user webadmin from 146.190.246.86 port 35688 ssh2
Sep 28 12:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: Invalid user appuser from 128.199.244.190
Sep 28 12:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: input_userauth_request: invalid user appuser [preauth]
Sep 28 12:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Connection closed by 146.190.246.86 port 35688 [preauth]
Sep 28 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: Failed password for invalid user appuser from 128.199.244.190 port 46186 ssh2
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3545]: Connection closed by 128.199.244.190 port 46186 [preauth]
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Invalid user test from 36.70.25.238
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: input_userauth_request: invalid user test [preauth]
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Failed password for invalid user test from 36.70.25.238 port 51340 ssh2
Sep 28 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Invalid user tom from 128.199.244.190
Sep 28 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: input_userauth_request: invalid user tom [preauth]
Sep 28 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Received disconnect from 36.70.25.238 port 51340:11: Bye Bye [preauth]
Sep 28 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Disconnected from 36.70.25.238 port 51340 [preauth]
Sep 28 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Failed password for invalid user tom from 128.199.244.190 port 46192 ssh2
Sep 28 12:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Connection closed by 128.199.244.190 port 46192 [preauth]
Sep 28 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Invalid user php from 146.190.246.86
Sep 28 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: input_userauth_request: invalid user php [preauth]
Sep 28 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Failed password for root from 128.199.244.190 port 46196 ssh2
Sep 28 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Connection closed by 128.199.244.190 port 46196 [preauth]
Sep 28 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Failed password for invalid user php from 146.190.246.86 port 45620 ssh2
Sep 28 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Connection closed by 146.190.246.86 port 45620 [preauth]
Sep 28 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Invalid user ubuntu from 128.199.244.190
Sep 28 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Invalid user nico from 185.126.2.179
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: input_userauth_request: invalid user nico [preauth]
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Failed password for invalid user ubuntu from 128.199.244.190 port 57394 ssh2
Sep 28 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Connection closed by 128.199.244.190 port 57394 [preauth]
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Failed password for invalid user nico from 185.126.2.179 port 50070 ssh2
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Invalid user elsearch from 128.199.244.190
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Received disconnect from 185.126.2.179 port 50070:11: Bye Bye [preauth]
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3609]: Disconnected from 185.126.2.179 port 50070 [preauth]
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Invalid user activemq from 185.223.124.133
Sep 28 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: input_userauth_request: invalid user activemq [preauth]
Sep 28 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Invalid user redhat from 196.251.69.141
Sep 28 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Failed password for invalid user elsearch from 128.199.244.190 port 57408 ssh2
Sep 28 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Invalid user ken from 202.83.162.167
Sep 28 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: input_userauth_request: invalid user ken [preauth]
Sep 28 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Connection closed by 128.199.244.190 port 57408 [preauth]
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user activemq from 185.223.124.133 port 39238 ssh2
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Received disconnect from 185.223.124.133 port 39238:11: Bye Bye [preauth]
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Disconnected from 185.223.124.133 port 39238 [preauth]
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Invalid user vps from 146.190.246.86
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: input_userauth_request: invalid user vps [preauth]
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Invalid user nginx from 128.199.244.190
Sep 28 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: input_userauth_request: invalid user nginx [preauth]
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Failed password for invalid user ken from 202.83.162.167 port 54660 ssh2
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Failed password for invalid user redhat from 196.251.69.141 port 56412 ssh2
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Connection closed by 196.251.69.141 port 56412 [preauth]
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Received disconnect from 202.83.162.167 port 54660:11: Bye Bye [preauth]
Sep 28 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Disconnected from 202.83.162.167 port 54660 [preauth]
Sep 28 12:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user vps from 146.190.246.86 port 50910 ssh2
Sep 28 12:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Connection closed by 146.190.246.86 port 50910 [preauth]
Sep 28 12:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Failed password for invalid user nginx from 128.199.244.190 port 41492 ssh2
Sep 28 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2314]: pam_unix(cron:session): session closed for user root
Sep 28 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Connection closed by 128.199.244.190 port 41492 [preauth]
Sep 28 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: Invalid user rancher from 128.199.244.190
Sep 28 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: input_userauth_request: invalid user rancher [preauth]
Sep 28 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: Failed password for invalid user rancher from 128.199.244.190 port 41498 ssh2
Sep 28 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: Connection closed by 128.199.244.190 port 41498 [preauth]
Sep 28 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Failed password for root from 128.199.244.190 port 53644 ssh2
Sep 28 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Connection closed by 128.199.244.190 port 53644 [preauth]
Sep 28 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Failed password for root from 146.190.246.86 port 46870 ssh2
Sep 28 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Connection closed by 146.190.246.86 port 46870 [preauth]
Sep 28 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Invalid user rancher from 128.199.244.190
Sep 28 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: input_userauth_request: invalid user rancher [preauth]
Sep 28 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for invalid user rancher from 128.199.244.190 port 53654 ssh2
Sep 28 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Failed password for root from 212.192.31.32 port 37666 ssh2
Sep 28 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Received disconnect from 212.192.31.32 port 37666:11: Bye Bye [preauth]
Sep 28 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Disconnected from 212.192.31.32 port 37666 [preauth]
Sep 28 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Connection closed by 128.199.244.190 port 53654 [preauth]
Sep 28 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Invalid user es from 128.199.244.190
Sep 28 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: input_userauth_request: invalid user es [preauth]
Sep 28 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Failed password for invalid user es from 128.199.244.190 port 40228 ssh2
Sep 28 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Connection closed by 128.199.244.190 port 40228 [preauth]
Sep 28 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Invalid user lee from 45.172.152.74
Sep 28 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: input_userauth_request: invalid user lee [preauth]
Sep 28 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3731]: Failed password for root from 35.187.196.97 port 58272 ssh2
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3731]: Received disconnect from 35.187.196.97 port 58272:11: Bye Bye [preauth]
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3731]: Disconnected from 35.187.196.97 port 58272 [preauth]
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Invalid user php from 146.190.246.86
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: input_userauth_request: invalid user php [preauth]
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Failed password for invalid user lee from 45.172.152.74 port 56766 ssh2
Sep 28 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Received disconnect from 45.172.152.74 port 56766:11: Bye Bye [preauth]
Sep 28 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Disconnected from 45.172.152.74 port 56766 [preauth]
Sep 28 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Failed password for invalid user php from 146.190.246.86 port 36916 ssh2
Sep 28 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Connection closed by 146.190.246.86 port 36916 [preauth]
Sep 28 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3736]: Failed password for root from 128.199.244.190 port 40240 ssh2
Sep 28 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3736]: Connection closed by 128.199.244.190 port 40240 [preauth]
Sep 28 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Invalid user user from 128.199.244.190
Sep 28 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: input_userauth_request: invalid user user [preauth]
Sep 28 12:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Failed password for invalid user user from 128.199.244.190 port 40250 ssh2
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user root
Sep 28 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Connection closed by 128.199.244.190 port 40250 [preauth]
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: Successful su for rubyman by root
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: + ??? root:rubyman
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308251 of user rubyman.
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308251.
Sep 28 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: Invalid user redhat from 196.251.69.141
Sep 28 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session closed for user root
Sep 28 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[536]: pam_unix(cron:session): session closed for user root
Sep 28 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Failed password for root from 128.199.244.190 port 49732 ssh2
Sep 28 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: Failed password for invalid user redhat from 196.251.69.141 port 58040 ssh2
Sep 28 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: Connection closed by 196.251.69.141 port 58040 [preauth]
Sep 28 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Connection closed by 128.199.244.190 port 49732 [preauth]
Sep 28 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: Failed password for root from 146.190.246.86 port 39216 ssh2
Sep 28 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: Connection closed by 146.190.246.86 port 39216 [preauth]
Sep 28 12:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Invalid user uftp from 128.199.244.190
Sep 28 12:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: input_userauth_request: invalid user uftp [preauth]
Sep 28 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Failed password for invalid user uftp from 128.199.244.190 port 49742 ssh2
Sep 28 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Invalid user data from 128.199.244.190
Sep 28 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: input_userauth_request: invalid user data [preauth]
Sep 28 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Connection closed by 128.199.244.190 port 49742 [preauth]
Sep 28 12:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Failed password for invalid user data from 128.199.244.190 port 46600 ssh2
Sep 28 12:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Connection closed by 128.199.244.190 port 46600 [preauth]
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: Invalid user bigdata from 128.199.244.190
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: input_userauth_request: invalid user bigdata [preauth]
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Invalid user cyberpanel from 146.190.246.86
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Failed password for invalid user cyberpanel from 146.190.246.86 port 42986 ssh2
Sep 28 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Connection closed by 146.190.246.86 port 42986 [preauth]
Sep 28 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: Failed password for invalid user bigdata from 128.199.244.190 port 46604 ssh2
Sep 28 12:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: Connection closed by 128.199.244.190 port 46604 [preauth]
Sep 28 12:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Invalid user oracle from 128.199.244.190
Sep 28 12:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Failed password for invalid user oracle from 128.199.244.190 port 36952 ssh2
Sep 28 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Connection closed by 128.199.244.190 port 36952 [preauth]
Sep 28 12:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Invalid user plex from 128.199.244.190
Sep 28 12:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: input_userauth_request: invalid user plex [preauth]
Sep 28 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user plex from 128.199.244.190 port 36956 ssh2
Sep 28 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Connection closed by 128.199.244.190 port 36956 [preauth]
Sep 28 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Invalid user openvpn from 146.190.246.86
Sep 28 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Invalid user steam from 128.199.244.190
Sep 28 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: input_userauth_request: invalid user steam [preauth]
Sep 28 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Failed password for root from 36.70.25.238 port 40504 ssh2
Sep 28 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Received disconnect from 36.70.25.238 port 40504:11: Bye Bye [preauth]
Sep 28 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Disconnected from 36.70.25.238 port 40504 [preauth]
Sep 28 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for invalid user openvpn from 146.190.246.86 port 36568 ssh2
Sep 28 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Connection closed by 146.190.246.86 port 36568 [preauth]
Sep 28 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Failed password for invalid user steam from 128.199.244.190 port 53832 ssh2
Sep 28 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Connection closed by 128.199.244.190 port 53832 [preauth]
Sep 28 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user root
Sep 28 12:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: Invalid user esuser from 128.199.244.190
Sep 28 12:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: input_userauth_request: invalid user esuser [preauth]
Sep 28 12:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: Failed password for invalid user esuser from 128.199.244.190 port 53838 ssh2
Sep 28 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4191]: Connection closed by 128.199.244.190 port 53838 [preauth]
Sep 28 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Invalid user observer from 128.199.244.190
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: input_userauth_request: invalid user observer [preauth]
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Invalid user redhat from 196.251.69.141
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Invalid user spectrum from 202.83.162.167
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: input_userauth_request: invalid user spectrum [preauth]
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for invalid user observer from 128.199.244.190 port 57122 ssh2
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Invalid user serwis from 212.192.31.32
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: input_userauth_request: invalid user serwis [preauth]
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Connection closed by 128.199.244.190 port 57122 [preauth]
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Failed password for invalid user redhat from 196.251.69.141 port 59278 ssh2
Sep 28 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Failed password for invalid user spectrum from 202.83.162.167 port 54456 ssh2
Sep 28 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Received disconnect from 202.83.162.167 port 54456:11: Bye Bye [preauth]
Sep 28 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Disconnected from 202.83.162.167 port 54456 [preauth]
Sep 28 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4231]: Connection closed by 196.251.69.141 port 59278 [preauth]
Sep 28 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: Failed password for root from 146.190.246.86 port 37608 ssh2
Sep 28 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: Connection closed by 146.190.246.86 port 37608 [preauth]
Sep 28 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Invalid user docker from 128.199.244.190
Sep 28 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: input_userauth_request: invalid user docker [preauth]
Sep 28 12:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Failed password for invalid user serwis from 212.192.31.32 port 39266 ssh2
Sep 28 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Received disconnect from 212.192.31.32 port 39266:11: Bye Bye [preauth]
Sep 28 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4235]: Disconnected from 212.192.31.32 port 39266 [preauth]
Sep 28 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Failed password for root from 185.223.124.133 port 55944 ssh2
Sep 28 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Received disconnect from 185.223.124.133 port 55944:11: Bye Bye [preauth]
Sep 28 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Disconnected from 185.223.124.133 port 55944 [preauth]
Sep 28 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Failed password for invalid user docker from 128.199.244.190 port 57126 ssh2
Sep 28 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Connection closed by 128.199.244.190 port 57126 [preauth]
Sep 28 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Invalid user user from 128.199.244.190
Sep 28 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: input_userauth_request: invalid user user [preauth]
Sep 28 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for invalid user user from 128.199.244.190 port 57128 ssh2
Sep 28 12:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Connection closed by 128.199.244.190 port 57128 [preauth]
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Invalid user elastic from 128.199.244.190
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: input_userauth_request: invalid user elastic [preauth]
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Invalid user jupyter from 146.190.246.86
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: input_userauth_request: invalid user jupyter [preauth]
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Failed password for invalid user jupyter from 146.190.246.86 port 57884 ssh2
Sep 28 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Connection closed by 146.190.246.86 port 57884 [preauth]
Sep 28 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Failed password for invalid user elastic from 128.199.244.190 port 36160 ssh2
Sep 28 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Connection closed by 128.199.244.190 port 36160 [preauth]
Sep 28 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Invalid user oracle from 128.199.244.190
Sep 28 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Failed password for invalid user oracle from 128.199.244.190 port 36166 ssh2
Sep 28 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Connection closed by 128.199.244.190 port 36166 [preauth]
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Invalid user postgres from 128.199.244.190
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: input_userauth_request: invalid user postgres [preauth]
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Invalid user newftpuser from 45.172.152.74
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: input_userauth_request: invalid user newftpuser [preauth]
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: Successful su for rubyman by root
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: + ??? root:rubyman
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308256 of user rubyman.
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4382]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308256.
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Failed password for invalid user newftpuser from 45.172.152.74 port 45796 ssh2
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Failed password for invalid user postgres from 128.199.244.190 port 60830 ssh2
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Received disconnect from 45.172.152.74 port 45796:11: Bye Bye [preauth]
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Disconnected from 45.172.152.74 port 45796 [preauth]
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Connection closed by 128.199.244.190 port 60830 [preauth]
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Invalid user ubuntu from 146.190.246.86
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: Invalid user ts from 128.199.244.190
Sep 28 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: input_userauth_request: invalid user ts [preauth]
Sep 28 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1220]: pam_unix(cron:session): session closed for user root
Sep 28 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Failed password for invalid user ubuntu from 146.190.246.86 port 47598 ssh2
Sep 28 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Connection closed by 146.190.246.86 port 47598 [preauth]
Sep 28 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Failed password for root from 185.126.2.179 port 42342 ssh2
Sep 28 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: Failed password for invalid user ts from 128.199.244.190 port 60846 ssh2
Sep 28 12:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Received disconnect from 185.126.2.179 port 42342:11: Bye Bye [preauth]
Sep 28 12:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Disconnected from 185.126.2.179 port 42342 [preauth]
Sep 28 12:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4511]: Connection closed by 128.199.244.190 port 60846 [preauth]
Sep 28 12:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Invalid user rizki from 35.187.196.97
Sep 28 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: input_userauth_request: invalid user rizki [preauth]
Sep 28 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Failed password for invalid user rizki from 35.187.196.97 port 58618 ssh2
Sep 28 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Received disconnect from 35.187.196.97 port 58618:11: Bye Bye [preauth]
Sep 28 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Disconnected from 35.187.196.97 port 58618 [preauth]
Sep 28 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Failed password for root from 128.199.244.190 port 48014 ssh2
Sep 28 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Connection closed by 128.199.244.190 port 48014 [preauth]
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Invalid user redhat from 196.251.69.141
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Invalid user ftpuser from 128.199.244.190
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: Invalid user solana from 146.190.246.86
Sep 28 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Failed password for invalid user ftpuser from 128.199.244.190 port 48030 ssh2
Sep 28 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for invalid user redhat from 196.251.69.141 port 60216 ssh2
Sep 28 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Connection closed by 128.199.244.190 port 48030 [preauth]
Sep 28 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 196.251.69.141 port 60216 [preauth]
Sep 28 12:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: Failed password for invalid user solana from 146.190.246.86 port 34366 ssh2
Sep 28 12:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: Connection closed by 146.190.246.86 port 34366 [preauth]
Sep 28 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Invalid user test from 128.199.244.190
Sep 28 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: input_userauth_request: invalid user test [preauth]
Sep 28 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for invalid user test from 128.199.244.190 port 36476 ssh2
Sep 28 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Connection closed by 128.199.244.190 port 36476 [preauth]
Sep 28 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Invalid user gitlab from 128.199.244.190
Sep 28 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Failed password for invalid user gitlab from 128.199.244.190 port 36480 ssh2
Sep 28 12:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Connection closed by 128.199.244.190 port 36480 [preauth]
Sep 28 12:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Invalid user guest from 128.199.244.190
Sep 28 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: input_userauth_request: invalid user guest [preauth]
Sep 28 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Failed password for root from 146.190.246.86 port 46912 ssh2
Sep 28 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Connection closed by 146.190.246.86 port 46912 [preauth]
Sep 28 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for invalid user guest from 128.199.244.190 port 50160 ssh2
Sep 28 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Connection closed by 128.199.244.190 port 50160 [preauth]
Sep 28 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Invalid user worker from 128.199.244.190
Sep 28 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: input_userauth_request: invalid user worker [preauth]
Sep 28 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user root
Sep 28 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Failed password for invalid user worker from 128.199.244.190 port 50166 ssh2
Sep 28 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Connection closed by 128.199.244.190 port 50166 [preauth]
Sep 28 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Invalid user flask from 128.199.244.190
Sep 28 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: input_userauth_request: invalid user flask [preauth]
Sep 28 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Invalid user jj from 212.192.31.32
Sep 28 12:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: input_userauth_request: invalid user jj [preauth]
Sep 28 12:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Failed password for invalid user flask from 128.199.244.190 port 50174 ssh2
Sep 28 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Connection closed by 128.199.244.190 port 50174 [preauth]
Sep 28 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Invalid user steam from 146.190.246.86
Sep 28 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: input_userauth_request: invalid user steam [preauth]
Sep 28 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Failed password for invalid user jj from 212.192.31.32 port 32782 ssh2
Sep 28 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Received disconnect from 212.192.31.32 port 32782:11: Bye Bye [preauth]
Sep 28 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Disconnected from 212.192.31.32 port 32782 [preauth]
Sep 28 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Invalid user gpuadmin from 128.199.244.190
Sep 28 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: input_userauth_request: invalid user gpuadmin [preauth]
Sep 28 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Failed password for invalid user steam from 146.190.246.86 port 54604 ssh2
Sep 28 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Connection closed by 146.190.246.86 port 54604 [preauth]
Sep 28 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for invalid user gpuadmin from 128.199.244.190 port 51760 ssh2
Sep 28 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Connection closed by 128.199.244.190 port 51760 [preauth]
Sep 28 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Invalid user zabbix from 128.199.244.190
Sep 28 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Failed password for invalid user zabbix from 128.199.244.190 port 51770 ssh2
Sep 28 12:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Connection closed by 128.199.244.190 port 51770 [preauth]
Sep 28 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Invalid user gustavo from 202.83.162.167
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: input_userauth_request: invalid user gustavo [preauth]
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Invalid user huawei from 146.190.246.86
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: input_userauth_request: invalid user huawei [preauth]
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Invalid user redhat from 196.251.69.141
Sep 28 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Failed password for root from 128.199.244.190 port 39396 ssh2
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Connection closed by 128.199.244.190 port 39396 [preauth]
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4776]: Failed password for root from 36.70.25.238 port 35500 ssh2
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4776]: Received disconnect from 36.70.25.238 port 35500:11: Bye Bye [preauth]
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4776]: Disconnected from 36.70.25.238 port 35500 [preauth]
Sep 28 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Failed password for invalid user gustavo from 202.83.162.167 port 49094 ssh2
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for invalid user huawei from 146.190.246.86 port 40592 ssh2
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Connection closed by 146.190.246.86 port 40592 [preauth]
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Received disconnect from 202.83.162.167 port 49094:11: Bye Bye [preauth]
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Disconnected from 202.83.162.167 port 49094 [preauth]
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Invalid user flask from 128.199.244.190
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: input_userauth_request: invalid user flask [preauth]
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Failed password for invalid user redhat from 196.251.69.141 port 33200 ssh2
Sep 28 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Connection closed by 196.251.69.141 port 33200 [preauth]
Sep 28 12:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Failed password for invalid user flask from 128.199.244.190 port 39412 ssh2
Sep 28 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Connection closed by 128.199.244.190 port 39412 [preauth]
Sep 28 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Invalid user gitlab from 128.199.244.190
Sep 28 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Failed password for root from 185.223.124.133 port 59114 ssh2
Sep 28 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Received disconnect from 185.223.124.133 port 59114:11: Bye Bye [preauth]
Sep 28 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Disconnected from 185.223.124.133 port 59114 [preauth]
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Failed password for invalid user gitlab from 128.199.244.190 port 39698 ssh2
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Connection closed by 128.199.244.190 port 39698 [preauth]
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4819]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session closed for user root
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4816]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4885]: Successful su for rubyman by root
Sep 28 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4885]: + ??? root:rubyman
Sep 28 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308260 of user rubyman.
Sep 28 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4885]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308260.
Sep 28 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Invalid user testuser from 128.199.244.190
Sep 28 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: input_userauth_request: invalid user testuser [preauth]
Sep 28 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session closed for user root
Sep 28 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Failed password for root from 146.190.246.86 port 51294 ssh2
Sep 28 12:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Connection closed by 146.190.246.86 port 51294 [preauth]
Sep 28 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Failed password for invalid user testuser from 128.199.244.190 port 39708 ssh2
Sep 28 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Connection closed by 128.199.244.190 port 39708 [preauth]
Sep 28 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4817]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Invalid user postgres from 128.199.244.190
Sep 28 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: input_userauth_request: invalid user postgres [preauth]
Sep 28 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Invalid user laravel from 45.172.152.74
Sep 28 12:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: input_userauth_request: invalid user laravel [preauth]
Sep 28 12:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Failed password for invalid user postgres from 128.199.244.190 port 36556 ssh2
Sep 28 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5082]: Connection closed by 128.199.244.190 port 36556 [preauth]
Sep 28 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Failed password for invalid user laravel from 45.172.152.74 port 35650 ssh2
Sep 28 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Received disconnect from 45.172.152.74 port 35650:11: Bye Bye [preauth]
Sep 28 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Disconnected from 45.172.152.74 port 35650 [preauth]
Sep 28 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Invalid user jenkins from 128.199.244.190
Sep 28 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: input_userauth_request: invalid user jenkins [preauth]
Sep 28 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Failed password for invalid user jenkins from 128.199.244.190 port 36578 ssh2
Sep 28 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5120]: Connection closed by 128.199.244.190 port 36578 [preauth]
Sep 28 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Invalid user latitude from 146.190.246.86
Sep 28 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: input_userauth_request: invalid user latitude [preauth]
Sep 28 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Failed password for invalid user latitude from 146.190.246.86 port 55752 ssh2
Sep 28 12:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Connection closed by 146.190.246.86 port 55752 [preauth]
Sep 28 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5136]: Failed password for root from 128.199.244.190 port 36584 ssh2
Sep 28 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5136]: Connection closed by 128.199.244.190 port 36584 [preauth]
Sep 28 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: Invalid user admin from 128.199.244.190
Sep 28 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: Failed password for invalid user admin from 128.199.244.190 port 41132 ssh2
Sep 28 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5148]: Connection closed by 128.199.244.190 port 41132 [preauth]
Sep 28 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: Invalid user weblogic from 128.199.244.190
Sep 28 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Invalid user admin from 146.190.246.86
Sep 28 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: Failed password for invalid user weblogic from 128.199.244.190 port 41138 ssh2
Sep 28 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Invalid user redhat from 196.251.69.141
Sep 28 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: input_userauth_request: invalid user redhat [preauth]
Sep 28 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5159]: Connection closed by 128.199.244.190 port 41138 [preauth]
Sep 28 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user admin from 146.190.246.86 port 33774 ssh2
Sep 28 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Connection closed by 146.190.246.86 port 33774 [preauth]
Sep 28 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: Invalid user centos from 128.199.244.190
Sep 28 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Failed password for invalid user redhat from 196.251.69.141 port 34676 ssh2
Sep 28 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Connection closed by 196.251.69.141 port 34676 [preauth]
Sep 28 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: Failed password for invalid user centos from 128.199.244.190 port 58622 ssh2
Sep 28 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Invalid user test from 93.152.230.176
Sep 28 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: input_userauth_request: invalid user test [preauth]
Sep 28 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5188]: Connection closed by 128.199.244.190 port 58622 [preauth]
Sep 28 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Failed password for invalid user test from 93.152.230.176 port 7572 ssh2
Sep 28 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Received disconnect from 93.152.230.176 port 7572:11: Client disconnecting normally [preauth]
Sep 28 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Disconnected from 93.152.230.176 port 7572 [preauth]
Sep 28 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Invalid user steam from 128.199.244.190
Sep 28 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: input_userauth_request: invalid user steam [preauth]
Sep 28 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session closed for user root
Sep 28 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Failed password for root from 212.192.31.32 port 43210 ssh2
Sep 28 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Received disconnect from 212.192.31.32 port 43210:11: Bye Bye [preauth]
Sep 28 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Disconnected from 212.192.31.32 port 43210 [preauth]
Sep 28 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for invalid user steam from 128.199.244.190 port 58628 ssh2
Sep 28 12:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Connection closed by 128.199.244.190 port 58628 [preauth]
Sep 28 12:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Invalid user test from 128.199.244.190
Sep 28 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: input_userauth_request: invalid user test [preauth]
Sep 28 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Failed password for root from 146.190.246.86 port 51798 ssh2
Sep 28 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Connection closed by 146.190.246.86 port 51798 [preauth]
Sep 28 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Failed password for invalid user test from 128.199.244.190 port 48216 ssh2
Sep 28 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: Invalid user test from 128.199.244.190
Sep 28 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: input_userauth_request: invalid user test [preauth]
Sep 28 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Connection closed by 128.199.244.190 port 48216 [preauth]
Sep 28 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: Invalid user test2 from 185.126.2.179
Sep 28 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: input_userauth_request: invalid user test2 [preauth]
Sep 28 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: Failed password for invalid user test from 128.199.244.190 port 48226 ssh2
Sep 28 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: Connection closed by 128.199.244.190 port 48226 [preauth]
Sep 28 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: Failed password for invalid user test2 from 185.126.2.179 port 34614 ssh2
Sep 28 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: Received disconnect from 185.126.2.179 port 34614:11: Bye Bye [preauth]
Sep 28 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: Disconnected from 185.126.2.179 port 34614 [preauth]
Sep 28 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Failed password for root from 128.199.244.190 port 48234 ssh2
Sep 28 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Connection closed by 128.199.244.190 port 48234 [preauth]
Sep 28 12:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Invalid user sol from 146.190.246.86
Sep 28 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: input_userauth_request: invalid user sol [preauth]
Sep 28 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Invalid user centos from 128.199.244.190
Sep 28 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: Failed password for root from 35.187.196.97 port 51460 ssh2
Sep 28 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Failed password for invalid user sol from 146.190.246.86 port 40984 ssh2
Sep 28 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Connection closed by 146.190.246.86 port 40984 [preauth]
Sep 28 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: Received disconnect from 35.187.196.97 port 51460:11: Bye Bye [preauth]
Sep 28 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5278]: Disconnected from 35.187.196.97 port 51460 [preauth]
Sep 28 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user centos from 128.199.244.190 port 42848 ssh2
Sep 28 12:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 128.199.244.190 port 42848 [preauth]
Sep 28 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Invalid user tomcat from 128.199.244.190
Sep 28 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Failed password for invalid user tomcat from 128.199.244.190 port 42850 ssh2
Sep 28 12:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Connection closed by 128.199.244.190 port 42850 [preauth]
Sep 28 12:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: User mysql from 128.199.244.190 not allowed because not listed in AllowUsers
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: input_userauth_request: invalid user mysql [preauth]
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=mysql
Sep 28 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: Successful su for rubyman by root
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: + ??? root:rubyman
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308267 of user rubyman.
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5479]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308267.
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Invalid user admin1 from 196.251.69.141
Sep 28 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Invalid user sol from 146.190.246.86
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: input_userauth_request: invalid user sol [preauth]
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: Failed password for invalid user mysql from 128.199.244.190 port 44262 ssh2
Sep 28 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Failed password for root from 202.83.162.167 port 60444 ssh2
Sep 28 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Received disconnect from 202.83.162.167 port 60444:11: Bye Bye [preauth]
Sep 28 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Disconnected from 202.83.162.167 port 60444 [preauth]
Sep 28 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: Connection closed by 128.199.244.190 port 44262 [preauth]
Sep 28 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session closed for user root
Sep 28 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for invalid user sol from 146.190.246.86 port 34300 ssh2
Sep 28 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Connection closed by 146.190.246.86 port 34300 [preauth]
Sep 28 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Failed password for invalid user admin1 from 196.251.69.141 port 35892 ssh2
Sep 28 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Connection closed by 196.251.69.141 port 35892 [preauth]
Sep 28 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Failed password for root from 128.199.244.190 port 44276 ssh2
Sep 28 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Connection closed by 128.199.244.190 port 44276 [preauth]
Sep 28 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Invalid user test2 from 36.70.25.238
Sep 28 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: input_userauth_request: invalid user test2 [preauth]
Sep 28 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Failed password for invalid user test2 from 36.70.25.238 port 53634 ssh2
Sep 28 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Received disconnect from 36.70.25.238 port 53634:11: Bye Bye [preauth]
Sep 28 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5675]: Disconnected from 36.70.25.238 port 53634 [preauth]
Sep 28 12:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Failed password for root from 128.199.244.190 port 44164 ssh2
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5677]: Connection closed by 128.199.244.190 port 44164 [preauth]
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Invalid user bryan from 185.223.124.133
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: input_userauth_request: invalid user bryan [preauth]
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: Invalid user zabbix from 128.199.244.190
Sep 28 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Failed password for invalid user bryan from 185.223.124.133 port 56444 ssh2
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Received disconnect from 185.223.124.133 port 56444:11: Bye Bye [preauth]
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Disconnected from 185.223.124.133 port 56444 [preauth]
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Invalid user nico from 45.172.152.74
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: input_userauth_request: invalid user nico [preauth]
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: Failed password for invalid user zabbix from 128.199.244.190 port 44176 ssh2
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for root from 146.190.246.86 port 58516 ssh2
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Failed password for invalid user nico from 45.172.152.74 port 38240 ssh2
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection closed by 146.190.246.86 port 58516 [preauth]
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Received disconnect from 45.172.152.74 port 38240:11: Bye Bye [preauth]
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Disconnected from 45.172.152.74 port 38240 [preauth]
Sep 28 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5702]: Connection closed by 128.199.244.190 port 44176 [preauth]
Sep 28 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Invalid user kubernetes from 128.199.244.190
Sep 28 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: input_userauth_request: invalid user kubernetes [preauth]
Sep 28 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Failed password for invalid user kubernetes from 128.199.244.190 port 59930 ssh2
Sep 28 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Connection closed by 128.199.244.190 port 59930 [preauth]
Sep 28 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: Invalid user observer from 128.199.244.190
Sep 28 12:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: input_userauth_request: invalid user observer [preauth]
Sep 28 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: Failed password for invalid user observer from 128.199.244.190 port 59946 ssh2
Sep 28 12:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: Connection closed by 128.199.244.190 port 59946 [preauth]
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Invalid user hadoop from 128.199.244.190
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Invalid user subsonic from 146.190.246.86
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: input_userauth_request: invalid user subsonic [preauth]
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Failed password for invalid user subsonic from 146.190.246.86 port 54944 ssh2
Sep 28 12:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Connection closed by 146.190.246.86 port 54944 [preauth]
Sep 28 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for invalid user hadoop from 128.199.244.190 port 59960 ssh2
Sep 28 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection closed by 128.199.244.190 port 59960 [preauth]
Sep 28 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for root from 212.192.31.32 port 37340 ssh2
Sep 28 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Received disconnect from 212.192.31.32 port 37340:11: Bye Bye [preauth]
Sep 28 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Disconnected from 212.192.31.32 port 37340 [preauth]
Sep 28 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Invalid user bot from 128.199.244.190
Sep 28 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: input_userauth_request: invalid user bot [preauth]
Sep 28 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user bot from 128.199.244.190 port 53102 ssh2
Sep 28 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Connection closed by 128.199.244.190 port 53102 [preauth]
Sep 28 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4316]: pam_unix(cron:session): session closed for user root
Sep 28 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Invalid user debianuser from 128.199.244.190
Sep 28 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: input_userauth_request: invalid user debianuser [preauth]
Sep 28 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: Invalid user admin1 from 196.251.69.141
Sep 28 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Failed password for invalid user debianuser from 128.199.244.190 port 53104 ssh2
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Connection closed by 128.199.244.190 port 53104 [preauth]
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: Invalid user leo1 from 146.190.246.86
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: input_userauth_request: invalid user leo1 [preauth]
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: Failed password for invalid user admin1 from 196.251.69.141 port 36988 ssh2
Sep 28 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5829]: Connection closed by 196.251.69.141 port 36988 [preauth]
Sep 28 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: Failed password for invalid user leo1 from 146.190.246.86 port 45578 ssh2
Sep 28 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5841]: Connection closed by 146.190.246.86 port 45578 [preauth]
Sep 28 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: Invalid user ranger from 128.199.244.190
Sep 28 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: input_userauth_request: invalid user ranger [preauth]
Sep 28 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: Failed password for invalid user ranger from 128.199.244.190 port 35550 ssh2
Sep 28 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5843]: Connection closed by 128.199.244.190 port 35550 [preauth]
Sep 28 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: Invalid user oracle from 128.199.244.190
Sep 28 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: Failed password for invalid user oracle from 128.199.244.190 port 35558 ssh2
Sep 28 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: Connection closed by 128.199.244.190 port 35558 [preauth]
Sep 28 12:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: User ftp from 128.199.244.190 not allowed because not listed in AllowUsers
Sep 28 12:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: input_userauth_request: invalid user ftp [preauth]
Sep 28 12:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=ftp
Sep 28 12:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Invalid user palworld from 146.190.246.86
Sep 28 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: input_userauth_request: invalid user palworld [preauth]
Sep 28 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: Failed password for invalid user ftp from 128.199.244.190 port 34072 ssh2
Sep 28 12:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: Connection closed by 128.199.244.190 port 34072 [preauth]
Sep 28 12:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Failed password for invalid user palworld from 146.190.246.86 port 47700 ssh2
Sep 28 12:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Connection closed by 146.190.246.86 port 47700 [preauth]
Sep 28 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: Invalid user elastic from 128.199.244.190
Sep 28 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: input_userauth_request: invalid user elastic [preauth]
Sep 28 12:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: Failed password for invalid user elastic from 128.199.244.190 port 34088 ssh2
Sep 28 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: Connection closed by 128.199.244.190 port 34088 [preauth]
Sep 28 12:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for root from 128.199.244.190 port 34090 ssh2
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5918]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Connection closed by 128.199.244.190 port 34090 [preauth]
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: Successful su for rubyman by root
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: + ??? root:rubyman
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308271 of user rubyman.
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308271.
Sep 28 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Invalid user solana from 146.190.246.86
Sep 28 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Invalid user admin from 128.199.244.190
Sep 28 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Failed password for invalid user solana from 146.190.246.86 port 50440 ssh2
Sep 28 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Connection closed by 146.190.246.86 port 50440 [preauth]
Sep 28 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user root
Sep 28 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for invalid user admin from 128.199.244.190 port 56920 ssh2
Sep 28 12:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Connection closed by 128.199.244.190 port 56920 [preauth]
Sep 28 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5917]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Invalid user default from 128.199.244.190
Sep 28 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: input_userauth_request: invalid user default [preauth]
Sep 28 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Failed password for invalid user default from 128.199.244.190 port 56928 ssh2
Sep 28 12:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Connection closed by 128.199.244.190 port 56928 [preauth]
Sep 28 12:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Invalid user admin1 from 196.251.69.141
Sep 28 12:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Invalid user tomcat from 128.199.244.190
Sep 28 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Failed password for invalid user admin1 from 196.251.69.141 port 38024 ssh2
Sep 28 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Connection closed by 196.251.69.141 port 38024 [preauth]
Sep 28 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Failed password for root from 202.83.162.167 port 55384 ssh2
Sep 28 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Received disconnect from 202.83.162.167 port 55384:11: Bye Bye [preauth]
Sep 28 12:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Disconnected from 202.83.162.167 port 55384 [preauth]
Sep 28 12:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user tomcat from 128.199.244.190 port 50426 ssh2
Sep 28 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Connection closed by 128.199.244.190 port 50426 [preauth]
Sep 28 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Failed password for root from 146.190.246.86 port 44198 ssh2
Sep 28 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Connection closed by 146.190.246.86 port 44198 [preauth]
Sep 28 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Invalid user gitlab from 128.199.244.190
Sep 28 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Failed password for invalid user gitlab from 128.199.244.190 port 50434 ssh2
Sep 28 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Invalid user git from 45.172.152.74
Sep 28 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: input_userauth_request: invalid user git [preauth]
Sep 28 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Connection closed by 128.199.244.190 port 50434 [preauth]
Sep 28 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Invalid user ubuntu from 212.192.31.32
Sep 28 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Failed password for invalid user git from 45.172.152.74 port 39760 ssh2
Sep 28 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Received disconnect from 45.172.152.74 port 39760:11: Bye Bye [preauth]
Sep 28 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Disconnected from 45.172.152.74 port 39760 [preauth]
Sep 28 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Failed password for invalid user ubuntu from 212.192.31.32 port 40106 ssh2
Sep 28 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Received disconnect from 212.192.31.32 port 40106:11: Bye Bye [preauth]
Sep 28 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Disconnected from 212.192.31.32 port 40106 [preauth]
Sep 28 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Failed password for root from 185.223.124.133 port 34950 ssh2
Sep 28 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Received disconnect from 185.223.124.133 port 34950:11: Bye Bye [preauth]
Sep 28 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Disconnected from 185.223.124.133 port 34950 [preauth]
Sep 28 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for root from 128.199.244.190 port 34024 ssh2
Sep 28 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Connection closed by 128.199.244.190 port 34024 [preauth]
Sep 28 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Invalid user hadoop from 128.199.244.190
Sep 28 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Failed password for invalid user hadoop from 128.199.244.190 port 34030 ssh2
Sep 28 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Connection closed by 128.199.244.190 port 34030 [preauth]
Sep 28 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Failed password for root from 146.190.246.86 port 40566 ssh2
Sep 28 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Connection closed by 146.190.246.86 port 40566 [preauth]
Sep 28 12:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Invalid user tools from 128.199.244.190
Sep 28 12:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: input_userauth_request: invalid user tools [preauth]
Sep 28 12:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Invalid user imran from 36.70.25.238
Sep 28 12:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: input_userauth_request: invalid user imran [preauth]
Sep 28 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Failed password for invalid user tools from 128.199.244.190 port 47736 ssh2
Sep 28 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Connection closed by 128.199.244.190 port 47736 [preauth]
Sep 28 12:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Failed password for invalid user imran from 36.70.25.238 port 34698 ssh2
Sep 28 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Received disconnect from 36.70.25.238 port 34698:11: Bye Bye [preauth]
Sep 28 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Disconnected from 36.70.25.238 port 34698 [preauth]
Sep 28 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Invalid user admin from 128.199.244.190
Sep 28 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for root from 35.187.196.97 port 47212 ssh2
Sep 28 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Received disconnect from 35.187.196.97 port 47212:11: Bye Bye [preauth]
Sep 28 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Disconnected from 35.187.196.97 port 47212 [preauth]
Sep 28 12:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4819]: pam_unix(cron:session): session closed for user root
Sep 28 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Failed password for invalid user admin from 128.199.244.190 port 47746 ssh2
Sep 28 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Connection closed by 128.199.244.190 port 47746 [preauth]
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Invalid user www from 128.199.244.190
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: input_userauth_request: invalid user www [preauth]
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Invalid user www from 146.190.246.86
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: input_userauth_request: invalid user www [preauth]
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for invalid user www from 128.199.244.190 port 47762 ssh2
Sep 28 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Failed password for invalid user www from 146.190.246.86 port 60680 ssh2
Sep 28 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Connection closed by 146.190.246.86 port 60680 [preauth]
Sep 28 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection closed by 128.199.244.190 port 47762 [preauth]
Sep 28 12:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Failed password for root from 128.199.244.190 port 41776 ssh2
Sep 28 12:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Connection closed by 128.199.244.190 port 41776 [preauth]
Sep 28 12:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Invalid user admin1 from 196.251.69.141
Sep 28 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for root from 128.199.244.190 port 41780 ssh2
Sep 28 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Connection closed by 128.199.244.190 port 41780 [preauth]
Sep 28 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user admin1 from 196.251.69.141 port 39390 ssh2
Sep 28 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Connection closed by 196.251.69.141 port 39390 [preauth]
Sep 28 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Invalid user es from 128.199.244.190
Sep 28 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: input_userauth_request: invalid user es [preauth]
Sep 28 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Failed password for root from 146.190.246.86 port 46914 ssh2
Sep 28 12:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6377]: Connection closed by 146.190.246.86 port 46914 [preauth]
Sep 28 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Failed password for invalid user es from 128.199.244.190 port 38924 ssh2
Sep 28 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6374]: Connection closed by 128.199.244.190 port 38924 [preauth]
Sep 28 12:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for root from 128.199.244.190 port 38932 ssh2
Sep 28 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Connection closed by 128.199.244.190 port 38932 [preauth]
Sep 28 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Invalid user oracle from 128.199.244.190
Sep 28 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Failed password for invalid user oracle from 128.199.244.190 port 41222 ssh2
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user root
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Invalid user rsync from 146.190.246.86
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: input_userauth_request: invalid user rsync [preauth]
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Connection closed by 128.199.244.190 port 41222 [preauth]
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6482]: Successful su for rubyman by root
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6482]: + ??? root:rubyman
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308273 of user rubyman.
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6482]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308273.
Sep 28 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Invalid user uftp from 128.199.244.190
Sep 28 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: input_userauth_request: invalid user uftp [preauth]
Sep 28 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Failed password for invalid user rsync from 146.190.246.86 port 45288 ssh2
Sep 28 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Connection closed by 146.190.246.86 port 45288 [preauth]
Sep 28 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user root
Sep 28 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Failed password for invalid user uftp from 128.199.244.190 port 41230 ssh2
Sep 28 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user root
Sep 28 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Connection closed by 128.199.244.190 port 41230 [preauth]
Sep 28 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Invalid user flink from 128.199.244.190
Sep 28 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: input_userauth_request: invalid user flink [preauth]
Sep 28 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Failed password for invalid user flink from 128.199.244.190 port 37552 ssh2
Sep 28 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Connection closed by 128.199.244.190 port 37552 [preauth]
Sep 28 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Invalid user gitlab-runner from 128.199.244.190
Sep 28 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 28 12:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: User vncuser from 212.192.31.32 not allowed because not listed in AllowUsers
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: input_userauth_request: invalid user vncuser [preauth]
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=vncuser
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Invalid user test from 146.190.246.86
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: input_userauth_request: invalid user test [preauth]
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for invalid user gitlab-runner from 128.199.244.190 port 37560 ssh2
Sep 28 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Connection closed by 128.199.244.190 port 37560 [preauth]
Sep 28 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for invalid user vncuser from 212.192.31.32 port 39598 ssh2
Sep 28 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Received disconnect from 212.192.31.32 port 39598:11: Bye Bye [preauth]
Sep 28 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Disconnected from 212.192.31.32 port 39598 [preauth]
Sep 28 12:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Failed password for invalid user test from 146.190.246.86 port 50460 ssh2
Sep 28 12:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Connection closed by 146.190.246.86 port 50460 [preauth]
Sep 28 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: Invalid user es from 128.199.244.190
Sep 28 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: input_userauth_request: invalid user es [preauth]
Sep 28 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: Failed password for invalid user es from 128.199.244.190 port 37574 ssh2
Sep 28 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6841]: Connection closed by 128.199.244.190 port 37574 [preauth]
Sep 28 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Invalid user admin1 from 196.251.69.141
Sep 28 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Invalid user oracle from 128.199.244.190
Sep 28 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Failed password for invalid user admin1 from 196.251.69.141 port 40554 ssh2
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Invalid user monika from 202.83.162.167
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: input_userauth_request: invalid user monika [preauth]
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Connection closed by 196.251.69.141 port 40554 [preauth]
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Failed password for invalid user oracle from 128.199.244.190 port 52496 ssh2
Sep 28 12:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Connection closed by 128.199.244.190 port 52496 [preauth]
Sep 28 12:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for invalid user monika from 202.83.162.167 port 35170 ssh2
Sep 28 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Received disconnect from 202.83.162.167 port 35170:11: Bye Bye [preauth]
Sep 28 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Disconnected from 202.83.162.167 port 35170 [preauth]
Sep 28 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Invalid user ubnt from 128.199.244.190
Sep 28 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: input_userauth_request: invalid user ubnt [preauth]
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Invalid user uftp from 146.190.246.86
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: input_userauth_request: invalid user uftp [preauth]
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Failed password for root from 45.172.152.74 port 46444 ssh2
Sep 28 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Received disconnect from 45.172.152.74 port 46444:11: Bye Bye [preauth]
Sep 28 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Disconnected from 45.172.152.74 port 46444 [preauth]
Sep 28 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Failed password for invalid user ubnt from 128.199.244.190 port 52504 ssh2
Sep 28 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Connection closed by 128.199.244.190 port 52504 [preauth]
Sep 28 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Failed password for invalid user uftp from 146.190.246.86 port 35448 ssh2
Sep 28 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Connection closed by 146.190.246.86 port 35448 [preauth]
Sep 28 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Invalid user nvidia from 128.199.244.190
Sep 28 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Failed password for invalid user nvidia from 128.199.244.190 port 56280 ssh2
Sep 28 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Connection closed by 128.199.244.190 port 56280 [preauth]
Sep 28 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session closed for user root
Sep 28 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: Invalid user theta from 185.223.124.133
Sep 28 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: input_userauth_request: invalid user theta [preauth]
Sep 28 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: Failed password for root from 128.199.244.190 port 56286 ssh2
Sep 28 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: Connection closed by 128.199.244.190 port 56286 [preauth]
Sep 28 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: Failed password for invalid user theta from 185.223.124.133 port 47320 ssh2
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Invalid user terraria from 146.190.246.86
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: input_userauth_request: invalid user terraria [preauth]
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: Received disconnect from 185.223.124.133 port 47320:11: Bye Bye [preauth]
Sep 28 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6942]: Disconnected from 185.223.124.133 port 47320 [preauth]
Sep 28 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Failed password for invalid user terraria from 146.190.246.86 port 36466 ssh2
Sep 28 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Connection closed by 146.190.246.86 port 36466 [preauth]
Sep 28 12:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Failed password for root from 128.199.244.190 port 42294 ssh2
Sep 28 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Connection closed by 128.199.244.190 port 42294 [preauth]
Sep 28 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Invalid user developer from 128.199.244.190
Sep 28 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: input_userauth_request: invalid user developer [preauth]
Sep 28 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Failed password for invalid user developer from 128.199.244.190 port 42310 ssh2
Sep 28 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6964]: Connection closed by 128.199.244.190 port 42310 [preauth]
Sep 28 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Failed password for root from 36.70.25.238 port 41428 ssh2
Sep 28 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Received disconnect from 36.70.25.238 port 41428:11: Bye Bye [preauth]
Sep 28 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Disconnected from 36.70.25.238 port 41428 [preauth]
Sep 28 12:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Invalid user dolphin from 146.190.246.86
Sep 28 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Failed password for root from 128.199.244.190 port 48042 ssh2
Sep 28 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Connection closed by 128.199.244.190 port 48042 [preauth]
Sep 28 12:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Failed password for invalid user dolphin from 146.190.246.86 port 48720 ssh2
Sep 28 12:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Connection closed by 146.190.246.86 port 48720 [preauth]
Sep 28 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: User ftp from 128.199.244.190 not allowed because not listed in AllowUsers
Sep 28 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: input_userauth_request: invalid user ftp [preauth]
Sep 28 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=ftp
Sep 28 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: Failed password for invalid user ftp from 128.199.244.190 port 48054 ssh2
Sep 28 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: Connection closed by 128.199.244.190 port 48054 [preauth]
Sep 28 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Invalid user admin1 from 196.251.69.141
Sep 28 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Invalid user mongodb from 128.199.244.190
Sep 28 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Failed password for invalid user admin1 from 196.251.69.141 port 41532 ssh2
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Invalid user ttbot from 35.187.196.97
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: input_userauth_request: invalid user ttbot [preauth]
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Connection closed by 196.251.69.141 port 41532 [preauth]
Sep 28 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Invalid user bryan from 185.126.2.179
Sep 28 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: input_userauth_request: invalid user bryan [preauth]
Sep 28 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Failed password for invalid user mongodb from 128.199.244.190 port 48064 ssh2
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Failed password for invalid user ttbot from 35.187.196.97 port 49932 ssh2
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Connection closed by 128.199.244.190 port 48064 [preauth]
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Received disconnect from 35.187.196.97 port 49932:11: Bye Bye [preauth]
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Disconnected from 35.187.196.97 port 49932 [preauth]
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: Successful su for rubyman by root
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: + ??? root:rubyman
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308281 of user rubyman.
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308281.
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Invalid user postgres from 146.190.246.86
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: input_userauth_request: invalid user postgres [preauth]
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Failed password for invalid user bryan from 185.126.2.179 port 47404 ssh2
Sep 28 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: Invalid user mongodb from 128.199.244.190
Sep 28 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Received disconnect from 185.126.2.179 port 47404:11: Bye Bye [preauth]
Sep 28 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Disconnected from 185.126.2.179 port 47404 [preauth]
Sep 28 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Failed password for invalid user postgres from 146.190.246.86 port 33342 ssh2
Sep 28 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Connection closed by 146.190.246.86 port 33342 [preauth]
Sep 28 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: Failed password for invalid user mongodb from 128.199.244.190 port 36444 ssh2
Sep 28 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: Connection closed by 128.199.244.190 port 36444 [preauth]
Sep 28 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session closed for user root
Sep 28 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Invalid user app from 128.199.244.190
Sep 28 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: input_userauth_request: invalid user app [preauth]
Sep 28 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7045]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Failed password for invalid user app from 128.199.244.190 port 36460 ssh2
Sep 28 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Connection closed by 128.199.244.190 port 36460 [preauth]
Sep 28 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Failed password for root from 212.192.31.32 port 48920 ssh2
Sep 28 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Received disconnect from 212.192.31.32 port 48920:11: Bye Bye [preauth]
Sep 28 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Disconnected from 212.192.31.32 port 48920 [preauth]
Sep 28 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Failed password for root from 128.199.244.190 port 56818 ssh2
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Invalid user ftpuser from 146.190.246.86
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Connection closed by 128.199.244.190 port 56818 [preauth]
Sep 28 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Invalid user www from 128.199.244.190
Sep 28 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: input_userauth_request: invalid user www [preauth]
Sep 28 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for invalid user ftpuser from 146.190.246.86 port 52978 ssh2
Sep 28 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 146.190.246.86 port 52978 [preauth]
Sep 28 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Failed password for invalid user www from 128.199.244.190 port 56824 ssh2
Sep 28 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Connection closed by 128.199.244.190 port 56824 [preauth]
Sep 28 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Invalid user sonar from 128.199.244.190
Sep 28 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: input_userauth_request: invalid user sonar [preauth]
Sep 28 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for invalid user sonar from 128.199.244.190 port 41018 ssh2
Sep 28 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection closed by 128.199.244.190 port 41018 [preauth]
Sep 28 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Invalid user elasticsearch from 128.199.244.190
Sep 28 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 12:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Invalid user solana from 146.190.246.86
Sep 28 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Failed password for invalid user elasticsearch from 128.199.244.190 port 41020 ssh2
Sep 28 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Connection closed by 128.199.244.190 port 41020 [preauth]
Sep 28 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Failed password for invalid user solana from 146.190.246.86 port 39486 ssh2
Sep 28 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Connection closed by 146.190.246.86 port 39486 [preauth]
Sep 28 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Invalid user docker from 128.199.244.190
Sep 28 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: input_userauth_request: invalid user docker [preauth]
Sep 28 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for invalid user docker from 128.199.244.190 port 48074 ssh2
Sep 28 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Connection closed by 128.199.244.190 port 48074 [preauth]
Sep 28 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Invalid user admin1 from 196.251.69.141
Sep 28 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5919]: pam_unix(cron:session): session closed for user root
Sep 28 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: Failed password for root from 45.172.152.74 port 51282 ssh2
Sep 28 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: Received disconnect from 45.172.152.74 port 51282:11: Bye Bye [preauth]
Sep 28 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: Disconnected from 45.172.152.74 port 51282 [preauth]
Sep 28 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Failed password for invalid user admin1 from 196.251.69.141 port 42594 ssh2
Sep 28 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Connection closed by 196.251.69.141 port 42594 [preauth]
Sep 28 12:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Failed password for root from 128.199.244.190 port 48084 ssh2
Sep 28 12:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7512]: Connection closed by 128.199.244.190 port 48084 [preauth]
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: Invalid user postgres from 128.199.244.190
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: input_userauth_request: invalid user postgres [preauth]
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: Invalid user adrian from 202.83.162.167
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: input_userauth_request: invalid user adrian [preauth]
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: Invalid user hadoop from 146.190.246.86
Sep 28 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: Failed password for invalid user adrian from 202.83.162.167 port 54700 ssh2
Sep 28 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: Received disconnect from 202.83.162.167 port 54700:11: Bye Bye [preauth]
Sep 28 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: Disconnected from 202.83.162.167 port 54700 [preauth]
Sep 28 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: Failed password for invalid user postgres from 128.199.244.190 port 48088 ssh2
Sep 28 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: Failed password for invalid user hadoop from 146.190.246.86 port 49042 ssh2
Sep 28 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: Connection closed by 146.190.246.86 port 49042 [preauth]
Sep 28 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: Connection closed by 128.199.244.190 port 48088 [preauth]
Sep 28 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: Invalid user dev from 128.199.244.190
Sep 28 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: input_userauth_request: invalid user dev [preauth]
Sep 28 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: Failed password for invalid user dev from 128.199.244.190 port 59870 ssh2
Sep 28 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7571]: Connection closed by 128.199.244.190 port 59870 [preauth]
Sep 28 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: Invalid user guest from 128.199.244.190
Sep 28 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: input_userauth_request: invalid user guest [preauth]
Sep 28 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: Failed password for invalid user guest from 128.199.244.190 port 59878 ssh2
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: Connection closed by 128.199.244.190 port 59878 [preauth]
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: Invalid user elastic from 146.190.246.86
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: input_userauth_request: invalid user elastic [preauth]
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: Invalid user tomcat from 128.199.244.190
Sep 28 12:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 12:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: Failed password for invalid user elastic from 146.190.246.86 port 58226 ssh2
Sep 28 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: Connection closed by 146.190.246.86 port 58226 [preauth]
Sep 28 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Failed password for root from 185.223.124.133 port 51378 ssh2
Sep 28 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: Failed password for invalid user tomcat from 128.199.244.190 port 58792 ssh2
Sep 28 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Received disconnect from 185.223.124.133 port 51378:11: Bye Bye [preauth]
Sep 28 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Disconnected from 185.223.124.133 port 51378 [preauth]
Sep 28 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: Connection closed by 128.199.244.190 port 58792 [preauth]
Sep 28 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Invalid user elsearch from 128.199.244.190
Sep 28 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Failed password for invalid user elsearch from 128.199.244.190 port 58798 ssh2
Sep 28 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7616]: Connection closed by 128.199.244.190 port 58798 [preauth]
Sep 28 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: Invalid user git from 128.199.244.190
Sep 28 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: input_userauth_request: invalid user git [preauth]
Sep 28 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: Invalid user postgres from 146.190.246.86
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: input_userauth_request: invalid user postgres [preauth]
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: Successful su for rubyman by root
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: + ??? root:rubyman
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308283 of user rubyman.
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308283.
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: Failed password for invalid user git from 128.199.244.190 port 53932 ssh2
Sep 28 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: Connection closed by 128.199.244.190 port 53932 [preauth]
Sep 28 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Invalid user vagrant from 128.199.244.190
Sep 28 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: Failed password for invalid user postgres from 146.190.246.86 port 41466 ssh2
Sep 28 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: Connection closed by 146.190.246.86 port 41466 [preauth]
Sep 28 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Invalid user moussa from 36.70.25.238
Sep 28 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: input_userauth_request: invalid user moussa [preauth]
Sep 28 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session closed for user root
Sep 28 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Failed password for invalid user vagrant from 128.199.244.190 port 53948 ssh2
Sep 28 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Connection closed by 128.199.244.190 port 53948 [preauth]
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Invalid user admin1 from 196.251.69.141
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Failed password for invalid user moussa from 36.70.25.238 port 50176 ssh2
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: Invalid user prashant from 212.192.31.32
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: input_userauth_request: invalid user prashant [preauth]
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: Invalid user esuser from 128.199.244.190
Sep 28 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: input_userauth_request: invalid user esuser [preauth]
Sep 28 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Received disconnect from 36.70.25.238 port 50176:11: Bye Bye [preauth]
Sep 28 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Disconnected from 36.70.25.238 port 50176 [preauth]
Sep 28 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for invalid user admin1 from 196.251.69.141 port 43892 ssh2
Sep 28 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: Failed password for invalid user prashant from 212.192.31.32 port 45102 ssh2
Sep 28 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 196.251.69.141 port 43892 [preauth]
Sep 28 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: Received disconnect from 212.192.31.32 port 45102:11: Bye Bye [preauth]
Sep 28 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7935]: Disconnected from 212.192.31.32 port 45102 [preauth]
Sep 28 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: Failed password for invalid user esuser from 128.199.244.190 port 53952 ssh2
Sep 28 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: Connection closed by 128.199.244.190 port 53952 [preauth]
Sep 28 12:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: Invalid user ftpuser from 128.199.244.190
Sep 28 12:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Invalid user test from 146.190.246.86
Sep 28 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: input_userauth_request: invalid user test [preauth]
Sep 28 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: Failed password for invalid user ftpuser from 128.199.244.190 port 54690 ssh2
Sep 28 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7962]: Connection closed by 128.199.244.190 port 54690 [preauth]
Sep 28 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Failed password for invalid user test from 146.190.246.86 port 48982 ssh2
Sep 28 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7965]: Connection closed by 146.190.246.86 port 48982 [preauth]
Sep 28 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Invalid user esuser from 128.199.244.190
Sep 28 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: input_userauth_request: invalid user esuser [preauth]
Sep 28 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Failed password for invalid user esuser from 128.199.244.190 port 54704 ssh2
Sep 28 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Connection closed by 128.199.244.190 port 54704 [preauth]
Sep 28 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Failed password for root from 128.199.244.190 port 34122 ssh2
Sep 28 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Connection closed by 128.199.244.190 port 34122 [preauth]
Sep 28 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Invalid user worker from 128.199.244.190
Sep 28 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: input_userauth_request: invalid user worker [preauth]
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Invalid user solana from 146.190.246.86
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Failed password for invalid user worker from 128.199.244.190 port 34152 ssh2
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Invalid user ftpuser from 35.187.196.97
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Connection closed by 128.199.244.190 port 34152 [preauth]
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Failed password for invalid user solana from 146.190.246.86 port 48592 ssh2
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Connection closed by 146.190.246.86 port 48592 [preauth]
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Invalid user ftpuser from 128.199.244.190
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Failed password for invalid user ftpuser from 35.187.196.97 port 48696 ssh2
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Received disconnect from 35.187.196.97 port 48696:11: Bye Bye [preauth]
Sep 28 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Disconnected from 35.187.196.97 port 48696 [preauth]
Sep 28 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Failed password for invalid user ftpuser from 128.199.244.190 port 56914 ssh2
Sep 28 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Connection closed by 128.199.244.190 port 56914 [preauth]
Sep 28 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: Invalid user admin from 128.199.244.190
Sep 28 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user root
Sep 28 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: Failed password for invalid user admin from 128.199.244.190 port 56916 ssh2
Sep 28 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8059]: Connection closed by 128.199.244.190 port 56916 [preauth]
Sep 28 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Invalid user ubuntu from 146.190.246.86
Sep 28 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Invalid user steam from 128.199.244.190
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: input_userauth_request: invalid user steam [preauth]
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Failed password for root from 185.126.2.179 port 39680 ssh2
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Received disconnect from 185.126.2.179 port 39680:11: Bye Bye [preauth]
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Disconnected from 185.126.2.179 port 39680 [preauth]
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for invalid user ubuntu from 146.190.246.86 port 48604 ssh2
Sep 28 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 146.190.246.86 port 48604 [preauth]
Sep 28 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Failed password for invalid user steam from 128.199.244.190 port 50786 ssh2
Sep 28 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Connection closed by 128.199.244.190 port 50786 [preauth]
Sep 28 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Invalid user admin1 from 196.251.69.141
Sep 28 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: input_userauth_request: invalid user admin1 [preauth]
Sep 28 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: Invalid user es from 128.199.244.190
Sep 28 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: input_userauth_request: invalid user es [preauth]
Sep 28 12:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Failed password for invalid user admin1 from 196.251.69.141 port 45146 ssh2
Sep 28 12:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8117]: Connection closed by 196.251.69.141 port 45146 [preauth]
Sep 28 12:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: Failed password for invalid user es from 128.199.244.190 port 50792 ssh2
Sep 28 12:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8112]: Connection closed by 128.199.244.190 port 50792 [preauth]
Sep 28 12:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: Invalid user goeth from 146.190.246.86
Sep 28 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: input_userauth_request: invalid user goeth [preauth]
Sep 28 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Failed password for root from 45.172.152.74 port 50740 ssh2
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: Failed password for root from 128.199.244.190 port 50806 ssh2
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Received disconnect from 45.172.152.74 port 50740:11: Bye Bye [preauth]
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Disconnected from 45.172.152.74 port 50740 [preauth]
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: Failed password for invalid user goeth from 146.190.246.86 port 60722 ssh2
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: Connection closed by 128.199.244.190 port 50806 [preauth]
Sep 28 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: Connection closed by 146.190.246.86 port 60722 [preauth]
Sep 28 12:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Invalid user deploy from 128.199.244.190
Sep 28 12:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: input_userauth_request: invalid user deploy [preauth]
Sep 28 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Failed password for invalid user deploy from 128.199.244.190 port 35966 ssh2
Sep 28 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Connection closed by 128.199.244.190 port 35966 [preauth]
Sep 28 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Invalid user demo from 128.199.244.190
Sep 28 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: input_userauth_request: invalid user demo [preauth]
Sep 28 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Invalid user ctl from 202.83.162.167
Sep 28 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: input_userauth_request: invalid user ctl [preauth]
Sep 28 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Failed password for invalid user demo from 128.199.244.190 port 35978 ssh2
Sep 28 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8182]: Connection closed by 128.199.244.190 port 35978 [preauth]
Sep 28 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Failed password for invalid user ctl from 202.83.162.167 port 43860 ssh2
Sep 28 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Received disconnect from 202.83.162.167 port 43860:11: Bye Bye [preauth]
Sep 28 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Disconnected from 202.83.162.167 port 43860 [preauth]
Sep 28 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: Invalid user deploy from 128.199.244.190
Sep 28 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: input_userauth_request: invalid user deploy [preauth]
Sep 28 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Invalid user virtualbox from 146.190.246.86
Sep 28 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: input_userauth_request: invalid user virtualbox [preauth]
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8213]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8212]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8206]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8276]: Successful su for rubyman by root
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8276]: + ??? root:rubyman
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308288 of user rubyman.
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8276]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308288.
Sep 28 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: Failed password for invalid user deploy from 128.199.244.190 port 46724 ssh2
Sep 28 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: Connection closed by 128.199.244.190 port 46724 [preauth]
Sep 28 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Failed password for invalid user virtualbox from 146.190.246.86 port 43000 ssh2
Sep 28 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Connection closed by 146.190.246.86 port 43000 [preauth]
Sep 28 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Invalid user dev from 128.199.244.190
Sep 28 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: input_userauth_request: invalid user dev [preauth]
Sep 28 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4818]: pam_unix(cron:session): session closed for user root
Sep 28 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Invalid user karimi from 212.192.31.32
Sep 28 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: input_userauth_request: invalid user karimi [preauth]
Sep 28 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8211]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Failed password for invalid user dev from 128.199.244.190 port 46732 ssh2
Sep 28 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Connection closed by 128.199.244.190 port 46732 [preauth]
Sep 28 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Invalid user oscar from 128.199.244.190
Sep 28 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: input_userauth_request: invalid user oscar [preauth]
Sep 28 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Failed password for invalid user karimi from 212.192.31.32 port 38540 ssh2
Sep 28 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Received disconnect from 212.192.31.32 port 38540:11: Bye Bye [preauth]
Sep 28 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Disconnected from 212.192.31.32 port 38540 [preauth]
Sep 28 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Failed password for invalid user oscar from 128.199.244.190 port 60504 ssh2
Sep 28 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Connection closed by 128.199.244.190 port 60504 [preauth]
Sep 28 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Invalid user nagios from 146.190.246.86
Sep 28 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: input_userauth_request: invalid user nagios [preauth]
Sep 28 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Invalid user dolphinscheduler from 128.199.244.190
Sep 28 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8509]: Failed password for root from 185.223.124.133 port 51830 ssh2
Sep 28 12:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8509]: Received disconnect from 185.223.124.133 port 51830:11: Bye Bye [preauth]
Sep 28 12:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8509]: Disconnected from 185.223.124.133 port 51830 [preauth]
Sep 28 12:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Failed password for invalid user nagios from 146.190.246.86 port 36090 ssh2
Sep 28 12:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Connection closed by 146.190.246.86 port 36090 [preauth]
Sep 28 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Failed password for invalid user dolphinscheduler from 128.199.244.190 port 60518 ssh2
Sep 28 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Connection closed by 128.199.244.190 port 60518 [preauth]
Sep 28 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Invalid user pi from 128.199.244.190
Sep 28 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: input_userauth_request: invalid user pi [preauth]
Sep 28 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Invalid user dspace from 196.251.69.141
Sep 28 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Failed password for invalid user pi from 128.199.244.190 port 60522 ssh2
Sep 28 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Failed password for invalid user dspace from 196.251.69.141 port 46414 ssh2
Sep 28 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8542]: Connection closed by 196.251.69.141 port 46414 [preauth]
Sep 28 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Connection closed by 128.199.244.190 port 60522 [preauth]
Sep 28 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Invalid user dev from 128.199.244.190
Sep 28 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: input_userauth_request: invalid user dev [preauth]
Sep 28 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Failed password for invalid user dev from 128.199.244.190 port 51636 ssh2
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8546]: Connection closed by 128.199.244.190 port 51636 [preauth]
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Invalid user solana from 146.190.246.86
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: Invalid user oceanbase from 128.199.244.190
Sep 28 12:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: input_userauth_request: invalid user oceanbase [preauth]
Sep 28 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Failed password for invalid user solana from 146.190.246.86 port 36298 ssh2
Sep 28 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Connection closed by 146.190.246.86 port 36298 [preauth]
Sep 28 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Invalid user mariusz from 36.70.25.238
Sep 28 12:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: input_userauth_request: invalid user mariusz [preauth]
Sep 28 12:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: Failed password for invalid user oceanbase from 128.199.244.190 port 51646 ssh2
Sep 28 12:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: Connection closed by 128.199.244.190 port 51646 [preauth]
Sep 28 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Failed password for invalid user mariusz from 36.70.25.238 port 35264 ssh2
Sep 28 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Received disconnect from 36.70.25.238 port 35264:11: Bye Bye [preauth]
Sep 28 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Disconnected from 36.70.25.238 port 35264 [preauth]
Sep 28 12:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Invalid user lighthouse from 128.199.244.190
Sep 28 12:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Failed password for invalid user lighthouse from 128.199.244.190 port 33580 ssh2
Sep 28 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Connection closed by 128.199.244.190 port 33580 [preauth]
Sep 28 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7053]: pam_unix(cron:session): session closed for user root
Sep 28 12:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Invalid user node from 146.190.246.86
Sep 28 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: input_userauth_request: invalid user node [preauth]
Sep 28 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for root from 128.199.244.190 port 33590 ssh2
Sep 28 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 128.199.244.190 port 33590 [preauth]
Sep 28 12:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Failed password for invalid user node from 146.190.246.86 port 49758 ssh2
Sep 28 12:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Connection closed by 146.190.246.86 port 49758 [preauth]
Sep 28 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Failed password for root from 128.199.244.190 port 54814 ssh2
Sep 28 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Connection closed by 128.199.244.190 port 54814 [preauth]
Sep 28 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Failed password for root from 128.199.244.190 port 54830 ssh2
Sep 28 12:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8649]: Connection closed by 128.199.244.190 port 54830 [preauth]
Sep 28 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Failed password for root from 146.190.246.86 port 55468 ssh2
Sep 28 12:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 146.190.246.86 port 55468 [preauth]
Sep 28 12:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: Failed password for root from 128.199.244.190 port 54846 ssh2
Sep 28 12:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: Connection closed by 128.199.244.190 port 54846 [preauth]
Sep 28 12:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Invalid user user from 128.199.244.190
Sep 28 12:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: input_userauth_request: invalid user user [preauth]
Sep 28 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Invalid user dspace from 196.251.69.141
Sep 28 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Failed password for invalid user user from 128.199.244.190 port 39688 ssh2
Sep 28 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Failed password for invalid user dspace from 196.251.69.141 port 47330 ssh2
Sep 28 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Connection closed by 196.251.69.141 port 47330 [preauth]
Sep 28 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Connection closed by 128.199.244.190 port 39688 [preauth]
Sep 28 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: Failed password for root from 128.199.244.190 port 39704 ssh2
Sep 28 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: Connection closed by 128.199.244.190 port 39704 [preauth]
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Invalid user terraria from 146.190.246.86
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: input_userauth_request: invalid user terraria [preauth]
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8713]: Failed password for root from 45.172.152.74 port 59268 ssh2
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8713]: Received disconnect from 45.172.152.74 port 59268:11: Bye Bye [preauth]
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8713]: Disconnected from 45.172.152.74 port 59268 [preauth]
Sep 28 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Invalid user svnuser from 128.199.244.190
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: input_userauth_request: invalid user svnuser [preauth]
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8921]: Successful su for rubyman by root
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8921]: + ??? root:rubyman
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308291 of user rubyman.
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8921]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308291.
Sep 28 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Failed password for invalid user terraria from 146.190.246.86 port 60554 ssh2
Sep 28 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Connection closed by 146.190.246.86 port 60554 [preauth]
Sep 28 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Failed password for invalid user svnuser from 128.199.244.190 port 35576 ssh2
Sep 28 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Connection closed by 128.199.244.190 port 35576 [preauth]
Sep 28 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32  user=root
Sep 28 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: Invalid user ftpuser from 128.199.244.190
Sep 28 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user root
Sep 28 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Failed password for root from 35.187.196.97 port 33926 ssh2
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Failed password for root from 212.192.31.32 port 43254 ssh2
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Received disconnect from 212.192.31.32 port 43254:11: Bye Bye [preauth]
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Disconnected from 212.192.31.32 port 43254 [preauth]
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Received disconnect from 35.187.196.97 port 33926:11: Bye Bye [preauth]
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Disconnected from 35.187.196.97 port 33926 [preauth]
Sep 28 12:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: Failed password for invalid user ftpuser from 128.199.244.190 port 35582 ssh2
Sep 28 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: Connection closed by 128.199.244.190 port 35582 [preauth]
Sep 28 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8745]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Invalid user ubuntu from 128.199.244.190
Sep 28 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Failed password for root from 202.83.162.167 port 46814 ssh2
Sep 28 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Failed password for invalid user ubuntu from 128.199.244.190 port 36576 ssh2
Sep 28 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Received disconnect from 202.83.162.167 port 46814:11: Bye Bye [preauth]
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9124]: Disconnected from 202.83.162.167 port 46814 [preauth]
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9118]: Connection closed by 128.199.244.190 port 36576 [preauth]
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Invalid user wordpress from 146.190.246.86
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Failed password for root from 185.126.2.179 port 60182 ssh2
Sep 28 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for invalid user wordpress from 146.190.246.86 port 57400 ssh2
Sep 28 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Connection closed by 146.190.246.86 port 57400 [preauth]
Sep 28 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Received disconnect from 185.126.2.179 port 60182:11: Bye Bye [preauth]
Sep 28 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9133]: Disconnected from 185.126.2.179 port 60182 [preauth]
Sep 28 12:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Failed password for root from 128.199.244.190 port 36592 ssh2
Sep 28 12:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Connection closed by 128.199.244.190 port 36592 [preauth]
Sep 28 12:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: Invalid user esadmin from 128.199.244.190
Sep 28 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: input_userauth_request: invalid user esadmin [preauth]
Sep 28 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: Failed password for invalid user esadmin from 128.199.244.190 port 36596 ssh2
Sep 28 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9270]: Connection closed by 128.199.244.190 port 36596 [preauth]
Sep 28 12:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Failed password for root from 128.199.244.190 port 57564 ssh2
Sep 28 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9273]: Connection closed by 128.199.244.190 port 57564 [preauth]
Sep 28 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Invalid user jack from 146.190.246.86
Sep 28 12:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: input_userauth_request: invalid user jack [preauth]
Sep 28 12:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Invalid user flask from 128.199.244.190
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: input_userauth_request: invalid user flask [preauth]
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Failed password for invalid user jack from 146.190.246.86 port 40612 ssh2
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Connection closed by 146.190.246.86 port 40612 [preauth]
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Invalid user dspace from 196.251.69.141
Sep 28 12:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Failed password for invalid user flask from 128.199.244.190 port 57566 ssh2
Sep 28 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Connection closed by 128.199.244.190 port 57566 [preauth]
Sep 28 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Invalid user deploy from 128.199.244.190
Sep 28 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: input_userauth_request: invalid user deploy [preauth]
Sep 28 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for invalid user dspace from 196.251.69.141 port 48114 ssh2
Sep 28 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Connection closed by 196.251.69.141 port 48114 [preauth]
Sep 28 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Failed password for invalid user deploy from 128.199.244.190 port 47324 ssh2
Sep 28 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Connection closed by 128.199.244.190 port 47324 [preauth]
Sep 28 12:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7642]: pam_unix(cron:session): session closed for user root
Sep 28 12:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Failed password for root from 146.190.246.86 port 44466 ssh2
Sep 28 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Failed password for root from 128.199.244.190 port 47328 ssh2
Sep 28 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Connection closed by 146.190.246.86 port 44466 [preauth]
Sep 28 12:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Connection closed by 128.199.244.190 port 47328 [preauth]
Sep 28 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Failed password for root from 185.223.124.133 port 58270 ssh2
Sep 28 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Received disconnect from 185.223.124.133 port 58270:11: Bye Bye [preauth]
Sep 28 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Disconnected from 185.223.124.133 port 58270 [preauth]
Sep 28 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Failed password for root from 128.199.244.190 port 42862 ssh2
Sep 28 12:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: Did not receive identification string from 178.142.221.31
Sep 28 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Connection closed by 128.199.244.190 port 42862 [preauth]
Sep 28 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Invalid user oracle from 128.199.244.190
Sep 28 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Failed password for invalid user oracle from 128.199.244.190 port 42864 ssh2
Sep 28 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Connection closed by 128.199.244.190 port 42864 [preauth]
Sep 28 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Invalid user rabbitmq from 128.199.244.190
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Invalid user factorio from 146.190.246.86
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: input_userauth_request: invalid user factorio [preauth]
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Invalid user laravel from 36.70.25.238
Sep 28 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: input_userauth_request: invalid user laravel [preauth]
Sep 28 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Failed password for invalid user factorio from 146.190.246.86 port 56694 ssh2
Sep 28 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Connection closed by 146.190.246.86 port 56694 [preauth]
Sep 28 12:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Failed password for invalid user rabbitmq from 128.199.244.190 port 42868 ssh2
Sep 28 12:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Connection closed by 128.199.244.190 port 42868 [preauth]
Sep 28 12:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Failed password for invalid user laravel from 36.70.25.238 port 49684 ssh2
Sep 28 12:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Received disconnect from 36.70.25.238 port 49684:11: Bye Bye [preauth]
Sep 28 12:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Disconnected from 36.70.25.238 port 49684 [preauth]
Sep 28 12:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for root from 128.199.244.190 port 34030 ssh2
Sep 28 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Connection closed by 128.199.244.190 port 34030 [preauth]
Sep 28 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: Invalid user leonard from 212.192.31.32
Sep 28 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: input_userauth_request: invalid user leonard [preauth]
Sep 28 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.192.31.32
Sep 28 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Failed password for root from 128.199.244.190 port 34042 ssh2
Sep 28 12:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Connection closed by 128.199.244.190 port 34042 [preauth]
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: Invalid user tomcat from 146.190.246.86
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: Failed password for invalid user leonard from 212.192.31.32 port 36622 ssh2
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: Received disconnect from 212.192.31.32 port 36622:11: Bye Bye [preauth]
Sep 28 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9448]: Disconnected from 212.192.31.32 port 36622 [preauth]
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session closed for user root
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9466]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Invalid user dspace from 196.251.69.141
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: Failed password for invalid user tomcat from 146.190.246.86 port 48012 ssh2
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: Connection closed by 146.190.246.86 port 48012 [preauth]
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: Successful su for rubyman by root
Sep 28 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: + ??? root:rubyman
Sep 28 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308298 of user rubyman.
Sep 28 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308298.
Sep 28 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Failed password for invalid user dspace from 196.251.69.141 port 49232 ssh2
Sep 28 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9462]: Connection closed by 196.251.69.141 port 49232 [preauth]
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5918]: pam_unix(cron:session): session closed for user root
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9468]: pam_unix(cron:session): session closed for user root
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: Invalid user mariusz from 45.172.152.74
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: input_userauth_request: invalid user mariusz [preauth]
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: Failed password for invalid user mariusz from 45.172.152.74 port 40536 ssh2
Sep 28 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: Received disconnect from 45.172.152.74 port 40536:11: Bye Bye [preauth]
Sep 28 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: Disconnected from 45.172.152.74 port 40536 [preauth]
Sep 28 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Failed password for root from 128.199.244.190 port 46220 ssh2
Sep 28 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9525]: Connection closed by 128.199.244.190 port 46220 [preauth]
Sep 28 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9467]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: User www-data from 146.190.246.86 not allowed because not listed in AllowUsers
Sep 28 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: input_userauth_request: invalid user www-data [preauth]
Sep 28 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=www-data
Sep 28 12:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Failed password for invalid user www-data from 146.190.246.86 port 46830 ssh2
Sep 28 12:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Failed password for root from 128.199.244.190 port 48046 ssh2
Sep 28 12:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Connection closed by 146.190.246.86 port 46830 [preauth]
Sep 28 12:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Connection closed by 128.199.244.190 port 48046 [preauth]
Sep 28 12:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Invalid user wang from 128.199.244.190
Sep 28 12:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: input_userauth_request: invalid user wang [preauth]
Sep 28 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Invalid user ld from 202.83.162.167
Sep 28 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: input_userauth_request: invalid user ld [preauth]
Sep 28 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Failed password for invalid user wang from 128.199.244.190 port 48056 ssh2
Sep 28 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Connection closed by 128.199.244.190 port 48056 [preauth]
Sep 28 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Failed password for invalid user ld from 202.83.162.167 port 46812 ssh2
Sep 28 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Received disconnect from 202.83.162.167 port 46812:11: Bye Bye [preauth]
Sep 28 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Disconnected from 202.83.162.167 port 46812 [preauth]
Sep 28 12:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: Invalid user hadoop from 128.199.244.190
Sep 28 12:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 12:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: Failed password for invalid user hadoop from 128.199.244.190 port 35470 ssh2
Sep 28 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9937]: Connection closed by 128.199.244.190 port 35470 [preauth]
Sep 28 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Failed password for root from 128.199.244.190 port 35488 ssh2
Sep 28 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Connection closed by 128.199.244.190 port 35488 [preauth]
Sep 28 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Failed password for root from 146.190.246.86 port 47004 ssh2
Sep 28 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Connection closed by 146.190.246.86 port 47004 [preauth]
Sep 28 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: Invalid user elasticsearch from 128.199.244.190
Sep 28 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 12:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: Failed password for invalid user elasticsearch from 128.199.244.190 port 58558 ssh2
Sep 28 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9965]: Connection closed by 128.199.244.190 port 58558 [preauth]
Sep 28 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8213]: pam_unix(cron:session): session closed for user root
Sep 28 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: User ftp from 128.199.244.190 not allowed because not listed in AllowUsers
Sep 28 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: input_userauth_request: invalid user ftp [preauth]
Sep 28 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=ftp
Sep 28 12:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Invalid user dspace from 196.251.69.141
Sep 28 12:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Failed password for invalid user ftp from 128.199.244.190 port 58572 ssh2
Sep 28 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Connection closed by 128.199.244.190 port 58572 [preauth]
Sep 28 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Failed password for invalid user dspace from 196.251.69.141 port 50418 ssh2
Sep 28 12:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Connection closed by 196.251.69.141 port 50418 [preauth]
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Invalid user uftp from 128.199.244.190
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: input_userauth_request: invalid user uftp [preauth]
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Invalid user red5 from 146.190.246.86
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: input_userauth_request: invalid user red5 [preauth]
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Failed password for invalid user red5 from 146.190.246.86 port 58570 ssh2
Sep 28 12:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Failed password for invalid user uftp from 128.199.244.190 port 41824 ssh2
Sep 28 12:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Connection closed by 146.190.246.86 port 58570 [preauth]
Sep 28 12:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Connection closed by 128.199.244.190 port 41824 [preauth]
Sep 28 12:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: Invalid user awsgui from 128.199.244.190
Sep 28 12:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: input_userauth_request: invalid user awsgui [preauth]
Sep 28 12:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: Failed password for invalid user awsgui from 128.199.244.190 port 41826 ssh2
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Invalid user activemq from 185.126.2.179
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: input_userauth_request: invalid user activemq [preauth]
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10035]: Connection closed by 128.199.244.190 port 41826 [preauth]
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: Invalid user dolphinscheduler from 128.199.244.190
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Failed password for invalid user activemq from 185.126.2.179 port 52448 ssh2
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Received disconnect from 185.126.2.179 port 52448:11: Bye Bye [preauth]
Sep 28 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Disconnected from 185.126.2.179 port 52448 [preauth]
Sep 28 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: Failed password for invalid user dolphinscheduler from 128.199.244.190 port 41830 ssh2
Sep 28 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Invalid user samba from 146.190.246.86
Sep 28 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: input_userauth_request: invalid user samba [preauth]
Sep 28 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: Connection closed by 128.199.244.190 port 41830 [preauth]
Sep 28 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Failed password for invalid user samba from 146.190.246.86 port 37102 ssh2
Sep 28 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Connection closed by 146.190.246.86 port 37102 [preauth]
Sep 28 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: Failed password for root from 128.199.244.190 port 43912 ssh2
Sep 28 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: Connection closed by 128.199.244.190 port 43912 [preauth]
Sep 28 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Invalid user redbot from 35.187.196.97
Sep 28 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: input_userauth_request: invalid user redbot [preauth]
Sep 28 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: Invalid user yarn from 128.199.244.190
Sep 28 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: input_userauth_request: invalid user yarn [preauth]
Sep 28 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Failed password for root from 185.223.124.133 port 53130 ssh2
Sep 28 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Failed password for invalid user redbot from 35.187.196.97 port 33530 ssh2
Sep 28 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Received disconnect from 35.187.196.97 port 33530:11: Bye Bye [preauth]
Sep 28 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Disconnected from 35.187.196.97 port 33530 [preauth]
Sep 28 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: Failed password for invalid user yarn from 128.199.244.190 port 43926 ssh2
Sep 28 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10087]: Connection closed by 128.199.244.190 port 43926 [preauth]
Sep 28 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Received disconnect from 185.223.124.133 port 53130:11: Bye Bye [preauth]
Sep 28 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Disconnected from 185.223.124.133 port 53130 [preauth]
Sep 28 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Invalid user test2 from 128.199.244.190
Sep 28 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: input_userauth_request: invalid user test2 [preauth]
Sep 28 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Invalid user latitude from 146.190.246.86
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: input_userauth_request: invalid user latitude [preauth]
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10111]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: Successful su for rubyman by root
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: + ??? root:rubyman
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308302 of user rubyman.
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10194]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308302.
Sep 28 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Failed password for invalid user test2 from 128.199.244.190 port 44564 ssh2
Sep 28 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10098]: Connection closed by 128.199.244.190 port 44564 [preauth]
Sep 28 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user latitude from 146.190.246.86 port 57570 ssh2
Sep 28 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Connection closed by 146.190.246.86 port 57570 [preauth]
Sep 28 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: Invalid user oracle from 128.199.244.190
Sep 28 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: input_userauth_request: invalid user oracle [preauth]
Sep 28 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Invalid user nico from 36.70.25.238
Sep 28 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: input_userauth_request: invalid user nico [preauth]
Sep 28 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: Failed password for invalid user oracle from 128.199.244.190 port 44578 ssh2
Sep 28 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10270]: Connection closed by 128.199.244.190 port 44578 [preauth]
Sep 28 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user root
Sep 28 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Failed password for invalid user nico from 36.70.25.238 port 36358 ssh2
Sep 28 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: Invalid user guest from 128.199.244.190
Sep 28 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: input_userauth_request: invalid user guest [preauth]
Sep 28 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Received disconnect from 36.70.25.238 port 36358:11: Bye Bye [preauth]
Sep 28 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10350]: Disconnected from 36.70.25.238 port 36358 [preauth]
Sep 28 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: Invalid user dspace from 196.251.69.141
Sep 28 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: Failed password for invalid user guest from 128.199.244.190 port 40856 ssh2
Sep 28 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10384]: Connection closed by 128.199.244.190 port 40856 [preauth]
Sep 28 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: Failed password for invalid user dspace from 196.251.69.141 port 51494 ssh2
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Invalid user uftp from 146.190.246.86
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: input_userauth_request: invalid user uftp [preauth]
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: Connection closed by 196.251.69.141 port 51494 [preauth]
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Invalid user wang from 128.199.244.190
Sep 28 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: input_userauth_request: invalid user wang [preauth]
Sep 28 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Failed password for invalid user uftp from 146.190.246.86 port 38358 ssh2
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Connection closed by 146.190.246.86 port 38358 [preauth]
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Invalid user arif from 45.172.152.74
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: input_userauth_request: invalid user arif [preauth]
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Failed password for invalid user wang from 128.199.244.190 port 40866 ssh2
Sep 28 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Connection closed by 128.199.244.190 port 40866 [preauth]
Sep 28 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for invalid user arif from 45.172.152.74 port 60528 ssh2
Sep 28 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Received disconnect from 45.172.152.74 port 60528:11: Bye Bye [preauth]
Sep 28 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Disconnected from 45.172.152.74 port 60528 [preauth]
Sep 28 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Invalid user www from 128.199.244.190
Sep 28 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: input_userauth_request: invalid user www [preauth]
Sep 28 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Failed password for invalid user www from 128.199.244.190 port 40882 ssh2
Sep 28 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Connection closed by 128.199.244.190 port 40882 [preauth]
Sep 28 12:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: Failed password for root from 128.199.244.190 port 42000 ssh2
Sep 28 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10471]: Connection closed by 128.199.244.190 port 42000 [preauth]
Sep 28 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Invalid user solana from 146.190.246.86
Sep 28 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: input_userauth_request: invalid user solana [preauth]
Sep 28 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Invalid user dps from 202.83.162.167
Sep 28 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: input_userauth_request: invalid user dps [preauth]
Sep 28 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for invalid user solana from 146.190.246.86 port 47216 ssh2
Sep 28 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Connection closed by 146.190.246.86 port 47216 [preauth]
Sep 28 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Invalid user nexus from 128.199.244.190
Sep 28 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: input_userauth_request: invalid user nexus [preauth]
Sep 28 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Failed password for invalid user dps from 202.83.162.167 port 40102 ssh2
Sep 28 12:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Received disconnect from 202.83.162.167 port 40102:11: Bye Bye [preauth]
Sep 28 12:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Disconnected from 202.83.162.167 port 40102 [preauth]
Sep 28 12:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Failed password for invalid user nexus from 128.199.244.190 port 42010 ssh2
Sep 28 12:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Connection closed by 128.199.244.190 port 42010 [preauth]
Sep 28 12:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Invalid user app from 128.199.244.190
Sep 28 12:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: input_userauth_request: invalid user app [preauth]
Sep 28 12:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Failed password for invalid user app from 128.199.244.190 port 36502 ssh2
Sep 28 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Connection closed by 128.199.244.190 port 36502 [preauth]
Sep 28 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user root
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Invalid user nvidia from 128.199.244.190
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: Invalid user pal from 146.190.246.86
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: input_userauth_request: invalid user pal [preauth]
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Failed password for invalid user nvidia from 128.199.244.190 port 36514 ssh2
Sep 28 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: Failed password for invalid user pal from 146.190.246.86 port 32920 ssh2
Sep 28 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Connection closed by 128.199.244.190 port 36514 [preauth]
Sep 28 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10550]: Connection closed by 146.190.246.86 port 32920 [preauth]
Sep 28 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10554]: Failed password for root from 128.199.244.190 port 43714 ssh2
Sep 28 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10554]: Connection closed by 128.199.244.190 port 43714 [preauth]
Sep 28 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Invalid user dspace from 196.251.69.141
Sep 28 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190  user=root
Sep 28 12:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Failed password for invalid user dspace from 196.251.69.141 port 52254 ssh2
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Connection closed by 196.251.69.141 port 52254 [preauth]
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: Failed password for root from 128.199.244.190 port 43716 ssh2
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10565]: Connection closed by 128.199.244.190 port 43716 [preauth]
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Invalid user apache from 146.190.246.86
Sep 28 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: input_userauth_request: invalid user apache [preauth]
Sep 28 12:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: Invalid user es from 128.199.244.190
Sep 28 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: input_userauth_request: invalid user es [preauth]
Sep 28 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Failed password for invalid user apache from 146.190.246.86 port 35096 ssh2
Sep 28 12:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Connection closed by 146.190.246.86 port 35096 [preauth]
Sep 28 12:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: Failed password for invalid user es from 128.199.244.190 port 44824 ssh2
Sep 28 12:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: Connection closed by 128.199.244.190 port 44824 [preauth]
Sep 28 12:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Invalid user sugi from 128.199.244.190
Sep 28 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: input_userauth_request: invalid user sugi [preauth]
Sep 28 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.244.190
Sep 28 12:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Failed password for invalid user sugi from 128.199.244.190 port 44838 ssh2
Sep 28 12:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Connection closed by 128.199.244.190 port 44838 [preauth]
Sep 28 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Invalid user sol from 146.190.246.86
Sep 28 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: input_userauth_request: invalid user sol [preauth]
Sep 28 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Failed password for invalid user sol from 146.190.246.86 port 35964 ssh2
Sep 28 12:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Connection closed by 146.190.246.86 port 35964 [preauth]
Sep 28 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10627]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: Successful su for rubyman by root
Sep 28 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: + ??? root:rubyman
Sep 28 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308305 of user rubyman.
Sep 28 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308305.
Sep 28 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7052]: pam_unix(cron:session): session closed for user root
Sep 28 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10628]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: Failed password for root from 146.190.246.86 port 41988 ssh2
Sep 28 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10906]: Connection closed by 146.190.246.86 port 41988 [preauth]
Sep 28 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Invalid user dspace from 196.251.69.141
Sep 28 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Failed password for invalid user dspace from 196.251.69.141 port 53310 ssh2
Sep 28 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Connection closed by 196.251.69.141 port 53310 [preauth]
Sep 28 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86  user=root
Sep 28 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Failed password for root from 45.172.152.74 port 48668 ssh2
Sep 28 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Received disconnect from 45.172.152.74 port 48668:11: Bye Bye [preauth]
Sep 28 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Disconnected from 45.172.152.74 port 48668 [preauth]
Sep 28 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Failed password for root from 146.190.246.86 port 54098 ssh2
Sep 28 12:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Connection closed by 146.190.246.86 port 54098 [preauth]
Sep 28 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: Invalid user test from 185.223.124.133
Sep 28 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: input_userauth_request: invalid user test [preauth]
Sep 28 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: Failed password for invalid user test from 185.223.124.133 port 41922 ssh2
Sep 28 12:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: Received disconnect from 185.223.124.133 port 41922:11: Bye Bye [preauth]
Sep 28 12:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: Disconnected from 185.223.124.133 port 41922 [preauth]
Sep 28 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Failed password for root from 36.70.25.238 port 48624 ssh2
Sep 28 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Received disconnect from 36.70.25.238 port 48624:11: Bye Bye [preauth]
Sep 28 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Disconnected from 36.70.25.238 port 48624 [preauth]
Sep 28 12:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Connection closed by 185.126.2.179 port 44724 [preauth]
Sep 28 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Invalid user website from 146.190.246.86
Sep 28 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: input_userauth_request: invalid user website [preauth]
Sep 28 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Failed password for invalid user website from 146.190.246.86 port 44102 ssh2
Sep 28 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Connection closed by 146.190.246.86 port 44102 [preauth]
Sep 28 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: Failed password for root from 202.83.162.167 port 35540 ssh2
Sep 28 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session closed for user root
Sep 28 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: Received disconnect from 202.83.162.167 port 35540:11: Bye Bye [preauth]
Sep 28 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: Disconnected from 202.83.162.167 port 35540 [preauth]
Sep 28 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: Invalid user sftp from 146.190.246.86
Sep 28 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: input_userauth_request: invalid user sftp [preauth]
Sep 28 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Invalid user admin2 from 35.187.196.97
Sep 28 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: input_userauth_request: invalid user admin2 [preauth]
Sep 28 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: Failed password for invalid user sftp from 146.190.246.86 port 48278 ssh2
Sep 28 12:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: Connection closed by 146.190.246.86 port 48278 [preauth]
Sep 28 12:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Failed password for invalid user admin2 from 35.187.196.97 port 53694 ssh2
Sep 28 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Received disconnect from 35.187.196.97 port 53694:11: Bye Bye [preauth]
Sep 28 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11032]: Disconnected from 35.187.196.97 port 53694 [preauth]
Sep 28 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: Invalid user dspace from 196.251.69.141
Sep 28 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: input_userauth_request: invalid user dspace [preauth]
Sep 28 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: Failed password for invalid user dspace from 196.251.69.141 port 54298 ssh2
Sep 28 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11060]: Connection closed by 196.251.69.141 port 54298 [preauth]
Sep 28 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Invalid user dolphinscheduler from 146.190.246.86
Sep 28 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Failed password for invalid user dolphinscheduler from 146.190.246.86 port 37794 ssh2
Sep 28 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Connection closed by 146.190.246.86 port 37794 [preauth]
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11148]: Successful su for rubyman by root
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11148]: + ??? root:rubyman
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308309 of user rubyman.
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11148]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308309.
Sep 28 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session closed for user root
Sep 28 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: Invalid user jumpserver from 146.190.246.86
Sep 28 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: input_userauth_request: invalid user jumpserver [preauth]
Sep 28 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: Failed password for invalid user jumpserver from 146.190.246.86 port 56960 ssh2
Sep 28 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11320]: Connection closed by 146.190.246.86 port 56960 [preauth]
Sep 28 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Invalid user ec2-user from 146.190.246.86
Sep 28 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for invalid user ec2-user from 146.190.246.86 port 34184 ssh2
Sep 28 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Connection closed by 146.190.246.86 port 34184 [preauth]
Sep 28 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Invalid user www from 196.251.69.141
Sep 28 12:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: input_userauth_request: invalid user www [preauth]
Sep 28 12:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for invalid user www from 196.251.69.141 port 55032 ssh2
Sep 28 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Connection closed by 196.251.69.141 port 55032 [preauth]
Sep 28 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: Invalid user laser from 45.172.152.74
Sep 28 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: input_userauth_request: invalid user laser [preauth]
Sep 28 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Invalid user Administrator from 146.190.246.86
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: Failed password for invalid user laser from 45.172.152.74 port 40036 ssh2
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: Received disconnect from 45.172.152.74 port 40036:11: Bye Bye [preauth]
Sep 28 12:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: Disconnected from 45.172.152.74 port 40036 [preauth]
Sep 28 12:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Failed password for invalid user Administrator from 146.190.246.86 port 58038 ssh2
Sep 28 12:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Connection closed by 146.190.246.86 port 58038 [preauth]
Sep 28 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user root
Sep 28 12:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Invalid user www from 146.190.246.86
Sep 28 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: input_userauth_request: invalid user www [preauth]
Sep 28 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for root from 185.223.124.133 port 50860 ssh2
Sep 28 12:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Received disconnect from 185.223.124.133 port 50860:11: Bye Bye [preauth]
Sep 28 12:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Disconnected from 185.223.124.133 port 50860 [preauth]
Sep 28 12:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Failed password for invalid user www from 146.190.246.86 port 37828 ssh2
Sep 28 12:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Connection closed by 146.190.246.86 port 37828 [preauth]
Sep 28 12:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Invalid user user10 from 202.83.162.167
Sep 28 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: input_userauth_request: invalid user user10 [preauth]
Sep 28 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Failed password for invalid user user10 from 202.83.162.167 port 49092 ssh2
Sep 28 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Failed password for root from 36.70.25.238 port 49604 ssh2
Sep 28 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Received disconnect from 202.83.162.167 port 49092:11: Bye Bye [preauth]
Sep 28 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Disconnected from 202.83.162.167 port 49092 [preauth]
Sep 28 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Received disconnect from 36.70.25.238 port 49604:11: Bye Bye [preauth]
Sep 28 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Disconnected from 36.70.25.238 port 49604 [preauth]
Sep 28 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Invalid user centos from 146.190.246.86
Sep 28 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: input_userauth_request: invalid user centos [preauth]
Sep 28 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Failed password for invalid user centos from 146.190.246.86 port 50550 ssh2
Sep 28 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Connection closed by 146.190.246.86 port 50550 [preauth]
Sep 28 12:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Invalid user www from 196.251.69.141
Sep 28 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: input_userauth_request: invalid user www [preauth]
Sep 28 12:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Invalid user tfj from 185.126.2.179
Sep 28 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: input_userauth_request: invalid user tfj [preauth]
Sep 28 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Failed password for invalid user www from 196.251.69.141 port 55774 ssh2
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: Successful su for rubyman by root
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: + ??? root:rubyman
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308315 of user rubyman.
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308315.
Sep 28 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Connection closed by 196.251.69.141 port 55774 [preauth]
Sep 28 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for invalid user tfj from 185.126.2.179 port 37008 ssh2
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Invalid user esroot from 146.190.246.86
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: input_userauth_request: invalid user esroot [preauth]
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Received disconnect from 185.126.2.179 port 37008:11: Bye Bye [preauth]
Sep 28 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Disconnected from 185.126.2.179 port 37008 [preauth]
Sep 28 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8212]: pam_unix(cron:session): session closed for user root
Sep 28 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Failed password for invalid user esroot from 146.190.246.86 port 37962 ssh2
Sep 28 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Connection closed by 146.190.246.86 port 37962 [preauth]
Sep 28 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: Invalid user sonar from 146.190.246.86
Sep 28 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: input_userauth_request: invalid user sonar [preauth]
Sep 28 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: Failed password for invalid user sonar from 146.190.246.86 port 54696 ssh2
Sep 28 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: Connection closed by 146.190.246.86 port 54696 [preauth]
Sep 28 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Invalid user eth from 35.187.196.97
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: input_userauth_request: invalid user eth [preauth]
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Invalid user sol from 146.190.246.86
Sep 28 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: input_userauth_request: invalid user sol [preauth]
Sep 28 12:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Failed password for invalid user eth from 35.187.196.97 port 41306 ssh2
Sep 28 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Received disconnect from 35.187.196.97 port 41306:11: Bye Bye [preauth]
Sep 28 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Disconnected from 35.187.196.97 port 41306 [preauth]
Sep 28 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Failed password for invalid user sol from 146.190.246.86 port 49954 ssh2
Sep 28 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Connection closed by 146.190.246.86 port 49954 [preauth]
Sep 28 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Invalid user www from 196.251.69.141
Sep 28 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: input_userauth_request: invalid user www [preauth]
Sep 28 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74  user=root
Sep 28 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session closed for user root
Sep 28 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for invalid user www from 196.251.69.141 port 57262 ssh2
Sep 28 12:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Connection closed by 196.251.69.141 port 57262 [preauth]
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Failed password for root from 45.172.152.74 port 59166 ssh2
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Received disconnect from 45.172.152.74 port 59166:11: Bye Bye [preauth]
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Disconnected from 45.172.152.74 port 59166 [preauth]
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Invalid user Administrator from 146.190.246.86
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.246.86
Sep 28 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user Administrator from 146.190.246.86 port 56528 ssh2
Sep 28 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Connection closed by 146.190.246.86 port 56528 [preauth]
Sep 28 12:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Invalid user tan from 202.83.162.167
Sep 28 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: input_userauth_request: invalid user tan [preauth]
Sep 28 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Failed password for invalid user tan from 202.83.162.167 port 34950 ssh2
Sep 28 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Received disconnect from 202.83.162.167 port 34950:11: Bye Bye [preauth]
Sep 28 12:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Disconnected from 202.83.162.167 port 34950 [preauth]
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12069]: Failed password for root from 185.223.124.133 port 48018 ssh2
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12079]: pam_unix(cron:session): session closed for user root
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12069]: Received disconnect from 185.223.124.133 port 48018:11: Bye Bye [preauth]
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12069]: Disconnected from 185.223.124.133 port 48018 [preauth]
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: Successful su for rubyman by root
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: + ??? root:rubyman
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308318 of user rubyman.
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308318.
Sep 28 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session closed for user root
Sep 28 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session closed for user root
Sep 28 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Invalid user www from 196.251.69.141
Sep 28 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: input_userauth_request: invalid user www [preauth]
Sep 28 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Failed password for root from 36.70.25.238 port 52776 ssh2
Sep 28 12:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Received disconnect from 36.70.25.238 port 52776:11: Bye Bye [preauth]
Sep 28 12:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Disconnected from 36.70.25.238 port 52776 [preauth]
Sep 28 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Failed password for invalid user www from 196.251.69.141 port 59110 ssh2
Sep 28 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Connection closed by 196.251.69.141 port 59110 [preauth]
Sep 28 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11089]: pam_unix(cron:session): session closed for user root
Sep 28 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Invalid user theta from 185.126.2.179
Sep 28 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: input_userauth_request: invalid user theta [preauth]
Sep 28 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Failed password for invalid user theta from 185.126.2.179 port 57504 ssh2
Sep 28 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Received disconnect from 185.126.2.179 port 57504:11: Bye Bye [preauth]
Sep 28 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12480]: Disconnected from 185.126.2.179 port 57504 [preauth]
Sep 28 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Invalid user bryan from 45.172.152.74
Sep 28 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: input_userauth_request: invalid user bryan [preauth]
Sep 28 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Failed password for invalid user bryan from 45.172.152.74 port 50950 ssh2
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Received disconnect from 45.172.152.74 port 50950:11: Bye Bye [preauth]
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Disconnected from 45.172.152.74 port 50950 [preauth]
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Invalid user www from 196.251.69.141
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: input_userauth_request: invalid user www [preauth]
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Failed password for invalid user www from 196.251.69.141 port 34234 ssh2
Sep 28 12:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Connection closed by 196.251.69.141 port 34234 [preauth]
Sep 28 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: Successful su for rubyman by root
Sep 28 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: + ??? root:rubyman
Sep 28 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308323 of user rubyman.
Sep 28 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12633]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308323.
Sep 28 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Invalid user family from 35.187.196.97
Sep 28 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: input_userauth_request: invalid user family [preauth]
Sep 28 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Failed password for invalid user family from 35.187.196.97 port 49370 ssh2
Sep 28 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167  user=root
Sep 28 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Received disconnect from 35.187.196.97 port 49370:11: Bye Bye [preauth]
Sep 28 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Disconnected from 35.187.196.97 port 49370 [preauth]
Sep 28 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9469]: pam_unix(cron:session): session closed for user root
Sep 28 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Failed password for root from 202.83.162.167 port 43450 ssh2
Sep 28 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Received disconnect from 202.83.162.167 port 43450:11: Bye Bye [preauth]
Sep 28 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Disconnected from 202.83.162.167 port 43450 [preauth]
Sep 28 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133  user=root
Sep 28 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Failed password for root from 185.223.124.133 port 34580 ssh2
Sep 28 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Received disconnect from 185.223.124.133 port 34580:11: Bye Bye [preauth]
Sep 28 12:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Disconnected from 185.223.124.133 port 34580 [preauth]
Sep 28 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Invalid user www from 196.251.69.141
Sep 28 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: input_userauth_request: invalid user www [preauth]
Sep 28 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Failed password for invalid user www from 196.251.69.141 port 35908 ssh2
Sep 28 12:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Connection closed by 196.251.69.141 port 35908 [preauth]
Sep 28 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Failed password for root from 36.70.25.238 port 52322 ssh2
Sep 28 12:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Received disconnect from 36.70.25.238 port 52322:11: Bye Bye [preauth]
Sep 28 12:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Disconnected from 36.70.25.238 port 52322 [preauth]
Sep 28 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user root
Sep 28 12:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: Invalid user www from 196.251.69.141
Sep 28 12:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: input_userauth_request: invalid user www [preauth]
Sep 28 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: Failed password for invalid user www from 196.251.69.141 port 36964 ssh2
Sep 28 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: Connection closed by 196.251.69.141 port 36964 [preauth]
Sep 28 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13101]: Successful su for rubyman by root
Sep 28 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13101]: + ??? root:rubyman
Sep 28 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308329 of user rubyman.
Sep 28 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13101]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308329.
Sep 28 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session closed for user root
Sep 28 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Invalid user tfj from 45.172.152.74
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: input_userauth_request: invalid user tfj [preauth]
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Invalid user znc from 202.83.162.167
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: input_userauth_request: invalid user znc [preauth]
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Failed password for invalid user tfj from 45.172.152.74 port 60652 ssh2
Sep 28 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Received disconnect from 45.172.152.74 port 60652:11: Bye Bye [preauth]
Sep 28 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Disconnected from 45.172.152.74 port 60652 [preauth]
Sep 28 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for invalid user znc from 202.83.162.167 port 44244 ssh2
Sep 28 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Received disconnect from 202.83.162.167 port 44244:11: Bye Bye [preauth]
Sep 28 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Disconnected from 202.83.162.167 port 44244 [preauth]
Sep 28 12:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for root from 185.126.2.179 port 49778 ssh2
Sep 28 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Received disconnect from 185.126.2.179 port 49778:11: Bye Bye [preauth]
Sep 28 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Disconnected from 185.126.2.179 port 49778 [preauth]
Sep 28 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Invalid user www from 196.251.69.141
Sep 28 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: input_userauth_request: invalid user www [preauth]
Sep 28 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Invalid user arif from 185.223.124.133
Sep 28 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: input_userauth_request: invalid user arif [preauth]
Sep 28 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Failed password for invalid user www from 196.251.69.141 port 37874 ssh2
Sep 28 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Connection closed by 196.251.69.141 port 37874 [preauth]
Sep 28 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Failed password for invalid user arif from 185.223.124.133 port 49836 ssh2
Sep 28 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Received disconnect from 185.223.124.133 port 49836:11: Bye Bye [preauth]
Sep 28 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13376]: Disconnected from 185.223.124.133 port 49836 [preauth]
Sep 28 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12078]: pam_unix(cron:session): session closed for user root
Sep 28 12:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13421]: Failed password for root from 36.70.25.238 port 56858 ssh2
Sep 28 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13421]: Received disconnect from 36.70.25.238 port 56858:11: Bye Bye [preauth]
Sep 28 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13421]: Disconnected from 36.70.25.238 port 56858 [preauth]
Sep 28 12:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Invalid user www from 196.251.69.141
Sep 28 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: input_userauth_request: invalid user www [preauth]
Sep 28 12:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13484]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: Successful su for rubyman by root
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: + ??? root:rubyman
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308331 of user rubyman.
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308331.
Sep 28 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Failed password for invalid user www from 196.251.69.141 port 38730 ssh2
Sep 28 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Connection closed by 196.251.69.141 port 38730 [preauth]
Sep 28 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session closed for user root
Sep 28 12:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13485]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Invalid user guo from 35.187.196.97
Sep 28 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: input_userauth_request: invalid user guo [preauth]
Sep 28 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Failed password for invalid user guo from 35.187.196.97 port 50972 ssh2
Sep 28 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Received disconnect from 35.187.196.97 port 50972:11: Bye Bye [preauth]
Sep 28 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Disconnected from 35.187.196.97 port 50972 [preauth]
Sep 28 12:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Invalid user ubuntu from 20.163.71.109
Sep 28 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Failed password for invalid user ubuntu from 20.163.71.109 port 54080 ssh2
Sep 28 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Connection closed by 20.163.71.109 port 54080 [preauth]
Sep 28 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: Invalid user test from 45.172.152.74
Sep 28 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: input_userauth_request: invalid user test [preauth]
Sep 28 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: Failed password for invalid user test from 45.172.152.74 port 53334 ssh2
Sep 28 12:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: Received disconnect from 45.172.152.74 port 53334:11: Bye Bye [preauth]
Sep 28 12:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13794]: Disconnected from 45.172.152.74 port 53334 [preauth]
Sep 28 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Invalid user g from 202.83.162.167
Sep 28 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: input_userauth_request: invalid user g [preauth]
Sep 28 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Failed password for invalid user g from 202.83.162.167 port 52810 ssh2
Sep 28 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Received disconnect from 202.83.162.167 port 52810:11: Bye Bye [preauth]
Sep 28 12:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Disconnected from 202.83.162.167 port 52810 [preauth]
Sep 28 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user root
Sep 28 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Invalid user casa from 185.223.124.133
Sep 28 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: input_userauth_request: invalid user casa [preauth]
Sep 28 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Failed password for invalid user casa from 185.223.124.133 port 36140 ssh2
Sep 28 12:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Received disconnect from 185.223.124.133 port 36140:11: Bye Bye [preauth]
Sep 28 12:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Disconnected from 185.223.124.133 port 36140 [preauth]
Sep 28 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Invalid user odoo15 from 185.126.2.179
Sep 28 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: input_userauth_request: invalid user odoo15 [preauth]
Sep 28 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Invalid user newftpuser from 36.70.25.238
Sep 28 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: input_userauth_request: invalid user newftpuser [preauth]
Sep 28 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Failed password for invalid user odoo15 from 185.126.2.179 port 42058 ssh2
Sep 28 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Received disconnect from 185.126.2.179 port 42058:11: Bye Bye [preauth]
Sep 28 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Disconnected from 185.126.2.179 port 42058 [preauth]
Sep 28 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Failed password for invalid user newftpuser from 36.70.25.238 port 47056 ssh2
Sep 28 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Received disconnect from 36.70.25.238 port 47056:11: Bye Bye [preauth]
Sep 28 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Disconnected from 36.70.25.238 port 47056 [preauth]
Sep 28 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13923]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13986]: Successful su for rubyman by root
Sep 28 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13986]: + ??? root:rubyman
Sep 28 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308336 of user rubyman.
Sep 28 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13986]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308336.
Sep 28 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session closed for user root
Sep 28 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13924]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Invalid user tesoreria from 45.172.152.74
Sep 28 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: input_userauth_request: invalid user tesoreria [preauth]
Sep 28 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.172.152.74
Sep 28 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Failed password for invalid user tesoreria from 45.172.152.74 port 43284 ssh2
Sep 28 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Received disconnect from 45.172.152.74 port 43284:11: Bye Bye [preauth]
Sep 28 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Disconnected from 45.172.152.74 port 43284 [preauth]
Sep 28 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13038]: pam_unix(cron:session): session closed for user root
Sep 28 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user jayanthi from 202.83.162.167
Sep 28 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user jayanthi [preauth]
Sep 28 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.162.167
Sep 28 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user jayanthi from 202.83.162.167 port 46816 ssh2
Sep 28 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Received disconnect from 202.83.162.167 port 46816:11: Bye Bye [preauth]
Sep 28 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Disconnected from 202.83.162.167 port 46816 [preauth]
Sep 28 12:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Invalid user bigbluebutton from 185.223.124.133
Sep 28 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: input_userauth_request: invalid user bigbluebutton [preauth]
Sep 28 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Failed password for invalid user bigbluebutton from 185.223.124.133 port 48362 ssh2
Sep 28 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Received disconnect from 185.223.124.133 port 48362:11: Bye Bye [preauth]
Sep 28 12:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14408]: Disconnected from 185.223.124.133 port 48362 [preauth]
Sep 28 12:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Failed password for root from 35.187.196.97 port 44474 ssh2
Sep 28 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Received disconnect from 35.187.196.97 port 44474:11: Bye Bye [preauth]
Sep 28 12:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Disconnected from 35.187.196.97 port 44474 [preauth]
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session closed for user root
Sep 28 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14429]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14502]: Successful su for rubyman by root
Sep 28 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14502]: + ??? root:rubyman
Sep 28 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308343 of user rubyman.
Sep 28 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14502]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308343.
Sep 28 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14431]: pam_unix(cron:session): session closed for user root
Sep 28 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user root
Sep 28 12:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: Invalid user tfj from 36.70.25.238
Sep 28 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: input_userauth_request: invalid user tfj [preauth]
Sep 28 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: Failed password for invalid user tfj from 36.70.25.238 port 53428 ssh2
Sep 28 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: Received disconnect from 36.70.25.238 port 53428:11: Bye Bye [preauth]
Sep 28 12:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14742]: Disconnected from 36.70.25.238 port 53428 [preauth]
Sep 28 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13487]: pam_unix(cron:session): session closed for user root
Sep 28 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Failed password for root from 185.126.2.179 port 34326 ssh2
Sep 28 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Received disconnect from 185.126.2.179 port 34326:11: Bye Bye [preauth]
Sep 28 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Disconnected from 185.126.2.179 port 34326 [preauth]
Sep 28 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14888]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14886]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14958]: Successful su for rubyman by root
Sep 28 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14958]: + ??? root:rubyman
Sep 28 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308345 of user rubyman.
Sep 28 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14958]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308345.
Sep 28 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Invalid user ubuntu from 185.223.124.133
Sep 28 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12077]: pam_unix(cron:session): session closed for user root
Sep 28 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Failed password for invalid user ubuntu from 185.223.124.133 port 55518 ssh2
Sep 28 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Received disconnect from 185.223.124.133 port 55518:11: Bye Bye [preauth]
Sep 28 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Disconnected from 185.223.124.133 port 55518 [preauth]
Sep 28 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14887]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13929]: pam_unix(cron:session): session closed for user root
Sep 28 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Failed password for root from 36.70.25.238 port 38138 ssh2
Sep 28 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Received disconnect from 36.70.25.238 port 38138:11: Bye Bye [preauth]
Sep 28 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Disconnected from 36.70.25.238 port 38138 [preauth]
Sep 28 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Invalid user build from 35.187.196.97
Sep 28 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: input_userauth_request: invalid user build [preauth]
Sep 28 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Failed password for invalid user build from 35.187.196.97 port 46264 ssh2
Sep 28 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Received disconnect from 35.187.196.97 port 46264:11: Bye Bye [preauth]
Sep 28 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Disconnected from 35.187.196.97 port 46264 [preauth]
Sep 28 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15319]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15390]: Successful su for rubyman by root
Sep 28 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15390]: + ??? root:rubyman
Sep 28 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308351 of user rubyman.
Sep 28 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15390]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308351.
Sep 28 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session closed for user root
Sep 28 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: Invalid user laravel from 185.126.2.179
Sep 28 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: input_userauth_request: invalid user laravel [preauth]
Sep 28 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: Failed password for invalid user laravel from 185.126.2.179 port 54832 ssh2
Sep 28 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: Received disconnect from 185.126.2.179 port 54832:11: Bye Bye [preauth]
Sep 28 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15550]: Disconnected from 185.126.2.179 port 54832 [preauth]
Sep 28 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Invalid user mariusz from 185.223.124.133
Sep 28 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: input_userauth_request: invalid user mariusz [preauth]
Sep 28 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Failed password for invalid user mariusz from 185.223.124.133 port 38092 ssh2
Sep 28 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Received disconnect from 185.223.124.133 port 38092:11: Bye Bye [preauth]
Sep 28 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Disconnected from 185.223.124.133 port 38092 [preauth]
Sep 28 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session closed for user root
Sep 28 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Invalid user lee from 36.70.25.238
Sep 28 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: input_userauth_request: invalid user lee [preauth]
Sep 28 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Failed password for invalid user lee from 36.70.25.238 port 32928 ssh2
Sep 28 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Received disconnect from 36.70.25.238 port 32928:11: Bye Bye [preauth]
Sep 28 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15731]: Disconnected from 36.70.25.238 port 32928 [preauth]
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15744]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: Successful su for rubyman by root
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: + ??? root:rubyman
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308355 of user rubyman.
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15806]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308355.
Sep 28 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session closed for user root
Sep 28 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Invalid user moussa from 185.223.124.133
Sep 28 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: input_userauth_request: invalid user moussa [preauth]
Sep 28 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.223.124.133
Sep 28 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Failed password for invalid user moussa from 185.223.124.133 port 39206 ssh2
Sep 28 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Received disconnect from 185.223.124.133 port 39206:11: Bye Bye [preauth]
Sep 28 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Disconnected from 185.223.124.133 port 39206 [preauth]
Sep 28 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session closed for user root
Sep 28 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Invalid user admin123 from 35.187.196.97
Sep 28 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: input_userauth_request: invalid user admin123 [preauth]
Sep 28 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Failed password for invalid user admin123 from 35.187.196.97 port 59470 ssh2
Sep 28 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Received disconnect from 35.187.196.97 port 59470:11: Bye Bye [preauth]
Sep 28 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Disconnected from 35.187.196.97 port 59470 [preauth]
Sep 28 12:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Invalid user test from 185.126.2.179
Sep 28 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: input_userauth_request: invalid user test [preauth]
Sep 28 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for invalid user test from 185.126.2.179 port 47110 ssh2
Sep 28 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 28 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Received disconnect from 185.126.2.179 port 47110:11: Bye Bye [preauth]
Sep 28 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Disconnected from 185.126.2.179 port 47110 [preauth]
Sep 28 12:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Failed password for root from 213.209.157.9 port 62766 ssh2
Sep 28 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Connection closed by 213.209.157.9 port 62766 [preauth]
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: Successful su for rubyman by root
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: + ??? root:rubyman
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308357 of user rubyman.
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308357.
Sep 28 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session closed for user root
Sep 28 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13486]: pam_unix(cron:session): session closed for user root
Sep 28 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Failed password for root from 36.70.25.238 port 46228 ssh2
Sep 28 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Received disconnect from 36.70.25.238 port 46228:11: Bye Bye [preauth]
Sep 28 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16567]: Disconnected from 36.70.25.238 port 46228 [preauth]
Sep 28 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user root
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session closed for user root
Sep 28 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: Successful su for rubyman by root
Sep 28 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: + ??? root:rubyman
Sep 28 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308366 of user rubyman.
Sep 28 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16794]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308366.
Sep 28 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session closed for user root
Sep 28 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13925]: pam_unix(cron:session): session closed for user root
Sep 28 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Failed password for root from 35.187.196.97 port 45838 ssh2
Sep 28 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Received disconnect from 35.187.196.97 port 45838:11: Bye Bye [preauth]
Sep 28 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Disconnected from 35.187.196.97 port 45838 [preauth]
Sep 28 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Invalid user user from 62.60.131.157
Sep 28 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: input_userauth_request: invalid user user [preauth]
Sep 28 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user user from 62.60.131.157 port 54800 ssh2
Sep 28 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user user from 62.60.131.157 port 54800 ssh2
Sep 28 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user user from 62.60.131.157 port 54800 ssh2
Sep 28 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Invalid user laser from 185.126.2.179
Sep 28 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: input_userauth_request: invalid user laser [preauth]
Sep 28 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user user from 62.60.131.157 port 54800 ssh2
Sep 28 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user laser from 185.126.2.179 port 39386 ssh2
Sep 28 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Received disconnect from 185.126.2.179 port 39386:11: Bye Bye [preauth]
Sep 28 12:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Disconnected from 185.126.2.179 port 39386 [preauth]
Sep 28 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user user from 62.60.131.157 port 54800 ssh2
Sep 28 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Received disconnect from 62.60.131.157 port 54800:11: Bye [preauth]
Sep 28 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Disconnected from 62.60.131.157 port 54800 [preauth]
Sep 28 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session closed for user root
Sep 28 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Invalid user tesoreria from 36.70.25.238
Sep 28 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: input_userauth_request: invalid user tesoreria [preauth]
Sep 28 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238
Sep 28 12:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Failed password for invalid user tesoreria from 36.70.25.238 port 50924 ssh2
Sep 28 12:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Received disconnect from 36.70.25.238 port 50924:11: Bye Bye [preauth]
Sep 28 12:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Disconnected from 36.70.25.238 port 50924 [preauth]
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17277]: Successful su for rubyman by root
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17277]: + ??? root:rubyman
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308370 of user rubyman.
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17277]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308370.
Sep 28 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session closed for user root
Sep 28 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16170]: pam_unix(cron:session): session closed for user root
Sep 28 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Failed password for root from 193.32.162.157 port 35904 ssh2
Sep 28 12:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17520]: Connection closed by 193.32.162.157 port 35904 [preauth]
Sep 28 12:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Invalid user imran from 185.126.2.179
Sep 28 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: input_userauth_request: invalid user imran [preauth]
Sep 28 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Failed password for root from 35.187.196.97 port 38100 ssh2
Sep 28 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Received disconnect from 35.187.196.97 port 38100:11: Bye Bye [preauth]
Sep 28 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17624]: Disconnected from 35.187.196.97 port 38100 [preauth]
Sep 28 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for invalid user imran from 185.126.2.179 port 59894 ssh2
Sep 28 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Received disconnect from 185.126.2.179 port 59894:11: Bye Bye [preauth]
Sep 28 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Disconnected from 185.126.2.179 port 59894 [preauth]
Sep 28 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17649]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: Successful su for rubyman by root
Sep 28 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: + ??? root:rubyman
Sep 28 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308374 of user rubyman.
Sep 28 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308374.
Sep 28 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.70.25.238  user=root
Sep 28 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14888]: pam_unix(cron:session): session closed for user root
Sep 28 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Failed password for root from 193.32.162.157 port 49854 ssh2
Sep 28 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Failed password for root from 36.70.25.238 port 58828 ssh2
Sep 28 12:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Received disconnect from 36.70.25.238 port 58828:11: Bye Bye [preauth]
Sep 28 12:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17882]: Disconnected from 36.70.25.238 port 58828 [preauth]
Sep 28 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17650]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Connection closed by 193.32.162.157 port 49854 [preauth]
Sep 28 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Failed password for root from 193.32.162.157 port 54318 ssh2
Sep 28 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Connection closed by 193.32.162.157 port 54318 [preauth]
Sep 28 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session closed for user root
Sep 28 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Failed password for root from 193.32.162.157 port 48640 ssh2
Sep 28 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Connection closed by 193.32.162.157 port 48640 [preauth]
Sep 28 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18436]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18437]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18432]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18504]: Successful su for rubyman by root
Sep 28 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18504]: + ??? root:rubyman
Sep 28 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308377 of user rubyman.
Sep 28 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18504]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308377.
Sep 28 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session closed for user root
Sep 28 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18435]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Failed password for root from 193.32.162.157 port 49178 ssh2
Sep 28 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Connection closed by 193.32.162.157 port 49178 [preauth]
Sep 28 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Failed password for root from 185.126.2.179 port 52166 ssh2
Sep 28 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Received disconnect from 185.126.2.179 port 52166:11: Bye Bye [preauth]
Sep 28 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Disconnected from 185.126.2.179 port 52166 [preauth]
Sep 28 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17202]: pam_unix(cron:session): session closed for user root
Sep 28 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: Failed password for root from 193.32.162.157 port 45246 ssh2
Sep 28 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Invalid user login from 35.187.196.97
Sep 28 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: input_userauth_request: invalid user login [preauth]
Sep 28 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: Connection closed by 193.32.162.157 port 45246 [preauth]
Sep 28 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Failed password for invalid user login from 35.187.196.97 port 38680 ssh2
Sep 28 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Received disconnect from 35.187.196.97 port 38680:11: Bye Bye [preauth]
Sep 28 12:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Disconnected from 35.187.196.97 port 38680 [preauth]
Sep 28 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18922]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: Successful su for rubyman by root
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: + ??? root:rubyman
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308380 of user rubyman.
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308380.
Sep 28 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Failed password for root from 193.32.162.157 port 48194 ssh2
Sep 28 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session closed for user root
Sep 28 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Connection closed by 193.32.162.157 port 48194 [preauth]
Sep 28 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18923]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Failed password for root from 193.32.162.157 port 56274 ssh2
Sep 28 12:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Connection closed by 193.32.162.157 port 56274 [preauth]
Sep 28 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17652]: pam_unix(cron:session): session closed for user root
Sep 28 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Failed password for root from 193.32.162.157 port 34022 ssh2
Sep 28 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Connection closed by 193.32.162.157 port 34022 [preauth]
Sep 28 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session closed for user root
Sep 28 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19591]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19781]: Successful su for rubyman by root
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19781]: + ??? root:rubyman
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308385 of user rubyman.
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19781]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308385.
Sep 28 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Invalid user newftpuser from 185.126.2.179
Sep 28 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: input_userauth_request: invalid user newftpuser [preauth]
Sep 28 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session closed for user root
Sep 28 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session closed for user root
Sep 28 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Failed password for invalid user newftpuser from 185.126.2.179 port 44438 ssh2
Sep 28 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Received disconnect from 185.126.2.179 port 44438:11: Bye Bye [preauth]
Sep 28 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Disconnected from 185.126.2.179 port 44438 [preauth]
Sep 28 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19594]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Failed password for root from 193.32.162.157 port 58054 ssh2
Sep 28 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Connection closed by 193.32.162.157 port 58054 [preauth]
Sep 28 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Invalid user ubuntu from 35.187.196.97
Sep 28 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for invalid user ubuntu from 35.187.196.97 port 36824 ssh2
Sep 28 12:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Received disconnect from 35.187.196.97 port 36824:11: Bye Bye [preauth]
Sep 28 12:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Disconnected from 35.187.196.97 port 36824 [preauth]
Sep 28 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: Failed password for root from 193.32.162.157 port 46140 ssh2
Sep 28 12:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18437]: pam_unix(cron:session): session closed for user root
Sep 28 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: Connection closed by 193.32.162.157 port 46140 [preauth]
Sep 28 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Failed password for root from 193.32.162.157 port 52988 ssh2
Sep 28 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Connection closed by 193.32.162.157 port 52988 [preauth]
Sep 28 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: Successful su for rubyman by root
Sep 28 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: + ??? root:rubyman
Sep 28 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308391 of user rubyman.
Sep 28 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308391.
Sep 28 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session closed for user root
Sep 28 12:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for root from 193.32.162.157 port 40600 ssh2
Sep 28 12:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Connection closed by 193.32.162.157 port 40600 [preauth]
Sep 28 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session closed for user root
Sep 28 12:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for root from 193.32.162.157 port 41034 ssh2
Sep 28 12:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Connection closed by 193.32.162.157 port 41034 [preauth]
Sep 28 12:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Failed password for root from 185.126.2.179 port 36710 ssh2
Sep 28 12:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Received disconnect from 185.126.2.179 port 36710:11: Bye Bye [preauth]
Sep 28 12:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Disconnected from 185.126.2.179 port 36710 [preauth]
Sep 28 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20741]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: Successful su for rubyman by root
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: + ??? root:rubyman
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308394 of user rubyman.
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308394.
Sep 28 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Failed password for root from 193.32.162.157 port 46038 ssh2
Sep 28 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user root
Sep 28 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Connection closed by 193.32.162.157 port 46038 [preauth]
Sep 28 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Invalid user sysadmin from 35.187.196.97
Sep 28 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Failed password for invalid user sysadmin from 35.187.196.97 port 57258 ssh2
Sep 28 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Failed password for root from 193.32.162.157 port 56114 ssh2
Sep 28 12:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Received disconnect from 35.187.196.97 port 57258:11: Bye Bye [preauth]
Sep 28 12:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Disconnected from 35.187.196.97 port 57258 [preauth]
Sep 28 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Connection closed by 193.32.162.157 port 56114 [preauth]
Sep 28 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user root
Sep 28 12:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: Failed password for root from 193.32.162.157 port 50988 ssh2
Sep 28 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: Connection closed by 193.32.162.157 port 50988 [preauth]
Sep 28 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21183]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: Successful su for rubyman by root
Sep 28 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: + ??? root:rubyman
Sep 28 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308400 of user rubyman.
Sep 28 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308400.
Sep 28 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17651]: pam_unix(cron:session): session closed for user root
Sep 28 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Failed password for root from 193.32.162.157 port 43692 ssh2
Sep 28 12:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Connection closed by 193.32.162.157 port 43692 [preauth]
Sep 28 12:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Invalid user lee from 185.126.2.179
Sep 28 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: input_userauth_request: invalid user lee [preauth]
Sep 28 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Failed password for invalid user lee from 185.126.2.179 port 57216 ssh2
Sep 28 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Received disconnect from 185.126.2.179 port 57216:11: Bye Bye [preauth]
Sep 28 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Disconnected from 185.126.2.179 port 57216 [preauth]
Sep 28 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session closed for user root
Sep 28 12:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: Failed password for root from 193.32.162.157 port 40208 ssh2
Sep 28 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: Connection closed by 193.32.162.157 port 40208 [preauth]
Sep 28 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 28 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Failed password for root from 190.103.202.7 port 58262 ssh2
Sep 28 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Connection closed by 190.103.202.7 port 58262 [preauth]
Sep 28 12:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Failed password for root from 193.32.162.157 port 36808 ssh2
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Connection closed by 193.32.162.157 port 36808 [preauth]
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: Successful su for rubyman by root
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: + ??? root:rubyman
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308402 of user rubyman.
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308402.
Sep 28 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18436]: pam_unix(cron:session): session closed for user root
Sep 28 12:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21620]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Invalid user rico from 35.187.196.97
Sep 28 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: input_userauth_request: invalid user rico [preauth]
Sep 28 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Failed password for invalid user rico from 35.187.196.97 port 51092 ssh2
Sep 28 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Received disconnect from 35.187.196.97 port 51092:11: Bye Bye [preauth]
Sep 28 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Disconnected from 35.187.196.97 port 51092 [preauth]
Sep 28 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: Failed password for root from 193.32.162.157 port 39976 ssh2
Sep 28 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: Connection closed by 193.32.162.157 port 39976 [preauth]
Sep 28 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20741]: pam_unix(cron:session): session closed for user root
Sep 28 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Failed password for root from 193.32.162.157 port 43926 ssh2
Sep 28 12:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Connection closed by 193.32.162.157 port 43926 [preauth]
Sep 28 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: Successful su for rubyman by root
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: + ??? root:rubyman
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308406 of user rubyman.
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308406.
Sep 28 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Invalid user tesoreria from 185.126.2.179
Sep 28 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: input_userauth_request: invalid user tesoreria [preauth]
Sep 28 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session closed for user root
Sep 28 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Failed password for root from 193.32.162.157 port 36720 ssh2
Sep 28 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session closed for user root
Sep 28 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Failed password for invalid user tesoreria from 185.126.2.179 port 49490 ssh2
Sep 28 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Received disconnect from 185.126.2.179 port 49490:11: Bye Bye [preauth]
Sep 28 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Disconnected from 185.126.2.179 port 49490 [preauth]
Sep 28 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Connection closed by 193.32.162.157 port 36720 [preauth]
Sep 28 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Failed password for root from 193.32.162.157 port 35512 ssh2
Sep 28 12:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Connection closed by 193.32.162.157 port 35512 [preauth]
Sep 28 12:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session closed for user root
Sep 28 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Failed password for root from 193.32.162.157 port 53812 ssh2
Sep 28 12:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Connection closed by 193.32.162.157 port 53812 [preauth]
Sep 28 12:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: Successful su for rubyman by root
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: + ??? root:rubyman
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308414 of user rubyman.
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22628]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308414.
Sep 28 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Failed password for root from 35.187.196.97 port 37026 ssh2
Sep 28 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session closed for user root
Sep 28 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Received disconnect from 35.187.196.97 port 37026:11: Bye Bye [preauth]
Sep 28 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Disconnected from 35.187.196.97 port 37026 [preauth]
Sep 28 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Failed password for root from 193.32.162.157 port 40482 ssh2
Sep 28 12:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Connection closed by 193.32.162.157 port 40482 [preauth]
Sep 28 12:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21623]: pam_unix(cron:session): session closed for user root
Sep 28 12:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Invalid user mariusz from 185.126.2.179
Sep 28 12:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: input_userauth_request: invalid user mariusz [preauth]
Sep 28 12:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179
Sep 28 12:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Failed password for root from 193.32.162.157 port 60950 ssh2
Sep 28 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user mariusz from 185.126.2.179 port 41770 ssh2
Sep 28 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Received disconnect from 185.126.2.179 port 41770:11: Bye Bye [preauth]
Sep 28 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Disconnected from 185.126.2.179 port 41770 [preauth]
Sep 28 12:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Connection closed by 193.32.162.157 port 60950 [preauth]
Sep 28 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Failed password for root from 193.32.162.157 port 38786 ssh2
Sep 28 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23281]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23220]: Connection closed by 193.32.162.157 port 38786 [preauth]
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23361]: Successful su for rubyman by root
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23361]: + ??? root:rubyman
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308418 of user rubyman.
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23361]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308418.
Sep 28 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session closed for user root
Sep 28 12:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: Failed password for root from 193.32.162.157 port 37296 ssh2
Sep 28 12:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: Connection closed by 193.32.162.157 port 37296 [preauth]
Sep 28 12:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user root
Sep 28 12:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23844]: Failed password for root from 193.32.162.157 port 55680 ssh2
Sep 28 12:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23844]: Connection closed by 193.32.162.157 port 55680 [preauth]
Sep 28 12:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97  user=root
Sep 28 12:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Failed password for root from 35.187.196.97 port 54108 ssh2
Sep 28 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Received disconnect from 35.187.196.97 port 54108:11: Bye Bye [preauth]
Sep 28 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Disconnected from 35.187.196.97 port 54108 [preauth]
Sep 28 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24042]: Successful su for rubyman by root
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24042]: + ??? root:rubyman
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308421 of user rubyman.
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24042]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308421.
Sep 28 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session closed for user root
Sep 28 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24256]: Invalid user admin from 139.19.117.131
Sep 28 12:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24256]: input_userauth_request: invalid user admin [preauth]
Sep 28 12:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: Failed password for root from 193.32.162.157 port 54860 ssh2
Sep 28 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.126.2.179  user=root
Sep 28 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23939]: Connection closed by 193.32.162.157 port 54860 [preauth]
Sep 28 12:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Failed password for root from 185.126.2.179 port 34044 ssh2
Sep 28 12:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Received disconnect from 185.126.2.179 port 34044:11: Bye Bye [preauth]
Sep 28 12:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Disconnected from 185.126.2.179 port 34044 [preauth]
Sep 28 12:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24256]: Connection closed by 139.19.117.131 port 60692 [preauth]
Sep 28 12:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for root from 193.32.162.157 port 38042 ssh2
Sep 28 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 193.32.162.157 port 38042 [preauth]
Sep 28 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session closed for user root
Sep 28 12:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Failed password for root from 193.32.162.157 port 56882 ssh2
Sep 28 12:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Connection closed by 193.32.162.157 port 56882 [preauth]
Sep 28 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24472]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24543]: Successful su for rubyman by root
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24543]: + ??? root:rubyman
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308425 of user rubyman.
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24543]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308425.
Sep 28 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session closed for user root
Sep 28 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24470]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Failed password for root from 193.32.162.157 port 48346 ssh2
Sep 28 12:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Connection closed by 193.32.162.157 port 48346 [preauth]
Sep 28 12:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user root
Sep 28 12:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: Failed password for root from 193.32.162.157 port 57902 ssh2
Sep 28 12:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: Connection closed by 193.32.162.157 port 57902 [preauth]
Sep 28 12:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Invalid user sol from 35.187.196.97
Sep 28 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: input_userauth_request: invalid user sol [preauth]
Sep 28 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.187.196.97
Sep 28 12:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Failed password for invalid user sol from 35.187.196.97 port 47214 ssh2
Sep 28 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Received disconnect from 35.187.196.97 port 47214:11: Bye Bye [preauth]
Sep 28 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Disconnected from 35.187.196.97 port 47214 [preauth]
Sep 28 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Failed password for root from 193.32.162.157 port 44110 ssh2
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24927]: pam_unix(cron:session): session closed for user root
Sep 28 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25008]: Successful su for rubyman by root
Sep 28 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25008]: + ??? root:rubyman
Sep 28 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308433 of user rubyman.
Sep 28 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25008]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308433.
Sep 28 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Connection closed by 193.32.162.157 port 44110 [preauth]
Sep 28 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21621]: pam_unix(cron:session): session closed for user root
Sep 28 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session closed for user root
Sep 28 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: Failed password for root from 193.32.162.157 port 55070 ssh2
Sep 28 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: Connection closed by 193.32.162.157 port 55070 [preauth]
Sep 28 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user root
Sep 28 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Failed password for root from 193.32.162.157 port 56304 ssh2
Sep 28 12:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Connection closed by 193.32.162.157 port 56304 [preauth]
Sep 28 12:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: Successful su for rubyman by root
Sep 28 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: + ??? root:rubyman
Sep 28 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308435 of user rubyman.
Sep 28 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308435.
Sep 28 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user root
Sep 28 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: Failed password for root from 193.32.162.157 port 57184 ssh2
Sep 28 12:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: Connection closed by 193.32.162.157 port 57184 [preauth]
Sep 28 12:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: Failed password for root from 193.32.162.157 port 40848 ssh2
Sep 28 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24472]: pam_unix(cron:session): session closed for user root
Sep 28 12:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26064]: Connection closed by 193.32.162.157 port 40848 [preauth]
Sep 28 12:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Failed password for root from 193.32.162.157 port 49412 ssh2
Sep 28 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Connection closed by 193.32.162.157 port 49412 [preauth]
Sep 28 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26229]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26298]: Successful su for rubyman by root
Sep 28 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26298]: + ??? root:rubyman
Sep 28 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308438 of user rubyman.
Sep 28 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26298]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308438.
Sep 28 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session closed for user root
Sep 28 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26230]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 193.32.162.157 port 58900 ssh2
Sep 28 12:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Connection closed by 193.32.162.157 port 58900 [preauth]
Sep 28 12:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session closed for user root
Sep 28 12:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for root from 193.32.162.157 port 38856 ssh2
Sep 28 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Connection closed by 193.32.162.157 port 38856 [preauth]
Sep 28 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26925]: Successful su for rubyman by root
Sep 28 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26925]: + ??? root:rubyman
Sep 28 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308443 of user rubyman.
Sep 28 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26925]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308443.
Sep 28 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: Failed password for root from 193.32.162.157 port 34626 ssh2
Sep 28 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session closed for user root
Sep 28 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26750]: Connection closed by 193.32.162.157 port 34626 [preauth]
Sep 28 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Failed password for root from 193.32.162.157 port 48262 ssh2
Sep 28 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Connection closed by 193.32.162.157 port 48262 [preauth]
Sep 28 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user root
Sep 28 12:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27248]: Failed password for root from 193.32.162.157 port 39432 ssh2
Sep 28 12:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27248]: Connection closed by 193.32.162.157 port 39432 [preauth]
Sep 28 12:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session closed for user p13x
Sep 28 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: Successful su for rubyman by root
Sep 28 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: + ??? root:rubyman
Sep 28 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308447 of user rubyman.
Sep 28 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: pam_unix(su:session): session closed for user rubyman
Sep 28 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308447.
Sep 28 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user root
Sep 28 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session closed for user samftp
Sep 28 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Failed password for root from 193.32.162.157 port 53620 ssh2
Sep 28 12:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Connection closed by 193.32.162.157 port 53620 [preauth]
Sep 28 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: Failed password for root from 193.32.162.157 port 48310 ssh2
Sep 28 12:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session closed for user root
Sep 28 12:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: Connection closed by 193.32.162.157 port 48310 [preauth]
Sep 28 12:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 12:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 12:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Failed password for root from 193.32.162.157 port 56920 ssh2
Sep 28 12:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Connection closed by 193.32.162.157 port 56920 [preauth]
Sep 28 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27993]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27995]: pam_unix(cron:session): session closed for user root
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session closed for user root
Sep 28 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: Successful su for rubyman by root
Sep 28 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: + ??? root:rubyman
Sep 28 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308455 of user rubyman.
Sep 28 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308455.
Sep 28 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24471]: pam_unix(cron:session): session closed for user root
Sep 28 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session closed for user root
Sep 28 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 28 13:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Failed password for root from 193.32.162.157 port 51182 ssh2
Sep 28 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Connection closed by 193.32.162.157 port 51182 [preauth]
Sep 28 13:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26827]: pam_unix(cron:session): session closed for user root
Sep 28 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: Successful su for rubyman by root
Sep 28 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: + ??? root:rubyman
Sep 28 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308459 of user rubyman.
Sep 28 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28759]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308459.
Sep 28 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user root
Sep 28 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session closed for user root
Sep 28 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29248]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: Successful su for rubyman by root
Sep 28 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: + ??? root:rubyman
Sep 28 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308461 of user rubyman.
Sep 28 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29328]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308461.
Sep 28 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session closed for user root
Sep 28 13:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27993]: pam_unix(cron:session): session closed for user root
Sep 28 13:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Invalid user desktop from 164.68.105.9
Sep 28 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: input_userauth_request: invalid user desktop [preauth]
Sep 28 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Failed password for invalid user desktop from 164.68.105.9 port 49824 ssh2
Sep 28 13:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Connection closed by 164.68.105.9 port 49824 [preauth]
Sep 28 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29719]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: Successful su for rubyman by root
Sep 28 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: + ??? root:rubyman
Sep 28 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308465 of user rubyman.
Sep 28 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308465.
Sep 28 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user root
Sep 28 13:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29717]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session closed for user root
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30206]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: Successful su for rubyman by root
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: + ??? root:rubyman
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308469 of user rubyman.
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30286]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308469.
Sep 28 13:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session closed for user root
Sep 28 13:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29251]: pam_unix(cron:session): session closed for user root
Sep 28 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30760]: Did not receive identification string from 196.251.84.181
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30775]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30774]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session closed for user root
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30770]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: Successful su for rubyman by root
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: + ??? root:rubyman
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308477 of user rubyman.
Sep 28 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30853]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308477.
Sep 28 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30774]: pam_unix(cron:session): session closed for user root
Sep 28 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session closed for user root
Sep 28 13:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30773]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29719]: pam_unix(cron:session): session closed for user root
Sep 28 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31260]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31333]: Successful su for rubyman by root
Sep 28 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31333]: + ??? root:rubyman
Sep 28 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308480 of user rubyman.
Sep 28 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31333]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308480.
Sep 28 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session closed for user root
Sep 28 13:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31261]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session closed for user root
Sep 28 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31742]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: Successful su for rubyman by root
Sep 28 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: + ??? root:rubyman
Sep 28 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308483 of user rubyman.
Sep 28 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308483.
Sep 28 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session closed for user root
Sep 28 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31743]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session closed for user root
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32185]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: Successful su for rubyman by root
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: + ??? root:rubyman
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308487 of user rubyman.
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308487.
Sep 28 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29250]: pam_unix(cron:session): session closed for user root
Sep 28 13:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32186]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Invalid user  from 66.181.171.136
Sep 28 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: input_userauth_request: invalid user  [preauth]
Sep 28 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32479]: Connection closed by 66.181.171.136 port 38248 [preauth]
Sep 28 13:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31263]: pam_unix(cron:session): session closed for user root
Sep 28 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32613]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: Successful su for rubyman by root
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: + ??? root:rubyman
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308491 of user rubyman.
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308491.
Sep 28 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session closed for user root
Sep 28 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29718]: pam_unix(cron:session): session closed for user root
Sep 28 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session closed for user root
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[690]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[690]: pam_unix(cron:session): session closed for user root
Sep 28 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: Successful su for rubyman by root
Sep 28 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: + ??? root:rubyman
Sep 28 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308500 of user rubyman.
Sep 28 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308500.
Sep 28 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user root
Sep 28 13:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session closed for user root
Sep 28 13:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1128]: Failed password for root from 196.251.84.181 port 53076 ssh2
Sep 28 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1128]: Connection closed by 196.251.84.181 port 53076 [preauth]
Sep 28 13:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32189]: pam_unix(cron:session): session closed for user root
Sep 28 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1343]: Successful su for rubyman by root
Sep 28 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1343]: + ??? root:rubyman
Sep 28 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308502 of user rubyman.
Sep 28 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1343]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308502.
Sep 28 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30775]: pam_unix(cron:session): session closed for user root
Sep 28 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Failed password for root from 196.251.84.181 port 54904 ssh2
Sep 28 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Connection closed by 196.251.84.181 port 54904 [preauth]
Sep 28 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session closed for user root
Sep 28 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1757]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1756]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1754]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: Successful su for rubyman by root
Sep 28 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: + ??? root:rubyman
Sep 28 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308507 of user rubyman.
Sep 28 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308507.
Sep 28 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31262]: pam_unix(cron:session): session closed for user root
Sep 28 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1755]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Failed password for root from 196.251.84.181 port 49112 ssh2
Sep 28 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Connection closed by 196.251.84.181 port 49112 [preauth]
Sep 28 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session closed for user root
Sep 28 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2172]: Did not receive identification string from 194.0.234.20
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2264]: Successful su for rubyman by root
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2264]: + ??? root:rubyman
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308511 of user rubyman.
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2264]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308511.
Sep 28 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session closed for user root
Sep 28 13:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Failed password for root from 66.181.171.136 port 49312 ssh2
Sep 28 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Connection closed by 66.181.171.136 port 49312 [preauth]
Sep 28 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Failed password for root from 196.251.84.181 port 38506 ssh2
Sep 28 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Connection closed by 196.251.84.181 port 38506 [preauth]
Sep 28 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user root
Sep 28 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Invalid user pi from 66.181.171.136
Sep 28 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: input_userauth_request: invalid user pi [preauth]
Sep 28 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Failed password for invalid user pi from 66.181.171.136 port 38758 ssh2
Sep 28 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Connection closed by 66.181.171.136 port 38758 [preauth]
Sep 28 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Invalid user hive from 66.181.171.136
Sep 28 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: input_userauth_request: invalid user hive [preauth]
Sep 28 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Failed password for invalid user hive from 66.181.171.136 port 38764 ssh2
Sep 28 13:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Connection closed by 66.181.171.136 port 38764 [preauth]
Sep 28 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Invalid user git from 66.181.171.136
Sep 28 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: input_userauth_request: invalid user git [preauth]
Sep 28 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for invalid user git from 66.181.171.136 port 60202 ssh2
Sep 28 13:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Connection closed by 66.181.171.136 port 60202 [preauth]
Sep 28 13:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Invalid user wang from 66.181.171.136
Sep 28 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: input_userauth_request: invalid user wang [preauth]
Sep 28 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Failed password for invalid user wang from 66.181.171.136 port 60218 ssh2
Sep 28 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Connection closed by 66.181.171.136 port 60218 [preauth]
Sep 28 13:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Invalid user nginx from 66.181.171.136
Sep 28 13:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: input_userauth_request: invalid user nginx [preauth]
Sep 28 13:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user nginx from 66.181.171.136 port 35096 ssh2
Sep 28 13:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Connection closed by 66.181.171.136 port 35096 [preauth]
Sep 28 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Invalid user mongo from 66.181.171.136
Sep 28 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: input_userauth_request: invalid user mongo [preauth]
Sep 28 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Failed password for invalid user mongo from 66.181.171.136 port 35112 ssh2
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Connection closed by 66.181.171.136 port 35112 [preauth]
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2710]: Successful su for rubyman by root
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2710]: + ??? root:rubyman
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308514 of user rubyman.
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2710]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308514.
Sep 28 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Invalid user user from 66.181.171.136
Sep 28 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: input_userauth_request: invalid user user [preauth]
Sep 28 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32188]: pam_unix(cron:session): session closed for user root
Sep 28 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Failed password for invalid user user from 66.181.171.136 port 48620 ssh2
Sep 28 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Connection closed by 66.181.171.136 port 48620 [preauth]
Sep 28 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Invalid user oracle from 66.181.171.136
Sep 28 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: input_userauth_request: invalid user oracle [preauth]
Sep 28 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user oracle from 66.181.171.136 port 48634 ssh2
Sep 28 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection closed by 66.181.171.136 port 48634 [preauth]
Sep 28 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Invalid user gpadmin from 66.181.171.136
Sep 28 13:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 13:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Failed password for invalid user gpadmin from 66.181.171.136 port 48636 ssh2
Sep 28 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Connection closed by 66.181.171.136 port 48636 [preauth]
Sep 28 13:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Failed password for root from 66.181.171.136 port 47382 ssh2
Sep 28 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Connection closed by 66.181.171.136 port 47382 [preauth]
Sep 28 13:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Invalid user esroot from 66.181.171.136
Sep 28 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: input_userauth_request: invalid user esroot [preauth]
Sep 28 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Failed password for invalid user esroot from 66.181.171.136 port 47394 ssh2
Sep 28 13:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2960]: Connection closed by 66.181.171.136 port 47394 [preauth]
Sep 28 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Invalid user gitlab from 66.181.171.136
Sep 28 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 28 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for invalid user gitlab from 66.181.171.136 port 52948 ssh2
Sep 28 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 66.181.171.136 port 52948 [preauth]
Sep 28 13:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Failed password for root from 20.163.71.109 port 57002 ssh2
Sep 28 13:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Connection closed by 20.163.71.109 port 57002 [preauth]
Sep 28 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Invalid user apache from 66.181.171.136
Sep 28 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: input_userauth_request: invalid user apache [preauth]
Sep 28 13:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for root from 196.251.84.181 port 53364 ssh2
Sep 28 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Connection closed by 196.251.84.181 port 53364 [preauth]
Sep 28 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Failed password for invalid user apache from 66.181.171.136 port 52968 ssh2
Sep 28 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Connection closed by 66.181.171.136 port 52968 [preauth]
Sep 28 13:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1757]: pam_unix(cron:session): session closed for user root
Sep 28 13:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Failed password for root from 66.181.171.136 port 41052 ssh2
Sep 28 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Connection closed by 66.181.171.136 port 41052 [preauth]
Sep 28 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Failed password for root from 66.181.171.136 port 41062 ssh2
Sep 28 13:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Connection closed by 66.181.171.136 port 41062 [preauth]
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user root
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3162]: Successful su for rubyman by root
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3162]: + ??? root:rubyman
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308518 of user rubyman.
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3162]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308518.
Sep 28 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session closed for user root
Sep 28 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32613]: pam_unix(cron:session): session closed for user root
Sep 28 13:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: Failed password for root from 196.251.84.181 port 38606 ssh2
Sep 28 13:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: Connection closed by 196.251.84.181 port 38606 [preauth]
Sep 28 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session closed for user root
Sep 28 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Invalid user developer from 66.181.171.136
Sep 28 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: input_userauth_request: invalid user developer [preauth]
Sep 28 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Failed password for root from 66.181.171.136 port 55658 ssh2
Sep 28 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Connection closed by 66.181.171.136 port 55658 [preauth]
Sep 28 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Failed password for invalid user developer from 66.181.171.136 port 35994 ssh2
Sep 28 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3504]: Connection closed by 66.181.171.136 port 35994 [preauth]
Sep 28 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: User mysql from 66.181.171.136 not allowed because not listed in AllowUsers
Sep 28 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: input_userauth_request: invalid user mysql [preauth]
Sep 28 13:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=mysql
Sep 28 13:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Failed password for invalid user mysql from 66.181.171.136 port 55668 ssh2
Sep 28 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Connection closed by 66.181.171.136 port 55668 [preauth]
Sep 28 13:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Failed password for root from 66.181.171.136 port 40452 ssh2
Sep 28 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Connection closed by 66.181.171.136 port 40452 [preauth]
Sep 28 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3552]: Failed password for root from 66.181.171.136 port 60974 ssh2
Sep 28 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3552]: Connection closed by 66.181.171.136 port 60974 [preauth]
Sep 28 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Invalid user oscar from 66.181.171.136
Sep 28 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: input_userauth_request: invalid user oscar [preauth]
Sep 28 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3565]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: Successful su for rubyman by root
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: + ??? root:rubyman
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308524 of user rubyman.
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308524.
Sep 28 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Failed password for invalid user oscar from 66.181.171.136 port 60980 ssh2
Sep 28 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Connection closed by 66.181.171.136 port 60980 [preauth]
Sep 28 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user root
Sep 28 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3566]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Failed password for root from 66.181.171.136 port 41194 ssh2
Sep 28 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Connection closed by 66.181.171.136 port 41194 [preauth]
Sep 28 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Invalid user user1 from 66.181.171.136
Sep 28 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: input_userauth_request: invalid user user1 [preauth]
Sep 28 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Failed password for invalid user user1 from 66.181.171.136 port 41864 ssh2
Sep 28 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Connection closed by 66.181.171.136 port 41864 [preauth]
Sep 28 13:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3885]: Failed password for root from 66.181.171.136 port 41872 ssh2
Sep 28 13:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3885]: Connection closed by 66.181.171.136 port 41872 [preauth]
Sep 28 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Failed password for root from 66.181.171.136 port 41190 ssh2
Sep 28 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Connection closed by 66.181.171.136 port 41190 [preauth]
Sep 28 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Invalid user flink from 66.181.171.136
Sep 28 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: input_userauth_request: invalid user flink [preauth]
Sep 28 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Failed password for invalid user flink from 66.181.171.136 port 60280 ssh2
Sep 28 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Connection closed by 66.181.171.136 port 60280 [preauth]
Sep 28 13:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3901]: Failed password for root from 196.251.84.181 port 51026 ssh2
Sep 28 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Invalid user apache from 66.181.171.136
Sep 28 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: input_userauth_request: invalid user apache [preauth]
Sep 28 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3901]: Connection closed by 196.251.84.181 port 51026 [preauth]
Sep 28 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Failed password for invalid user apache from 66.181.171.136 port 60288 ssh2
Sep 28 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Connection closed by 66.181.171.136 port 60288 [preauth]
Sep 28 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session closed for user root
Sep 28 13:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Invalid user nginx from 66.181.171.136
Sep 28 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: input_userauth_request: invalid user nginx [preauth]
Sep 28 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Failed password for invalid user nginx from 66.181.171.136 port 55670 ssh2
Sep 28 13:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Connection closed by 66.181.171.136 port 55670 [preauth]
Sep 28 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: Failed password for root from 66.181.171.136 port 60292 ssh2
Sep 28 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: Connection closed by 66.181.171.136 port 60292 [preauth]
Sep 28 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Invalid user esuser from 66.181.171.136
Sep 28 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: input_userauth_request: invalid user esuser [preauth]
Sep 28 13:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Failed password for invalid user esuser from 66.181.171.136 port 55680 ssh2
Sep 28 13:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Connection closed by 66.181.171.136 port 55680 [preauth]
Sep 28 13:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Failed password for root from 66.181.171.136 port 54548 ssh2
Sep 28 13:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3999]: Connection closed by 66.181.171.136 port 54548 [preauth]
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session closed for user root
Sep 28 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Invalid user svnuser from 66.181.171.136
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: input_userauth_request: invalid user svnuser [preauth]
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4100]: Successful su for rubyman by root
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4100]: + ??? root:rubyman
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308530 of user rubyman.
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4100]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308530.
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Failed password for invalid user svnuser from 66.181.171.136 port 38962 ssh2
Sep 28 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Connection closed by 66.181.171.136 port 38962 [preauth]
Sep 28 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session closed for user root
Sep 28 13:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Failed password for root from 196.251.84.181 port 34262 ssh2
Sep 28 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Connection closed by 196.251.84.181 port 34262 [preauth]
Sep 28 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user root
Sep 28 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Invalid user app from 66.181.171.136
Sep 28 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: input_userauth_request: invalid user app [preauth]
Sep 28 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Failed password for invalid user app from 66.181.171.136 port 48986 ssh2
Sep 28 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Connection closed by 66.181.171.136 port 48986 [preauth]
Sep 28 13:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Failed password for root from 66.181.171.136 port 47502 ssh2
Sep 28 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: User mysql from 66.181.171.136 not allowed because not listed in AllowUsers
Sep 28 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: input_userauth_request: invalid user mysql [preauth]
Sep 28 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: Connection closed by 66.181.171.136 port 47502 [preauth]
Sep 28 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=mysql
Sep 28 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Failed password for invalid user mysql from 66.181.171.136 port 47496 ssh2
Sep 28 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Connection closed by 66.181.171.136 port 47496 [preauth]
Sep 28 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4482]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: Successful su for rubyman by root
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: + ??? root:rubyman
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308534 of user rubyman.
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308534.
Sep 28 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Invalid user gpadmin from 66.181.171.136
Sep 28 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for invalid user gpadmin from 66.181.171.136 port 37748 ssh2
Sep 28 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1756]: pam_unix(cron:session): session closed for user root
Sep 28 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 66.181.171.136 port 37748 [preauth]
Sep 28 13:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4483]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Invalid user www from 66.181.171.136
Sep 28 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: input_userauth_request: invalid user www [preauth]
Sep 28 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for invalid user www from 66.181.171.136 port 38238 ssh2
Sep 28 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Connection closed by 66.181.171.136 port 38238 [preauth]
Sep 28 13:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Failed password for root from 66.181.171.136 port 35488 ssh2
Sep 28 13:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Connection closed by 66.181.171.136 port 35488 [preauth]
Sep 28 13:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4798]: Failed password for root from 196.251.84.181 port 45172 ssh2
Sep 28 13:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4798]: Connection closed by 196.251.84.181 port 45172 [preauth]
Sep 28 13:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: Invalid user oscar from 66.181.171.136
Sep 28 13:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: input_userauth_request: invalid user oscar [preauth]
Sep 28 13:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Invalid user test from 66.181.171.136
Sep 28 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: input_userauth_request: invalid user test [preauth]
Sep 28 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: Failed password for invalid user oscar from 66.181.171.136 port 35500 ssh2
Sep 28 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4810]: Connection closed by 66.181.171.136 port 35500 [preauth]
Sep 28 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Failed password for invalid user test from 66.181.171.136 port 52202 ssh2
Sep 28 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Connection closed by 66.181.171.136 port 52202 [preauth]
Sep 28 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3569]: pam_unix(cron:session): session closed for user root
Sep 28 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4859]: Failed password for root from 66.181.171.136 port 33348 ssh2
Sep 28 13:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4859]: Connection closed by 66.181.171.136 port 33348 [preauth]
Sep 28 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: Invalid user app from 66.181.171.136
Sep 28 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: input_userauth_request: invalid user app [preauth]
Sep 28 13:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: Failed password for invalid user app from 66.181.171.136 port 33356 ssh2
Sep 28 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: Connection closed by 66.181.171.136 port 33356 [preauth]
Sep 28 13:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Failed password for root from 66.181.171.136 port 44422 ssh2
Sep 28 13:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Connection closed by 66.181.171.136 port 44422 [preauth]
Sep 28 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Invalid user guest from 66.181.171.136
Sep 28 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: input_userauth_request: invalid user guest [preauth]
Sep 28 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Failed password for invalid user guest from 66.181.171.136 port 44428 ssh2
Sep 28 13:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4918]: Connection closed by 66.181.171.136 port 44428 [preauth]
Sep 28 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4937]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5013]: Successful su for rubyman by root
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5013]: + ??? root:rubyman
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308537 of user rubyman.
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5013]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308537.
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: Invalid user sonar from 66.181.171.136
Sep 28 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: input_userauth_request: invalid user sonar [preauth]
Sep 28 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: Failed password for invalid user sonar from 66.181.171.136 port 54732 ssh2
Sep 28 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session closed for user root
Sep 28 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: Connection closed by 66.181.171.136 port 54732 [preauth]
Sep 28 13:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4938]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: Invalid user tom from 66.181.171.136
Sep 28 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: input_userauth_request: invalid user tom [preauth]
Sep 28 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Sep 28 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: Failed password for invalid user tom from 66.181.171.136 port 33172 ssh2
Sep 28 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5240]: Connection closed by 66.181.171.136 port 33172 [preauth]
Sep 28 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5238]: Failed password for root from 196.251.84.181 port 55430 ssh2
Sep 28 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5238]: Connection closed by 196.251.84.181 port 55430 [preauth]
Sep 28 13:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session closed for user root
Sep 28 13:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Invalid user tom from 66.181.171.136
Sep 28 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: input_userauth_request: invalid user tom [preauth]
Sep 28 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Failed password for invalid user tom from 66.181.171.136 port 39580 ssh2
Sep 28 13:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5452]: Connection closed by 66.181.171.136 port 39580 [preauth]
Sep 28 13:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: Failed password for root from 66.181.171.136 port 39588 ssh2
Sep 28 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: Connection closed by 66.181.171.136 port 39588 [preauth]
Sep 28 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Invalid user admin from 80.94.95.112
Sep 28 13:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: input_userauth_request: invalid user admin [preauth]
Sep 28 13:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 13:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for invalid user admin from 80.94.95.112 port 12624 ssh2
Sep 28 13:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Invalid user ubuntu from 66.181.171.136
Sep 28 13:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 13:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for invalid user admin from 80.94.95.112 port 12624 ssh2
Sep 28 13:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Failed password for invalid user ubuntu from 66.181.171.136 port 60262 ssh2
Sep 28 13:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Connection closed by 66.181.171.136 port 60262 [preauth]
Sep 28 13:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Invalid user elsearch from 66.181.171.136
Sep 28 13:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for invalid user admin from 80.94.95.112 port 12624 ssh2
Sep 28 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5498]: pam_unix(cron:session): session closed for user root
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5492]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: Successful su for rubyman by root
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: + ??? root:rubyman
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308541 of user rubyman.
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5570]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308541.
Sep 28 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Failed password for invalid user elsearch from 66.181.171.136 port 60276 ssh2
Sep 28 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Connection closed by 66.181.171.136 port 60276 [preauth]
Sep 28 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for invalid user admin from 80.94.95.112 port 12624 ssh2
Sep 28 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user root
Sep 28 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session closed for user root
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for invalid user admin from 80.94.95.112 port 12624 ssh2
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Received disconnect from 80.94.95.112 port 12624:11: Bye [preauth]
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Disconnected from 80.94.95.112 port 12624 [preauth]
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Invalid user nginx from 66.181.171.136
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: input_userauth_request: invalid user nginx [preauth]
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for invalid user nginx from 66.181.171.136 port 52338 ssh2
Sep 28 13:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Connection closed by 66.181.171.136 port 52338 [preauth]
Sep 28 13:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5493]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Invalid user rancher from 66.181.171.136
Sep 28 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: input_userauth_request: invalid user rancher [preauth]
Sep 28 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Failed password for invalid user rancher from 66.181.171.136 port 55534 ssh2
Sep 28 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Connection closed by 66.181.171.136 port 55534 [preauth]
Sep 28 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Invalid user user from 66.181.171.136
Sep 28 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: input_userauth_request: invalid user user [preauth]
Sep 28 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session closed for user root
Sep 28 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for invalid user user from 66.181.171.136 port 38886 ssh2
Sep 28 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Connection closed by 66.181.171.136 port 38886 [preauth]
Sep 28 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Failed password for root from 66.181.171.136 port 56332 ssh2
Sep 28 13:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Connection closed by 66.181.171.136 port 56332 [preauth]
Sep 28 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Invalid user uftp from 66.181.171.136
Sep 28 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: input_userauth_request: invalid user uftp [preauth]
Sep 28 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user uftp from 66.181.171.136 port 43392 ssh2
Sep 28 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Connection closed by 66.181.171.136 port 43392 [preauth]
Sep 28 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for root from 66.181.171.136 port 38896 ssh2
Sep 28 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Connection closed by 66.181.171.136 port 38896 [preauth]
Sep 28 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Invalid user data from 66.181.171.136
Sep 28 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: input_userauth_request: invalid user data [preauth]
Sep 28 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Failed password for invalid user data from 66.181.171.136 port 43394 ssh2
Sep 28 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Connection closed by 66.181.171.136 port 43394 [preauth]
Sep 28 13:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Invalid user bigdata from 66.181.171.136
Sep 28 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: input_userauth_request: invalid user bigdata [preauth]
Sep 28 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Invalid user oracle from 66.181.171.136
Sep 28 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: input_userauth_request: invalid user oracle [preauth]
Sep 28 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Failed password for invalid user bigdata from 66.181.171.136 port 43398 ssh2
Sep 28 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Connection closed by 66.181.171.136 port 43398 [preauth]
Sep 28 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for invalid user oracle from 66.181.171.136 port 49148 ssh2
Sep 28 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 66.181.171.136 port 49148 [preauth]
Sep 28 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: Successful su for rubyman by root
Sep 28 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: + ??? root:rubyman
Sep 28 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308547 of user rubyman.
Sep 28 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308547.
Sep 28 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session closed for user root
Sep 28 13:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Invalid user steam from 66.181.171.136
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: input_userauth_request: invalid user steam [preauth]
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Invalid user esuser from 66.181.171.136
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: input_userauth_request: invalid user esuser [preauth]
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Failed password for invalid user steam from 66.181.171.136 port 36066 ssh2
Sep 28 13:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Connection closed by 66.181.171.136 port 36066 [preauth]
Sep 28 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for invalid user esuser from 66.181.171.136 port 36078 ssh2
Sep 28 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Connection closed by 66.181.171.136 port 36078 [preauth]
Sep 28 13:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Invalid user docker from 66.181.171.136
Sep 28 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: input_userauth_request: invalid user docker [preauth]
Sep 28 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Failed password for invalid user docker from 66.181.171.136 port 41378 ssh2
Sep 28 13:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Connection closed by 66.181.171.136 port 41378 [preauth]
Sep 28 13:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4943]: pam_unix(cron:session): session closed for user root
Sep 28 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Invalid user ts from 66.181.171.136
Sep 28 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: input_userauth_request: invalid user ts [preauth]
Sep 28 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Failed password for invalid user ts from 66.181.171.136 port 39270 ssh2
Sep 28 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Connection closed by 66.181.171.136 port 39270 [preauth]
Sep 28 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Failed password for root from 66.181.171.136 port 43064 ssh2
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6426]: Connection closed by 66.181.171.136 port 43064 [preauth]
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: Successful su for rubyman by root
Sep 28 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: + ??? root:rubyman
Sep 28 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308552 of user rubyman.
Sep 28 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6508]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308552.
Sep 28 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3567]: pam_unix(cron:session): session closed for user root
Sep 28 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Invalid user gitlab from 66.181.171.136
Sep 28 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for invalid user gitlab from 66.181.171.136 port 37480 ssh2
Sep 28 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection closed by 66.181.171.136 port 37480 [preauth]
Sep 28 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5497]: pam_unix(cron:session): session closed for user root
Sep 28 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: Invalid user zabbix from 66.181.171.136
Sep 28 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: Failed password for invalid user zabbix from 66.181.171.136 port 41076 ssh2
Sep 28 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6919]: Connection closed by 66.181.171.136 port 41076 [preauth]
Sep 28 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Invalid user flask from 66.181.171.136
Sep 28 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: input_userauth_request: invalid user flask [preauth]
Sep 28 13:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Failed password for invalid user flask from 66.181.171.136 port 35210 ssh2
Sep 28 13:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6953]: Connection closed by 66.181.171.136 port 35210 [preauth]
Sep 28 13:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Invalid user gitlab from 66.181.171.136
Sep 28 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6972]: Failed password for root from 66.181.171.136 port 41096 ssh2
Sep 28 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6972]: Connection closed by 66.181.171.136 port 41096 [preauth]
Sep 28 13:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Failed password for invalid user gitlab from 66.181.171.136 port 35214 ssh2
Sep 28 13:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6975]: Connection closed by 66.181.171.136 port 35214 [preauth]
Sep 28 13:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Invalid user postgres from 66.181.171.136
Sep 28 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: input_userauth_request: invalid user postgres [preauth]
Sep 28 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Failed password for invalid user postgres from 66.181.171.136 port 54626 ssh2
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Connection closed by 66.181.171.136 port 54626 [preauth]
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7076]: Successful su for rubyman by root
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7076]: + ??? root:rubyman
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308555 of user rubyman.
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7076]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308555.
Sep 28 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Invalid user jenkins from 66.181.171.136
Sep 28 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: input_userauth_request: invalid user jenkins [preauth]
Sep 28 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Failed password for invalid user jenkins from 66.181.171.136 port 54642 ssh2
Sep 28 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Connection closed by 66.181.171.136 port 54642 [preauth]
Sep 28 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session closed for user root
Sep 28 13:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6994]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Invalid user admin from 66.181.171.136
Sep 28 13:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: input_userauth_request: invalid user admin [preauth]
Sep 28 13:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Failed password for invalid user admin from 66.181.171.136 port 40070 ssh2
Sep 28 13:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Connection closed by 66.181.171.136 port 40070 [preauth]
Sep 28 13:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Invalid user weblogic from 66.181.171.136
Sep 28 13:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 13:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Failed password for invalid user weblogic from 66.181.171.136 port 42752 ssh2
Sep 28 13:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Connection closed by 66.181.171.136 port 42752 [preauth]
Sep 28 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
Sep 28 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: Invalid user test from 66.181.171.136
Sep 28 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: input_userauth_request: invalid user test [preauth]
Sep 28 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Invalid user admin from 78.128.112.74
Sep 28 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: input_userauth_request: invalid user admin [preauth]
Sep 28 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: Failed password for invalid user test from 66.181.171.136 port 34576 ssh2
Sep 28 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7468]: Connection closed by 66.181.171.136 port 34576 [preauth]
Sep 28 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Failed password for invalid user admin from 78.128.112.74 port 57864 ssh2
Sep 28 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Connection closed by 78.128.112.74 port 57864 [preauth]
Sep 28 13:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Failed password for root from 66.181.171.136 port 52122 ssh2
Sep 28 13:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Connection closed by 66.181.171.136 port 52122 [preauth]
Sep 28 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Invalid user tomcat from 66.181.171.136
Sep 28 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Failed password for invalid user tomcat from 66.181.171.136 port 39986 ssh2
Sep 28 13:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Connection closed by 66.181.171.136 port 39986 [preauth]
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7542]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7540]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7612]: Successful su for rubyman by root
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7612]: + ??? root:rubyman
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308559 of user rubyman.
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7612]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308559.
Sep 28 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session closed for user root
Sep 28 13:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for root from 66.181.171.136 port 53500 ssh2
Sep 28 13:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Connection closed by 66.181.171.136 port 53500 [preauth]
Sep 28 13:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Failed password for root from 66.181.171.136 port 53516 ssh2
Sep 28 13:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Connection closed by 66.181.171.136 port 53516 [preauth]
Sep 28 13:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Invalid user zabbix from 66.181.171.136
Sep 28 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Failed password for invalid user zabbix from 66.181.171.136 port 33840 ssh2
Sep 28 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Connection closed by 66.181.171.136 port 33840 [preauth]
Sep 28 13:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Invalid user kubernetes from 66.181.171.136
Sep 28 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: input_userauth_request: invalid user kubernetes [preauth]
Sep 28 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Failed password for invalid user kubernetes from 66.181.171.136 port 33842 ssh2
Sep 28 13:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Connection closed by 66.181.171.136 port 33842 [preauth]
Sep 28 13:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Invalid user observer from 66.181.171.136
Sep 28 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: input_userauth_request: invalid user observer [preauth]
Sep 28 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user observer from 66.181.171.136 port 34928 ssh2
Sep 28 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Connection closed by 66.181.171.136 port 34928 [preauth]
Sep 28 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session closed for user root
Sep 28 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Invalid user bot from 66.181.171.136
Sep 28 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: input_userauth_request: invalid user bot [preauth]
Sep 28 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Invalid user hadoop from 66.181.171.136
Sep 28 13:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 13:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Failed password for invalid user bot from 66.181.171.136 port 44332 ssh2
Sep 28 13:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Connection closed by 66.181.171.136 port 44332 [preauth]
Sep 28 13:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Failed password for invalid user hadoop from 66.181.171.136 port 34942 ssh2
Sep 28 13:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Connection closed by 66.181.171.136 port 34942 [preauth]
Sep 28 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Invalid user debianuser from 66.181.171.136
Sep 28 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: input_userauth_request: invalid user debianuser [preauth]
Sep 28 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Failed password for invalid user debianuser from 66.181.171.136 port 44336 ssh2
Sep 28 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Connection closed by 66.181.171.136 port 44336 [preauth]
Sep 28 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Invalid user ranger from 66.181.171.136
Sep 28 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: input_userauth_request: invalid user ranger [preauth]
Sep 28 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Invalid user oracle from 66.181.171.136
Sep 28 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: input_userauth_request: invalid user oracle [preauth]
Sep 28 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Failed password for invalid user ranger from 66.181.171.136 port 35722 ssh2
Sep 28 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Connection closed by 66.181.171.136 port 35722 [preauth]
Sep 28 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Failed password for invalid user oracle from 66.181.171.136 port 35730 ssh2
Sep 28 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Connection closed by 66.181.171.136 port 35730 [preauth]
Sep 28 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: User ftp from 66.181.171.136 not allowed because not listed in AllowUsers
Sep 28 13:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: input_userauth_request: invalid user ftp [preauth]
Sep 28 13:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=ftp
Sep 28 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: Failed password for invalid user ftp from 66.181.171.136 port 35734 ssh2
Sep 28 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: Connection closed by 66.181.171.136 port 35734 [preauth]
Sep 28 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Invalid user elastic from 66.181.171.136
Sep 28 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: input_userauth_request: invalid user elastic [preauth]
Sep 28 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Failed password for invalid user elastic from 66.181.171.136 port 49734 ssh2
Sep 28 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8031]: Connection closed by 66.181.171.136 port 49734 [preauth]
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session closed for user root
Sep 28 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8046]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8146]: Successful su for rubyman by root
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8146]: + ??? root:rubyman
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308567 of user rubyman.
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8146]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308567.
Sep 28 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: Failed password for root from 66.181.171.136 port 49750 ssh2
Sep 28 13:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8126]: Connection closed by 66.181.171.136 port 49750 [preauth]
Sep 28 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4939]: pam_unix(cron:session): session closed for user root
Sep 28 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: Invalid user admin from 66.181.171.136
Sep 28 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: input_userauth_request: invalid user admin [preauth]
Sep 28 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8049]: pam_unix(cron:session): session closed for user root
Sep 28 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: Failed password for invalid user admin from 66.181.171.136 port 34626 ssh2
Sep 28 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8279]: Connection closed by 66.181.171.136 port 34626 [preauth]
Sep 28 13:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: Invalid user default from 66.181.171.136
Sep 28 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: input_userauth_request: invalid user default [preauth]
Sep 28 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8048]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: Failed password for invalid user default from 66.181.171.136 port 34636 ssh2
Sep 28 13:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8384]: Connection closed by 66.181.171.136 port 34636 [preauth]
Sep 28 13:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Invalid user tomcat from 66.181.171.136
Sep 28 13:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 13:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Failed password for invalid user tomcat from 66.181.171.136 port 40952 ssh2
Sep 28 13:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Connection closed by 66.181.171.136 port 40952 [preauth]
Sep 28 13:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Invalid user gitlab from 66.181.171.136
Sep 28 13:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Failed password for invalid user gitlab from 66.181.171.136 port 40956 ssh2
Sep 28 13:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Connection closed by 66.181.171.136 port 40956 [preauth]
Sep 28 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session closed for user root
Sep 28 13:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Failed password for root from 66.181.171.136 port 48576 ssh2
Sep 28 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Connection closed by 66.181.171.136 port 48576 [preauth]
Sep 28 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8576]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: Successful su for rubyman by root
Sep 28 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: + ??? root:rubyman
Sep 28 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308569 of user rubyman.
Sep 28 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308569.
Sep 28 13:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8572]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session closed for user root
Sep 28 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Invalid user oracle from 66.181.171.136
Sep 28 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: input_userauth_request: invalid user oracle [preauth]
Sep 28 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Failed password for invalid user oracle from 66.181.171.136 port 32828 ssh2
Sep 28 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Connection closed by 66.181.171.136 port 32828 [preauth]
Sep 28 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Invalid user es from 66.181.171.136
Sep 28 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: input_userauth_request: invalid user es [preauth]
Sep 28 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Failed password for invalid user es from 66.181.171.136 port 35698 ssh2
Sep 28 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Connection closed by 66.181.171.136 port 35698 [preauth]
Sep 28 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Invalid user flink from 66.181.171.136
Sep 28 13:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: input_userauth_request: invalid user flink [preauth]
Sep 28 13:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Failed password for invalid user flink from 66.181.171.136 port 32850 ssh2
Sep 28 13:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9037]: Connection closed by 66.181.171.136 port 32850 [preauth]
Sep 28 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session closed for user root
Sep 28 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Invalid user uftp from 66.181.171.136
Sep 28 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: input_userauth_request: invalid user uftp [preauth]
Sep 28 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Failed password for invalid user uftp from 66.181.171.136 port 32834 ssh2
Sep 28 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9048]: Connection closed by 66.181.171.136 port 32834 [preauth]
Sep 28 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Invalid user nvidia from 66.181.171.136
Sep 28 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Invalid user es from 66.181.171.136
Sep 28 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: input_userauth_request: invalid user es [preauth]
Sep 28 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Failed password for invalid user nvidia from 66.181.171.136 port 53816 ssh2
Sep 28 13:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9107]: Connection closed by 66.181.171.136 port 53816 [preauth]
Sep 28 13:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Failed password for invalid user es from 66.181.171.136 port 50670 ssh2
Sep 28 13:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Connection closed by 66.181.171.136 port 50670 [preauth]
Sep 28 13:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: Failed password for root from 66.181.171.136 port 36722 ssh2
Sep 28 13:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9136]: Connection closed by 66.181.171.136 port 36722 [preauth]
Sep 28 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: Successful su for rubyman by root
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: + ??? root:rubyman
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308573 of user rubyman.
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308573.
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Invalid user developer from 66.181.171.136
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: input_userauth_request: invalid user developer [preauth]
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Failed password for invalid user developer from 66.181.171.136 port 36734 ssh2
Sep 28 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session closed for user root
Sep 28 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Connection closed by 66.181.171.136 port 36734 [preauth]
Sep 28 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: Failed password for root from 66.181.171.136 port 33310 ssh2
Sep 28 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: Connection closed by 66.181.171.136 port 33310 [preauth]
Sep 28 13:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for root from 66.181.171.136 port 53822 ssh2
Sep 28 13:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Connection closed by 66.181.171.136 port 53822 [preauth]
Sep 28 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: User ftp from 66.181.171.136 not allowed because not listed in AllowUsers
Sep 28 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: input_userauth_request: invalid user ftp [preauth]
Sep 28 13:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=ftp
Sep 28 13:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Failed password for invalid user ftp from 66.181.171.136 port 33316 ssh2
Sep 28 13:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Connection closed by 66.181.171.136 port 33316 [preauth]
Sep 28 13:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Invalid user app from 66.181.171.136
Sep 28 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: input_userauth_request: invalid user app [preauth]
Sep 28 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Invalid user mongodb from 66.181.171.136
Sep 28 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for invalid user app from 66.181.171.136 port 52956 ssh2
Sep 28 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Connection closed by 66.181.171.136 port 52956 [preauth]
Sep 28 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Failed password for invalid user mongodb from 66.181.171.136 port 44974 ssh2
Sep 28 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Connection closed by 66.181.171.136 port 44974 [preauth]
Sep 28 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Failed password for root from 66.181.171.136 port 52962 ssh2
Sep 28 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Connection closed by 66.181.171.136 port 52962 [preauth]
Sep 28 13:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Invalid user www from 66.181.171.136
Sep 28 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: input_userauth_request: invalid user www [preauth]
Sep 28 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Failed password for invalid user www from 66.181.171.136 port 58602 ssh2
Sep 28 13:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9644]: Connection closed by 66.181.171.136 port 58602 [preauth]
Sep 28 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8051]: pam_unix(cron:session): session closed for user root
Sep 28 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Invalid user sonar from 66.181.171.136
Sep 28 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: input_userauth_request: invalid user sonar [preauth]
Sep 28 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for invalid user sonar from 66.181.171.136 port 58604 ssh2
Sep 28 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Connection closed by 66.181.171.136 port 58604 [preauth]
Sep 28 13:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: Invalid user elasticsearch from 66.181.171.136
Sep 28 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: Failed password for invalid user elasticsearch from 66.181.171.136 port 60882 ssh2
Sep 28 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9770]: Connection closed by 66.181.171.136 port 60882 [preauth]
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9904]: Successful su for rubyman by root
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9904]: + ??? root:rubyman
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308577 of user rubyman.
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9904]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308577.
Sep 28 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user root
Sep 28 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Invalid user dev from 66.181.171.136
Sep 28 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: input_userauth_request: invalid user dev [preauth]
Sep 28 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Failed password for invalid user dev from 66.181.171.136 port 48262 ssh2
Sep 28 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Connection closed by 66.181.171.136 port 48262 [preauth]
Sep 28 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Failed password for root from 66.181.171.136 port 57328 ssh2
Sep 28 13:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Connection closed by 66.181.171.136 port 57328 [preauth]
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: Invalid user postgres from 66.181.171.136
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: input_userauth_request: invalid user postgres [preauth]
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Invalid user tomcat from 66.181.171.136
Sep 28 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: Failed password for invalid user postgres from 66.181.171.136 port 57342 ssh2
Sep 28 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Failed password for invalid user tomcat from 66.181.171.136 port 51408 ssh2
Sep 28 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: Connection closed by 66.181.171.136 port 57342 [preauth]
Sep 28 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Connection closed by 66.181.171.136 port 51408 [preauth]
Sep 28 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Invalid user guest from 66.181.171.136
Sep 28 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: input_userauth_request: invalid user guest [preauth]
Sep 28 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for invalid user guest from 66.181.171.136 port 48278 ssh2
Sep 28 13:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 66.181.171.136 port 48278 [preauth]
Sep 28 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Invalid user elsearch from 66.181.171.136
Sep 28 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Invalid user git from 66.181.171.136
Sep 28 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: input_userauth_request: invalid user git [preauth]
Sep 28 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Failed password for invalid user elsearch from 66.181.171.136 port 51424 ssh2
Sep 28 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Connection closed by 66.181.171.136 port 51424 [preauth]
Sep 28 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Failed password for invalid user git from 66.181.171.136 port 56438 ssh2
Sep 28 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Connection closed by 66.181.171.136 port 56438 [preauth]
Sep 28 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Invalid user vagrant from 66.181.171.136
Sep 28 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8576]: pam_unix(cron:session): session closed for user root
Sep 28 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Failed password for invalid user vagrant from 66.181.171.136 port 56444 ssh2
Sep 28 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Connection closed by 66.181.171.136 port 56444 [preauth]
Sep 28 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Invalid user esuser from 66.181.171.136
Sep 28 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: input_userauth_request: invalid user esuser [preauth]
Sep 28 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Failed password for invalid user esuser from 66.181.171.136 port 49046 ssh2
Sep 28 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Connection closed by 66.181.171.136 port 49046 [preauth]
Sep 28 13:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: Failed password for root from 66.181.171.136 port 49056 ssh2
Sep 28 13:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: Connection closed by 66.181.171.136 port 49056 [preauth]
Sep 28 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: Successful su for rubyman by root
Sep 28 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: + ??? root:rubyman
Sep 28 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308581 of user rubyman.
Sep 28 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10392]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308581.
Sep 28 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session closed for user root
Sep 28 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Invalid user admin from 66.181.171.136
Sep 28 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: input_userauth_request: invalid user admin [preauth]
Sep 28 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Failed password for invalid user admin from 66.181.171.136 port 50490 ssh2
Sep 28 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10579]: Connection closed by 66.181.171.136 port 50490 [preauth]
Sep 28 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Invalid user worker from 66.181.171.136
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: input_userauth_request: invalid user worker [preauth]
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: Invalid user steam from 66.181.171.136
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: input_userauth_request: invalid user steam [preauth]
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Failed password for invalid user worker from 66.181.171.136 port 33416 ssh2
Sep 28 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Connection closed by 66.181.171.136 port 33416 [preauth]
Sep 28 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: Failed password for invalid user steam from 66.181.171.136 port 50492 ssh2
Sep 28 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10615]: Connection closed by 66.181.171.136 port 50492 [preauth]
Sep 28 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Invalid user es from 66.181.171.136
Sep 28 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: input_userauth_request: invalid user es [preauth]
Sep 28 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Failed password for invalid user es from 66.181.171.136 port 33044 ssh2
Sep 28 13:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Connection closed by 66.181.171.136 port 33044 [preauth]
Sep 28 13:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Failed password for root from 66.181.171.136 port 33050 ssh2
Sep 28 13:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Connection closed by 66.181.171.136 port 33050 [preauth]
Sep 28 13:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Invalid user demo from 66.181.171.136
Sep 28 13:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: input_userauth_request: invalid user demo [preauth]
Sep 28 13:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Failed password for invalid user demo from 66.181.171.136 port 49144 ssh2
Sep 28 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Connection closed by 66.181.171.136 port 49144 [preauth]
Sep 28 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session closed for user root
Sep 28 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: Invalid user deploy from 66.181.171.136
Sep 28 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: input_userauth_request: invalid user deploy [preauth]
Sep 28 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Invalid user dev from 66.181.171.136
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: input_userauth_request: invalid user dev [preauth]
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: Failed password for invalid user deploy from 66.181.171.136 port 58526 ssh2
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: Connection closed by 66.181.171.136 port 58526 [preauth]
Sep 28 13:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Invalid user deploy from 66.181.171.136
Sep 28 13:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: input_userauth_request: invalid user deploy [preauth]
Sep 28 13:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for invalid user dev from 66.181.171.136 port 58528 ssh2
Sep 28 13:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Failed password for invalid user deploy from 66.181.171.136 port 49128 ssh2
Sep 28 13:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Connection closed by 66.181.171.136 port 58528 [preauth]
Sep 28 13:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Connection closed by 66.181.171.136 port 49128 [preauth]
Sep 28 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Invalid user dolphinscheduler from 66.181.171.136
Sep 28 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Failed password for invalid user dolphinscheduler from 66.181.171.136 port 41350 ssh2
Sep 28 13:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Connection closed by 66.181.171.136 port 41350 [preauth]
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user root
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10862]: Successful su for rubyman by root
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10862]: + ??? root:rubyman
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308585 of user rubyman.
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10862]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308585.
Sep 28 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session closed for user root
Sep 28 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7542]: pam_unix(cron:session): session closed for user root
Sep 28 13:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10789]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Invalid user lighthouse from 66.181.171.136
Sep 28 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for invalid user lighthouse from 66.181.171.136 port 48058 ssh2
Sep 28 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Connection closed by 66.181.171.136 port 48058 [preauth]
Sep 28 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Failed password for root from 66.181.171.136 port 41776 ssh2
Sep 28 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Connection closed by 66.181.171.136 port 41776 [preauth]
Sep 28 13:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: Failed password for root from 66.181.171.136 port 41784 ssh2
Sep 28 13:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: Connection closed by 66.181.171.136 port 41784 [preauth]
Sep 28 13:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Failed password for root from 66.181.171.136 port 58952 ssh2
Sep 28 13:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Connection closed by 66.181.171.136 port 58952 [preauth]
Sep 28 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user root
Sep 28 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: Invalid user svnuser from 66.181.171.136
Sep 28 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: input_userauth_request: invalid user svnuser [preauth]
Sep 28 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: Failed password for invalid user svnuser from 66.181.171.136 port 36052 ssh2
Sep 28 13:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11219]: Connection closed by 66.181.171.136 port 36052 [preauth]
Sep 28 13:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Invalid user ubuntu from 66.181.171.136
Sep 28 13:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 13:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Invalid user ftpuser from 66.181.171.136
Sep 28 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for invalid user ubuntu from 66.181.171.136 port 58604 ssh2
Sep 28 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Connection closed by 66.181.171.136 port 58604 [preauth]
Sep 28 13:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for invalid user ftpuser from 66.181.171.136 port 36054 ssh2
Sep 28 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Connection closed by 66.181.171.136 port 36054 [preauth]
Sep 28 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: Successful su for rubyman by root
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: + ??? root:rubyman
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308591 of user rubyman.
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308591.
Sep 28 13:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: Failed password for root from 66.181.171.136 port 58608 ssh2
Sep 28 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11338]: Connection closed by 66.181.171.136 port 58608 [preauth]
Sep 28 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: Invalid user esadmin from 66.181.171.136
Sep 28 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: input_userauth_request: invalid user esadmin [preauth]
Sep 28 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8050]: pam_unix(cron:session): session closed for user root
Sep 28 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: Failed password for invalid user esadmin from 66.181.171.136 port 59246 ssh2
Sep 28 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: Connection closed by 66.181.171.136 port 59246 [preauth]
Sep 28 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session closed for user root
Sep 28 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: Failed password for root from 66.181.171.136 port 53740 ssh2
Sep 28 13:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: Connection closed by 66.181.171.136 port 53740 [preauth]
Sep 28 13:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Failed password for root from 66.181.171.136 port 53746 ssh2
Sep 28 13:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Connection closed by 66.181.171.136 port 53746 [preauth]
Sep 28 13:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Invalid user rabbitmq from 66.181.171.136
Sep 28 13:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 28 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Failed password for root from 66.181.171.136 port 54788 ssh2
Sep 28 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11761]: Connection closed by 66.181.171.136 port 54788 [preauth]
Sep 28 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Failed password for invalid user rabbitmq from 66.181.171.136 port 36538 ssh2
Sep 28 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Connection closed by 66.181.171.136 port 36538 [preauth]
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11807]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11808]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: Successful su for rubyman by root
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: + ??? root:rubyman
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308595 of user rubyman.
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11879]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308595.
Sep 28 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11899]: Failed password for root from 66.181.171.136 port 57688 ssh2
Sep 28 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11899]: Connection closed by 66.181.171.136 port 57688 [preauth]
Sep 28 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session closed for user root
Sep 28 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11806]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Invalid user wang from 66.181.171.136
Sep 28 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: input_userauth_request: invalid user wang [preauth]
Sep 28 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for invalid user wang from 66.181.171.136 port 46932 ssh2
Sep 28 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Connection closed by 66.181.171.136 port 46932 [preauth]
Sep 28 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Invalid user hadoop from 66.181.171.136
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: User ftp from 66.181.171.136 not allowed because not listed in AllowUsers
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: input_userauth_request: invalid user ftp [preauth]
Sep 28 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=ftp
Sep 28 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Failed password for invalid user hadoop from 66.181.171.136 port 46950 ssh2
Sep 28 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Connection closed by 66.181.171.136 port 46950 [preauth]
Sep 28 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: Failed password for invalid user ftp from 66.181.171.136 port 52306 ssh2
Sep 28 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: Connection closed by 66.181.171.136 port 52306 [preauth]
Sep 28 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Invalid user uftp from 66.181.171.136
Sep 28 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: input_userauth_request: invalid user uftp [preauth]
Sep 28 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Failed password for invalid user uftp from 66.181.171.136 port 52322 ssh2
Sep 28 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Connection closed by 66.181.171.136 port 52322 [preauth]
Sep 28 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session closed for user root
Sep 28 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: Invalid user awsgui from 66.181.171.136
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: input_userauth_request: invalid user awsgui [preauth]
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Invalid user elasticsearch from 66.181.171.136
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: Failed password for invalid user awsgui from 66.181.171.136 port 42506 ssh2
Sep 28 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: Connection closed by 66.181.171.136 port 42506 [preauth]
Sep 28 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Failed password for invalid user elasticsearch from 66.181.171.136 port 46088 ssh2
Sep 28 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Connection closed by 66.181.171.136 port 46088 [preauth]
Sep 28 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Invalid user dolphinscheduler from 66.181.171.136
Sep 28 13:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 13:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Failed password for invalid user dolphinscheduler from 66.181.171.136 port 42516 ssh2
Sep 28 13:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Connection closed by 66.181.171.136 port 42516 [preauth]
Sep 28 13:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: Invalid user yarn from 66.181.171.136
Sep 28 13:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: input_userauth_request: invalid user yarn [preauth]
Sep 28 13:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: Failed password for invalid user yarn from 66.181.171.136 port 33144 ssh2
Sep 28 13:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: Connection closed by 66.181.171.136 port 33144 [preauth]
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12257]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12322]: Successful su for rubyman by root
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12322]: + ??? root:rubyman
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308601 of user rubyman.
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12322]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308601.
Sep 28 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9253]: pam_unix(cron:session): session closed for user root
Sep 28 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Invalid user guest from 66.181.171.136
Sep 28 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: input_userauth_request: invalid user guest [preauth]
Sep 28 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Failed password for invalid user guest from 66.181.171.136 port 51808 ssh2
Sep 28 13:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Connection closed by 66.181.171.136 port 51808 [preauth]
Sep 28 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Invalid user wang from 66.181.171.136
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: input_userauth_request: invalid user wang [preauth]
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Invalid user test2 from 66.181.171.136
Sep 28 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: input_userauth_request: invalid user test2 [preauth]
Sep 28 13:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Failed password for invalid user wang from 66.181.171.136 port 51832 ssh2
Sep 28 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12534]: Connection closed by 66.181.171.136 port 51832 [preauth]
Sep 28 13:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Failed password for invalid user test2 from 66.181.171.136 port 35254 ssh2
Sep 28 13:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Connection closed by 66.181.171.136 port 35254 [preauth]
Sep 28 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: Invalid user oracle from 66.181.171.136
Sep 28 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: input_userauth_request: invalid user oracle [preauth]
Sep 28 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: Failed password for invalid user oracle from 66.181.171.136 port 35260 ssh2
Sep 28 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12562]: Connection closed by 66.181.171.136 port 35260 [preauth]
Sep 28 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Failed password for root from 66.181.171.136 port 43272 ssh2
Sep 28 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Connection closed by 66.181.171.136 port 43272 [preauth]
Sep 28 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: Invalid user nexus from 66.181.171.136
Sep 28 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: input_userauth_request: invalid user nexus [preauth]
Sep 28 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: Failed password for invalid user nexus from 66.181.171.136 port 51244 ssh2
Sep 28 13:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: Connection closed by 66.181.171.136 port 51244 [preauth]
Sep 28 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Invalid user app from 66.181.171.136
Sep 28 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: input_userauth_request: invalid user app [preauth]
Sep 28 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Invalid user www from 66.181.171.136
Sep 28 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: input_userauth_request: invalid user www [preauth]
Sep 28 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Failed password for invalid user app from 66.181.171.136 port 51260 ssh2
Sep 28 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Connection closed by 66.181.171.136 port 51260 [preauth]
Sep 28 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Failed password for invalid user www from 66.181.171.136 port 43264 ssh2
Sep 28 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session closed for user root
Sep 28 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Connection closed by 66.181.171.136 port 43264 [preauth]
Sep 28 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: Invalid user nvidia from 66.181.171.136
Sep 28 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: Failed password for invalid user nvidia from 66.181.171.136 port 58408 ssh2
Sep 28 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: Connection closed by 66.181.171.136 port 58408 [preauth]
Sep 28 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136  user=root
Sep 28 13:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Failed password for root from 66.181.171.136 port 58416 ssh2
Sep 28 13:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Connection closed by 66.181.171.136 port 58416 [preauth]
Sep 28 13:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: Failed password for root from 66.181.171.136 port 52602 ssh2
Sep 28 13:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12691]: Connection closed by 66.181.171.136 port 52602 [preauth]
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: Successful su for rubyman by root
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: + ??? root:rubyman
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308604 of user rubyman.
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308604.
Sep 28 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Invalid user sugi from 66.181.171.136
Sep 28 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: input_userauth_request: invalid user sugi [preauth]
Sep 28 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Failed password for invalid user sugi from 66.181.171.136 port 55146 ssh2
Sep 28 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Connection closed by 66.181.171.136 port 55146 [preauth]
Sep 28 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session closed for user root
Sep 28 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Invalid user es from 66.181.171.136
Sep 28 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: input_userauth_request: invalid user es [preauth]
Sep 28 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.171.136
Sep 28 13:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Failed password for invalid user es from 66.181.171.136 port 52616 ssh2
Sep 28 13:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Connection closed by 66.181.171.136 port 52616 [preauth]
Sep 28 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11808]: pam_unix(cron:session): session closed for user root
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13167]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13169]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13169]: pam_unix(cron:session): session closed for user root
Sep 28 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13164]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13239]: Successful su for rubyman by root
Sep 28 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13239]: + ??? root:rubyman
Sep 28 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308611 of user rubyman.
Sep 28 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13239]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308611.
Sep 28 13:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session closed for user root
Sep 28 13:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13166]: pam_unix(cron:session): session closed for user root
Sep 28 13:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12261]: pam_unix(cron:session): session closed for user root
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13698]: Successful su for rubyman by root
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13698]: + ??? root:rubyman
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308615 of user rubyman.
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13698]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308615.
Sep 28 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session closed for user root
Sep 28 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session closed for user root
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: Successful su for rubyman by root
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: + ??? root:rubyman
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308618 of user rubyman.
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308618.
Sep 28 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session closed for user root
Sep 28 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13168]: pam_unix(cron:session): session closed for user root
Sep 28 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14632]: Successful su for rubyman by root
Sep 28 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14632]: + ??? root:rubyman
Sep 28 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308621 of user rubyman.
Sep 28 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14632]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308621.
Sep 28 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11807]: pam_unix(cron:session): session closed for user root
Sep 28 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session closed for user root
Sep 28 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 13:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Failed password for root from 46.101.170.54 port 59284 ssh2
Sep 28 13:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Connection closed by 46.101.170.54 port 59284 [preauth]
Sep 28 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14987]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14983]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: Successful su for rubyman by root
Sep 28 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: + ??? root:rubyman
Sep 28 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308627 of user rubyman.
Sep 28 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15128]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308627.
Sep 28 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session closed for user root
Sep 28 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session closed for user root
Sep 28 13:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14985]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: Connection closed by 66.132.153.116 port 36732 [preauth]
Sep 28 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user root
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15502]: pam_unix(cron:session): session closed for user root
Sep 28 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15497]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: Successful su for rubyman by root
Sep 28 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: + ??? root:rubyman
Sep 28 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308632 of user rubyman.
Sep 28 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15570]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308632.
Sep 28 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session closed for user root
Sep 28 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session closed for user root
Sep 28 13:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15498]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14568]: pam_unix(cron:session): session closed for user root
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: Successful su for rubyman by root
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: + ??? root:rubyman
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308636 of user rubyman.
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308636.
Sep 28 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13167]: pam_unix(cron:session): session closed for user root
Sep 28 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14987]: pam_unix(cron:session): session closed for user root
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16391]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: Successful su for rubyman by root
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: + ??? root:rubyman
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308640 of user rubyman.
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16453]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308640.
Sep 28 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session closed for user root
Sep 28 13:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15501]: pam_unix(cron:session): session closed for user root
Sep 28 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: Successful su for rubyman by root
Sep 28 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: + ??? root:rubyman
Sep 28 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308645 of user rubyman.
Sep 28 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308645.
Sep 28 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session closed for user root
Sep 28 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Invalid user user from 62.60.131.157
Sep 28 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: input_userauth_request: invalid user user [preauth]
Sep 28 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15951]: pam_unix(cron:session): session closed for user root
Sep 28 13:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user user from 62.60.131.157 port 45325 ssh2
Sep 28 13:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user user from 62.60.131.157 port 45325 ssh2
Sep 28 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user user from 62.60.131.157 port 45325 ssh2
Sep 28 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user user from 62.60.131.157 port 45325 ssh2
Sep 28 13:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user user from 62.60.131.157 port 45325 ssh2
Sep 28 13:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Received disconnect from 62.60.131.157 port 45325:11: Bye [preauth]
Sep 28 13:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Disconnected from 62.60.131.157 port 45325 [preauth]
Sep 28 13:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 13:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17276]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17343]: Successful su for rubyman by root
Sep 28 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17343]: + ??? root:rubyman
Sep 28 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308649 of user rubyman.
Sep 28 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17343]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308649.
Sep 28 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session closed for user root
Sep 28 13:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session closed for user root
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17729]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session closed for user root
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17870]: Successful su for rubyman by root
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17870]: + ??? root:rubyman
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308653 of user rubyman.
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17870]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308653.
Sep 28 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17729]: pam_unix(cron:session): session closed for user root
Sep 28 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14986]: pam_unix(cron:session): session closed for user root
Sep 28 13:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session closed for user root
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18605]: Successful su for rubyman by root
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18605]: + ??? root:rubyman
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308659 of user rubyman.
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18605]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308659.
Sep 28 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15500]: pam_unix(cron:session): session closed for user root
Sep 28 13:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17276]: pam_unix(cron:session): session closed for user root
Sep 28 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19011]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: Successful su for rubyman by root
Sep 28 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: + ??? root:rubyman
Sep 28 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308662 of user rubyman.
Sep 28 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308662.
Sep 28 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session closed for user root
Sep 28 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19012]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session closed for user root
Sep 28 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: Successful su for rubyman by root
Sep 28 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: + ??? root:rubyman
Sep 28 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308666 of user rubyman.
Sep 28 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308666.
Sep 28 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16391]: pam_unix(cron:session): session closed for user root
Sep 28 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session closed for user root
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: Successful su for rubyman by root
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: + ??? root:rubyman
Sep 28 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308671 of user rubyman.
Sep 28 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20362]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308671.
Sep 28 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session closed for user root
Sep 28 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session closed for user root
Sep 28 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 28 13:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Failed password for root from 20.163.71.109 port 59390 ssh2
Sep 28 13:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Connection closed by 20.163.71.109 port 59390 [preauth]
Sep 28 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: Invalid user alex from 164.68.105.9
Sep 28 13:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: input_userauth_request: invalid user alex [preauth]
Sep 28 13:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session closed for user root
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: Failed password for invalid user alex from 164.68.105.9 port 33088 ssh2
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20744]: Connection closed by 164.68.105.9 port 33088 [preauth]
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20828]: Successful su for rubyman by root
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20828]: + ??? root:rubyman
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308674 of user rubyman.
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20828]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308674.
Sep 28 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session closed for user root
Sep 28 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session closed for user root
Sep 28 13:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session closed for user root
Sep 28 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21216]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21285]: Successful su for rubyman by root
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21285]: + ??? root:rubyman
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308680 of user rubyman.
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21285]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308680.
Sep 28 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session closed for user root
Sep 28 13:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21217]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user root
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21652]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21720]: Successful su for rubyman by root
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21720]: + ??? root:rubyman
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308686 of user rubyman.
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21720]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308686.
Sep 28 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user root
Sep 28 13:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21653]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Invalid user adsl from 183.91.2.158
Sep 28 13:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: input_userauth_request: invalid user adsl [preauth]
Sep 28 13:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 13:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.91.2.158
Sep 28 13:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Failed password for invalid user adsl from 183.91.2.158 port 45666 ssh2
Sep 28 13:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Connection closed by 183.91.2.158 port 45666 [preauth]
Sep 28 13:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session closed for user root
Sep 28 13:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.164.79 port 49896
Sep 28 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Did not receive identification string from 165.154.164.79
Sep 28 13:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22099]: Connection closed by 165.154.164.79 port 40752 [preauth]
Sep 28 13:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: Protocol major versions differ for 165.154.164.79: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: Successful su for rubyman by root
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: + ??? root:rubyman
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308688 of user rubyman.
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308688.
Sep 28 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19014]: pam_unix(cron:session): session closed for user root
Sep 28 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Invalid user admin from 139.19.117.131
Sep 28 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: input_userauth_request: invalid user admin [preauth]
Sep 28 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Connection closed by 139.19.117.131 port 52354 [preauth]
Sep 28 13:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session closed for user root
Sep 28 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22550]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22609]: Successful su for rubyman by root
Sep 28 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22609]: + ??? root:rubyman
Sep 28 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308693 of user rubyman.
Sep 28 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22609]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308693.
Sep 28 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session closed for user root
Sep 28 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session closed for user root
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session closed for user root
Sep 28 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23255]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23343]: Successful su for rubyman by root
Sep 28 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23343]: + ??? root:rubyman
Sep 28 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308697 of user rubyman.
Sep 28 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23343]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308697.
Sep 28 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user root
Sep 28 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23257]: pam_unix(cron:session): session closed for user root
Sep 28 13:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23256]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22110]: pam_unix(cron:session): session closed for user root
Sep 28 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: Successful su for rubyman by root
Sep 28 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: + ??? root:rubyman
Sep 28 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308702 of user rubyman.
Sep 28 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308702.
Sep 28 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20750]: pam_unix(cron:session): session closed for user root
Sep 28 13:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22550]: pam_unix(cron:session): session closed for user root
Sep 28 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: Successful su for rubyman by root
Sep 28 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: + ??? root:rubyman
Sep 28 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308706 of user rubyman.
Sep 28 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24539]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308706.
Sep 28 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session closed for user root
Sep 28 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session closed for user root
Sep 28 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24907]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: Successful su for rubyman by root
Sep 28 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: + ??? root:rubyman
Sep 28 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308711 of user rubyman.
Sep 28 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308711.
Sep 28 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21655]: pam_unix(cron:session): session closed for user root
Sep 28 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session closed for user root
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25598]: pam_unix(cron:session): session closed for user p13x
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25664]: Successful su for rubyman by root
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25664]: + ??? root:rubyman
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308714 of user rubyman.
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25664]: pam_unix(su:session): session closed for user rubyman
Sep 28 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308714.
Sep 28 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user root
Sep 28 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user samftp
Sep 28 13:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session closed for user root
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session closed for user root
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session closed for user root
Sep 28 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: Successful su for rubyman by root
Sep 28 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: + ??? root:rubyman
Sep 28 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308718 of user rubyman.
Sep 28 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308718.
Sep 28 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user root
Sep 28 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session closed for user root
Sep 28 14:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Invalid user chenlixiao from 190.103.202.7
Sep 28 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: input_userauth_request: invalid user chenlixiao [preauth]
Sep 28 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 14:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Failed password for invalid user chenlixiao from 190.103.202.7 port 42032 ssh2
Sep 28 14:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26645]: Connection closed by 190.103.202.7 port 42032 [preauth]
Sep 28 14:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session closed for user root
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26877]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: Successful su for rubyman by root
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: + ??? root:rubyman
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308725 of user rubyman.
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308725.
Sep 28 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Invalid user wilson from 164.68.105.9
Sep 28 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: input_userauth_request: invalid user wilson [preauth]
Sep 28 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session closed for user root
Sep 28 14:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26879]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Failed password for invalid user wilson from 164.68.105.9 port 42460 ssh2
Sep 28 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Connection closed by 164.68.105.9 port 42460 [preauth]
Sep 28 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user root
Sep 28 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: Successful su for rubyman by root
Sep 28 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: + ??? root:rubyman
Sep 28 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308730 of user rubyman.
Sep 28 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308730.
Sep 28 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user root
Sep 28 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user root
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: Successful su for rubyman by root
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: + ??? root:rubyman
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308733 of user rubyman.
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28096]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308733.
Sep 28 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session closed for user root
Sep 28 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session closed for user root
Sep 28 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: Successful su for rubyman by root
Sep 28 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: + ??? root:rubyman
Sep 28 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308737 of user rubyman.
Sep 28 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308737.
Sep 28 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session closed for user root
Sep 28 14:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user root
Sep 28 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Invalid user  from 8.134.14.125
Sep 28 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: input_userauth_request: invalid user  [preauth]
Sep 28 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Connection closed by 8.134.14.125 port 48474 [preauth]
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session closed for user root
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: Successful su for rubyman by root
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: + ??? root:rubyman
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308744 of user rubyman.
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308744.
Sep 28 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session closed for user root
Sep 28 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user root
Sep 28 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session closed for user root
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29664]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29736]: Successful su for rubyman by root
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29736]: + ??? root:rubyman
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308748 of user rubyman.
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29736]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308748.
Sep 28 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user root
Sep 28 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session closed for user root
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: Successful su for rubyman by root
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: + ??? root:rubyman
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308752 of user rubyman.
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308752.
Sep 28 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session closed for user root
Sep 28 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29161]: pam_unix(cron:session): session closed for user root
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30729]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30730]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30791]: Successful su for rubyman by root
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30791]: + ??? root:rubyman
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308756 of user rubyman.
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30791]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308756.
Sep 28 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session closed for user root
Sep 28 14:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session closed for user root
Sep 28 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: Successful su for rubyman by root
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: + ??? root:rubyman
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308759 of user rubyman.
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308759.
Sep 28 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session closed for user root
Sep 28 14:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session closed for user root
Sep 28 14:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session closed for user root
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31757]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31759]: pam_unix(cron:session): session closed for user root
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31829]: Successful su for rubyman by root
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31829]: + ??? root:rubyman
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308765 of user rubyman.
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31829]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308765.
Sep 28 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user root
Sep 28 14:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session closed for user root
Sep 28 14:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Invalid user pi from 8.134.14.125
Sep 28 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: input_userauth_request: invalid user pi [preauth]
Sep 28 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Failed password for root from 8.134.14.125 port 58068 ssh2
Sep 28 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Connection closed by 8.134.14.125 port 58068 [preauth]
Sep 28 14:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Failed password for invalid user pi from 8.134.14.125 port 58076 ssh2
Sep 28 14:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Connection closed by 8.134.14.125 port 58076 [preauth]
Sep 28 14:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: Invalid user hive from 8.134.14.125
Sep 28 14:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: input_userauth_request: invalid user hive [preauth]
Sep 28 14:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: Failed password for invalid user hive from 8.134.14.125 port 58084 ssh2
Sep 28 14:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32082]: Connection closed by 8.134.14.125 port 58084 [preauth]
Sep 28 14:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Invalid user git from 8.134.14.125
Sep 28 14:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: input_userauth_request: invalid user git [preauth]
Sep 28 14:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Failed password for invalid user git from 8.134.14.125 port 60780 ssh2
Sep 28 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Connection closed by 8.134.14.125 port 60780 [preauth]
Sep 28 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Invalid user wang from 8.134.14.125
Sep 28 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: input_userauth_request: invalid user wang [preauth]
Sep 28 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Failed password for invalid user wang from 8.134.14.125 port 60786 ssh2
Sep 28 14:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Connection closed by 8.134.14.125 port 60786 [preauth]
Sep 28 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Invalid user nginx from 8.134.14.125
Sep 28 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: input_userauth_request: invalid user nginx [preauth]
Sep 28 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Failed password for invalid user nginx from 8.134.14.125 port 60800 ssh2
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Invalid user mongo from 8.134.14.125
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: input_userauth_request: invalid user mongo [preauth]
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Connection closed by 8.134.14.125 port 60800 [preauth]
Sep 28 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Failed password for invalid user mongo from 8.134.14.125 port 36986 ssh2
Sep 28 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Connection closed by 8.134.14.125 port 36986 [preauth]
Sep 28 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: Invalid user user from 8.134.14.125
Sep 28 14:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: input_userauth_request: invalid user user [preauth]
Sep 28 14:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: Failed password for invalid user user from 8.134.14.125 port 36994 ssh2
Sep 28 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32144]: Connection closed by 8.134.14.125 port 36994 [preauth]
Sep 28 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30730]: pam_unix(cron:session): session closed for user root
Sep 28 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: Invalid user oracle from 8.134.14.125
Sep 28 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: Failed password for invalid user oracle from 8.134.14.125 port 36998 ssh2
Sep 28 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32163]: Connection closed by 8.134.14.125 port 36998 [preauth]
Sep 28 14:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Invalid user gpadmin from 8.134.14.125
Sep 28 14:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 14:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Failed password for invalid user gpadmin from 8.134.14.125 port 46398 ssh2
Sep 28 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32188]: Connection closed by 8.134.14.125 port 46398 [preauth]
Sep 28 14:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Failed password for root from 8.134.14.125 port 46406 ssh2
Sep 28 14:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32200]: Connection closed by 8.134.14.125 port 46406 [preauth]
Sep 28 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Invalid user esroot from 8.134.14.125
Sep 28 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: input_userauth_request: invalid user esroot [preauth]
Sep 28 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: Invalid user gitlab from 8.134.14.125
Sep 28 14:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 14:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Failed password for invalid user esroot from 8.134.14.125 port 46416 ssh2
Sep 28 14:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Connection closed by 8.134.14.125 port 46416 [preauth]
Sep 28 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: Failed password for invalid user gitlab from 8.134.14.125 port 44924 ssh2
Sep 28 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32228]: Connection closed by 8.134.14.125 port 44924 [preauth]
Sep 28 14:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: Invalid user apache from 8.134.14.125
Sep 28 14:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: input_userauth_request: invalid user apache [preauth]
Sep 28 14:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: Failed password for invalid user apache from 8.134.14.125 port 44930 ssh2
Sep 28 14:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: Connection closed by 8.134.14.125 port 44930 [preauth]
Sep 28 14:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for root from 8.134.14.125 port 44942 ssh2
Sep 28 14:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Connection closed by 8.134.14.125 port 44942 [preauth]
Sep 28 14:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Failed password for root from 8.134.14.125 port 46266 ssh2
Sep 28 14:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32253]: Connection closed by 8.134.14.125 port 46266 [preauth]
Sep 28 14:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Invalid user user from 8.134.14.125
Sep 28 14:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: input_userauth_request: invalid user user [preauth]
Sep 28 14:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32341]: Successful su for rubyman by root
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32341]: + ??? root:rubyman
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308771 of user rubyman.
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32341]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308771.
Sep 28 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Failed password for invalid user user from 8.134.14.125 port 46278 ssh2
Sep 28 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Connection closed by 8.134.14.125 port 46278 [preauth]
Sep 28 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Invalid user lighthouse from 8.134.14.125
Sep 28 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 14:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Failed password for invalid user lighthouse from 8.134.14.125 port 46290 ssh2
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Invalid user flask from 8.134.14.125
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: input_userauth_request: invalid user flask [preauth]
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Connection closed by 8.134.14.125 port 46290 [preauth]
Sep 28 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session closed for user root
Sep 28 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Failed password for invalid user flask from 8.134.14.125 port 60886 ssh2
Sep 28 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Connection closed by 8.134.14.125 port 60886 [preauth]
Sep 28 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32269]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: Invalid user user1 from 8.134.14.125
Sep 28 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: input_userauth_request: invalid user user1 [preauth]
Sep 28 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: Failed password for invalid user user1 from 8.134.14.125 port 60900 ssh2
Sep 28 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32543]: Connection closed by 8.134.14.125 port 60900 [preauth]
Sep 28 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Invalid user hadoop from 8.134.14.125
Sep 28 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Failed password for invalid user hadoop from 8.134.14.125 port 60904 ssh2
Sep 28 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Connection closed by 8.134.14.125 port 60904 [preauth]
Sep 28 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Invalid user oracle from 8.134.14.125
Sep 28 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for invalid user oracle from 8.134.14.125 port 60916 ssh2
Sep 28 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Connection closed by 8.134.14.125 port 60916 [preauth]
Sep 28 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Invalid user test from 8.134.14.125
Sep 28 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: input_userauth_request: invalid user test [preauth]
Sep 28 14:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Failed password for invalid user test from 8.134.14.125 port 40112 ssh2
Sep 28 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32581]: Connection closed by 8.134.14.125 port 40112 [preauth]
Sep 28 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: Failed password for root from 8.134.14.125 port 40128 ssh2
Sep 28 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: Connection closed by 8.134.14.125 port 40128 [preauth]
Sep 28 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: Invalid user developer from 8.134.14.125
Sep 28 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: input_userauth_request: invalid user developer [preauth]
Sep 28 14:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: Failed password for invalid user developer from 8.134.14.125 port 40138 ssh2
Sep 28 14:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32611]: Connection closed by 8.134.14.125 port 40138 [preauth]
Sep 28 14:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Failed password for root from 8.134.14.125 port 39064 ssh2
Sep 28 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Connection closed by 8.134.14.125 port 39064 [preauth]
Sep 28 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: User mysql from 8.134.14.125 not allowed because not listed in AllowUsers
Sep 28 14:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: input_userauth_request: invalid user mysql [preauth]
Sep 28 14:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=mysql
Sep 28 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Failed password for invalid user mysql from 8.134.14.125 port 39066 ssh2
Sep 28 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Connection closed by 8.134.14.125 port 39066 [preauth]
Sep 28 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session closed for user root
Sep 28 14:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32654]: Failed password for root from 8.134.14.125 port 39076 ssh2
Sep 28 14:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32654]: Connection closed by 8.134.14.125 port 39076 [preauth]
Sep 28 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32732]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[330]: Successful su for rubyman by root
Sep 28 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[330]: + ??? root:rubyman
Sep 28 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308774 of user rubyman.
Sep 28 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[330]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308774.
Sep 28 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29664]: pam_unix(cron:session): session closed for user root
Sep 28 14:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32729]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: Failed password for root from 8.134.14.125 port 57064 ssh2
Sep 28 14:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: Connection closed by 8.134.14.125 port 57064 [preauth]
Sep 28 14:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: Invalid user esuser from 8.134.14.125
Sep 28 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: input_userauth_request: invalid user esuser [preauth]
Sep 28 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Failed password for root from 8.134.14.125 port 35486 ssh2
Sep 28 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Connection closed by 8.134.14.125 port 35486 [preauth]
Sep 28 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: Failed password for invalid user esuser from 8.134.14.125 port 58944 ssh2
Sep 28 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[582]: Connection closed by 8.134.14.125 port 58944 [preauth]
Sep 28 14:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Invalid user nginx from 8.134.14.125
Sep 28 14:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: input_userauth_request: invalid user nginx [preauth]
Sep 28 14:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Failed password for invalid user nginx from 8.134.14.125 port 57074 ssh2
Sep 28 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Connection closed by 8.134.14.125 port 57074 [preauth]
Sep 28 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Invalid user git from 8.134.14.125
Sep 28 14:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: input_userauth_request: invalid user git [preauth]
Sep 28 14:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for invalid user git from 8.134.14.125 port 58954 ssh2
Sep 28 14:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Connection closed by 8.134.14.125 port 58954 [preauth]
Sep 28 14:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Invalid user postgres from 8.134.14.125
Sep 28 14:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: input_userauth_request: invalid user postgres [preauth]
Sep 28 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Failed password for invalid user postgres from 8.134.14.125 port 39584 ssh2
Sep 28 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Connection closed by 8.134.14.125 port 39584 [preauth]
Sep 28 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Invalid user svnuser from 8.134.14.125
Sep 28 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: input_userauth_request: invalid user svnuser [preauth]
Sep 28 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Failed password for root from 8.134.14.125 port 58950 ssh2
Sep 28 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Connection closed by 8.134.14.125 port 58950 [preauth]
Sep 28 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Failed password for invalid user svnuser from 8.134.14.125 port 39606 ssh2
Sep 28 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Connection closed by 8.134.14.125 port 39606 [preauth]
Sep 28 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session closed for user root
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Invalid user plexserver from 8.134.14.125
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: input_userauth_request: invalid user plexserver [preauth]
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: Invalid user dolphinscheduler from 8.134.14.125
Sep 28 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Failed password for root from 8.134.14.125 port 43886 ssh2
Sep 28 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Connection closed by 8.134.14.125 port 43886 [preauth]
Sep 28 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Failed password for invalid user plexserver from 8.134.14.125 port 43896 ssh2
Sep 28 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Connection closed by 8.134.14.125 port 43896 [preauth]
Sep 28 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: Failed password for invalid user dolphinscheduler from 8.134.14.125 port 39632 ssh2
Sep 28 14:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: Connection closed by 8.134.14.125 port 39632 [preauth]
Sep 28 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Invalid user sonar from 8.134.14.125
Sep 28 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: input_userauth_request: invalid user sonar [preauth]
Sep 28 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Failed password for invalid user sonar from 8.134.14.125 port 43912 ssh2
Sep 28 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Connection closed by 8.134.14.125 port 43912 [preauth]
Sep 28 14:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Invalid user app from 8.134.14.125
Sep 28 14:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: input_userauth_request: invalid user app [preauth]
Sep 28 14:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Failed password for invalid user app from 8.134.14.125 port 40992 ssh2
Sep 28 14:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[703]: Connection closed by 8.134.14.125 port 40992 [preauth]
Sep 28 14:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Invalid user lighthouse from 8.134.14.125
Sep 28 14:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 14:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Invalid user tools from 8.134.14.125
Sep 28 14:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: input_userauth_request: invalid user tools [preauth]
Sep 28 14:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Failed password for invalid user lighthouse from 8.134.14.125 port 41000 ssh2
Sep 28 14:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Connection closed by 8.134.14.125 port 41000 [preauth]
Sep 28 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Failed password for invalid user tools from 8.134.14.125 port 40994 ssh2
Sep 28 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Connection closed by 8.134.14.125 port 40994 [preauth]
Sep 28 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: User mysql from 8.134.14.125 not allowed because not listed in AllowUsers
Sep 28 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: input_userauth_request: invalid user mysql [preauth]
Sep 28 14:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=mysql
Sep 28 14:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for invalid user mysql from 8.134.14.125 port 43550 ssh2
Sep 28 14:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 8.134.14.125 port 43550 [preauth]
Sep 28 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[738]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[736]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: Successful su for rubyman by root
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: + ??? root:rubyman
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308778 of user rubyman.
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308778.
Sep 28 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Failed password for root from 8.134.14.125 port 43552 ssh2
Sep 28 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Connection closed by 8.134.14.125 port 43552 [preauth]
Sep 28 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30150]: pam_unix(cron:session): session closed for user root
Sep 28 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Invalid user gpadmin from 8.134.14.125
Sep 28 14:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Failed password for invalid user gpadmin from 8.134.14.125 port 43556 ssh2
Sep 28 14:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Connection closed by 8.134.14.125 port 43556 [preauth]
Sep 28 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for root from 8.134.14.125 port 33516 ssh2
Sep 28 14:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Connection closed by 8.134.14.125 port 33516 [preauth]
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Invalid user www from 8.134.14.125
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: input_userauth_request: invalid user www [preauth]
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Invalid user oracle from 8.134.14.125
Sep 28 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Failed password for invalid user www from 8.134.14.125 port 33518 ssh2
Sep 28 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Connection closed by 8.134.14.125 port 33518 [preauth]
Sep 28 14:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Failed password for invalid user oracle from 8.134.14.125 port 33504 ssh2
Sep 28 14:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1129]: Connection closed by 8.134.14.125 port 33504 [preauth]
Sep 28 14:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Failed password for root from 8.134.14.125 port 34316 ssh2
Sep 28 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Connection closed by 8.134.14.125 port 34316 [preauth]
Sep 28 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Invalid user oscar from 8.134.14.125
Sep 28 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: input_userauth_request: invalid user oscar [preauth]
Sep 28 14:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Failed password for invalid user oscar from 8.134.14.125 port 34326 ssh2
Sep 28 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Connection closed by 8.134.14.125 port 34326 [preauth]
Sep 28 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Invalid user test from 8.134.14.125
Sep 28 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: input_userauth_request: invalid user test [preauth]
Sep 28 14:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Failed password for invalid user test from 8.134.14.125 port 34338 ssh2
Sep 28 14:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Connection closed by 8.134.14.125 port 34338 [preauth]
Sep 28 14:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Invalid user admin from 8.134.14.125
Sep 28 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: input_userauth_request: invalid user admin [preauth]
Sep 28 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for invalid user admin from 8.134.14.125 port 42764 ssh2
Sep 28 14:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 8.134.14.125 port 42764 [preauth]
Sep 28 14:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for root from 8.134.14.125 port 42772 ssh2
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session closed for user root
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Connection closed by 8.134.14.125 port 42772 [preauth]
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Invalid user app from 8.134.14.125
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: input_userauth_request: invalid user app [preauth]
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Failed password for invalid user app from 8.134.14.125 port 42784 ssh2
Sep 28 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Connection closed by 8.134.14.125 port 42784 [preauth]
Sep 28 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Invalid user elastic from 8.134.14.125
Sep 28 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: input_userauth_request: invalid user elastic [preauth]
Sep 28 14:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Failed password for invalid user elastic from 8.134.14.125 port 58618 ssh2
Sep 28 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1233]: Connection closed by 8.134.14.125 port 58618 [preauth]
Sep 28 14:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Failed password for root from 8.134.14.125 port 58626 ssh2
Sep 28 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Connection closed by 8.134.14.125 port 58626 [preauth]
Sep 28 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Invalid user guest from 8.134.14.125
Sep 28 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: input_userauth_request: invalid user guest [preauth]
Sep 28 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for invalid user guest from 8.134.14.125 port 58640 ssh2
Sep 28 14:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Connection closed by 8.134.14.125 port 58640 [preauth]
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: Successful su for rubyman by root
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: + ??? root:rubyman
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308784 of user rubyman.
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1389]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308784.
Sep 28 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30729]: pam_unix(cron:session): session closed for user root
Sep 28 14:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1313]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Invalid user git from 8.134.14.125
Sep 28 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: input_userauth_request: invalid user git [preauth]
Sep 28 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Failed password for invalid user git from 8.134.14.125 port 52548 ssh2
Sep 28 14:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Connection closed by 8.134.14.125 port 52548 [preauth]
Sep 28 14:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Invalid user appuser from 8.134.14.125
Sep 28 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: input_userauth_request: invalid user appuser [preauth]
Sep 28 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Failed password for invalid user appuser from 8.134.14.125 port 54992 ssh2
Sep 28 14:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Connection closed by 8.134.14.125 port 54992 [preauth]
Sep 28 14:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Failed password for root from 8.134.14.125 port 48256 ssh2
Sep 28 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Connection closed by 8.134.14.125 port 48256 [preauth]
Sep 28 14:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Invalid user ranger from 8.134.14.125
Sep 28 14:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: input_userauth_request: invalid user ranger [preauth]
Sep 28 14:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Invalid user tom from 8.134.14.125
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: input_userauth_request: invalid user tom [preauth]
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for invalid user ranger from 8.134.14.125 port 48242 ssh2
Sep 28 14:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Connection closed by 8.134.14.125 port 48242 [preauth]
Sep 28 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Failed password for invalid user tom from 8.134.14.125 port 54994 ssh2
Sep 28 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Failed password for root from 8.134.14.125 port 55004 ssh2
Sep 28 14:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Connection closed by 8.134.14.125 port 54994 [preauth]
Sep 28 14:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Connection closed by 8.134.14.125 port 55004 [preauth]
Sep 28 14:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Invalid user ubuntu from 8.134.14.125
Sep 28 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Failed password for invalid user ubuntu from 8.134.14.125 port 50808 ssh2
Sep 28 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Connection closed by 8.134.14.125 port 50808 [preauth]
Sep 28 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Invalid user elsearch from 8.134.14.125
Sep 28 14:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 14:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Invalid user nginx from 8.134.14.125
Sep 28 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: input_userauth_request: invalid user nginx [preauth]
Sep 28 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for invalid user elsearch from 8.134.14.125 port 50820 ssh2
Sep 28 14:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Connection closed by 8.134.14.125 port 50820 [preauth]
Sep 28 14:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32732]: pam_unix(cron:session): session closed for user root
Sep 28 14:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Failed password for invalid user nginx from 8.134.14.125 port 50830 ssh2
Sep 28 14:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Connection closed by 8.134.14.125 port 50830 [preauth]
Sep 28 14:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Failed password for root from 8.134.14.125 port 40622 ssh2
Sep 28 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Connection closed by 8.134.14.125 port 40622 [preauth]
Sep 28 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Invalid user rancher from 8.134.14.125
Sep 28 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: input_userauth_request: invalid user rancher [preauth]
Sep 28 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Failed password for invalid user rancher from 8.134.14.125 port 40626 ssh2
Sep 28 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Connection closed by 8.134.14.125 port 40626 [preauth]
Sep 28 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Invalid user es from 8.134.14.125
Sep 28 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: input_userauth_request: invalid user es [preauth]
Sep 28 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Failed password for invalid user es from 8.134.14.125 port 57734 ssh2
Sep 28 14:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Connection closed by 8.134.14.125 port 57734 [preauth]
Sep 28 14:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Failed password for root from 8.134.14.125 port 57756 ssh2
Sep 28 14:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Connection closed by 8.134.14.125 port 57756 [preauth]
Sep 28 14:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for root from 8.134.14.125 port 57784 ssh2
Sep 28 14:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Connection closed by 8.134.14.125 port 57784 [preauth]
Sep 28 14:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Invalid user user from 8.134.14.125
Sep 28 14:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: input_userauth_request: invalid user user [preauth]
Sep 28 14:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user root
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1903]: Successful su for rubyman by root
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1903]: + ??? root:rubyman
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308786 of user rubyman.
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1903]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308786.
Sep 28 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Invalid user data from 8.134.14.125
Sep 28 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: input_userauth_request: invalid user data [preauth]
Sep 28 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for invalid user user from 8.134.14.125 port 57768 ssh2
Sep 28 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Connection closed by 8.134.14.125 port 57768 [preauth]
Sep 28 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Failed password for invalid user data from 8.134.14.125 port 54420 ssh2
Sep 28 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Connection closed by 8.134.14.125 port 54420 [preauth]
Sep 28 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session closed for user root
Sep 28 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session closed for user root
Sep 28 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user uftp from 8.134.14.125
Sep 28 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user uftp [preauth]
Sep 28 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Invalid user bigdata from 8.134.14.125
Sep 28 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: input_userauth_request: invalid user bigdata [preauth]
Sep 28 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user uftp from 8.134.14.125 port 54410 ssh2
Sep 28 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 8.134.14.125 port 54410 [preauth]
Sep 28 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1826]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Failed password for invalid user bigdata from 8.134.14.125 port 54430 ssh2
Sep 28 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2110]: Connection closed by 8.134.14.125 port 54430 [preauth]
Sep 28 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user oracle from 8.134.14.125
Sep 28 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Invalid user plex from 8.134.14.125
Sep 28 14:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: input_userauth_request: invalid user plex [preauth]
Sep 28 14:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user oracle from 8.134.14.125 port 53884 ssh2
Sep 28 14:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 8.134.14.125 port 53884 [preauth]
Sep 28 14:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Failed password for invalid user plex from 8.134.14.125 port 53894 ssh2
Sep 28 14:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2153]: Connection closed by 8.134.14.125 port 53894 [preauth]
Sep 28 14:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Invalid user steam from 8.134.14.125
Sep 28 14:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: input_userauth_request: invalid user steam [preauth]
Sep 28 14:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Failed password for invalid user steam from 8.134.14.125 port 53908 ssh2
Sep 28 14:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Connection closed by 8.134.14.125 port 53908 [preauth]
Sep 28 14:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Invalid user esuser from 8.134.14.125
Sep 28 14:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: input_userauth_request: invalid user esuser [preauth]
Sep 28 14:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Failed password for invalid user esuser from 8.134.14.125 port 51986 ssh2
Sep 28 14:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Connection closed by 8.134.14.125 port 51986 [preauth]
Sep 28 14:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Invalid user observer from 8.134.14.125
Sep 28 14:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: input_userauth_request: invalid user observer [preauth]
Sep 28 14:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Invalid user docker from 8.134.14.125
Sep 28 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: input_userauth_request: invalid user docker [preauth]
Sep 28 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Failed password for invalid user observer from 8.134.14.125 port 52002 ssh2
Sep 28 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Connection closed by 8.134.14.125 port 52002 [preauth]
Sep 28 14:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Failed password for invalid user docker from 8.134.14.125 port 52008 ssh2
Sep 28 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Connection closed by 8.134.14.125 port 52008 [preauth]
Sep 28 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Invalid user user from 8.134.14.125
Sep 28 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: input_userauth_request: invalid user user [preauth]
Sep 28 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for invalid user user from 8.134.14.125 port 48358 ssh2
Sep 28 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Connection closed by 8.134.14.125 port 48358 [preauth]
Sep 28 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Invalid user elastic from 8.134.14.125
Sep 28 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: input_userauth_request: invalid user elastic [preauth]
Sep 28 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user elastic from 8.134.14.125 port 48372 ssh2
Sep 28 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Connection closed by 8.134.14.125 port 48372 [preauth]
Sep 28 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[738]: pam_unix(cron:session): session closed for user root
Sep 28 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Invalid user oracle from 8.134.14.125
Sep 28 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Failed password for invalid user oracle from 8.134.14.125 port 48380 ssh2
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Invalid user postgres from 8.134.14.125
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: input_userauth_request: invalid user postgres [preauth]
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: Connection closed by 8.134.14.125 port 48380 [preauth]
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Failed password for invalid user postgres from 8.134.14.125 port 51486 ssh2
Sep 28 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Connection closed by 8.134.14.125 port 51486 [preauth]
Sep 28 14:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Invalid user ts from 8.134.14.125
Sep 28 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: input_userauth_request: invalid user ts [preauth]
Sep 28 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Failed password for invalid user ts from 8.134.14.125 port 51498 ssh2
Sep 28 14:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Connection closed by 8.134.14.125 port 51498 [preauth]
Sep 28 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Invalid user ftpuser from 8.134.14.125
Sep 28 14:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 14:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Failed password for invalid user ftpuser from 8.134.14.125 port 55344 ssh2
Sep 28 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Connection closed by 8.134.14.125 port 55344 [preauth]
Sep 28 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2331]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2399]: Successful su for rubyman by root
Sep 28 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2399]: + ??? root:rubyman
Sep 28 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308792 of user rubyman.
Sep 28 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2399]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308792.
Sep 28 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31757]: pam_unix(cron:session): session closed for user root
Sep 28 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Invalid user flask from 8.134.14.125
Sep 28 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: input_userauth_request: invalid user flask [preauth]
Sep 28 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2332]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Failed password for invalid user flask from 8.134.14.125 port 42944 ssh2
Sep 28 14:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Connection closed by 8.134.14.125 port 42944 [preauth]
Sep 28 14:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: Invalid user gitlab from 8.134.14.125
Sep 28 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Invalid user testuser from 8.134.14.125
Sep 28 14:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: input_userauth_request: invalid user testuser [preauth]
Sep 28 14:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: Failed password for invalid user gitlab from 8.134.14.125 port 56530 ssh2
Sep 28 14:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: Connection closed by 8.134.14.125 port 56530 [preauth]
Sep 28 14:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Failed password for invalid user testuser from 8.134.14.125 port 44330 ssh2
Sep 28 14:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Connection closed by 8.134.14.125 port 44330 [preauth]
Sep 28 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Invalid user postgres from 8.134.14.125
Sep 28 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: input_userauth_request: invalid user postgres [preauth]
Sep 28 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Failed password for invalid user postgres from 8.134.14.125 port 44344 ssh2
Sep 28 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Connection closed by 8.134.14.125 port 44344 [preauth]
Sep 28 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1317]: pam_unix(cron:session): session closed for user root
Sep 28 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Invalid user jenkins from 8.134.14.125
Sep 28 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: input_userauth_request: invalid user jenkins [preauth]
Sep 28 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Failed password for root from 8.134.14.125 port 56504 ssh2
Sep 28 14:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Connection closed by 8.134.14.125 port 56504 [preauth]
Sep 28 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Failed password for invalid user jenkins from 8.134.14.125 port 44352 ssh2
Sep 28 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Connection closed by 8.134.14.125 port 44352 [preauth]
Sep 28 14:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Invalid user weblogic from 8.134.14.125
Sep 28 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Failed password for invalid user weblogic from 8.134.14.125 port 40250 ssh2
Sep 28 14:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Connection closed by 8.134.14.125 port 40250 [preauth]
Sep 28 14:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: Invalid user steam from 8.134.14.125
Sep 28 14:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: input_userauth_request: invalid user steam [preauth]
Sep 28 14:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: Failed password for invalid user steam from 8.134.14.125 port 44526 ssh2
Sep 28 14:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: Connection closed by 8.134.14.125 port 44526 [preauth]
Sep 28 14:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2787]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2787]: pam_unix(cron:session): session closed for user root
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2789]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: Successful su for rubyman by root
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: + ??? root:rubyman
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308797 of user rubyman.
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2856]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308797.
Sep 28 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: Failed password for root from 8.134.14.125 port 41510 ssh2
Sep 28 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: Connection closed by 8.134.14.125 port 41510 [preauth]
Sep 28 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32270]: pam_unix(cron:session): session closed for user root
Sep 28 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2790]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Invalid user tomcat from 8.134.14.125
Sep 28 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Failed password for invalid user tomcat from 8.134.14.125 port 37184 ssh2
Sep 28 14:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Connection closed by 8.134.14.125 port 37184 [preauth]
Sep 28 14:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: User mysql from 8.134.14.125 not allowed because not listed in AllowUsers
Sep 28 14:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: input_userauth_request: invalid user mysql [preauth]
Sep 28 14:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=mysql
Sep 28 14:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Invalid user centos from 8.134.14.125
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: input_userauth_request: invalid user centos [preauth]
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for root from 8.134.14.125 port 37204 ssh2
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: Failed password for invalid user mysql from 8.134.14.125 port 37200 ssh2
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: Failed password for root from 8.134.14.125 port 45822 ssh2
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 8.134.14.125 port 37204 [preauth]
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: Connection closed by 8.134.14.125 port 37200 [preauth]
Sep 28 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: Connection closed by 8.134.14.125 port 45822 [preauth]
Sep 28 14:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Failed password for invalid user centos from 8.134.14.125 port 41526 ssh2
Sep 28 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Connection closed by 8.134.14.125 port 41526 [preauth]
Sep 28 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Invalid user zabbix from 8.134.14.125
Sep 28 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Failed password for invalid user zabbix from 8.134.14.125 port 45832 ssh2
Sep 28 14:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Connection closed by 8.134.14.125 port 45832 [preauth]
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Invalid user kubernetes from 8.134.14.125
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: input_userauth_request: invalid user kubernetes [preauth]
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user test from 8.134.14.125
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user test [preauth]
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Failed password for invalid user kubernetes from 8.134.14.125 port 45834 ssh2
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Invalid user observer from 8.134.14.125
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: input_userauth_request: invalid user observer [preauth]
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Connection closed by 8.134.14.125 port 45834 [preauth]
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user test from 8.134.14.125 port 55348 ssh2
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Connection closed by 8.134.14.125 port 55348 [preauth]
Sep 28 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Failed password for invalid user observer from 8.134.14.125 port 40174 ssh2
Sep 28 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Connection closed by 8.134.14.125 port 40174 [preauth]
Sep 28 14:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Invalid user hadoop from 8.134.14.125
Sep 28 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 14:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Failed password for invalid user hadoop from 8.134.14.125 port 40184 ssh2
Sep 28 14:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Connection closed by 8.134.14.125 port 40184 [preauth]
Sep 28 14:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Invalid user bot from 8.134.14.125
Sep 28 14:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: input_userauth_request: invalid user bot [preauth]
Sep 28 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session closed for user root
Sep 28 14:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user bot from 8.134.14.125 port 40198 ssh2
Sep 28 14:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Connection closed by 8.134.14.125 port 40198 [preauth]
Sep 28 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Invalid user debianuser from 8.134.14.125
Sep 28 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: input_userauth_request: invalid user debianuser [preauth]
Sep 28 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Failed password for invalid user debianuser from 8.134.14.125 port 36728 ssh2
Sep 28 14:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Connection closed by 8.134.14.125 port 36728 [preauth]
Sep 28 14:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Invalid user oracle from 8.134.14.125
Sep 28 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Failed password for invalid user oracle from 8.134.14.125 port 36744 ssh2
Sep 28 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Connection closed by 8.134.14.125 port 36744 [preauth]
Sep 28 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: User ftp from 8.134.14.125 not allowed because not listed in AllowUsers
Sep 28 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: input_userauth_request: invalid user ftp [preauth]
Sep 28 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=ftp
Sep 28 14:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: Failed password for invalid user ftp from 8.134.14.125 port 45164 ssh2
Sep 28 14:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3211]: Connection closed by 8.134.14.125 port 45164 [preauth]
Sep 28 14:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Invalid user elastic from 8.134.14.125
Sep 28 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: input_userauth_request: invalid user elastic [preauth]
Sep 28 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Failed password for invalid user elastic from 8.134.14.125 port 45180 ssh2
Sep 28 14:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Connection closed by 8.134.14.125 port 45180 [preauth]
Sep 28 14:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Failed password for root from 8.134.14.125 port 45192 ssh2
Sep 28 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Connection closed by 8.134.14.125 port 45192 [preauth]
Sep 28 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Invalid user admin from 8.134.14.125
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: input_userauth_request: invalid user admin [preauth]
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Invalid user ranger from 8.134.14.125
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: input_userauth_request: invalid user ranger [preauth]
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Failed password for invalid user admin from 8.134.14.125 port 45196 ssh2
Sep 28 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Connection closed by 8.134.14.125 port 45196 [preauth]
Sep 28 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Failed password for invalid user ranger from 8.134.14.125 port 36740 ssh2
Sep 28 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Connection closed by 8.134.14.125 port 36740 [preauth]
Sep 28 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Invalid user default from 8.134.14.125
Sep 28 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: input_userauth_request: invalid user default [preauth]
Sep 28 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Failed password for invalid user default from 8.134.14.125 port 52950 ssh2
Sep 28 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Connection closed by 8.134.14.125 port 52950 [preauth]
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3260]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3259]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3255]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3325]: Successful su for rubyman by root
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3325]: + ??? root:rubyman
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308801 of user rubyman.
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3325]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308801.
Sep 28 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user root
Sep 28 14:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3257]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Failed password for root from 8.134.14.125 port 48304 ssh2
Sep 28 14:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Connection closed by 8.134.14.125 port 48304 [preauth]
Sep 28 14:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Invalid user www from 8.134.14.125
Sep 28 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: input_userauth_request: invalid user www [preauth]
Sep 28 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Failed password for invalid user www from 8.134.14.125 port 47064 ssh2
Sep 28 14:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3592]: Connection closed by 8.134.14.125 port 47064 [preauth]
Sep 28 14:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Invalid user tools from 8.134.14.125
Sep 28 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: input_userauth_request: invalid user tools [preauth]
Sep 28 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Failed password for invalid user tools from 8.134.14.125 port 47046 ssh2
Sep 28 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Connection closed by 8.134.14.125 port 47046 [preauth]
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Invalid user es from 8.134.14.125
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: input_userauth_request: invalid user es [preauth]
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for root from 8.134.14.125 port 38912 ssh2
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2334]: pam_unix(cron:session): session closed for user root
Sep 28 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Connection closed by 8.134.14.125 port 38912 [preauth]
Sep 28 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Invalid user admin from 8.134.14.125
Sep 28 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: input_userauth_request: invalid user admin [preauth]
Sep 28 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Failed password for invalid user es from 8.134.14.125 port 38924 ssh2
Sep 28 14:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3611]: Connection closed by 8.134.14.125 port 38924 [preauth]
Sep 28 14:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Failed password for invalid user admin from 8.134.14.125 port 47052 ssh2
Sep 28 14:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Connection closed by 8.134.14.125 port 47052 [preauth]
Sep 28 14:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Invalid user oracle from 8.134.14.125
Sep 28 14:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for invalid user oracle from 8.134.14.125 port 49790 ssh2
Sep 28 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Connection closed by 8.134.14.125 port 49790 [preauth]
Sep 28 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Invalid user uftp from 8.134.14.125
Sep 28 14:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: input_userauth_request: invalid user uftp [preauth]
Sep 28 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Failed password for invalid user uftp from 8.134.14.125 port 49804 ssh2
Sep 28 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Connection closed by 8.134.14.125 port 49804 [preauth]
Sep 28 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Failed password for root from 8.134.14.125 port 49764 ssh2
Sep 28 14:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Connection closed by 8.134.14.125 port 49764 [preauth]
Sep 28 14:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Invalid user flink from 8.134.14.125
Sep 28 14:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: input_userauth_request: invalid user flink [preauth]
Sep 28 14:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Failed password for invalid user flink from 8.134.14.125 port 44872 ssh2
Sep 28 14:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Connection closed by 8.134.14.125 port 44872 [preauth]
Sep 28 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Invalid user gitlab-runner from 8.134.14.125
Sep 28 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 28 14:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Failed password for root from 8.134.14.125 port 38906 ssh2
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Connection closed by 8.134.14.125 port 38906 [preauth]
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Invalid user es from 8.134.14.125
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: input_userauth_request: invalid user es [preauth]
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Failed password for invalid user gitlab-runner from 8.134.14.125 port 44878 ssh2
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3679]: Connection closed by 8.134.14.125 port 44878 [preauth]
Sep 28 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Failed password for invalid user es from 8.134.14.125 port 44884 ssh2
Sep 28 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Connection closed by 8.134.14.125 port 44884 [preauth]
Sep 28 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3781]: Successful su for rubyman by root
Sep 28 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3781]: + ??? root:rubyman
Sep 28 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308806 of user rubyman.
Sep 28 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3781]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308806.
Sep 28 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[736]: pam_unix(cron:session): session closed for user root
Sep 28 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Invalid user nvidia from 8.134.14.125
Sep 28 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Failed password for invalid user nvidia from 8.134.14.125 port 56304 ssh2
Sep 28 14:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Connection closed by 8.134.14.125 port 56304 [preauth]
Sep 28 14:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Failed password for root from 8.134.14.125 port 57114 ssh2
Sep 28 14:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Connection closed by 8.134.14.125 port 57114 [preauth]
Sep 28 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Invalid user developer from 8.134.14.125
Sep 28 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: input_userauth_request: invalid user developer [preauth]
Sep 28 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Failed password for invalid user developer from 8.134.14.125 port 57126 ssh2
Sep 28 14:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Connection closed by 8.134.14.125 port 57126 [preauth]
Sep 28 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for root from 8.134.14.125 port 51268 ssh2
Sep 28 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Connection closed by 8.134.14.125 port 51268 [preauth]
Sep 28 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: User ftp from 8.134.14.125 not allowed because not listed in AllowUsers
Sep 28 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: input_userauth_request: invalid user ftp [preauth]
Sep 28 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=ftp
Sep 28 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Failed password for invalid user ftp from 8.134.14.125 port 51282 ssh2
Sep 28 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Connection closed by 8.134.14.125 port 51282 [preauth]
Sep 28 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: Invalid user mongodb from 8.134.14.125
Sep 28 14:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: Failed password for invalid user mongodb from 8.134.14.125 port 51288 ssh2
Sep 28 14:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4038]: Connection closed by 8.134.14.125 port 51288 [preauth]
Sep 28 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Invalid user mongodb from 8.134.14.125
Sep 28 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Failed password for root from 8.134.14.125 port 57120 ssh2
Sep 28 14:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Connection closed by 8.134.14.125 port 57120 [preauth]
Sep 28 14:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for invalid user mongodb from 8.134.14.125 port 57438 ssh2
Sep 28 14:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Connection closed by 8.134.14.125 port 57438 [preauth]
Sep 28 14:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Invalid user app from 8.134.14.125
Sep 28 14:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: input_userauth_request: invalid user app [preauth]
Sep 28 14:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Failed password for invalid user app from 8.134.14.125 port 57452 ssh2
Sep 28 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Connection closed by 8.134.14.125 port 57452 [preauth]
Sep 28 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session closed for user root
Sep 28 14:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Failed password for root from 8.134.14.125 port 57464 ssh2
Sep 28 14:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Connection closed by 8.134.14.125 port 57464 [preauth]
Sep 28 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Invalid user www from 8.134.14.125
Sep 28 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: input_userauth_request: invalid user www [preauth]
Sep 28 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Failed password for invalid user www from 8.134.14.125 port 35638 ssh2
Sep 28 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Connection closed by 8.134.14.125 port 35638 [preauth]
Sep 28 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: Invalid user sonar from 8.134.14.125
Sep 28 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: input_userauth_request: invalid user sonar [preauth]
Sep 28 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: Failed password for invalid user sonar from 8.134.14.125 port 35648 ssh2
Sep 28 14:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4120]: Connection closed by 8.134.14.125 port 35648 [preauth]
Sep 28 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Invalid user elasticsearch from 8.134.14.125
Sep 28 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user elasticsearch from 8.134.14.125 port 35652 ssh2
Sep 28 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Connection closed by 8.134.14.125 port 35652 [preauth]
Sep 28 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Invalid user docker from 8.134.14.125
Sep 28 14:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: input_userauth_request: invalid user docker [preauth]
Sep 28 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Failed password for invalid user docker from 8.134.14.125 port 39158 ssh2
Sep 28 14:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Connection closed by 8.134.14.125 port 39158 [preauth]
Sep 28 14:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Failed password for root from 8.134.14.125 port 39166 ssh2
Sep 28 14:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Connection closed by 8.134.14.125 port 39166 [preauth]
Sep 28 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Invalid user postgres from 8.134.14.125
Sep 28 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: input_userauth_request: invalid user postgres [preauth]
Sep 28 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for invalid user postgres from 8.134.14.125 port 39170 ssh2
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Connection closed by 8.134.14.125 port 39170 [preauth]
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Invalid user dev from 8.134.14.125
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: input_userauth_request: invalid user dev [preauth]
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Failed password for invalid user dev from 8.134.14.125 port 41088 ssh2
Sep 28 14:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Connection closed by 8.134.14.125 port 41088 [preauth]
Sep 28 14:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Invalid user guest from 8.134.14.125
Sep 28 14:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: input_userauth_request: invalid user guest [preauth]
Sep 28 14:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user root
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Failed password for invalid user guest from 8.134.14.125 port 41090 ssh2
Sep 28 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Connection closed by 8.134.14.125 port 41090 [preauth]
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: Successful su for rubyman by root
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: + ??? root:rubyman
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308810 of user rubyman.
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308810.
Sep 28 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Invalid user tomcat from 8.134.14.125
Sep 28 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Failed password for invalid user tomcat from 8.134.14.125 port 41104 ssh2
Sep 28 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Connection closed by 8.134.14.125 port 41104 [preauth]
Sep 28 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Invalid user elsearch from 8.134.14.125
Sep 28 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1315]: pam_unix(cron:session): session closed for user root
Sep 28 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session closed for user root
Sep 28 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Failed password for invalid user elsearch from 8.134.14.125 port 53860 ssh2
Sep 28 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Connection closed by 8.134.14.125 port 53860 [preauth]
Sep 28 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Invalid user git from 8.134.14.125
Sep 28 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: input_userauth_request: invalid user git [preauth]
Sep 28 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Failed password for invalid user git from 8.134.14.125 port 53864 ssh2
Sep 28 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Connection closed by 8.134.14.125 port 53864 [preauth]
Sep 28 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3260]: pam_unix(cron:session): session closed for user root
Sep 28 14:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Invalid user ftpuser from 8.134.14.125
Sep 28 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Invalid user worker from 8.134.14.125
Sep 28 14:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: input_userauth_request: invalid user worker [preauth]
Sep 28 14:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Failed password for invalid user ftpuser from 8.134.14.125 port 48120 ssh2
Sep 28 14:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Connection closed by 8.134.14.125 port 48120 [preauth]
Sep 28 14:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Failed password for invalid user worker from 8.134.14.125 port 59208 ssh2
Sep 28 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: Invalid user esuser from 8.134.14.125
Sep 28 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: input_userauth_request: invalid user esuser [preauth]
Sep 28 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Connection closed by 8.134.14.125 port 59208 [preauth]
Sep 28 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: Failed password for invalid user esuser from 8.134.14.125 port 48124 ssh2
Sep 28 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: Connection closed by 8.134.14.125 port 48124 [preauth]
Sep 28 14:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Invalid user steam from 8.134.14.125
Sep 28 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: input_userauth_request: invalid user steam [preauth]
Sep 28 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Failed password for invalid user steam from 8.134.14.125 port 51450 ssh2
Sep 28 14:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Connection closed by 8.134.14.125 port 51450 [preauth]
Sep 28 14:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Invalid user ftpuser from 8.134.14.125
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Invalid user deploy from 8.134.14.125
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: input_userauth_request: invalid user deploy [preauth]
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Invalid user hamza from 103.100.211.56
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: input_userauth_request: invalid user hamza [preauth]
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.211.56
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Failed password for invalid user ftpuser from 8.134.14.125 port 59220 ssh2
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Connection closed by 8.134.14.125 port 59220 [preauth]
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Failed password for invalid user deploy from 8.134.14.125 port 54342 ssh2
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Failed password for invalid user hamza from 103.100.211.56 port 41412 ssh2
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Connection closed by 8.134.14.125 port 54342 [preauth]
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Received disconnect from 103.100.211.56 port 41412:11: Bye Bye [preauth]
Sep 28 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Disconnected from 103.100.211.56 port 41412 [preauth]
Sep 28 14:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Invalid user deploy from 8.134.14.125
Sep 28 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: input_userauth_request: invalid user deploy [preauth]
Sep 28 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for invalid user deploy from 8.134.14.125 port 41148 ssh2
Sep 28 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Connection closed by 8.134.14.125 port 41148 [preauth]
Sep 28 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4694]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: Successful su for rubyman by root
Sep 28 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: + ??? root:rubyman
Sep 28 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308816 of user rubyman.
Sep 28 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308816.
Sep 28 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session closed for user root
Sep 28 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4695]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Invalid user oscar from 8.134.14.125
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: input_userauth_request: invalid user oscar [preauth]
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Invalid user pi from 8.134.14.125
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: input_userauth_request: invalid user pi [preauth]
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Failed password for invalid user oscar from 8.134.14.125 port 41162 ssh2
Sep 28 14:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Connection closed by 8.134.14.125 port 41162 [preauth]
Sep 28 14:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Failed password for invalid user pi from 8.134.14.125 port 34372 ssh2
Sep 28 14:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Connection closed by 8.134.14.125 port 34372 [preauth]
Sep 28 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Invalid user oceanbase from 8.134.14.125
Sep 28 14:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: input_userauth_request: invalid user oceanbase [preauth]
Sep 28 14:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Failed password for invalid user oceanbase from 8.134.14.125 port 42832 ssh2
Sep 28 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Connection closed by 8.134.14.125 port 42832 [preauth]
Sep 28 14:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Invalid user lighthouse from 8.134.14.125
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Invalid user dolphinscheduler from 8.134.14.125
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Failed password for invalid user dolphinscheduler from 8.134.14.125 port 34356 ssh2
Sep 28 14:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Failed password for invalid user lighthouse from 8.134.14.125 port 42834 ssh2
Sep 28 14:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5028]: Connection closed by 8.134.14.125 port 34356 [preauth]
Sep 28 14:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Connection closed by 8.134.14.125 port 42834 [preauth]
Sep 28 14:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for root from 8.134.14.125 port 42838 ssh2
Sep 28 14:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Connection closed by 8.134.14.125 port 42838 [preauth]
Sep 28 14:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Invalid user dev from 8.134.14.125
Sep 28 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: input_userauth_request: invalid user dev [preauth]
Sep 28 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: Failed password for root from 8.134.14.125 port 41470 ssh2
Sep 28 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Failed password for invalid user dev from 8.134.14.125 port 34384 ssh2
Sep 28 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: Connection closed by 8.134.14.125 port 41470 [preauth]
Sep 28 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5061]: Connection closed by 8.134.14.125 port 34384 [preauth]
Sep 28 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Failed password for root from 8.134.14.125 port 41478 ssh2
Sep 28 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5063]: Connection closed by 8.134.14.125 port 41478 [preauth]
Sep 28 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3708]: pam_unix(cron:session): session closed for user root
Sep 28 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Failed password for root from 8.134.14.125 port 39174 ssh2
Sep 28 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Connection closed by 8.134.14.125 port 39174 [preauth]
Sep 28 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: Invalid user user from 8.134.14.125
Sep 28 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: input_userauth_request: invalid user user [preauth]
Sep 28 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: Failed password for invalid user user from 8.134.14.125 port 39180 ssh2
Sep 28 14:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5114]: Connection closed by 8.134.14.125 port 39180 [preauth]
Sep 28 14:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5118]: Failed password for root from 8.134.14.125 port 39186 ssh2
Sep 28 14:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5118]: Connection closed by 8.134.14.125 port 39186 [preauth]
Sep 28 14:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Invalid user svnuser from 8.134.14.125
Sep 28 14:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: input_userauth_request: invalid user svnuser [preauth]
Sep 28 14:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Failed password for invalid user svnuser from 8.134.14.125 port 57680 ssh2
Sep 28 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: Invalid user ftpuser from 8.134.14.125
Sep 28 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Connection closed by 8.134.14.125 port 57680 [preauth]
Sep 28 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: Failed password for invalid user ftpuser from 8.134.14.125 port 57688 ssh2
Sep 28 14:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5152]: Connection closed by 8.134.14.125 port 57688 [preauth]
Sep 28 14:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Invalid user ubuntu from 8.134.14.125
Sep 28 14:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 14:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Failed password for invalid user ubuntu from 8.134.14.125 port 57690 ssh2
Sep 28 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Connection closed by 8.134.14.125 port 57690 [preauth]
Sep 28 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5166]: Failed password for root from 8.134.14.125 port 39686 ssh2
Sep 28 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5166]: Connection closed by 8.134.14.125 port 39686 [preauth]
Sep 28 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Invalid user esadmin from 8.134.14.125
Sep 28 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: input_userauth_request: invalid user esadmin [preauth]
Sep 28 14:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Failed password for invalid user esadmin from 8.134.14.125 port 39690 ssh2
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Connection closed by 8.134.14.125 port 39690 [preauth]
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5256]: Successful su for rubyman by root
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5256]: + ??? root:rubyman
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308820 of user rubyman.
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5256]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308820.
Sep 28 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: Failed password for root from 8.134.14.125 port 39694 ssh2
Sep 28 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: Connection closed by 8.134.14.125 port 39694 [preauth]
Sep 28 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: Invalid user flask from 8.134.14.125
Sep 28 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: input_userauth_request: invalid user flask [preauth]
Sep 28 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session closed for user root
Sep 28 14:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: Failed password for invalid user flask from 8.134.14.125 port 39704 ssh2
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5486]: Connection closed by 8.134.14.125 port 39704 [preauth]
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: Invalid user deploy from 8.134.14.125
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: input_userauth_request: invalid user deploy [preauth]
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: Failed password for invalid user deploy from 8.134.14.125 port 52358 ssh2
Sep 28 14:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: Connection closed by 8.134.14.125 port 52358 [preauth]
Sep 28 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 8.134.14.125 port 52382 ssh2
Sep 28 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Connection closed by 8.134.14.125 port 52382 [preauth]
Sep 28 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user root
Sep 28 14:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: Failed password for root from 8.134.14.125 port 35442 ssh2
Sep 28 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5657]: Connection closed by 8.134.14.125 port 35442 [preauth]
Sep 28 14:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Failed password for root from 8.134.14.125 port 46362 ssh2
Sep 28 14:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Connection closed by 8.134.14.125 port 46362 [preauth]
Sep 28 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: Invalid user hadoop from 8.134.14.125
Sep 28 14:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: Failed password for invalid user hadoop from 8.134.14.125 port 46384 ssh2
Sep 28 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: Connection closed by 8.134.14.125 port 46384 [preauth]
Sep 28 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Invalid user wang from 8.134.14.125
Sep 28 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: input_userauth_request: invalid user wang [preauth]
Sep 28 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Failed password for invalid user wang from 8.134.14.125 port 46372 ssh2
Sep 28 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5689]: Connection closed by 8.134.14.125 port 46372 [preauth]
Sep 28 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: User ftp from 8.134.14.125 not allowed because not listed in AllowUsers
Sep 28 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: input_userauth_request: invalid user ftp [preauth]
Sep 28 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=ftp
Sep 28 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Failed password for invalid user ftp from 8.134.14.125 port 53720 ssh2
Sep 28 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Connection closed by 8.134.14.125 port 53720 [preauth]
Sep 28 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Invalid user elasticsearch from 8.134.14.125
Sep 28 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Failed password for root from 46.101.170.54 port 57682 ssh2
Sep 28 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Connection closed by 46.101.170.54 port 57682 [preauth]
Sep 28 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for invalid user elasticsearch from 8.134.14.125 port 53704 ssh2
Sep 28 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection closed by 8.134.14.125 port 53704 [preauth]
Sep 28 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5738]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5814]: Successful su for rubyman by root
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5814]: + ??? root:rubyman
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308823 of user rubyman.
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5814]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308823.
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Invalid user awsgui from 8.134.14.125
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: input_userauth_request: invalid user awsgui [preauth]
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Invalid user uftp from 8.134.14.125
Sep 28 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: input_userauth_request: invalid user uftp [preauth]
Sep 28 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Failed password for invalid user awsgui from 8.134.14.125 port 40740 ssh2
Sep 28 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for invalid user uftp from 8.134.14.125 port 40730 ssh2
Sep 28 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Connection closed by 8.134.14.125 port 40740 [preauth]
Sep 28 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Connection closed by 8.134.14.125 port 40730 [preauth]
Sep 28 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Invalid user webuser from 103.100.211.56
Sep 28 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: input_userauth_request: invalid user webuser [preauth]
Sep 28 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.211.56
Sep 28 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session closed for user root
Sep 28 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Invalid user dolphinscheduler from 8.134.14.125
Sep 28 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5739]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for invalid user webuser from 103.100.211.56 port 53368 ssh2
Sep 28 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Received disconnect from 103.100.211.56 port 53368:11: Bye Bye [preauth]
Sep 28 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Disconnected from 103.100.211.56 port 53368 [preauth]
Sep 28 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Failed password for invalid user dolphinscheduler from 8.134.14.125 port 40744 ssh2
Sep 28 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6001]: Connection closed by 8.134.14.125 port 40744 [preauth]
Sep 28 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Invalid user yarn from 8.134.14.125
Sep 28 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: input_userauth_request: invalid user yarn [preauth]
Sep 28 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Invalid user oracle from 8.134.14.125
Sep 28 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: input_userauth_request: invalid user oracle [preauth]
Sep 28 14:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Failed password for invalid user yarn from 8.134.14.125 port 52322 ssh2
Sep 28 14:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6056]: Connection closed by 8.134.14.125 port 52322 [preauth]
Sep 28 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Failed password for invalid user oracle from 8.134.14.125 port 47714 ssh2
Sep 28 14:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Connection closed by 8.134.14.125 port 47714 [preauth]
Sep 28 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Invalid user wang from 8.134.14.125
Sep 28 14:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: input_userauth_request: invalid user wang [preauth]
Sep 28 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Failed password for invalid user wang from 8.134.14.125 port 47730 ssh2
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Invalid user www from 8.134.14.125
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: input_userauth_request: invalid user www [preauth]
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6081]: Connection closed by 8.134.14.125 port 47730 [preauth]
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Invalid user test2 from 8.134.14.125
Sep 28 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: input_userauth_request: invalid user test2 [preauth]
Sep 28 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Failed password for invalid user www from 8.134.14.125 port 43818 ssh2
Sep 28 14:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Connection closed by 8.134.14.125 port 43818 [preauth]
Sep 28 14:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Failed password for invalid user test2 from 8.134.14.125 port 52328 ssh2
Sep 28 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Connection closed by 8.134.14.125 port 52328 [preauth]
Sep 28 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session closed for user root
Sep 28 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6104]: Failed password for root from 8.134.14.125 port 43820 ssh2
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Invalid user nexus from 8.134.14.125
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: input_userauth_request: invalid user nexus [preauth]
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6104]: Connection closed by 8.134.14.125 port 43820 [preauth]
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Invalid user guest from 8.134.14.125
Sep 28 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: input_userauth_request: invalid user guest [preauth]
Sep 28 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Failed password for invalid user nexus from 8.134.14.125 port 43822 ssh2
Sep 28 14:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Connection closed by 8.134.14.125 port 43822 [preauth]
Sep 28 14:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: Invalid user app from 8.134.14.125
Sep 28 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: input_userauth_request: invalid user app [preauth]
Sep 28 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Failed password for invalid user guest from 8.134.14.125 port 47716 ssh2
Sep 28 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Connection closed by 8.134.14.125 port 47716 [preauth]
Sep 28 14:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: Failed password for invalid user app from 8.134.14.125 port 55182 ssh2
Sep 28 14:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6147]: Connection closed by 8.134.14.125 port 55182 [preauth]
Sep 28 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Invalid user nvidia from 8.134.14.125
Sep 28 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for invalid user nvidia from 8.134.14.125 port 55196 ssh2
Sep 28 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6174]: Failed password for root from 8.134.14.125 port 55202 ssh2
Sep 28 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 8.134.14.125 port 55196 [preauth]
Sep 28 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6174]: Connection closed by 8.134.14.125 port 55202 [preauth]
Sep 28 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125  user=root
Sep 28 14:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Failed password for root from 8.134.14.125 port 52752 ssh2
Sep 28 14:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Connection closed by 8.134.14.125 port 52752 [preauth]
Sep 28 14:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Invalid user es from 8.134.14.125
Sep 28 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: input_userauth_request: invalid user es [preauth]
Sep 28 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Failed password for invalid user es from 8.134.14.125 port 52760 ssh2
Sep 28 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Connection closed by 8.134.14.125 port 52760 [preauth]
Sep 28 14:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Invalid user sugi from 8.134.14.125
Sep 28 14:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: input_userauth_request: invalid user sugi [preauth]
Sep 28 14:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.134.14.125
Sep 28 14:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for invalid user sugi from 8.134.14.125 port 52772 ssh2
Sep 28 14:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Connection closed by 8.134.14.125 port 52772 [preauth]
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6218]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6284]: Successful su for rubyman by root
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6284]: + ??? root:rubyman
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308828 of user rubyman.
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6284]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308828.
Sep 28 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3259]: pam_unix(cron:session): session closed for user root
Sep 28 14:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Invalid user pivpn from 103.100.211.56
Sep 28 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: input_userauth_request: invalid user pivpn [preauth]
Sep 28 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.211.56
Sep 28 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for invalid user pivpn from 103.100.211.56 port 43132 ssh2
Sep 28 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Received disconnect from 103.100.211.56 port 43132:11: Bye Bye [preauth]
Sep 28 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Disconnected from 103.100.211.56 port 43132 [preauth]
Sep 28 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session closed for user root
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session closed for user root
Sep 28 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: Successful su for rubyman by root
Sep 28 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: + ??? root:rubyman
Sep 28 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308835 of user rubyman.
Sep 28 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308835.
Sep 28 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session closed for user root
Sep 28 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session closed for user root
Sep 28 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session closed for user root
Sep 28 14:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Failed password for root from 43.156.229.244 port 57820 ssh2
Sep 28 14:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Connection closed by 43.156.229.244 port 57820 [preauth]
Sep 28 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: Successful su for rubyman by root
Sep 28 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: + ??? root:rubyman
Sep 28 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308839 of user rubyman.
Sep 28 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308839.
Sep 28 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7319]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user root
Sep 28 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user root
Sep 28 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7777]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7775]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7771]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: Successful su for rubyman by root
Sep 28 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: + ??? root:rubyman
Sep 28 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308841 of user rubyman.
Sep 28 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308841.
Sep 28 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session closed for user root
Sep 28 14:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7772]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session closed for user root
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8257]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8333]: Successful su for rubyman by root
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8333]: + ??? root:rubyman
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308846 of user rubyman.
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8333]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308846.
Sep 28 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5186]: pam_unix(cron:session): session closed for user root
Sep 28 14:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Failed password for root from 43.156.229.244 port 60072 ssh2
Sep 28 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Connection closed by 43.156.229.244 port 60072 [preauth]
Sep 28 14:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session closed for user root
Sep 28 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8722]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: Successful su for rubyman by root
Sep 28 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: + ??? root:rubyman
Sep 28 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308850 of user rubyman.
Sep 28 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8903]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308850.
Sep 28 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session closed for user root
Sep 28 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7777]: pam_unix(cron:session): session closed for user root
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9380]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9380]: pam_unix(cron:session): session closed for user root
Sep 28 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9371]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: Successful su for rubyman by root
Sep 28 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: + ??? root:rubyman
Sep 28 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308855 of user rubyman.
Sep 28 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308855.
Sep 28 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session closed for user root
Sep 28 14:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session closed for user root
Sep 28 14:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
Sep 28 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.14.118.150
Sep 28 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Failed password for root from 43.156.229.244 port 50372 ssh2
Sep 28 14:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Connection closed by 43.156.229.244 port 50372 [preauth]
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9983]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9985]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9981]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10060]: Successful su for rubyman by root
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10060]: + ??? root:rubyman
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308861 of user rubyman.
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10060]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308861.
Sep 28 14:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9982]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session closed for user root
Sep 28 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Invalid user ctf from 190.103.202.7
Sep 28 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: input_userauth_request: invalid user ctf [preauth]
Sep 28 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 14:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Failed password for invalid user ctf from 190.103.202.7 port 56222 ssh2
Sep 28 14:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Connection closed by 190.103.202.7 port 56222 [preauth]
Sep 28 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session closed for user root
Sep 28 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: Successful su for rubyman by root
Sep 28 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: + ??? root:rubyman
Sep 28 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308863 of user rubyman.
Sep 28 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10522]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308863.
Sep 28 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7320]: pam_unix(cron:session): session closed for user root
Sep 28 14:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session closed for user root
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10889]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: Successful su for rubyman by root
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: + ??? root:rubyman
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308868 of user rubyman.
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10956]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308868.
Sep 28 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7775]: pam_unix(cron:session): session closed for user root
Sep 28 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10890]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Failed password for root from 43.156.229.244 port 47766 ssh2
Sep 28 14:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Connection closed by 43.156.229.244 port 47766 [preauth]
Sep 28 14:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9985]: pam_unix(cron:session): session closed for user root
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11322]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11320]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: Successful su for rubyman by root
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: + ??? root:rubyman
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308871 of user rubyman.
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308871.
Sep 28 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user root
Sep 28 14:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11321]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user root
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user root
Sep 28 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: Successful su for rubyman by root
Sep 28 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: + ??? root:rubyman
Sep 28 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308875 of user rubyman.
Sep 28 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308875.
Sep 28 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session closed for user root
Sep 28 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session closed for user root
Sep 28 14:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11843]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10892]: pam_unix(cron:session): session closed for user root
Sep 28 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12302]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12377]: Successful su for rubyman by root
Sep 28 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12377]: + ??? root:rubyman
Sep 28 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308883 of user rubyman.
Sep 28 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12377]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308883.
Sep 28 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session closed for user root
Sep 28 14:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Invalid user ftpadmin from 43.156.229.244
Sep 28 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: input_userauth_request: invalid user ftpadmin [preauth]
Sep 28 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244
Sep 28 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Failed password for invalid user ftpadmin from 43.156.229.244 port 42886 ssh2
Sep 28 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Connection closed by 43.156.229.244 port 42886 [preauth]
Sep 28 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session closed for user root
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12756]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: Successful su for rubyman by root
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: + ??? root:rubyman
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308885 of user rubyman.
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12825]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308885.
Sep 28 14:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9983]: pam_unix(cron:session): session closed for user root
Sep 28 14:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12757]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session closed for user root
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13257]: Successful su for rubyman by root
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13257]: + ??? root:rubyman
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308890 of user rubyman.
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13257]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308890.
Sep 28 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10456]: pam_unix(cron:session): session closed for user root
Sep 28 14:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12305]: pam_unix(cron:session): session closed for user root
Sep 28 14:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Invalid user lowpriv from 20.163.71.109
Sep 28 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: input_userauth_request: invalid user lowpriv [preauth]
Sep 28 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: Successful su for rubyman by root
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: + ??? root:rubyman
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308893 of user rubyman.
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308893.
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Invalid user service from 43.156.229.244
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: input_userauth_request: invalid user service [preauth]
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13623]: pam_unix(cron:session): session closed for user root
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Failed password for invalid user lowpriv from 20.163.71.109 port 50992 ssh2
Sep 28 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Connection closed by 20.163.71.109 port 50992 [preauth]
Sep 28 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Failed password for invalid user service from 43.156.229.244 port 55712 ssh2
Sep 28 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Connection closed by 43.156.229.244 port 55712 [preauth]
Sep 28 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session closed for user root
Sep 28 14:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Did not receive identification string from 180.163.88.108
Sep 28 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session closed for user root
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14254]: pam_unix(cron:session): session closed for user root
Sep 28 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14316]: Successful su for rubyman by root
Sep 28 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14316]: + ??? root:rubyman
Sep 28 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308901 of user rubyman.
Sep 28 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14316]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308901.
Sep 28 14:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11322]: pam_unix(cron:session): session closed for user root
Sep 28 14:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session closed for user root
Sep 28 14:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 28 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: Failed password for root from 213.209.157.9 port 33736 ssh2
Sep 28 14:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user root
Sep 28 14:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14571]: Connection closed by 213.209.157.9 port 33736 [preauth]
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: Successful su for rubyman by root
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: + ??? root:rubyman
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308905 of user rubyman.
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308905.
Sep 28 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session closed for user root
Sep 28 14:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user root
Sep 28 14:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for root from 43.156.229.244 port 35214 ssh2
Sep 28 14:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Connection closed by 43.156.229.244 port 35214 [preauth]
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15117]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15175]: Successful su for rubyman by root
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15175]: + ??? root:rubyman
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308909 of user rubyman.
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15175]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308909.
Sep 28 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12304]: pam_unix(cron:session): session closed for user root
Sep 28 14:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15116]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user root
Sep 28 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: Successful su for rubyman by root
Sep 28 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: + ??? root:rubyman
Sep 28 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308912 of user rubyman.
Sep 28 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15597]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308912.
Sep 28 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12758]: pam_unix(cron:session): session closed for user root
Sep 28 14:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session closed for user root
Sep 28 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16018]: Successful su for rubyman by root
Sep 28 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16018]: + ??? root:rubyman
Sep 28 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308918 of user rubyman.
Sep 28 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16018]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308918.
Sep 28 14:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user root
Sep 28 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Failed password for root from 43.156.229.244 port 33922 ssh2
Sep 28 14:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Connection closed by 43.156.229.244 port 33922 [preauth]
Sep 28 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15119]: pam_unix(cron:session): session closed for user root
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session closed for user root
Sep 28 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: Successful su for rubyman by root
Sep 28 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: + ??? root:rubyman
Sep 28 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308923 of user rubyman.
Sep 28 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308923.
Sep 28 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session closed for user root
Sep 28 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user root
Sep 28 14:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user root
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16858]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16856]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16931]: Successful su for rubyman by root
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16859]: pam_unix(cron:session): session closed for user root
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16931]: + ??? root:rubyman
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308928 of user rubyman.
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16931]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308928.
Sep 28 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14250]: pam_unix(cron:session): session closed for user root
Sep 28 14:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Invalid user user from 62.60.131.157
Sep 28 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: input_userauth_request: invalid user user [preauth]
Sep 28 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session closed for user root
Sep 28 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user user from 62.60.131.157 port 44896 ssh2
Sep 28 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user user from 62.60.131.157 port 44896 ssh2
Sep 28 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user user from 62.60.131.157 port 44896 ssh2
Sep 28 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user user from 62.60.131.157 port 44896 ssh2
Sep 28 14:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Failed password for invalid user user from 62.60.131.157 port 44896 ssh2
Sep 28 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Received disconnect from 62.60.131.157 port 44896:11: Bye [preauth]
Sep 28 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: Disconnected from 62.60.131.157 port 44896 [preauth]
Sep 28 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17226]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: Successful su for rubyman by root
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: + ??? root:rubyman
Sep 28 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308933 of user rubyman.
Sep 28 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17386]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308933.
Sep 28 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session closed for user root
Sep 28 14:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Failed password for root from 43.156.229.244 port 41940 ssh2
Sep 28 14:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Connection closed by 43.156.229.244 port 41940 [preauth]
Sep 28 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session closed for user root
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: Successful su for rubyman by root
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: + ??? root:rubyman
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308936 of user rubyman.
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17910]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308936.
Sep 28 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15117]: pam_unix(cron:session): session closed for user root
Sep 28 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session closed for user root
Sep 28 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18529]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: Successful su for rubyman by root
Sep 28 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: + ??? root:rubyman
Sep 28 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308939 of user rubyman.
Sep 28 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308939.
Sep 28 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user root
Sep 28 14:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18528]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session closed for user root
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19020]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19018]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19020]: pam_unix(cron:session): session closed for user root
Sep 28 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: Successful su for rubyman by root
Sep 28 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: + ??? root:rubyman
Sep 28 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308944 of user rubyman.
Sep 28 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308944.
Sep 28 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19017]: pam_unix(cron:session): session closed for user root
Sep 28 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session closed for user root
Sep 28 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19016]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Failed password for root from 43.156.229.244 port 49672 ssh2
Sep 28 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Connection closed by 43.156.229.244 port 49672 [preauth]
Sep 28 14:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session closed for user root
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19931]: Successful su for rubyman by root
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19931]: + ??? root:rubyman
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308952 of user rubyman.
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19931]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308952.
Sep 28 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session closed for user root
Sep 28 14:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session closed for user root
Sep 28 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20341]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: Successful su for rubyman by root
Sep 28 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: + ??? root:rubyman
Sep 28 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308953 of user rubyman.
Sep 28 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308953.
Sep 28 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16858]: pam_unix(cron:session): session closed for user root
Sep 28 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session closed for user root
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: Successful su for rubyman by root
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: + ??? root:rubyman
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308957 of user rubyman.
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20860]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308957.
Sep 28 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user root
Sep 28 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20797]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Invalid user admin from 139.19.117.131
Sep 28 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: input_userauth_request: invalid user admin [preauth]
Sep 28 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Failed password for root from 43.156.229.244 port 44152 ssh2
Sep 28 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Connection closed by 43.156.229.244 port 44152 [preauth]
Sep 28 14:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Connection closed by 139.19.117.131 port 49852 [preauth]
Sep 28 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19833]: pam_unix(cron:session): session closed for user root
Sep 28 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21231]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21233]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21229]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: Successful su for rubyman by root
Sep 28 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: + ??? root:rubyman
Sep 28 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308963 of user rubyman.
Sep 28 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308963.
Sep 28 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session closed for user root
Sep 28 14:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21230]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user root
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21666]: pam_unix(cron:session): session closed for user root
Sep 28 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21732]: Successful su for rubyman by root
Sep 28 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21732]: + ??? root:rubyman
Sep 28 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308968 of user rubyman.
Sep 28 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21732]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308968.
Sep 28 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session closed for user root
Sep 28 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18529]: pam_unix(cron:session): session closed for user root
Sep 28 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21662]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22143]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22218]: Successful su for rubyman by root
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22218]: + ??? root:rubyman
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308971 of user rubyman.
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22218]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308971.
Sep 28 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19018]: pam_unix(cron:session): session closed for user root
Sep 28 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22144]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Invalid user cm from 43.156.229.244
Sep 28 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: input_userauth_request: invalid user cm [preauth]
Sep 28 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244
Sep 28 14:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Failed password for invalid user cm from 43.156.229.244 port 51608 ssh2
Sep 28 14:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Connection closed by 43.156.229.244 port 51608 [preauth]
Sep 28 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21233]: pam_unix(cron:session): session closed for user root
Sep 28 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22585]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22670]: Successful su for rubyman by root
Sep 28 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22670]: + ??? root:rubyman
Sep 28 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308978 of user rubyman.
Sep 28 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22670]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308978.
Sep 28 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user root
Sep 28 14:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22586]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session closed for user root
Sep 28 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: Successful su for rubyman by root
Sep 28 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: + ??? root:rubyman
Sep 28 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308980 of user rubyman.
Sep 28 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23382]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308980.
Sep 28 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session closed for user root
Sep 28 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23307]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session closed for user root
Sep 28 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 14:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Failed password for root from 43.156.229.244 port 38852 ssh2
Sep 28 14:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Connection closed by 43.156.229.244 port 38852 [preauth]
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session closed for user p13x
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: Successful su for rubyman by root
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: + ??? root:rubyman
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308986 of user rubyman.
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24053]: pam_unix(su:session): session closed for user rubyman
Sep 28 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308986.
Sep 28 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user root
Sep 28 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user samftp
Sep 28 14:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session closed for user root
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24473]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24472]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24473]: pam_unix(cron:session): session closed for user root
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session closed for user root
Sep 28 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24588]: Successful su for rubyman by root
Sep 28 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24588]: + ??? root:rubyman
Sep 28 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308987 of user rubyman.
Sep 28 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24588]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308987.
Sep 28 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24470]: pam_unix(cron:session): session closed for user root
Sep 28 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21231]: pam_unix(cron:session): session closed for user root
Sep 28 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23310]: pam_unix(cron:session): session closed for user root
Sep 28 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25034]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: Successful su for rubyman by root
Sep 28 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: + ??? root:rubyman
Sep 28 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308994 of user rubyman.
Sep 28 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308994.
Sep 28 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session closed for user root
Sep 28 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session closed for user root
Sep 28 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: Failed password for root from 43.156.229.244 port 45618 ssh2
Sep 28 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: Connection closed by 43.156.229.244 port 45618 [preauth]
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: Successful su for rubyman by root
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: + ??? root:rubyman
Sep 28 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 308999 of user rubyman.
Sep 28 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 308999.
Sep 28 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22145]: pam_unix(cron:session): session closed for user root
Sep 28 15:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24472]: pam_unix(cron:session): session closed for user root
Sep 28 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: Successful su for rubyman by root
Sep 28 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: + ??? root:rubyman
Sep 28 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309003 of user rubyman.
Sep 28 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309003.
Sep 28 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22587]: pam_unix(cron:session): session closed for user root
Sep 28 15:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Received disconnect from 141.98.11.68 port 15714:11:  [preauth]
Sep 28 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Disconnected from 141.98.11.68 port 15714 [preauth]
Sep 28 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session closed for user root
Sep 28 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27018]: Successful su for rubyman by root
Sep 28 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27018]: + ??? root:rubyman
Sep 28 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309007 of user rubyman.
Sep 28 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27018]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309007.
Sep 28 15:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23308]: pam_unix(cron:session): session closed for user root
Sep 28 15:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26898]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session closed for user root
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.229.244  user=root
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27418]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27417]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27418]: pam_unix(cron:session): session closed for user root
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: Successful su for rubyman by root
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: + ??? root:rubyman
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309011 of user rubyman.
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309011.
Sep 28 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Failed password for root from 43.156.229.244 port 56112 ssh2
Sep 28 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Connection closed by 43.156.229.244 port 56112 [preauth]
Sep 28 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
Sep 28 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
Sep 28 15:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27414]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session closed for user root
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: Successful su for rubyman by root
Sep 28 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: + ??? root:rubyman
Sep 28 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309017 of user rubyman.
Sep 28 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28150]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309017.
Sep 28 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24471]: pam_unix(cron:session): session closed for user root
Sep 28 15:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session closed for user root
Sep 28 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28645]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: Successful su for rubyman by root
Sep 28 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: + ??? root:rubyman
Sep 28 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309022 of user rubyman.
Sep 28 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28725]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309022.
Sep 28 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session closed for user root
Sep 28 15:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27417]: pam_unix(cron:session): session closed for user root
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29211]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: Successful su for rubyman by root
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: + ??? root:rubyman
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309024 of user rubyman.
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29293]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309024.
Sep 28 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session closed for user root
Sep 28 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28075]: pam_unix(cron:session): session closed for user root
Sep 28 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29833]: Successful su for rubyman by root
Sep 28 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29833]: + ??? root:rubyman
Sep 28 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309028 of user rubyman.
Sep 28 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29833]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309028.
Sep 28 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session closed for user root
Sep 28 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session closed for user root
Sep 28 15:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28650]: pam_unix(cron:session): session closed for user root
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user root
Sep 28 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: Successful su for rubyman by root
Sep 28 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: + ??? root:rubyman
Sep 28 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309035 of user rubyman.
Sep 28 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309035.
Sep 28 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session closed for user root
Sep 28 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session closed for user root
Sep 28 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user root
Sep 28 15:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Invalid user apptest from 164.68.105.9
Sep 28 15:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: input_userauth_request: invalid user apptest [preauth]
Sep 28 15:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 15:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Failed password for invalid user apptest from 164.68.105.9 port 35794 ssh2
Sep 28 15:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Connection closed by 164.68.105.9 port 35794 [preauth]
Sep 28 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30872]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30947]: Successful su for rubyman by root
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30947]: + ??? root:rubyman
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309040 of user rubyman.
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30947]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309040.
Sep 28 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session closed for user root
Sep 28 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29679]: pam_unix(cron:session): session closed for user root
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31390]: Successful su for rubyman by root
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31390]: + ??? root:rubyman
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309044 of user rubyman.
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31390]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309044.
Sep 28 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28074]: pam_unix(cron:session): session closed for user root
Sep 28 15:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user root
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: Successful su for rubyman by root
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: + ??? root:rubyman
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309048 of user rubyman.
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309048.
Sep 28 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28649]: pam_unix(cron:session): session closed for user root
Sep 28 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session closed for user root
Sep 28 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32245]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: Successful su for rubyman by root
Sep 28 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: + ??? root:rubyman
Sep 28 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309051 of user rubyman.
Sep 28 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309051.
Sep 28 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session closed for user root
Sep 28 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user root
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32675]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session closed for user root
Sep 28 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32673]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32750]: Successful su for rubyman by root
Sep 28 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32750]: + ??? root:rubyman
Sep 28 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309055 of user rubyman.
Sep 28 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32750]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309055.
Sep 28 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32675]: pam_unix(cron:session): session closed for user root
Sep 28 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session closed for user root
Sep 28 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32674]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session closed for user root
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[675]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: Successful su for rubyman by root
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: + ??? root:rubyman
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309061 of user rubyman.
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309061.
Sep 28 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session closed for user root
Sep 28 15:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[676]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session closed for user root
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session closed for user root
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1294]: Successful su for rubyman by root
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1294]: + ??? root:rubyman
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309066 of user rubyman.
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1294]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309066.
Sep 28 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session closed for user root
Sep 28 15:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1219]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32678]: pam_unix(cron:session): session closed for user root
Sep 28 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1774]: Successful su for rubyman by root
Sep 28 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1774]: + ??? root:rubyman
Sep 28 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309071 of user rubyman.
Sep 28 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1774]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309071.
Sep 28 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user root
Sep 28 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[678]: pam_unix(cron:session): session closed for user root
Sep 28 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2143]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: Successful su for rubyman by root
Sep 28 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: + ??? root:rubyman
Sep 28 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309076 of user rubyman.
Sep 28 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309076.
Sep 28 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session closed for user root
Sep 28 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2144]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1221]: pam_unix(cron:session): session closed for user root
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session closed for user root
Sep 28 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2581]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: Successful su for rubyman by root
Sep 28 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: + ??? root:rubyman
Sep 28 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309079 of user rubyman.
Sep 28 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309079.
Sep 28 15:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session closed for user root
Sep 28 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2583]: pam_unix(cron:session): session closed for user root
Sep 28 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user root
Sep 28 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3109]: Successful su for rubyman by root
Sep 28 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3109]: + ??? root:rubyman
Sep 28 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309084 of user rubyman.
Sep 28 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3109]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309084.
Sep 28 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32677]: pam_unix(cron:session): session closed for user root
Sep 28 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2146]: pam_unix(cron:session): session closed for user root
Sep 28 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3532]: Successful su for rubyman by root
Sep 28 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3532]: + ??? root:rubyman
Sep 28 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309088 of user rubyman.
Sep 28 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3532]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309088.
Sep 28 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[677]: pam_unix(cron:session): session closed for user root
Sep 28 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3464]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Invalid user admin from 78.128.112.74
Sep 28 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 15:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Failed password for invalid user admin from 78.128.112.74 port 53014 ssh2
Sep 28 15:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Connection closed by 78.128.112.74 port 53014 [preauth]
Sep 28 15:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session closed for user root
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: Successful su for rubyman by root
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: + ??? root:rubyman
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309094 of user rubyman.
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3964]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309094.
Sep 28 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1220]: pam_unix(cron:session): session closed for user root
Sep 28 15:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session closed for user root
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4340]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4338]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: Successful su for rubyman by root
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: + ??? root:rubyman
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309097 of user rubyman.
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4400]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309097.
Sep 28 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
Sep 28 15:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4339]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user root
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user root
Sep 28 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4843]: Successful su for rubyman by root
Sep 28 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4843]: + ??? root:rubyman
Sep 28 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309101 of user rubyman.
Sep 28 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4843]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309101.
Sep 28 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2145]: pam_unix(cron:session): session closed for user root
Sep 28 15:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session closed for user root
Sep 28 15:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3903]: pam_unix(cron:session): session closed for user root
Sep 28 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5252]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5249]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5407]: Successful su for rubyman by root
Sep 28 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5407]: + ??? root:rubyman
Sep 28 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309109 of user rubyman.
Sep 28 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5407]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309109.
Sep 28 15:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session closed for user root
Sep 28 15:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5250]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4341]: pam_unix(cron:session): session closed for user root
Sep 28 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5780]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5855]: Successful su for rubyman by root
Sep 28 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5855]: + ??? root:rubyman
Sep 28 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309110 of user rubyman.
Sep 28 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5855]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309110.
Sep 28 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user root
Sep 28 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user root
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: Successful su for rubyman by root
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: + ??? root:rubyman
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309114 of user rubyman.
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309114.
Sep 28 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session closed for user root
Sep 28 15:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6540]: Connection reset by 198.235.24.116 port 60824 [preauth]
Sep 28 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5252]: pam_unix(cron:session): session closed for user root
Sep 28 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6819]: Successful su for rubyman by root
Sep 28 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6819]: + ??? root:rubyman
Sep 28 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309119 of user rubyman.
Sep 28 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6819]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309119.
Sep 28 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session closed for user root
Sep 28 15:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session closed for user root
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7285]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7288]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session closed for user root
Sep 28 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7364]: Successful su for rubyman by root
Sep 28 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7364]: + ??? root:rubyman
Sep 28 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309124 of user rubyman.
Sep 28 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7364]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309124.
Sep 28 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7285]: pam_unix(cron:session): session closed for user root
Sep 28 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4340]: pam_unix(cron:session): session closed for user root
Sep 28 15:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7282]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user root
Sep 28 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7770]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: Successful su for rubyman by root
Sep 28 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: + ??? root:rubyman
Sep 28 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309129 of user rubyman.
Sep 28 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7852]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309129.
Sep 28 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session closed for user root
Sep 28 15:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session closed for user root
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8271]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8337]: Successful su for rubyman by root
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8337]: + ??? root:rubyman
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309133 of user rubyman.
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8337]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309133.
Sep 28 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5251]: pam_unix(cron:session): session closed for user root
Sep 28 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7288]: pam_unix(cron:session): session closed for user root
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8732]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: Successful su for rubyman by root
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: + ??? root:rubyman
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309137 of user rubyman.
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309137.
Sep 28 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session closed for user root
Sep 28 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Invalid user kim from 190.129.122.12
Sep 28 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: input_userauth_request: invalid user kim [preauth]
Sep 28 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Failed password for invalid user kim from 190.129.122.12 port 33445 ssh2
Sep 28 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Received disconnect from 190.129.122.12 port 33445:11: Bye Bye [preauth]
Sep 28 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Disconnected from 190.129.122.12 port 33445 [preauth]
Sep 28 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7770]: pam_unix(cron:session): session closed for user root
Sep 28 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 15:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Failed password for root from 36.88.163.34 port 42384 ssh2
Sep 28 15:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Received disconnect from 36.88.163.34 port 42384:11: Bye Bye [preauth]
Sep 28 15:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Disconnected from 36.88.163.34 port 42384 [preauth]
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: Successful su for rubyman by root
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: + ??? root:rubyman
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309141 of user rubyman.
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309141.
Sep 28 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user root
Sep 28 15:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9396]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session closed for user root
Sep 28 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for root from 218.84.101.81 port 39084 ssh2
Sep 28 15:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Connection closed by 218.84.101.81 port 39084 [preauth]
Sep 28 15:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Failed password for root from 218.84.101.81 port 40965 ssh2
Sep 28 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Connection closed by 218.84.101.81 port 40965 [preauth]
Sep 28 15:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: Failed password for root from 218.84.101.81 port 43188 ssh2
Sep 28 15:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: Connection closed by 218.84.101.81 port 43188 [preauth]
Sep 28 15:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9940]: Failed password for root from 218.84.101.81 port 45264 ssh2
Sep 28 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9940]: Connection closed by 218.84.101.81 port 45264 [preauth]
Sep 28 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9942]: Failed password for root from 218.84.101.81 port 47348 ssh2
Sep 28 15:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9942]: Connection closed by 218.84.101.81 port 47348 [preauth]
Sep 28 15:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session closed for user root
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: Successful su for rubyman by root
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: + ??? root:rubyman
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309146 of user rubyman.
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309146.
Sep 28 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Failed password for root from 218.84.101.81 port 49400 ssh2
Sep 28 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Connection closed by 218.84.101.81 port 49400 [preauth]
Sep 28 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session closed for user root
Sep 28 15:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session closed for user root
Sep 28 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Failed password for root from 218.84.101.81 port 51376 ssh2
Sep 28 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10071]: Connection closed by 218.84.101.81 port 51376 [preauth]
Sep 28 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: Failed password for root from 218.84.101.81 port 53480 ssh2
Sep 28 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: Connection closed by 218.84.101.81 port 53480 [preauth]
Sep 28 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: Failed password for root from 218.84.101.81 port 55430 ssh2
Sep 28 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: Connection closed by 218.84.101.81 port 55430 [preauth]
Sep 28 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Failed password for root from 218.84.101.81 port 57548 ssh2
Sep 28 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Connection closed by 218.84.101.81 port 57548 [preauth]
Sep 28 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Failed password for root from 218.84.101.81 port 59736 ssh2
Sep 28 15:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Connection closed by 218.84.101.81 port 59736 [preauth]
Sep 28 15:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for root from 218.84.101.81 port 61464 ssh2
Sep 28 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Connection closed by 218.84.101.81 port 61464 [preauth]
Sep 28 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for root from 218.84.101.81 port 63764 ssh2
Sep 28 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Connection closed by 218.84.101.81 port 63764 [preauth]
Sep 28 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Failed password for root from 218.84.101.81 port 33166 ssh2
Sep 28 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Connection closed by 218.84.101.81 port 33166 [preauth]
Sep 28 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session closed for user root
Sep 28 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Failed password for root from 218.84.101.81 port 35470 ssh2
Sep 28 15:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10386]: Connection closed by 218.84.101.81 port 35470 [preauth]
Sep 28 15:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Failed password for root from 218.84.101.81 port 37870 ssh2
Sep 28 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Connection closed by 218.84.101.81 port 37870 [preauth]
Sep 28 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Failed password for root from 218.84.101.81 port 39644 ssh2
Sep 28 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Connection closed by 218.84.101.81 port 39644 [preauth]
Sep 28 15:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Failed password for root from 218.84.101.81 port 41440 ssh2
Sep 28 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Connection closed by 218.84.101.81 port 41440 [preauth]
Sep 28 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: Failed password for root from 218.84.101.81 port 43168 ssh2
Sep 28 15:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: Connection closed by 218.84.101.81 port 43168 [preauth]
Sep 28 15:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10470]: Failed password for root from 218.84.101.81 port 45116 ssh2
Sep 28 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10470]: Connection closed by 218.84.101.81 port 45116 [preauth]
Sep 28 15:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: Failed password for root from 218.84.101.81 port 47068 ssh2
Sep 28 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10472]: Connection closed by 218.84.101.81 port 47068 [preauth]
Sep 28 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Failed password for root from 218.84.101.81 port 48641 ssh2
Sep 28 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Connection closed by 218.84.101.81 port 48641 [preauth]
Sep 28 15:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10576]: Successful su for rubyman by root
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10576]: + ??? root:rubyman
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309150 of user rubyman.
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10576]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309150.
Sep 28 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: Failed password for root from 218.84.101.81 port 50830 ssh2
Sep 28 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10495]: Connection closed by 218.84.101.81 port 50830 [preauth]
Sep 28 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7286]: pam_unix(cron:session): session closed for user root
Sep 28 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for root from 218.84.101.81 port 52498 ssh2
Sep 28 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 218.84.101.81 port 52498 [preauth]
Sep 28 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for root from 218.84.101.81 port 54536 ssh2
Sep 28 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 218.84.101.81 port 54536 [preauth]
Sep 28 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10793]: Failed password for root from 218.84.101.81 port 56664 ssh2
Sep 28 15:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10793]: Connection closed by 218.84.101.81 port 56664 [preauth]
Sep 28 15:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: Failed password for root from 218.84.101.81 port 58464 ssh2
Sep 28 15:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: Connection closed by 218.84.101.81 port 58464 [preauth]
Sep 28 15:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10819]: Failed password for root from 218.84.101.81 port 60324 ssh2
Sep 28 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10819]: Connection closed by 218.84.101.81 port 60324 [preauth]
Sep 28 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for root from 218.84.101.81 port 61926 ssh2
Sep 28 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Connection closed by 218.84.101.81 port 61926 [preauth]
Sep 28 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Failed password for root from 218.84.101.81 port 63820 ssh2
Sep 28 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Connection closed by 218.84.101.81 port 63820 [preauth]
Sep 28 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Failed password for root from 218.84.101.81 port 33004 ssh2
Sep 28 15:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Connection closed by 218.84.101.81 port 33004 [preauth]
Sep 28 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session closed for user root
Sep 28 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Failed password for root from 218.84.101.81 port 35032 ssh2
Sep 28 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Connection closed by 218.84.101.81 port 35032 [preauth]
Sep 28 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Failed password for root from 218.84.101.81 port 36992 ssh2
Sep 28 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Connection closed by 218.84.101.81 port 36992 [preauth]
Sep 28 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for root from 218.84.101.81 port 39162 ssh2
Sep 28 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 218.84.101.81 port 39162 [preauth]
Sep 28 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: Failed password for root from 218.84.101.81 port 41038 ssh2
Sep 28 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10912]: Connection closed by 218.84.101.81 port 41038 [preauth]
Sep 28 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Failed password for root from 218.84.101.81 port 42924 ssh2
Sep 28 15:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Connection closed by 218.84.101.81 port 42924 [preauth]
Sep 28 15:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: Failed password for root from 218.84.101.81 port 45098 ssh2
Sep 28 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10949]: Connection closed by 218.84.101.81 port 45098 [preauth]
Sep 28 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: Failed password for root from 218.84.101.81 port 46700 ssh2
Sep 28 15:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: Connection closed by 218.84.101.81 port 46700 [preauth]
Sep 28 15:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Failed password for root from 218.84.101.81 port 48692 ssh2
Sep 28 15:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Connection closed by 218.84.101.81 port 48692 [preauth]
Sep 28 15:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10985]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10982]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11047]: Successful su for rubyman by root
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11047]: + ??? root:rubyman
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309156 of user rubyman.
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11047]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309156.
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: Failed password for root from 218.84.101.81 port 50592 ssh2
Sep 28 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: Connection closed by 218.84.101.81 port 50592 [preauth]
Sep 28 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Failed password for root from 218.84.101.81 port 52152 ssh2
Sep 28 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7769]: pam_unix(cron:session): session closed for user root
Sep 28 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Connection closed by 218.84.101.81 port 52152 [preauth]
Sep 28 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10983]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for root from 218.84.101.81 port 54138 ssh2
Sep 28 15:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 218.84.101.81 port 54138 [preauth]
Sep 28 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for root from 218.84.101.81 port 56166 ssh2
Sep 28 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Connection closed by 218.84.101.81 port 56166 [preauth]
Sep 28 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: Failed password for root from 190.129.122.12 port 49754 ssh2
Sep 28 15:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: Received disconnect from 190.129.122.12 port 49754:11: Bye Bye [preauth]
Sep 28 15:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: Disconnected from 190.129.122.12 port 49754 [preauth]
Sep 28 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: Failed password for root from 218.84.101.81 port 58094 ssh2
Sep 28 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11259]: Connection closed by 218.84.101.81 port 58094 [preauth]
Sep 28 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Failed password for root from 218.84.101.81 port 60024 ssh2
Sep 28 15:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11288]: Connection closed by 218.84.101.81 port 60024 [preauth]
Sep 28 15:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Failed password for root from 218.84.101.81 port 62300 ssh2
Sep 28 15:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11290]: Connection closed by 218.84.101.81 port 62300 [preauth]
Sep 28 15:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Failed password for root from 218.84.101.81 port 64274 ssh2
Sep 28 15:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Connection closed by 218.84.101.81 port 64274 [preauth]
Sep 28 15:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Failed password for root from 218.84.101.81 port 33502 ssh2
Sep 28 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Connection closed by 218.84.101.81 port 33502 [preauth]
Sep 28 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Failed password for root from 218.84.101.81 port 35592 ssh2
Sep 28 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Connection closed by 218.84.101.81 port 35592 [preauth]
Sep 28 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session closed for user root
Sep 28 15:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Failed password for root from 218.84.101.81 port 37586 ssh2
Sep 28 15:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Connection closed by 218.84.101.81 port 37586 [preauth]
Sep 28 15:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Failed password for root from 218.84.101.81 port 39734 ssh2
Sep 28 15:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Connection closed by 218.84.101.81 port 39734 [preauth]
Sep 28 15:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11386]: Failed password for root from 218.84.101.81 port 41818 ssh2
Sep 28 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11386]: Connection closed by 218.84.101.81 port 41818 [preauth]
Sep 28 15:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: Failed password for root from 218.84.101.81 port 43546 ssh2
Sep 28 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: Connection closed by 218.84.101.81 port 43546 [preauth]
Sep 28 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: Failed password for root from 218.84.101.81 port 45650 ssh2
Sep 28 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: Connection closed by 218.84.101.81 port 45650 [preauth]
Sep 28 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Failed password for root from 218.84.101.81 port 47726 ssh2
Sep 28 15:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Connection closed by 218.84.101.81 port 47726 [preauth]
Sep 28 15:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: Invalid user zhangyx from 36.88.163.34
Sep 28 15:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: input_userauth_request: invalid user zhangyx [preauth]
Sep 28 15:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11432]: Failed password for root from 218.84.101.81 port 49916 ssh2
Sep 28 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11432]: Connection closed by 218.84.101.81 port 49916 [preauth]
Sep 28 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: Failed password for invalid user zhangyx from 36.88.163.34 port 34148 ssh2
Sep 28 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: Received disconnect from 36.88.163.34 port 34148:11: Bye Bye [preauth]
Sep 28 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11434]: Disconnected from 36.88.163.34 port 34148 [preauth]
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11448]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: Successful su for rubyman by root
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: + ??? root:rubyman
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309160 of user rubyman.
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309160.
Sep 28 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Failed password for root from 218.84.101.81 port 51974 ssh2
Sep 28 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Connection closed by 218.84.101.81 port 51974 [preauth]
Sep 28 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session closed for user root
Sep 28 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Failed password for root from 218.84.101.81 port 54360 ssh2
Sep 28 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Connection closed by 218.84.101.81 port 54360 [preauth]
Sep 28 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11449]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: Failed password for root from 218.84.101.81 port 56354 ssh2
Sep 28 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: Connection closed by 218.84.101.81 port 56354 [preauth]
Sep 28 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Failed password for root from 218.84.101.81 port 58496 ssh2
Sep 28 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Connection closed by 218.84.101.81 port 58496 [preauth]
Sep 28 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Failed password for root from 218.84.101.81 port 60560 ssh2
Sep 28 15:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Connection closed by 218.84.101.81 port 60560 [preauth]
Sep 28 15:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Failed password for root from 218.84.101.81 port 62696 ssh2
Sep 28 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Connection closed by 218.84.101.81 port 62696 [preauth]
Sep 28 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for root from 218.84.101.81 port 64766 ssh2
Sep 28 15:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Connection closed by 218.84.101.81 port 64766 [preauth]
Sep 28 15:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Failed password for root from 218.84.101.81 port 34234 ssh2
Sep 28 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Connection closed by 218.84.101.81 port 34234 [preauth]
Sep 28 15:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Failed password for root from 218.84.101.81 port 36352 ssh2
Sep 28 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Connection closed by 218.84.101.81 port 36352 [preauth]
Sep 28 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Failed password for root from 190.129.122.12 port 33447 ssh2
Sep 28 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Received disconnect from 190.129.122.12 port 33447:11: Bye Bye [preauth]
Sep 28 15:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Disconnected from 190.129.122.12 port 33447 [preauth]
Sep 28 15:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session closed for user root
Sep 28 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Failed password for root from 218.84.101.81 port 38390 ssh2
Sep 28 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Connection closed by 218.84.101.81 port 38390 [preauth]
Sep 28 15:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: Failed password for root from 218.84.101.81 port 40584 ssh2
Sep 28 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: Connection closed by 218.84.101.81 port 40584 [preauth]
Sep 28 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for root from 218.84.101.81 port 42570 ssh2
Sep 28 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 218.84.101.81 port 42570 [preauth]
Sep 28 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for root from 218.84.101.81 port 44700 ssh2
Sep 28 15:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Connection closed by 218.84.101.81 port 44700 [preauth]
Sep 28 15:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Failed password for root from 218.84.101.81 port 46933 ssh2
Sep 28 15:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11975]: Connection closed by 218.84.101.81 port 46933 [preauth]
Sep 28 15:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Failed password for root from 218.84.101.81 port 49376 ssh2
Sep 28 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Connection closed by 218.84.101.81 port 49376 [preauth]
Sep 28 15:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: Failed password for root from 218.84.101.81 port 51610 ssh2
Sep 28 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: Connection closed by 218.84.101.81 port 51610 [preauth]
Sep 28 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Failed password for root from 218.84.101.81 port 53790 ssh2
Sep 28 15:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Connection closed by 218.84.101.81 port 53790 [preauth]
Sep 28 15:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: Successful su for rubyman by root
Sep 28 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: + ??? root:rubyman
Sep 28 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309163 of user rubyman.
Sep 28 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309163.
Sep 28 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session closed for user root
Sep 28 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Failed password for root from 218.84.101.81 port 56260 ssh2
Sep 28 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Connection closed by 218.84.101.81 port 56260 [preauth]
Sep 28 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session closed for user root
Sep 28 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Failed password for root from 218.84.101.81 port 58554 ssh2
Sep 28 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Connection closed by 218.84.101.81 port 58554 [preauth]
Sep 28 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Failed password for root from 218.84.101.81 port 61264 ssh2
Sep 28 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Connection closed by 218.84.101.81 port 61264 [preauth]
Sep 28 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Failed password for root from 218.84.101.81 port 63494 ssh2
Sep 28 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Connection closed by 218.84.101.81 port 63494 [preauth]
Sep 28 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: Failed password for root from 218.84.101.81 port 32972 ssh2
Sep 28 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: Connection closed by 218.84.101.81 port 32972 [preauth]
Sep 28 15:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Failed password for root from 218.84.101.81 port 35552 ssh2
Sep 28 15:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Connection closed by 218.84.101.81 port 35552 [preauth]
Sep 28 15:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Failed password for root from 218.84.101.81 port 37939 ssh2
Sep 28 15:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Connection closed by 218.84.101.81 port 37939 [preauth]
Sep 28 15:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Failed password for root from 218.84.101.81 port 40184 ssh2
Sep 28 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Connection closed by 218.84.101.81 port 40184 [preauth]
Sep 28 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=root
Sep 28 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10985]: pam_unix(cron:session): session closed for user root
Sep 28 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Failed password for root from 218.84.101.81 port 42782 ssh2
Sep 28 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Connection closed by 218.84.101.81 port 42782 [preauth]
Sep 28 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Invalid user user from 218.84.101.81
Sep 28 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: input_userauth_request: invalid user user [preauth]
Sep 28 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Failed password for invalid user user from 218.84.101.81 port 48976 ssh2
Sep 28 15:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Connection closed by 218.84.101.81 port 48976 [preauth]
Sep 28 15:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Invalid user user from 218.84.101.81
Sep 28 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: input_userauth_request: invalid user user [preauth]
Sep 28 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Failed password for invalid user user from 218.84.101.81 port 51514 ssh2
Sep 28 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Connection closed by 218.84.101.81 port 51514 [preauth]
Sep 28 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Invalid user user from 218.84.101.81
Sep 28 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: input_userauth_request: invalid user user [preauth]
Sep 28 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user fernando from 190.129.122.12
Sep 28 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user fernando [preauth]
Sep 28 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Failed password for invalid user user from 218.84.101.81 port 53984 ssh2
Sep 28 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Connection closed by 218.84.101.81 port 53984 [preauth]
Sep 28 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user fernando from 190.129.122.12 port 33359 ssh2
Sep 28 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Received disconnect from 190.129.122.12 port 33359:11: Bye Bye [preauth]
Sep 28 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Disconnected from 190.129.122.12 port 33359 [preauth]
Sep 28 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Invalid user user from 218.84.101.81
Sep 28 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: input_userauth_request: invalid user user [preauth]
Sep 28 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Failed password for invalid user user from 218.84.101.81 port 56060 ssh2
Sep 28 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Connection closed by 218.84.101.81 port 56060 [preauth]
Sep 28 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Invalid user user from 218.84.101.81
Sep 28 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: input_userauth_request: invalid user user [preauth]
Sep 28 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Failed password for invalid user user from 218.84.101.81 port 58788 ssh2
Sep 28 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Connection closed by 218.84.101.81 port 58788 [preauth]
Sep 28 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Invalid user user from 218.84.101.81
Sep 28 15:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: input_userauth_request: invalid user user [preauth]
Sep 28 15:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session closed for user root
Sep 28 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Failed password for invalid user user from 218.84.101.81 port 61256 ssh2
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Connection closed by 218.84.101.81 port 61256 [preauth]
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12669]: Successful su for rubyman by root
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12669]: + ??? root:rubyman
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309168 of user rubyman.
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12669]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309168.
Sep 28 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Invalid user user from 218.84.101.81
Sep 28 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session closed for user root
Sep 28 15:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session closed for user root
Sep 28 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Failed password for invalid user user from 218.84.101.81 port 63902 ssh2
Sep 28 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Connection closed by 218.84.101.81 port 63902 [preauth]
Sep 28 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Invalid user user from 218.84.101.81
Sep 28 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Failed password for invalid user user from 218.84.101.81 port 33970 ssh2
Sep 28 15:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12880]: Connection closed by 218.84.101.81 port 33970 [preauth]
Sep 28 15:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Invalid user user from 218.84.101.81
Sep 28 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Failed password for invalid user user from 218.84.101.81 port 36526 ssh2
Sep 28 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12915]: Connection closed by 218.84.101.81 port 36526 [preauth]
Sep 28 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Invalid user user from 218.84.101.81
Sep 28 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Failed password for invalid user user from 218.84.101.81 port 38722 ssh2
Sep 28 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Connection closed by 218.84.101.81 port 38722 [preauth]
Sep 28 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Invalid user user from 218.84.101.81
Sep 28 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Failed password for invalid user user from 218.84.101.81 port 41018 ssh2
Sep 28 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Connection closed by 218.84.101.81 port 41018 [preauth]
Sep 28 15:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Invalid user user from 218.84.101.81
Sep 28 15:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Failed password for invalid user user from 218.84.101.81 port 43460 ssh2
Sep 28 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Connection closed by 218.84.101.81 port 43460 [preauth]
Sep 28 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Invalid user user from 218.84.101.81
Sep 28 15:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for invalid user user from 218.84.101.81 port 45792 ssh2
Sep 28 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Connection closed by 218.84.101.81 port 45792 [preauth]
Sep 28 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: Invalid user user from 218.84.101.81
Sep 28 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: Failed password for invalid user user from 218.84.101.81 port 48424 ssh2
Sep 28 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: Connection closed by 218.84.101.81 port 48424 [preauth]
Sep 28 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Invalid user user from 218.84.101.81
Sep 28 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11451]: pam_unix(cron:session): session closed for user root
Sep 28 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Failed password for invalid user user from 218.84.101.81 port 50626 ssh2
Sep 28 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Connection closed by 218.84.101.81 port 50626 [preauth]
Sep 28 15:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Invalid user user from 218.84.101.81
Sep 28 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Failed password for invalid user user from 218.84.101.81 port 52912 ssh2
Sep 28 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Connection closed by 218.84.101.81 port 52912 [preauth]
Sep 28 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Invalid user user from 218.84.101.81
Sep 28 15:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Failed password for invalid user user from 218.84.101.81 port 55498 ssh2
Sep 28 15:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Connection closed by 218.84.101.81 port 55498 [preauth]
Sep 28 15:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Invalid user user from 218.84.101.81
Sep 28 15:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Failed password for invalid user user from 218.84.101.81 port 57742 ssh2
Sep 28 15:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Connection closed by 218.84.101.81 port 57742 [preauth]
Sep 28 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Invalid user user from 218.84.101.81
Sep 28 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Failed password for invalid user user from 218.84.101.81 port 59814 ssh2
Sep 28 15:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Connection closed by 218.84.101.81 port 59814 [preauth]
Sep 28 15:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Invalid user user from 218.84.101.81
Sep 28 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Failed password for invalid user user from 218.84.101.81 port 61540 ssh2
Sep 28 15:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Connection closed by 218.84.101.81 port 61540 [preauth]
Sep 28 15:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Invalid user user from 218.84.101.81
Sep 28 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Failed password for invalid user user from 218.84.101.81 port 63708 ssh2
Sep 28 15:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Connection closed by 218.84.101.81 port 63708 [preauth]
Sep 28 15:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: Invalid user user from 218.84.101.81
Sep 28 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: input_userauth_request: invalid user user [preauth]
Sep 28 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: Failed password for invalid user user from 218.84.101.81 port 32998 ssh2
Sep 28 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13098]: Connection closed by 218.84.101.81 port 32998 [preauth]
Sep 28 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Invalid user user from 218.84.101.81
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13113]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: Successful su for rubyman by root
Sep 28 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: + ??? root:rubyman
Sep 28 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309174 of user rubyman.
Sep 28 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309174.
Sep 28 15:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Failed password for invalid user user from 218.84.101.81 port 35248 ssh2
Sep 28 15:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Connection closed by 218.84.101.81 port 35248 [preauth]
Sep 28 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Invalid user user from 218.84.101.81
Sep 28 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user bigbluebutton from 36.88.163.34
Sep 28 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user bigbluebutton [preauth]
Sep 28 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session closed for user root
Sep 28 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Failed password for invalid user user from 218.84.101.81 port 37526 ssh2
Sep 28 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Connection closed by 218.84.101.81 port 37526 [preauth]
Sep 28 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13114]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user bigbluebutton from 36.88.163.34 port 54426 ssh2
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Received disconnect from 36.88.163.34 port 54426:11: Bye Bye [preauth]
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Disconnected from 36.88.163.34 port 54426 [preauth]
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Invalid user user from 218.84.101.81
Sep 28 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Failed password for root from 190.129.122.12 port 33467 ssh2
Sep 28 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Received disconnect from 190.129.122.12 port 33467:11: Bye Bye [preauth]
Sep 28 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Disconnected from 190.129.122.12 port 33467 [preauth]
Sep 28 15:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Failed password for invalid user user from 218.84.101.81 port 39812 ssh2
Sep 28 15:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Connection closed by 218.84.101.81 port 39812 [preauth]
Sep 28 15:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Invalid user user from 218.84.101.81
Sep 28 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Failed password for invalid user user from 218.84.101.81 port 41882 ssh2
Sep 28 15:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Connection closed by 218.84.101.81 port 41882 [preauth]
Sep 28 15:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Invalid user user from 218.84.101.81
Sep 28 15:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user user from 218.84.101.81 port 44142 ssh2
Sep 28 15:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Connection closed by 218.84.101.81 port 44142 [preauth]
Sep 28 15:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Invalid user user from 218.84.101.81
Sep 28 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Failed password for invalid user user from 218.84.101.81 port 46508 ssh2
Sep 28 15:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13445]: Connection closed by 218.84.101.81 port 46508 [preauth]
Sep 28 15:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: Invalid user user from 218.84.101.81
Sep 28 15:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: Failed password for invalid user user from 218.84.101.81 port 48552 ssh2
Sep 28 15:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13455]: Connection closed by 218.84.101.81 port 48552 [preauth]
Sep 28 15:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: Invalid user user from 218.84.101.81
Sep 28 15:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: Failed password for invalid user user from 218.84.101.81 port 50772 ssh2
Sep 28 15:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13470]: Connection closed by 218.84.101.81 port 50772 [preauth]
Sep 28 15:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Invalid user user from 218.84.101.81
Sep 28 15:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Failed password for invalid user user from 218.84.101.81 port 53272 ssh2
Sep 28 15:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Connection closed by 218.84.101.81 port 53272 [preauth]
Sep 28 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: Invalid user user from 218.84.101.81
Sep 28 15:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user root
Sep 28 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: Failed password for invalid user user from 218.84.101.81 port 55386 ssh2
Sep 28 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13492]: Connection closed by 218.84.101.81 port 55386 [preauth]
Sep 28 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Invalid user user from 218.84.101.81
Sep 28 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Failed password for invalid user user from 218.84.101.81 port 57528 ssh2
Sep 28 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Connection closed by 218.84.101.81 port 57528 [preauth]
Sep 28 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Invalid user user from 218.84.101.81
Sep 28 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Failed password for invalid user user from 218.84.101.81 port 59560 ssh2
Sep 28 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13530]: Connection closed by 218.84.101.81 port 59560 [preauth]
Sep 28 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: Invalid user user from 218.84.101.81
Sep 28 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: Failed password for invalid user user from 218.84.101.81 port 61942 ssh2
Sep 28 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: Connection closed by 218.84.101.81 port 61942 [preauth]
Sep 28 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Invalid user user from 218.84.101.81
Sep 28 15:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Failed password for invalid user user from 218.84.101.81 port 63880 ssh2
Sep 28 15:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Connection closed by 218.84.101.81 port 63880 [preauth]
Sep 28 15:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Invalid user user from 218.84.101.81
Sep 28 15:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Failed password for invalid user user from 218.84.101.81 port 33254 ssh2
Sep 28 15:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Connection closed by 218.84.101.81 port 33254 [preauth]
Sep 28 15:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: Invalid user user from 218.84.101.81
Sep 28 15:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: Failed password for invalid user user from 218.84.101.81 port 35552 ssh2
Sep 28 15:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13578]: Connection closed by 218.84.101.81 port 35552 [preauth]
Sep 28 15:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: Invalid user user from 218.84.101.81
Sep 28 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: input_userauth_request: invalid user user [preauth]
Sep 28 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: Failed password for invalid user user from 218.84.101.81 port 37564 ssh2
Sep 28 15:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: Connection closed by 218.84.101.81 port 37564 [preauth]
Sep 28 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Invalid user user from 218.84.101.81
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: Successful su for rubyman by root
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: + ??? root:rubyman
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309177 of user rubyman.
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309177.
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for invalid user user from 218.84.101.81 port 39732 ssh2
Sep 28 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Connection closed by 218.84.101.81 port 39732 [preauth]
Sep 28 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session closed for user root
Sep 28 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Invalid user user from 218.84.101.81
Sep 28 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Failed password for invalid user user from 218.84.101.81 port 41976 ssh2
Sep 28 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Connection closed by 218.84.101.81 port 41976 [preauth]
Sep 28 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: Invalid user user from 218.84.101.81
Sep 28 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: Failed password for invalid user user from 218.84.101.81 port 44306 ssh2
Sep 28 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13864]: Connection closed by 218.84.101.81 port 44306 [preauth]
Sep 28 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Invalid user rishu from 36.88.163.34
Sep 28 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: input_userauth_request: invalid user rishu [preauth]
Sep 28 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Invalid user user from 218.84.101.81
Sep 28 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Failed password for invalid user user from 218.84.101.81 port 46564 ssh2
Sep 28 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Failed password for invalid user rishu from 36.88.163.34 port 42364 ssh2
Sep 28 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Connection closed by 218.84.101.81 port 46564 [preauth]
Sep 28 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Received disconnect from 36.88.163.34 port 42364:11: Bye Bye [preauth]
Sep 28 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Disconnected from 36.88.163.34 port 42364 [preauth]
Sep 28 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Invalid user user from 218.84.101.81
Sep 28 15:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for invalid user user from 218.84.101.81 port 48430 ssh2
Sep 28 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Connection closed by 218.84.101.81 port 48430 [preauth]
Sep 28 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Invalid user postgres from 190.129.122.12
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: input_userauth_request: invalid user postgres [preauth]
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Invalid user user from 218.84.101.81
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Failed password for invalid user postgres from 190.129.122.12 port 33521 ssh2
Sep 28 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Received disconnect from 190.129.122.12 port 33521:11: Bye Bye [preauth]
Sep 28 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Disconnected from 190.129.122.12 port 33521 [preauth]
Sep 28 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Failed password for invalid user user from 218.84.101.81 port 50696 ssh2
Sep 28 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Connection closed by 218.84.101.81 port 50696 [preauth]
Sep 28 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Invalid user user from 218.84.101.81
Sep 28 15:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Failed password for invalid user user from 218.84.101.81 port 52528 ssh2
Sep 28 15:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Connection closed by 218.84.101.81 port 52528 [preauth]
Sep 28 15:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: Invalid user user from 218.84.101.81
Sep 28 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: Failed password for invalid user user from 218.84.101.81 port 54498 ssh2
Sep 28 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13937]: Connection closed by 218.84.101.81 port 54498 [preauth]
Sep 28 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: Invalid user user from 218.84.101.81
Sep 28 15:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: Failed password for invalid user user from 218.84.101.81 port 56540 ssh2
Sep 28 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13948]: Connection closed by 218.84.101.81 port 56540 [preauth]
Sep 28 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Invalid user user from 218.84.101.81
Sep 28 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Failed password for invalid user user from 218.84.101.81 port 58910 ssh2
Sep 28 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Connection closed by 218.84.101.81 port 58910 [preauth]
Sep 28 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session closed for user root
Sep 28 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: Invalid user user from 218.84.101.81
Sep 28 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: Failed password for invalid user user from 218.84.101.81 port 61114 ssh2
Sep 28 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13972]: Connection closed by 218.84.101.81 port 61114 [preauth]
Sep 28 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Invalid user user from 218.84.101.81
Sep 28 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user user from 218.84.101.81 port 63120 ssh2
Sep 28 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 218.84.101.81 port 63120 [preauth]
Sep 28 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Invalid user user from 218.84.101.81
Sep 28 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Failed password for invalid user user from 218.84.101.81 port 65288 ssh2
Sep 28 15:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13994]: Connection closed by 218.84.101.81 port 65288 [preauth]
Sep 28 15:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Invalid user user from 218.84.101.81
Sep 28 15:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Failed password for invalid user user from 218.84.101.81 port 34440 ssh2
Sep 28 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Connection closed by 218.84.101.81 port 34440 [preauth]
Sep 28 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Invalid user user from 218.84.101.81
Sep 28 15:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Failed password for invalid user user from 218.84.101.81 port 36552 ssh2
Sep 28 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14120]: Connection closed by 218.84.101.81 port 36552 [preauth]
Sep 28 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Invalid user user from 218.84.101.81
Sep 28 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Failed password for invalid user user from 218.84.101.81 port 38640 ssh2
Sep 28 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Connection closed by 218.84.101.81 port 38640 [preauth]
Sep 28 15:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Invalid user user from 218.84.101.81
Sep 28 15:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Failed password for invalid user user from 218.84.101.81 port 40980 ssh2
Sep 28 15:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Connection closed by 218.84.101.81 port 40980 [preauth]
Sep 28 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Invalid user user from 218.84.101.81
Sep 28 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: input_userauth_request: invalid user user [preauth]
Sep 28 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Failed password for invalid user user from 218.84.101.81 port 43078 ssh2
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14221]: Successful su for rubyman by root
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14221]: + ??? root:rubyman
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309182 of user rubyman.
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14221]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309182.
Sep 28 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Connection closed by 218.84.101.81 port 43078 [preauth]
Sep 28 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: Invalid user user from 218.84.101.81
Sep 28 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10984]: pam_unix(cron:session): session closed for user root
Sep 28 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: Failed password for invalid user user from 218.84.101.81 port 45514 ssh2
Sep 28 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: Connection closed by 218.84.101.81 port 45514 [preauth]
Sep 28 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Invalid user user from 218.84.101.81
Sep 28 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Failed password for invalid user user from 218.84.101.81 port 47854 ssh2
Sep 28 15:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Connection closed by 218.84.101.81 port 47854 [preauth]
Sep 28 15:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: Invalid user user from 218.84.101.81
Sep 28 15:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: Failed password for invalid user user from 218.84.101.81 port 49832 ssh2
Sep 28 15:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14412]: Connection closed by 218.84.101.81 port 49832 [preauth]
Sep 28 15:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Invalid user user from 218.84.101.81
Sep 28 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Failed password for invalid user user from 218.84.101.81 port 52168 ssh2
Sep 28 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14422]: Connection closed by 218.84.101.81 port 52168 [preauth]
Sep 28 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Invalid user user from 218.84.101.81
Sep 28 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for root from 36.88.163.34 port 58532 ssh2
Sep 28 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Received disconnect from 36.88.163.34 port 58532:11: Bye Bye [preauth]
Sep 28 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Disconnected from 36.88.163.34 port 58532 [preauth]
Sep 28 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Failed password for invalid user user from 218.84.101.81 port 54088 ssh2
Sep 28 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14446]: Connection closed by 218.84.101.81 port 54088 [preauth]
Sep 28 15:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Invalid user user from 218.84.101.81
Sep 28 15:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Failed password for invalid user user from 218.84.101.81 port 56112 ssh2
Sep 28 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Connection closed by 218.84.101.81 port 56112 [preauth]
Sep 28 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Invalid user user from 218.84.101.81
Sep 28 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Failed password for invalid user user from 218.84.101.81 port 58338 ssh2
Sep 28 15:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Connection closed by 218.84.101.81 port 58338 [preauth]
Sep 28 15:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Invalid user user from 218.84.101.81
Sep 28 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Failed password for invalid user user from 218.84.101.81 port 60760 ssh2
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Invalid user app from 190.129.122.12
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: input_userauth_request: invalid user app [preauth]
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Connection closed by 218.84.101.81 port 60760 [preauth]
Sep 28 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Invalid user user from 218.84.101.81
Sep 28 15:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Failed password for invalid user app from 190.129.122.12 port 33329 ssh2
Sep 28 15:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Received disconnect from 190.129.122.12 port 33329:11: Bye Bye [preauth]
Sep 28 15:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Disconnected from 190.129.122.12 port 33329 [preauth]
Sep 28 15:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Failed password for invalid user user from 218.84.101.81 port 62998 ssh2
Sep 28 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Connection closed by 218.84.101.81 port 62998 [preauth]
Sep 28 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Invalid user user from 218.84.101.81
Sep 28 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session closed for user root
Sep 28 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Failed password for invalid user user from 218.84.101.81 port 65316 ssh2
Sep 28 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Connection closed by 218.84.101.81 port 65316 [preauth]
Sep 28 15:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Invalid user user from 218.84.101.81
Sep 28 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 28 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: Failed password for root from 20.163.71.109 port 40310 ssh2
Sep 28 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: Connection closed by 20.163.71.109 port 40310 [preauth]
Sep 28 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Failed password for invalid user user from 218.84.101.81 port 34848 ssh2
Sep 28 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Connection closed by 218.84.101.81 port 34848 [preauth]
Sep 28 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Invalid user user from 218.84.101.81
Sep 28 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Failed password for invalid user user from 218.84.101.81 port 37070 ssh2
Sep 28 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Connection closed by 218.84.101.81 port 37070 [preauth]
Sep 28 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Invalid user user from 218.84.101.81
Sep 28 15:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for invalid user user from 218.84.101.81 port 39656 ssh2
Sep 28 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 218.84.101.81 port 39656 [preauth]
Sep 28 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Invalid user user from 218.84.101.81
Sep 28 15:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Failed password for invalid user user from 218.84.101.81 port 41786 ssh2
Sep 28 15:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Connection closed by 218.84.101.81 port 41786 [preauth]
Sep 28 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Invalid user user from 218.84.101.81
Sep 28 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Failed password for invalid user user from 218.84.101.81 port 43946 ssh2
Sep 28 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Connection closed by 218.84.101.81 port 43946 [preauth]
Sep 28 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Invalid user user from 218.84.101.81
Sep 28 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Failed password for invalid user user from 218.84.101.81 port 46472 ssh2
Sep 28 15:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Connection closed by 218.84.101.81 port 46472 [preauth]
Sep 28 15:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Invalid user user from 218.84.101.81
Sep 28 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: input_userauth_request: invalid user user [preauth]
Sep 28 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Failed password for invalid user user from 218.84.101.81 port 48714 ssh2
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Connection closed by 218.84.101.81 port 48714 [preauth]
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14612]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: Successful su for rubyman by root
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: + ??? root:rubyman
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309187 of user rubyman.
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309187.
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: Invalid user user from 218.84.101.81
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: Failed password for invalid user user from 218.84.101.81 port 50964 ssh2
Sep 28 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14608]: Connection closed by 218.84.101.81 port 50964 [preauth]
Sep 28 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11450]: pam_unix(cron:session): session closed for user root
Sep 28 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Invalid user user from 218.84.101.81
Sep 28 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Failed password for invalid user user from 218.84.101.81 port 53248 ssh2
Sep 28 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14613]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Connection closed by 218.84.101.81 port 53248 [preauth]
Sep 28 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Invalid user user from 218.84.101.81
Sep 28 15:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Failed password for invalid user user from 218.84.101.81 port 55614 ssh2
Sep 28 15:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Connection closed by 218.84.101.81 port 55614 [preauth]
Sep 28 15:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Invalid user user from 218.84.101.81
Sep 28 15:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Failed password for invalid user user from 218.84.101.81 port 57974 ssh2
Sep 28 15:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Connection closed by 218.84.101.81 port 57974 [preauth]
Sep 28 15:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: Invalid user user from 218.84.101.81
Sep 28 15:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: Failed password for invalid user user from 218.84.101.81 port 59968 ssh2
Sep 28 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: Connection closed by 218.84.101.81 port 59968 [preauth]
Sep 28 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: Invalid user user from 218.84.101.81
Sep 28 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: Failed password for invalid user user from 218.84.101.81 port 62494 ssh2
Sep 28 15:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14910]: Connection closed by 218.84.101.81 port 62494 [preauth]
Sep 28 15:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Invalid user user from 218.84.101.81
Sep 28 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Failed password for invalid user user from 218.84.101.81 port 64438 ssh2
Sep 28 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Connection closed by 218.84.101.81 port 64438 [preauth]
Sep 28 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: Invalid user user from 218.84.101.81
Sep 28 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: input_userauth_request: invalid user user [preauth]
Sep 28 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: Failed password for invalid user user from 218.84.101.81 port 34082 ssh2
Sep 28 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14946]: Connection closed by 218.84.101.81 port 34082 [preauth]
Sep 28 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Failed password for invalid user ubuntu from 218.84.101.81 port 36412 ssh2
Sep 28 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Connection closed by 218.84.101.81 port 36412 [preauth]
Sep 28 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session closed for user root
Sep 28 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Failed password for invalid user ubuntu from 218.84.101.81 port 38872 ssh2
Sep 28 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Connection closed by 218.84.101.81 port 38872 [preauth]
Sep 28 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Failed password for invalid user ubuntu from 218.84.101.81 port 41310 ssh2
Sep 28 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Connection closed by 218.84.101.81 port 41310 [preauth]
Sep 28 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Invalid user bot1 from 190.129.122.12
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: input_userauth_request: invalid user bot1 [preauth]
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Failed password for invalid user ubuntu from 218.84.101.81 port 43448 ssh2
Sep 28 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Failed password for invalid user bot1 from 190.129.122.12 port 33761 ssh2
Sep 28 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14997]: Connection closed by 218.84.101.81 port 43448 [preauth]
Sep 28 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Received disconnect from 190.129.122.12 port 33761:11: Bye Bye [preauth]
Sep 28 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Disconnected from 190.129.122.12 port 33761 [preauth]
Sep 28 15:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for invalid user ubuntu from 218.84.101.81 port 45716 ssh2
Sep 28 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Connection closed by 218.84.101.81 port 45716 [preauth]
Sep 28 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Failed password for invalid user ubuntu from 218.84.101.81 port 47828 ssh2
Sep 28 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Connection closed by 218.84.101.81 port 47828 [preauth]
Sep 28 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: Failed password for invalid user ubuntu from 218.84.101.81 port 50234 ssh2
Sep 28 15:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15040]: Connection closed by 218.84.101.81 port 50234 [preauth]
Sep 28 15:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Failed password for invalid user ubuntu from 218.84.101.81 port 52718 ssh2
Sep 28 15:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Connection closed by 218.84.101.81 port 52718 [preauth]
Sep 28 15:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user root
Sep 28 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Failed password for invalid user ubuntu from 218.84.101.81 port 54834 ssh2
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15139]: Successful su for rubyman by root
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15139]: + ??? root:rubyman
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309191 of user rubyman.
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15139]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309191.
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Connection closed by 218.84.101.81 port 54834 [preauth]
Sep 28 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15068]: pam_unix(cron:session): session closed for user root
Sep 28 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Failed password for invalid user ubuntu from 218.84.101.81 port 57278 ssh2
Sep 28 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Connection closed by 218.84.101.81 port 57278 [preauth]
Sep 28 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user root
Sep 28 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Failed password for invalid user ubuntu from 218.84.101.81 port 59568 ssh2
Sep 28 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15334]: Connection closed by 218.84.101.81 port 59568 [preauth]
Sep 28 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: Failed password for root from 36.88.163.34 port 34406 ssh2
Sep 28 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: Received disconnect from 36.88.163.34 port 34406:11: Bye Bye [preauth]
Sep 28 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: Disconnected from 36.88.163.34 port 34406 [preauth]
Sep 28 15:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: Failed password for invalid user ubuntu from 218.84.101.81 port 61516 ssh2
Sep 28 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: Connection closed by 218.84.101.81 port 61516 [preauth]
Sep 28 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Failed password for invalid user ubuntu from 218.84.101.81 port 63944 ssh2
Sep 28 15:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Connection closed by 218.84.101.81 port 63944 [preauth]
Sep 28 15:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Failed password for invalid user ubuntu from 218.84.101.81 port 33410 ssh2
Sep 28 15:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Connection closed by 218.84.101.81 port 33410 [preauth]
Sep 28 15:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Failed password for invalid user ubuntu from 218.84.101.81 port 35822 ssh2
Sep 28 15:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Connection closed by 218.84.101.81 port 35822 [preauth]
Sep 28 15:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Failed password for invalid user ubuntu from 218.84.101.81 port 38156 ssh2
Sep 28 15:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Connection closed by 218.84.101.81 port 38156 [preauth]
Sep 28 15:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: Failed password for invalid user ubuntu from 218.84.101.81 port 40352 ssh2
Sep 28 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15449]: Connection closed by 218.84.101.81 port 40352 [preauth]
Sep 28 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user root
Sep 28 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Failed password for invalid user ubuntu from 218.84.101.81 port 42727 ssh2
Sep 28 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Connection closed by 218.84.101.81 port 42727 [preauth]
Sep 28 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Failed password for invalid user ubuntu from 218.84.101.81 port 44862 ssh2
Sep 28 15:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Connection closed by 218.84.101.81 port 44862 [preauth]
Sep 28 15:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Failed password for invalid user ubuntu from 218.84.101.81 port 47022 ssh2
Sep 28 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Connection closed by 218.84.101.81 port 47022 [preauth]
Sep 28 15:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Failed password for invalid user ubuntu from 218.84.101.81 port 49084 ssh2
Sep 28 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Connection closed by 218.84.101.81 port 49084 [preauth]
Sep 28 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Failed password for invalid user ubuntu from 218.84.101.81 port 51356 ssh2
Sep 28 15:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15516]: Connection closed by 218.84.101.81 port 51356 [preauth]
Sep 28 15:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for invalid user ubuntu from 218.84.101.81 port 53864 ssh2
Sep 28 15:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Connection closed by 218.84.101.81 port 53864 [preauth]
Sep 28 15:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: Invalid user tester from 190.129.122.12
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: input_userauth_request: invalid user tester [preauth]
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: Failed password for invalid user tester from 190.129.122.12 port 1411 ssh2
Sep 28 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: Received disconnect from 190.129.122.12 port 1411:11: Bye Bye [preauth]
Sep 28 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: Disconnected from 190.129.122.12 port 1411 [preauth]
Sep 28 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Failed password for invalid user ubuntu from 218.84.101.81 port 56028 ssh2
Sep 28 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Connection closed by 218.84.101.81 port 56028 [preauth]
Sep 28 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15559]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for invalid user ubuntu from 218.84.101.81 port 58098 ssh2
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Connection closed by 218.84.101.81 port 58098 [preauth]
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: Successful su for rubyman by root
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: + ??? root:rubyman
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309196 of user rubyman.
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309196.
Sep 28 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Failed password for invalid user ubuntu from 218.84.101.81 port 60222 ssh2
Sep 28 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Connection closed by 218.84.101.81 port 60222 [preauth]
Sep 28 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12582]: pam_unix(cron:session): session closed for user root
Sep 28 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Failed password for invalid user ubuntu from 218.84.101.81 port 62402 ssh2
Sep 28 15:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Connection closed by 218.84.101.81 port 62402 [preauth]
Sep 28 15:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for invalid user ubuntu from 218.84.101.81 port 64834 ssh2
Sep 28 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Connection closed by 218.84.101.81 port 64834 [preauth]
Sep 28 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Invalid user albert from 36.88.163.34
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: input_userauth_request: invalid user albert [preauth]
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Failed password for invalid user ubuntu from 218.84.101.81 port 34238 ssh2
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Connection closed by 218.84.101.81 port 34238 [preauth]
Sep 28 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Failed password for invalid user albert from 36.88.163.34 port 50580 ssh2
Sep 28 15:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Received disconnect from 36.88.163.34 port 50580:11: Bye Bye [preauth]
Sep 28 15:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Disconnected from 36.88.163.34 port 50580 [preauth]
Sep 28 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Failed password for invalid user ubuntu from 218.84.101.81 port 36236 ssh2
Sep 28 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Connection closed by 218.84.101.81 port 36236 [preauth]
Sep 28 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: Failed password for invalid user ubuntu from 218.84.101.81 port 38658 ssh2
Sep 28 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15875]: Connection closed by 218.84.101.81 port 38658 [preauth]
Sep 28 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Failed password for invalid user ubuntu from 218.84.101.81 port 40742 ssh2
Sep 28 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Connection closed by 218.84.101.81 port 40742 [preauth]
Sep 28 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Failed password for invalid user ubuntu from 218.84.101.81 port 43308 ssh2
Sep 28 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Connection closed by 218.84.101.81 port 43308 [preauth]
Sep 28 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Failed password for invalid user ubuntu from 218.84.101.81 port 45831 ssh2
Sep 28 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Connection closed by 218.84.101.81 port 45831 [preauth]
Sep 28 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session closed for user root
Sep 28 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Failed password for invalid user ubuntu from 218.84.101.81 port 48134 ssh2
Sep 28 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: Connection closed by 218.84.101.81 port 48134 [preauth]
Sep 28 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Failed password for invalid user ubuntu from 218.84.101.81 port 50502 ssh2
Sep 28 15:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15956]: Connection closed by 218.84.101.81 port 50502 [preauth]
Sep 28 15:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Failed password for invalid user ubuntu from 218.84.101.81 port 52672 ssh2
Sep 28 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Connection closed by 218.84.101.81 port 52672 [preauth]
Sep 28 15:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for invalid user ubuntu from 218.84.101.81 port 55312 ssh2
Sep 28 15:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Connection closed by 218.84.101.81 port 55312 [preauth]
Sep 28 15:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Failed password for invalid user ubuntu from 218.84.101.81 port 57880 ssh2
Sep 28 15:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Connection closed by 218.84.101.81 port 57880 [preauth]
Sep 28 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Failed password for invalid user ubuntu from 218.84.101.81 port 59994 ssh2
Sep 28 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Connection closed by 218.84.101.81 port 59994 [preauth]
Sep 28 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Failed password for invalid user ubuntu from 218.84.101.81 port 62708 ssh2
Sep 28 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Connection closed by 218.84.101.81 port 62708 [preauth]
Sep 28 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16091]: Successful su for rubyman by root
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16091]: + ??? root:rubyman
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309200 of user rubyman.
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16091]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309200.
Sep 28 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: Failed password for invalid user ubuntu from 218.84.101.81 port 65134 ssh2
Sep 28 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: Connection closed by 218.84.101.81 port 65134 [preauth]
Sep 28 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13115]: pam_unix(cron:session): session closed for user root
Sep 28 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Failed password for invalid user ubuntu from 218.84.101.81 port 34565 ssh2
Sep 28 15:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16211]: Connection closed by 218.84.101.81 port 34565 [preauth]
Sep 28 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Invalid user zhangyx from 190.129.122.12
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: input_userauth_request: invalid user zhangyx [preauth]
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Failed password for invalid user zhangyx from 190.129.122.12 port 49886 ssh2
Sep 28 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user ubuntu from 218.84.101.81 port 36802 ssh2
Sep 28 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Received disconnect from 190.129.122.12 port 49886:11: Bye Bye [preauth]
Sep 28 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Disconnected from 190.129.122.12 port 49886 [preauth]
Sep 28 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Connection closed by 218.84.101.81 port 36802 [preauth]
Sep 28 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Failed password for invalid user ubuntu from 218.84.101.81 port 39318 ssh2
Sep 28 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Connection closed by 218.84.101.81 port 39318 [preauth]
Sep 28 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for invalid user ubuntu from 218.84.101.81 port 41550 ssh2
Sep 28 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 218.84.101.81 port 41550 [preauth]
Sep 28 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Failed password for invalid user ubuntu from 218.84.101.81 port 44254 ssh2
Sep 28 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Connection closed by 218.84.101.81 port 44254 [preauth]
Sep 28 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: Failed password for invalid user ubuntu from 218.84.101.81 port 46834 ssh2
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: Invalid user soporte from 36.88.163.34
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: input_userauth_request: invalid user soporte [preauth]
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16355]: Connection closed by 218.84.101.81 port 46834 [preauth]
Sep 28 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: Failed password for invalid user soporte from 36.88.163.34 port 38514 ssh2
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: Received disconnect from 36.88.163.34 port 38514:11: Bye Bye [preauth]
Sep 28 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16373]: Disconnected from 36.88.163.34 port 38514 [preauth]
Sep 28 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Failed password for invalid user ubuntu from 218.84.101.81 port 49332 ssh2
Sep 28 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Connection closed by 218.84.101.81 port 49332 [preauth]
Sep 28 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Failed password for invalid user ubuntu from 218.84.101.81 port 52054 ssh2
Sep 28 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Connection closed by 218.84.101.81 port 52054 [preauth]
Sep 28 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session closed for user root
Sep 28 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Failed password for invalid user ubuntu from 218.84.101.81 port 54348 ssh2
Sep 28 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Connection closed by 218.84.101.81 port 54348 [preauth]
Sep 28 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: Failed password for invalid user ubuntu from 218.84.101.81 port 56814 ssh2
Sep 28 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16431]: Connection closed by 218.84.101.81 port 56814 [preauth]
Sep 28 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Failed password for invalid user ubuntu from 218.84.101.81 port 59252 ssh2
Sep 28 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Connection closed by 218.84.101.81 port 59252 [preauth]
Sep 28 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for invalid user ubuntu from 218.84.101.81 port 61956 ssh2
Sep 28 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 218.84.101.81 port 61956 [preauth]
Sep 28 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Failed password for invalid user ubuntu from 218.84.101.81 port 64324 ssh2
Sep 28 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Connection closed by 218.84.101.81 port 64324 [preauth]
Sep 28 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: Failed password for invalid user ubuntu from 218.84.101.81 port 33550 ssh2
Sep 28 15:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: Connection closed by 218.84.101.81 port 33550 [preauth]
Sep 28 15:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Failed password for invalid user ubuntu from 218.84.101.81 port 36208 ssh2
Sep 28 15:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16483]: Connection closed by 218.84.101.81 port 36208 [preauth]
Sep 28 15:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: Failed password for invalid user ubuntu from 218.84.101.81 port 38566 ssh2
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16500]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16496]: Connection closed by 218.84.101.81 port 38566 [preauth]
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16575]: Successful su for rubyman by root
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16575]: + ??? root:rubyman
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309203 of user rubyman.
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16575]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309203.
Sep 28 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Failed password for invalid user ubuntu from 218.84.101.81 port 40654 ssh2
Sep 28 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Connection closed by 218.84.101.81 port 40654 [preauth]
Sep 28 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user root
Sep 28 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user ubuntu from 218.84.101.81 port 43062 ssh2
Sep 28 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Connection closed by 218.84.101.81 port 43062 [preauth]
Sep 28 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Failed password for invalid user ubuntu from 218.84.101.81 port 45396 ssh2
Sep 28 15:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Connection closed by 218.84.101.81 port 45396 [preauth]
Sep 28 15:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for invalid user ubuntu from 218.84.101.81 port 47704 ssh2
Sep 28 15:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Connection closed by 218.84.101.81 port 47704 [preauth]
Sep 28 15:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Failed password for invalid user ubuntu from 218.84.101.81 port 50064 ssh2
Sep 28 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Connection closed by 218.84.101.81 port 50064 [preauth]
Sep 28 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Invalid user kav from 190.129.122.12
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: input_userauth_request: invalid user kav [preauth]
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Failed password for invalid user ubuntu from 218.84.101.81 port 52348 ssh2
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Connection closed by 218.84.101.81 port 52348 [preauth]
Sep 28 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Failed password for invalid user kav from 190.129.122.12 port 1157 ssh2
Sep 28 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Received disconnect from 190.129.122.12 port 1157:11: Bye Bye [preauth]
Sep 28 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Disconnected from 190.129.122.12 port 1157 [preauth]
Sep 28 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: Failed password for invalid user ubuntu from 218.84.101.81 port 54408 ssh2
Sep 28 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: Connection closed by 218.84.101.81 port 54408 [preauth]
Sep 28 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Failed password for invalid user ubuntu from 218.84.101.81 port 56798 ssh2
Sep 28 15:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Connection closed by 218.84.101.81 port 56798 [preauth]
Sep 28 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Invalid user abhinav from 36.88.163.34
Sep 28 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: input_userauth_request: invalid user abhinav [preauth]
Sep 28 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user abhinav from 36.88.163.34 port 54710 ssh2
Sep 28 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Received disconnect from 36.88.163.34 port 54710:11: Bye Bye [preauth]
Sep 28 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Disconnected from 36.88.163.34 port 54710 [preauth]
Sep 28 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Failed password for invalid user ubuntu from 218.84.101.81 port 59580 ssh2
Sep 28 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Connection closed by 218.84.101.81 port 59580 [preauth]
Sep 28 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session closed for user root
Sep 28 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Failed password for invalid user ubuntu from 218.84.101.81 port 62096 ssh2
Sep 28 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Connection closed by 218.84.101.81 port 62096 [preauth]
Sep 28 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Failed password for invalid user ubuntu from 218.84.101.81 port 64590 ssh2
Sep 28 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Connection closed by 218.84.101.81 port 64590 [preauth]
Sep 28 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Failed password for invalid user ubuntu from 218.84.101.81 port 34186 ssh2
Sep 28 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Connection closed by 218.84.101.81 port 34186 [preauth]
Sep 28 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Failed password for invalid user ubuntu from 218.84.101.81 port 36442 ssh2
Sep 28 15:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Connection closed by 218.84.101.81 port 36442 [preauth]
Sep 28 15:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: Failed password for invalid user ubuntu from 218.84.101.81 port 38448 ssh2
Sep 28 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16943]: Connection closed by 218.84.101.81 port 38448 [preauth]
Sep 28 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: Failed password for invalid user ubuntu from 218.84.101.81 port 40778 ssh2
Sep 28 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16956]: Connection closed by 218.84.101.81 port 40778 [preauth]
Sep 28 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Failed password for invalid user ubuntu from 218.84.101.81 port 42934 ssh2
Sep 28 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Connection closed by 218.84.101.81 port 42934 [preauth]
Sep 28 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Failed password for invalid user ubuntu from 218.84.101.81 port 45348 ssh2
Sep 28 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Connection closed by 218.84.101.81 port 45348 [preauth]
Sep 28 15:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17055]: Successful su for rubyman by root
Sep 28 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17055]: + ??? root:rubyman
Sep 28 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309209 of user rubyman.
Sep 28 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17055]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309209.
Sep 28 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for invalid user ubuntu from 218.84.101.81 port 47586 ssh2
Sep 28 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Connection closed by 218.84.101.81 port 47586 [preauth]
Sep 28 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session closed for user root
Sep 28 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: Failed password for invalid user ubuntu from 218.84.101.81 port 49714 ssh2
Sep 28 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: Connection closed by 218.84.101.81 port 49714 [preauth]
Sep 28 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: Failed password for invalid user ubuntu from 218.84.101.81 port 52202 ssh2
Sep 28 15:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17262]: Connection closed by 218.84.101.81 port 52202 [preauth]
Sep 28 15:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Failed password for invalid user ubuntu from 218.84.101.81 port 54538 ssh2
Sep 28 15:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Connection closed by 218.84.101.81 port 54538 [preauth]
Sep 28 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Invalid user user from 62.60.131.157
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: input_userauth_request: invalid user user [preauth]
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Failed password for invalid user ubuntu from 218.84.101.81 port 56882 ssh2
Sep 28 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Connection closed by 218.84.101.81 port 56882 [preauth]
Sep 28 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user user from 62.60.131.157 port 61246 ssh2
Sep 28 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user user from 62.60.131.157 port 61246 ssh2
Sep 28 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Failed password for invalid user ubuntu from 218.84.101.81 port 58982 ssh2
Sep 28 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Connection closed by 218.84.101.81 port 58982 [preauth]
Sep 28 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user user from 62.60.131.157 port 61246 ssh2
Sep 28 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Invalid user ubuntu from 218.84.101.81
Sep 28 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user user from 62.60.131.157 port 61246 ssh2
Sep 28 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Failed password for root from 36.88.163.34 port 42624 ssh2
Sep 28 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Received disconnect from 36.88.163.34 port 42624:11: Bye Bye [preauth]
Sep 28 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Disconnected from 36.88.163.34 port 42624 [preauth]
Sep 28 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Failed password for invalid user ubuntu from 218.84.101.81 port 61220 ssh2
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Connection closed by 218.84.101.81 port 61220 [preauth]
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user user from 62.60.131.157 port 61246 ssh2
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Received disconnect from 62.60.131.157 port 61246:11: Bye [preauth]
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Disconnected from 62.60.131.157 port 61246 [preauth]
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Invalid user debian from 218.84.101.81
Sep 28 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Failed password for invalid user debian from 218.84.101.81 port 63364 ssh2
Sep 28 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Connection closed by 218.84.101.81 port 63364 [preauth]
Sep 28 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Invalid user debian from 218.84.101.81
Sep 28 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Failed password for invalid user debian from 218.84.101.81 port 65452 ssh2
Sep 28 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Connection closed by 218.84.101.81 port 65452 [preauth]
Sep 28 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Invalid user debian from 218.84.101.81
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for root from 190.129.122.12 port 17242 ssh2
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Received disconnect from 190.129.122.12 port 17242:11: Bye Bye [preauth]
Sep 28 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Disconnected from 190.129.122.12 port 17242 [preauth]
Sep 28 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Failed password for invalid user debian from 218.84.101.81 port 35120 ssh2
Sep 28 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Connection closed by 218.84.101.81 port 35120 [preauth]
Sep 28 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session closed for user root
Sep 28 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Invalid user debian from 218.84.101.81
Sep 28 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Failed password for invalid user debian from 218.84.101.81 port 37342 ssh2
Sep 28 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Connection closed by 218.84.101.81 port 37342 [preauth]
Sep 28 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Invalid user debian from 218.84.101.81
Sep 28 15:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Failed password for invalid user debian from 218.84.101.81 port 39852 ssh2
Sep 28 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Connection closed by 218.84.101.81 port 39852 [preauth]
Sep 28 15:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Invalid user debian from 218.84.101.81
Sep 28 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Failed password for invalid user debian from 218.84.101.81 port 42206 ssh2
Sep 28 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Connection closed by 218.84.101.81 port 42206 [preauth]
Sep 28 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Invalid user debian from 218.84.101.81
Sep 28 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Failed password for invalid user debian from 218.84.101.81 port 44216 ssh2
Sep 28 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Connection closed by 218.84.101.81 port 44216 [preauth]
Sep 28 15:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Invalid user debian from 218.84.101.81
Sep 28 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Failed password for invalid user debian from 218.84.101.81 port 46696 ssh2
Sep 28 15:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Connection closed by 218.84.101.81 port 46696 [preauth]
Sep 28 15:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Invalid user debian from 218.84.101.81
Sep 28 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user debian from 218.84.101.81 port 48692 ssh2
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Connection closed by 218.84.101.81 port 48692 [preauth]
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Invalid user wangxin from 154.91.170.39
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: input_userauth_request: invalid user wangxin [preauth]
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Invalid user debian from 218.84.101.81
Sep 28 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Failed password for invalid user wangxin from 154.91.170.39 port 34460 ssh2
Sep 28 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Received disconnect from 154.91.170.39 port 34460:11: Bye Bye [preauth]
Sep 28 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17463]: Disconnected from 154.91.170.39 port 34460 [preauth]
Sep 28 15:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Failed password for invalid user debian from 218.84.101.81 port 51120 ssh2
Sep 28 15:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Connection closed by 218.84.101.81 port 51120 [preauth]
Sep 28 15:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Invalid user debian from 218.84.101.81
Sep 28 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session closed for user root
Sep 28 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Failed password for invalid user debian from 218.84.101.81 port 53266 ssh2
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Connection closed by 218.84.101.81 port 53266 [preauth]
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17560]: Successful su for rubyman by root
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17560]: + ??? root:rubyman
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309212 of user rubyman.
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17560]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309212.
Sep 28 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Invalid user debian from 218.84.101.81
Sep 28 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Failed password for invalid user debian from 218.84.101.81 port 55542 ssh2
Sep 28 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Connection closed by 218.84.101.81 port 55542 [preauth]
Sep 28 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session closed for user root
Sep 28 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session closed for user root
Sep 28 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Invalid user debian from 218.84.101.81
Sep 28 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for invalid user debian from 218.84.101.81 port 57948 ssh2
Sep 28 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 218.84.101.81 port 57948 [preauth]
Sep 28 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Invalid user debian from 218.84.101.81
Sep 28 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Failed password for invalid user debian from 218.84.101.81 port 60544 ssh2
Sep 28 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Connection closed by 218.84.101.81 port 60544 [preauth]
Sep 28 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Invalid user debian from 218.84.101.81
Sep 28 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for invalid user debian from 218.84.101.81 port 63128 ssh2
Sep 28 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Connection closed by 218.84.101.81 port 63128 [preauth]
Sep 28 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: Invalid user debian from 218.84.101.81
Sep 28 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: Failed password for invalid user debian from 218.84.101.81 port 65410 ssh2
Sep 28 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: Connection closed by 218.84.101.81 port 65410 [preauth]
Sep 28 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Invalid user debian from 218.84.101.81
Sep 28 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Failed password for invalid user debian from 218.84.101.81 port 35354 ssh2
Sep 28 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Connection closed by 218.84.101.81 port 35354 [preauth]
Sep 28 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Invalid user debian from 218.84.101.81
Sep 28 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for invalid user debian from 218.84.101.81 port 37758 ssh2
Sep 28 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 218.84.101.81 port 37758 [preauth]
Sep 28 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Invalid user debian from 218.84.101.81
Sep 28 15:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for invalid user debian from 218.84.101.81 port 39680 ssh2
Sep 28 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Connection closed by 218.84.101.81 port 39680 [preauth]
Sep 28 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Invalid user debian from 218.84.101.81
Sep 28 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Failed password for invalid user debian from 218.84.101.81 port 42060 ssh2
Sep 28 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Connection closed by 218.84.101.81 port 42060 [preauth]
Sep 28 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session closed for user root
Sep 28 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Invalid user debian from 218.84.101.81
Sep 28 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Failed password for invalid user debian from 218.84.101.81 port 44116 ssh2
Sep 28 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Connection closed by 218.84.101.81 port 44116 [preauth]
Sep 28 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Invalid user debian from 218.84.101.81
Sep 28 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Failed password for invalid user debian from 218.84.101.81 port 46420 ssh2
Sep 28 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Connection closed by 218.84.101.81 port 46420 [preauth]
Sep 28 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Invalid user debian from 218.84.101.81
Sep 28 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Failed password for invalid user debian from 218.84.101.81 port 48766 ssh2
Sep 28 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18030]: Connection closed by 218.84.101.81 port 48766 [preauth]
Sep 28 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Failed password for root from 190.129.122.12 port 17424 ssh2
Sep 28 15:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Received disconnect from 190.129.122.12 port 17424:11: Bye Bye [preauth]
Sep 28 15:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18032]: Disconnected from 190.129.122.12 port 17424 [preauth]
Sep 28 15:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Invalid user debian from 218.84.101.81
Sep 28 15:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Failed password for invalid user debian from 218.84.101.81 port 51316 ssh2
Sep 28 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Connection closed by 218.84.101.81 port 51316 [preauth]
Sep 28 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Invalid user debian from 218.84.101.81
Sep 28 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Failed password for invalid user debian from 218.84.101.81 port 53796 ssh2
Sep 28 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Connection closed by 218.84.101.81 port 53796 [preauth]
Sep 28 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: Invalid user debian from 218.84.101.81
Sep 28 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: Failed password for invalid user debian from 218.84.101.81 port 56028 ssh2
Sep 28 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18077]: Connection closed by 218.84.101.81 port 56028 [preauth]
Sep 28 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Invalid user debian from 218.84.101.81
Sep 28 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Failed password for invalid user debian from 218.84.101.81 port 58720 ssh2
Sep 28 15:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Connection closed by 218.84.101.81 port 58720 [preauth]
Sep 28 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Invalid user debian from 218.84.101.81
Sep 28 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: Successful su for rubyman by root
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: + ??? root:rubyman
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309218 of user rubyman.
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309218.
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Failed password for invalid user debian from 218.84.101.81 port 60882 ssh2
Sep 28 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Connection closed by 218.84.101.81 port 60882 [preauth]
Sep 28 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Invalid user debian from 218.84.101.81
Sep 28 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session closed for user root
Sep 28 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Failed password for invalid user debian from 218.84.101.81 port 63386 ssh2
Sep 28 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Connection closed by 218.84.101.81 port 63386 [preauth]
Sep 28 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Invalid user debian from 218.84.101.81
Sep 28 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Failed password for invalid user debian from 218.84.101.81 port 33114 ssh2
Sep 28 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Connection closed by 218.84.101.81 port 33114 [preauth]
Sep 28 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Invalid user debian from 218.84.101.81
Sep 28 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Failed password for invalid user debian from 218.84.101.81 port 35284 ssh2
Sep 28 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Connection closed by 218.84.101.81 port 35284 [preauth]
Sep 28 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Invalid user debian from 218.84.101.81
Sep 28 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for invalid user debian from 218.84.101.81 port 37512 ssh2
Sep 28 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Connection closed by 218.84.101.81 port 37512 [preauth]
Sep 28 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Invalid user debian from 218.84.101.81
Sep 28 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Failed password for invalid user debian from 218.84.101.81 port 39896 ssh2
Sep 28 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Connection closed by 218.84.101.81 port 39896 [preauth]
Sep 28 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Invalid user debian from 218.84.101.81
Sep 28 15:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Failed password for invalid user debian from 218.84.101.81 port 42230 ssh2
Sep 28 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Connection closed by 218.84.101.81 port 42230 [preauth]
Sep 28 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Invalid user debian from 218.84.101.81
Sep 28 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Failed password for invalid user debian from 218.84.101.81 port 44532 ssh2
Sep 28 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18712]: Connection closed by 218.84.101.81 port 44532 [preauth]
Sep 28 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: Invalid user debian from 218.84.101.81
Sep 28 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: Failed password for invalid user debian from 218.84.101.81 port 46732 ssh2
Sep 28 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: Connection closed by 218.84.101.81 port 46732 [preauth]
Sep 28 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: Invalid user debian from 218.84.101.81
Sep 28 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session closed for user root
Sep 28 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: Failed password for invalid user debian from 218.84.101.81 port 49090 ssh2
Sep 28 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: Connection closed by 218.84.101.81 port 49090 [preauth]
Sep 28 15:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Invalid user debian from 218.84.101.81
Sep 28 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Failed password for invalid user debian from 218.84.101.81 port 51314 ssh2
Sep 28 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Connection closed by 218.84.101.81 port 51314 [preauth]
Sep 28 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Invalid user debian from 218.84.101.81
Sep 28 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Failed password for invalid user debian from 218.84.101.81 port 53860 ssh2
Sep 28 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Connection closed by 218.84.101.81 port 53860 [preauth]
Sep 28 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Invalid user debian from 218.84.101.81
Sep 28 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Failed password for invalid user debian from 218.84.101.81 port 56372 ssh2
Sep 28 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Connection closed by 218.84.101.81 port 56372 [preauth]
Sep 28 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: Invalid user fernando from 36.88.163.34
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: input_userauth_request: invalid user fernando [preauth]
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Invalid user debian from 218.84.101.81
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: Failed password for invalid user fernando from 36.88.163.34 port 46726 ssh2
Sep 28 15:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: Connection reset by 36.88.163.34 port 46726 [preauth]
Sep 28 15:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for invalid user debian from 218.84.101.81 port 58490 ssh2
Sep 28 15:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Connection closed by 218.84.101.81 port 58490 [preauth]
Sep 28 15:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Invalid user debian from 218.84.101.81
Sep 28 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Failed password for invalid user debian from 218.84.101.81 port 61154 ssh2
Sep 28 15:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: Connection closed by 218.84.101.81 port 61154 [preauth]
Sep 28 15:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Invalid user debian from 218.84.101.81
Sep 28 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Failed password for invalid user debian from 218.84.101.81 port 63464 ssh2
Sep 28 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Connection closed by 218.84.101.81 port 63464 [preauth]
Sep 28 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Invalid user debian from 218.84.101.81
Sep 28 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Failed password for invalid user debian from 218.84.101.81 port 33354 ssh2
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Connection closed by 218.84.101.81 port 33354 [preauth]
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: Successful su for rubyman by root
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: + ??? root:rubyman
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309221 of user rubyman.
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309221.
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Invalid user debian from 218.84.101.81
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for root from 190.129.122.12 port 33433 ssh2
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Received disconnect from 190.129.122.12 port 33433:11: Bye Bye [preauth]
Sep 28 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Disconnected from 190.129.122.12 port 33433 [preauth]
Sep 28 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Failed password for invalid user debian from 218.84.101.81 port 36017 ssh2
Sep 28 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: Connection closed by 218.84.101.81 port 36017 [preauth]
Sep 28 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15559]: pam_unix(cron:session): session closed for user root
Sep 28 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Invalid user debian from 218.84.101.81
Sep 28 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Failed password for invalid user debian from 218.84.101.81 port 38286 ssh2
Sep 28 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Connection closed by 218.84.101.81 port 38286 [preauth]
Sep 28 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Invalid user debian from 218.84.101.81
Sep 28 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Failed password for root from 38.248.12.102 port 58306 ssh2
Sep 28 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Received disconnect from 38.248.12.102 port 58306:11: Bye Bye [preauth]
Sep 28 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Disconnected from 38.248.12.102 port 58306 [preauth]
Sep 28 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Failed password for invalid user debian from 218.84.101.81 port 40708 ssh2
Sep 28 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Connection closed by 218.84.101.81 port 40708 [preauth]
Sep 28 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Invalid user debian from 218.84.101.81
Sep 28 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Failed password for invalid user debian from 218.84.101.81 port 43195 ssh2
Sep 28 15:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Connection closed by 218.84.101.81 port 43195 [preauth]
Sep 28 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Invalid user debian from 218.84.101.81
Sep 28 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Failed password for invalid user debian from 218.84.101.81 port 45594 ssh2
Sep 28 15:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Connection closed by 218.84.101.81 port 45594 [preauth]
Sep 28 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Invalid user debian from 218.84.101.81
Sep 28 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Failed password for invalid user debian from 218.84.101.81 port 48224 ssh2
Sep 28 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Connection closed by 218.84.101.81 port 48224 [preauth]
Sep 28 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Invalid user debian from 218.84.101.81
Sep 28 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Failed password for invalid user debian from 218.84.101.81 port 50694 ssh2
Sep 28 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Connection closed by 218.84.101.81 port 50694 [preauth]
Sep 28 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Invalid user debian from 218.84.101.81
Sep 28 15:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Failed password for invalid user debian from 218.84.101.81 port 53364 ssh2
Sep 28 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Connection closed by 218.84.101.81 port 53364 [preauth]
Sep 28 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Invalid user debian from 218.84.101.81
Sep 28 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Failed password for invalid user debian from 218.84.101.81 port 55874 ssh2
Sep 28 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Connection closed by 218.84.101.81 port 55874 [preauth]
Sep 28 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17486]: pam_unix(cron:session): session closed for user root
Sep 28 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Invalid user debian from 218.84.101.81
Sep 28 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Failed password for invalid user debian from 218.84.101.81 port 58410 ssh2
Sep 28 15:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Connection closed by 218.84.101.81 port 58410 [preauth]
Sep 28 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Invalid user debian from 218.84.101.81
Sep 28 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Failed password for invalid user debian from 218.84.101.81 port 61116 ssh2
Sep 28 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Connection closed by 218.84.101.81 port 61116 [preauth]
Sep 28 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Invalid user debian from 218.84.101.81
Sep 28 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for invalid user debian from 218.84.101.81 port 63380 ssh2
Sep 28 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Connection closed by 218.84.101.81 port 63380 [preauth]
Sep 28 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Invalid user debian from 218.84.101.81
Sep 28 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Failed password for invalid user debian from 218.84.101.81 port 33020 ssh2
Sep 28 15:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19429]: Connection closed by 218.84.101.81 port 33020 [preauth]
Sep 28 15:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Invalid user debian from 218.84.101.81
Sep 28 15:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Failed password for invalid user debian from 218.84.101.81 port 35738 ssh2
Sep 28 15:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Connection closed by 218.84.101.81 port 35738 [preauth]
Sep 28 15:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Invalid user debian from 218.84.101.81
Sep 28 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Failed password for invalid user debian from 218.84.101.81 port 37998 ssh2
Sep 28 15:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Connection closed by 218.84.101.81 port 37998 [preauth]
Sep 28 15:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: Invalid user debian from 218.84.101.81
Sep 28 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Invalid user vhserver from 36.88.163.34
Sep 28 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: input_userauth_request: invalid user vhserver [preauth]
Sep 28 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: Failed password for invalid user debian from 218.84.101.81 port 40248 ssh2
Sep 28 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19566]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19456]: Connection closed by 218.84.101.81 port 40248 [preauth]
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19732]: Successful su for rubyman by root
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19732]: + ??? root:rubyman
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309225 of user rubyman.
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19732]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309225.
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Invalid user debian from 218.84.101.81
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Failed password for invalid user vhserver from 36.88.163.34 port 34676 ssh2
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Received disconnect from 36.88.163.34 port 34676:11: Bye Bye [preauth]
Sep 28 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19562]: Disconnected from 36.88.163.34 port 34676 [preauth]
Sep 28 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Failed password for invalid user debian from 218.84.101.81 port 42924 ssh2
Sep 28 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Connection closed by 218.84.101.81 port 42924 [preauth]
Sep 28 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session closed for user root
Sep 28 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Invalid user debian from 218.84.101.81
Sep 28 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Failed password for invalid user debian from 218.84.101.81 port 45204 ssh2
Sep 28 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Connection closed by 218.84.101.81 port 45204 [preauth]
Sep 28 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Invalid user debian from 218.84.101.81
Sep 28 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Invalid user admin from 139.19.117.131
Sep 28 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Failed password for invalid user debian from 218.84.101.81 port 47830 ssh2
Sep 28 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Connection closed by 218.84.101.81 port 47830 [preauth]
Sep 28 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Invalid user debian from 218.84.101.81
Sep 28 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Failed password for invalid user debian from 218.84.101.81 port 50420 ssh2
Sep 28 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Connection closed by 218.84.101.81 port 50420 [preauth]
Sep 28 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Invalid user maman from 190.129.122.12
Sep 28 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: input_userauth_request: invalid user maman [preauth]
Sep 28 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Invalid user debian from 218.84.101.81
Sep 28 15:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Failed password for invalid user maman from 190.129.122.12 port 33455 ssh2
Sep 28 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Received disconnect from 190.129.122.12 port 33455:11: Bye Bye [preauth]
Sep 28 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Disconnected from 190.129.122.12 port 33455 [preauth]
Sep 28 15:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Failed password for invalid user debian from 218.84.101.81 port 52542 ssh2
Sep 28 15:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Connection closed by 218.84.101.81 port 52542 [preauth]
Sep 28 15:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: Invalid user debian from 218.84.101.81
Sep 28 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Connection closed by 139.19.117.131 port 36604 [preauth]
Sep 28 15:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: Failed password for invalid user debian from 218.84.101.81 port 55390 ssh2
Sep 28 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: Connection closed by 218.84.101.81 port 55390 [preauth]
Sep 28 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Invalid user debian from 218.84.101.81
Sep 28 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Failed password for invalid user debian from 218.84.101.81 port 57924 ssh2
Sep 28 15:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Connection closed by 218.84.101.81 port 57924 [preauth]
Sep 28 15:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Invalid user debian from 218.84.101.81
Sep 28 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Failed password for invalid user debian from 218.84.101.81 port 60036 ssh2
Sep 28 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Connection closed by 218.84.101.81 port 60036 [preauth]
Sep 28 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: Invalid user debian from 218.84.101.81
Sep 28 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session closed for user root
Sep 28 15:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: Failed password for invalid user debian from 218.84.101.81 port 62474 ssh2
Sep 28 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: Connection closed by 218.84.101.81 port 62474 [preauth]
Sep 28 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Invalid user debian from 218.84.101.81
Sep 28 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.42.93.139  user=root
Sep 28 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Failed password for invalid user debian from 218.84.101.81 port 64998 ssh2
Sep 28 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Connection closed by 218.84.101.81 port 64998 [preauth]
Sep 28 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for root from 182.42.93.139 port 58444 ssh2
Sep 28 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: Invalid user debian from 218.84.101.81
Sep 28 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: Failed password for invalid user debian from 218.84.101.81 port 34218 ssh2
Sep 28 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20151]: Connection closed by 218.84.101.81 port 34218 [preauth]
Sep 28 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: Invalid user debian from 218.84.101.81
Sep 28 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: Failed password for invalid user debian from 218.84.101.81 port 36124 ssh2
Sep 28 15:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: Connection closed by 218.84.101.81 port 36124 [preauth]
Sep 28 15:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Invalid user debian from 218.84.101.81
Sep 28 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Failed password for invalid user debian from 218.84.101.81 port 38156 ssh2
Sep 28 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Connection closed by 218.84.101.81 port 38156 [preauth]
Sep 28 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Invalid user debian from 218.84.101.81
Sep 28 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Failed password for invalid user debian from 218.84.101.81 port 40644 ssh2
Sep 28 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Connection closed by 218.84.101.81 port 40644 [preauth]
Sep 28 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Invalid user debian from 218.84.101.81
Sep 28 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Failed password for invalid user debian from 218.84.101.81 port 42718 ssh2
Sep 28 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Connection closed by 218.84.101.81 port 42718 [preauth]
Sep 28 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: Invalid user debian from 218.84.101.81
Sep 28 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: Failed password for invalid user debian from 218.84.101.81 port 45302 ssh2
Sep 28 15:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20224]: Connection closed by 218.84.101.81 port 45302 [preauth]
Sep 28 15:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Invalid user debian from 218.84.101.81
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20318]: Successful su for rubyman by root
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20318]: + ??? root:rubyman
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309229 of user rubyman.
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20318]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309229.
Sep 28 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Failed password for invalid user debian from 218.84.101.81 port 47668 ssh2
Sep 28 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Connection closed by 218.84.101.81 port 47668 [preauth]
Sep 28 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Invalid user debian from 218.84.101.81
Sep 28 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session closed for user root
Sep 28 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Failed password for root from 154.91.170.39 port 34696 ssh2
Sep 28 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Received disconnect from 154.91.170.39 port 34696:11: Bye Bye [preauth]
Sep 28 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Disconnected from 154.91.170.39 port 34696 [preauth]
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Invalid user yby from 36.88.163.34
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: input_userauth_request: invalid user yby [preauth]
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Failed password for invalid user debian from 218.84.101.81 port 49864 ssh2
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Connection closed by 218.84.101.81 port 49864 [preauth]
Sep 28 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Invalid user debian from 218.84.101.81
Sep 28 15:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for invalid user yby from 36.88.163.34 port 50852 ssh2
Sep 28 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Received disconnect from 36.88.163.34 port 50852:11: Bye Bye [preauth]
Sep 28 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Disconnected from 36.88.163.34 port 50852 [preauth]
Sep 28 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Failed password for invalid user debian from 218.84.101.81 port 51906 ssh2
Sep 28 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Connection closed by 218.84.101.81 port 51906 [preauth]
Sep 28 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Invalid user debian from 218.84.101.81
Sep 28 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Failed password for invalid user debian from 218.84.101.81 port 54012 ssh2
Sep 28 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Connection closed by 218.84.101.81 port 54012 [preauth]
Sep 28 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Invalid user debian from 218.84.101.81
Sep 28 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Failed password for invalid user debian from 218.84.101.81 port 56126 ssh2
Sep 28 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Connection closed by 218.84.101.81 port 56126 [preauth]
Sep 28 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: Invalid user debian from 218.84.101.81
Sep 28 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: Failed password for invalid user debian from 218.84.101.81 port 58174 ssh2
Sep 28 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20575]: Connection closed by 218.84.101.81 port 58174 [preauth]
Sep 28 15:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Invalid user admin from 218.84.101.81
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Invalid user test1 from 38.248.12.102
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: input_userauth_request: invalid user test1 [preauth]
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for invalid user admin from 218.84.101.81 port 64198 ssh2
Sep 28 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Failed password for invalid user test1 from 38.248.12.102 port 39126 ssh2
Sep 28 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Connection closed by 218.84.101.81 port 64198 [preauth]
Sep 28 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Received disconnect from 38.248.12.102 port 39126:11: Bye Bye [preauth]
Sep 28 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Disconnected from 38.248.12.102 port 39126 [preauth]
Sep 28 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Invalid user admin from 218.84.101.81
Sep 28 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Failed password for invalid user admin from 218.84.101.81 port 33448 ssh2
Sep 28 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Connection closed by 218.84.101.81 port 33448 [preauth]
Sep 28 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Invalid user bigbluebutton from 190.129.122.12
Sep 28 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: input_userauth_request: invalid user bigbluebutton [preauth]
Sep 28 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Invalid user admin from 218.84.101.81
Sep 28 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session closed for user root
Sep 28 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Failed password for invalid user bigbluebutton from 190.129.122.12 port 33757 ssh2
Sep 28 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Received disconnect from 190.129.122.12 port 33757:11: Bye Bye [preauth]
Sep 28 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Disconnected from 190.129.122.12 port 33757 [preauth]
Sep 28 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Failed password for invalid user admin from 218.84.101.81 port 36170 ssh2
Sep 28 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Connection closed by 218.84.101.81 port 36170 [preauth]
Sep 28 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Invalid user admin from 218.84.101.81
Sep 28 15:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Failed password for invalid user admin from 218.84.101.81 port 38512 ssh2
Sep 28 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Connection closed by 218.84.101.81 port 38512 [preauth]
Sep 28 15:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: Invalid user admin from 218.84.101.81
Sep 28 15:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: Failed password for invalid user admin from 218.84.101.81 port 40854 ssh2
Sep 28 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: Connection closed by 218.84.101.81 port 40854 [preauth]
Sep 28 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Invalid user admin from 218.84.101.81
Sep 28 15:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for invalid user admin from 218.84.101.81 port 43414 ssh2
Sep 28 15:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Connection closed by 218.84.101.81 port 43414 [preauth]
Sep 28 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Invalid user admin from 218.84.101.81
Sep 28 15:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Failed password for invalid user admin from 218.84.101.81 port 45514 ssh2
Sep 28 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Connection closed by 218.84.101.81 port 45514 [preauth]
Sep 28 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Invalid user admin from 218.84.101.81
Sep 28 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Failed password for invalid user admin from 218.84.101.81 port 47824 ssh2
Sep 28 15:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Connection closed by 218.84.101.81 port 47824 [preauth]
Sep 28 15:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: Invalid user admin from 218.84.101.81
Sep 28 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: Failed password for invalid user admin from 218.84.101.81 port 50182 ssh2
Sep 28 15:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20719]: Connection closed by 218.84.101.81 port 50182 [preauth]
Sep 28 15:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Invalid user admin from 218.84.101.81
Sep 28 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Failed password for invalid user admin from 218.84.101.81 port 52832 ssh2
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Connection closed by 218.84.101.81 port 52832 [preauth]
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Invalid user debian from 154.91.170.39
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: Invalid user admin from 218.84.101.81
Sep 28 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Failed password for invalid user debian from 154.91.170.39 port 34798 ssh2
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Received disconnect from 154.91.170.39 port 34798:11: Bye Bye [preauth]
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Disconnected from 154.91.170.39 port 34798 [preauth]
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session closed for user root
Sep 28 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: Failed password for invalid user admin from 218.84.101.81 port 55288 ssh2
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: Successful su for rubyman by root
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: + ??? root:rubyman
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309234 of user rubyman.
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309234.
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: Connection closed by 218.84.101.81 port 55288 [preauth]
Sep 28 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: Invalid user admin from 218.84.101.81
Sep 28 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20750]: pam_unix(cron:session): session closed for user root
Sep 28 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: Failed password for invalid user admin from 218.84.101.81 port 57628 ssh2
Sep 28 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session closed for user root
Sep 28 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20852]: Connection closed by 218.84.101.81 port 57628 [preauth]
Sep 28 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Invalid user admin from 218.84.101.81
Sep 28 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Failed password for invalid user admin from 218.84.101.81 port 60120 ssh2
Sep 28 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Connection closed by 218.84.101.81 port 60120 [preauth]
Sep 28 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: Invalid user admin from 218.84.101.81
Sep 28 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: Failed password for invalid user admin from 218.84.101.81 port 62350 ssh2
Sep 28 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: Connection closed by 218.84.101.81 port 62350 [preauth]
Sep 28 15:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Invalid user admin from 218.84.101.81
Sep 28 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Failed password for root from 36.88.163.34 port 38778 ssh2
Sep 28 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Received disconnect from 36.88.163.34 port 38778:11: Bye Bye [preauth]
Sep 28 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Disconnected from 36.88.163.34 port 38778 [preauth]
Sep 28 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Failed password for invalid user admin from 218.84.101.81 port 64634 ssh2
Sep 28 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Connection closed by 218.84.101.81 port 64634 [preauth]
Sep 28 15:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Invalid user admin from 218.84.101.81
Sep 28 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Failed password for invalid user admin from 218.84.101.81 port 33928 ssh2
Sep 28 15:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Connection closed by 218.84.101.81 port 33928 [preauth]
Sep 28 15:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Invalid user admin from 218.84.101.81
Sep 28 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for invalid user admin from 218.84.101.81 port 36028 ssh2
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Connection closed by 218.84.101.81 port 36028 [preauth]
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: Invalid user debian from 38.248.12.102
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: input_userauth_request: invalid user debian [preauth]
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 15:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: Invalid user admin from 218.84.101.81
Sep 28 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: Failed password for invalid user debian from 38.248.12.102 port 58866 ssh2
Sep 28 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: Received disconnect from 38.248.12.102 port 58866:11: Bye Bye [preauth]
Sep 28 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: Disconnected from 38.248.12.102 port 58866 [preauth]
Sep 28 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: Failed password for invalid user admin from 218.84.101.81 port 38172 ssh2
Sep 28 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: Connection closed by 218.84.101.81 port 38172 [preauth]
Sep 28 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Invalid user admin from 218.84.101.81
Sep 28 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Failed password for invalid user admin from 218.84.101.81 port 40448 ssh2
Sep 28 15:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Connection closed by 218.84.101.81 port 40448 [preauth]
Sep 28 15:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Invalid user admin from 218.84.101.81
Sep 28 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Failed password for invalid user admin from 218.84.101.81 port 42580 ssh2
Sep 28 15:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21152]: Connection closed by 218.84.101.81 port 42580 [preauth]
Sep 28 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: Invalid user admin from 218.84.101.81
Sep 28 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19570]: pam_unix(cron:session): session closed for user root
Sep 28 15:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: Failed password for invalid user admin from 218.84.101.81 port 45020 ssh2
Sep 28 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: Connection closed by 218.84.101.81 port 45020 [preauth]
Sep 28 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Invalid user admin from 218.84.101.81
Sep 28 15:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Failed password for invalid user admin from 218.84.101.81 port 47212 ssh2
Sep 28 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Connection closed by 218.84.101.81 port 47212 [preauth]
Sep 28 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Invalid user admin from 218.84.101.81
Sep 28 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Failed password for invalid user admin from 218.84.101.81 port 49368 ssh2
Sep 28 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Connection closed by 218.84.101.81 port 49368 [preauth]
Sep 28 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Invalid user admin from 218.84.101.81
Sep 28 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Failed password for invalid user admin from 218.84.101.81 port 51864 ssh2
Sep 28 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Connection closed by 218.84.101.81 port 51864 [preauth]
Sep 28 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Failed password for root from 190.129.122.12 port 17436 ssh2
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Received disconnect from 190.129.122.12 port 17436:11: Bye Bye [preauth]
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Disconnected from 190.129.122.12 port 17436 [preauth]
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Invalid user admin from 218.84.101.81
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Failed password for invalid user admin from 218.84.101.81 port 54122 ssh2
Sep 28 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Connection closed by 218.84.101.81 port 54122 [preauth]
Sep 28 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Invalid user admin from 218.84.101.81
Sep 28 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Failed password for invalid user admin from 218.84.101.81 port 56460 ssh2
Sep 28 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21238]: Connection closed by 218.84.101.81 port 56460 [preauth]
Sep 28 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Invalid user openbravo from 154.91.170.39
Sep 28 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: input_userauth_request: invalid user openbravo [preauth]
Sep 28 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 15:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Invalid user admin from 218.84.101.81
Sep 28 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Failed password for invalid user openbravo from 154.91.170.39 port 34906 ssh2
Sep 28 15:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Received disconnect from 154.91.170.39 port 34906:11: Bye Bye [preauth]
Sep 28 15:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Disconnected from 154.91.170.39 port 34906 [preauth]
Sep 28 15:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Failed password for invalid user admin from 218.84.101.81 port 58865 ssh2
Sep 28 15:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Connection closed by 218.84.101.81 port 58865 [preauth]
Sep 28 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Invalid user admin from 218.84.101.81
Sep 28 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Invalid user postgres from 36.88.163.34
Sep 28 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: input_userauth_request: invalid user postgres [preauth]
Sep 28 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Failed password for invalid user admin from 218.84.101.81 port 60698 ssh2
Sep 28 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Connection closed by 218.84.101.81 port 60698 [preauth]
Sep 28 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Failed password for invalid user postgres from 36.88.163.34 port 54952 ssh2
Sep 28 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Received disconnect from 36.88.163.34 port 54952:11: Bye Bye [preauth]
Sep 28 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Disconnected from 36.88.163.34 port 54952 [preauth]
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: Invalid user admin from 218.84.101.81
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21339]: Successful su for rubyman by root
Sep 28 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21339]: + ??? root:rubyman
Sep 28 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309239 of user rubyman.
Sep 28 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21339]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309239.
Sep 28 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: Failed password for invalid user admin from 218.84.101.81 port 62722 ssh2
Sep 28 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: Connection closed by 218.84.101.81 port 62722 [preauth]
Sep 28 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Invalid user admin from 218.84.101.81
Sep 28 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17485]: pam_unix(cron:session): session closed for user root
Sep 28 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for invalid user admin from 218.84.101.81 port 64856 ssh2
Sep 28 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Connection closed by 218.84.101.81 port 64856 [preauth]
Sep 28 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Invalid user admin from 218.84.101.81
Sep 28 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Failed password for invalid user admin from 218.84.101.81 port 34474 ssh2
Sep 28 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Connection closed by 218.84.101.81 port 34474 [preauth]
Sep 28 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Invalid user admin from 218.84.101.81
Sep 28 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Failed password for invalid user admin from 218.84.101.81 port 36610 ssh2
Sep 28 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Connection closed by 218.84.101.81 port 36610 [preauth]
Sep 28 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Invalid user admin from 218.84.101.81
Sep 28 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Invalid user wangxin from 38.248.12.102
Sep 28 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: input_userauth_request: invalid user wangxin [preauth]
Sep 28 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 15:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for invalid user admin from 218.84.101.81 port 39054 ssh2
Sep 28 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Connection closed by 218.84.101.81 port 39054 [preauth]
Sep 28 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Failed password for invalid user wangxin from 38.248.12.102 port 48832 ssh2
Sep 28 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Received disconnect from 38.248.12.102 port 48832:11: Bye Bye [preauth]
Sep 28 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Disconnected from 38.248.12.102 port 48832 [preauth]
Sep 28 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: Invalid user admin from 218.84.101.81
Sep 28 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: Failed password for invalid user admin from 218.84.101.81 port 41328 ssh2
Sep 28 15:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21593]: Connection closed by 218.84.101.81 port 41328 [preauth]
Sep 28 15:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Invalid user admin from 218.84.101.81
Sep 28 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Failed password for invalid user admin from 218.84.101.81 port 43296 ssh2
Sep 28 15:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Connection closed by 218.84.101.81 port 43296 [preauth]
Sep 28 15:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: Invalid user admin from 218.84.101.81
Sep 28 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: Failed password for invalid user admin from 218.84.101.81 port 45676 ssh2
Sep 28 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21620]: Connection closed by 218.84.101.81 port 45676 [preauth]
Sep 28 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Invalid user admin from 218.84.101.81
Sep 28 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for invalid user admin from 218.84.101.81 port 47784 ssh2
Sep 28 15:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Connection closed by 218.84.101.81 port 47784 [preauth]
Sep 28 15:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Invalid user admin from 218.84.101.81
Sep 28 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20250]: pam_unix(cron:session): session closed for user root
Sep 28 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Failed password for invalid user admin from 218.84.101.81 port 50058 ssh2
Sep 28 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Connection closed by 218.84.101.81 port 50058 [preauth]
Sep 28 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Invalid user admin from 218.84.101.81
Sep 28 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Failed password for invalid user admin from 218.84.101.81 port 52208 ssh2
Sep 28 15:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21670]: Connection closed by 218.84.101.81 port 52208 [preauth]
Sep 28 15:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Invalid user admin from 218.84.101.81
Sep 28 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for invalid user admin from 218.84.101.81 port 54436 ssh2
Sep 28 15:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Connection closed by 218.84.101.81 port 54436 [preauth]
Sep 28 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: Invalid user admin from 218.84.101.81
Sep 28 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: Failed password for invalid user admin from 218.84.101.81 port 56520 ssh2
Sep 28 15:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21693]: Connection closed by 218.84.101.81 port 56520 [preauth]
Sep 28 15:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Invalid user admin from 218.84.101.81
Sep 28 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 15:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user admin from 218.84.101.81 port 58618 ssh2
Sep 28 15:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Connection closed by 218.84.101.81 port 58618 [preauth]
Sep 28 15:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Failed password for root from 154.91.170.39 port 35014 ssh2
Sep 28 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Invalid user admin from 218.84.101.81
Sep 28 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Received disconnect from 154.91.170.39 port 35014:11: Bye Bye [preauth]
Sep 28 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Disconnected from 154.91.170.39 port 35014 [preauth]
Sep 28 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Failed password for invalid user admin from 218.84.101.81 port 60786 ssh2
Sep 28 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Connection closed by 218.84.101.81 port 60786 [preauth]
Sep 28 15:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Invalid user admin from 218.84.101.81
Sep 28 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Failed password for invalid user admin from 218.84.101.81 port 62840 ssh2
Sep 28 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Connection closed by 218.84.101.81 port 62840 [preauth]
Sep 28 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Failed password for root from 190.129.122.12 port 49876 ssh2
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: Invalid user admin from 218.84.101.81
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Received disconnect from 190.129.122.12 port 49876:11: Bye Bye [preauth]
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Disconnected from 190.129.122.12 port 49876 [preauth]
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: Failed password for invalid user admin from 218.84.101.81 port 65036 ssh2
Sep 28 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: Connection closed by 218.84.101.81 port 65036 [preauth]
Sep 28 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Invalid user admin from 218.84.101.81
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21756]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: Successful su for rubyman by root
Sep 28 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: + ??? root:rubyman
Sep 28 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309243 of user rubyman.
Sep 28 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309243.
Sep 28 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Failed password for invalid user admin from 218.84.101.81 port 34524 ssh2
Sep 28 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Connection closed by 218.84.101.81 port 34524 [preauth]
Sep 28 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: Invalid user admin from 218.84.101.81
Sep 28 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session closed for user root
Sep 28 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: Failed password for invalid user admin from 218.84.101.81 port 36941 ssh2
Sep 28 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: Connection closed by 218.84.101.81 port 36941 [preauth]
Sep 28 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21757]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Invalid user admin from 218.84.101.81
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Invalid user wow from 38.248.12.102
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: input_userauth_request: invalid user wow [preauth]
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Failed password for invalid user admin from 218.84.101.81 port 39226 ssh2
Sep 28 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22040]: Connection closed by 218.84.101.81 port 39226 [preauth]
Sep 28 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Failed password for invalid user wow from 38.248.12.102 port 54814 ssh2
Sep 28 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Received disconnect from 38.248.12.102 port 54814:11: Bye Bye [preauth]
Sep 28 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22042]: Disconnected from 38.248.12.102 port 54814 [preauth]
Sep 28 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Invalid user admin from 218.84.101.81
Sep 28 15:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Failed password for invalid user admin from 218.84.101.81 port 41438 ssh2
Sep 28 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Connection closed by 218.84.101.81 port 41438 [preauth]
Sep 28 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Invalid user admin from 218.84.101.81
Sep 28 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for invalid user admin from 218.84.101.81 port 43860 ssh2
Sep 28 15:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Connection closed by 218.84.101.81 port 43860 [preauth]
Sep 28 15:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Invalid user admin from 218.84.101.81
Sep 28 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Failed password for invalid user admin from 218.84.101.81 port 46278 ssh2
Sep 28 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Connection closed by 218.84.101.81 port 46278 [preauth]
Sep 28 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for root from 43.154.195.142 port 40836 ssh2
Sep 28 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Received disconnect from 43.154.195.142 port 40836:11: Bye Bye [preauth]
Sep 28 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Disconnected from 43.154.195.142 port 40836 [preauth]
Sep 28 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: Invalid user admin from 218.84.101.81
Sep 28 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: Failed password for invalid user admin from 218.84.101.81 port 48482 ssh2
Sep 28 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22098]: Connection closed by 218.84.101.81 port 48482 [preauth]
Sep 28 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Invalid user admin from 218.84.101.81
Sep 28 15:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Failed password for invalid user admin from 218.84.101.81 port 50908 ssh2
Sep 28 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Connection closed by 218.84.101.81 port 50908 [preauth]
Sep 28 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: Invalid user admin from 218.84.101.81
Sep 28 15:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: Failed password for invalid user admin from 218.84.101.81 port 53380 ssh2
Sep 28 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22138]: Connection closed by 218.84.101.81 port 53380 [preauth]
Sep 28 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session closed for user root
Sep 28 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Invalid user admin from 218.84.101.81
Sep 28 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Failed password for invalid user admin from 218.84.101.81 port 55566 ssh2
Sep 28 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Connection closed by 218.84.101.81 port 55566 [preauth]
Sep 28 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Invalid user admin from 218.84.101.81
Sep 28 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Failed password for invalid user admin from 218.84.101.81 port 57864 ssh2
Sep 28 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Connection closed by 218.84.101.81 port 57864 [preauth]
Sep 28 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: Invalid user admin from 218.84.101.81
Sep 28 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Failed password for root from 154.91.170.39 port 35120 ssh2
Sep 28 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Received disconnect from 154.91.170.39 port 35120:11: Bye Bye [preauth]
Sep 28 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Disconnected from 154.91.170.39 port 35120 [preauth]
Sep 28 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: Failed password for invalid user admin from 218.84.101.81 port 60152 ssh2
Sep 28 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22186]: Connection closed by 218.84.101.81 port 60152 [preauth]
Sep 28 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: Invalid user admin from 218.84.101.81
Sep 28 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: Failed password for invalid user admin from 218.84.101.81 port 62128 ssh2
Sep 28 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22207]: Connection closed by 218.84.101.81 port 62128 [preauth]
Sep 28 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Invalid user admin from 218.84.101.81
Sep 28 15:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Failed password for invalid user admin from 218.84.101.81 port 64434 ssh2
Sep 28 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Connection closed by 218.84.101.81 port 64434 [preauth]
Sep 28 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Invalid user admin from 218.84.101.81
Sep 28 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Failed password for invalid user admin from 218.84.101.81 port 33988 ssh2
Sep 28 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Connection closed by 218.84.101.81 port 33988 [preauth]
Sep 28 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Invalid user admin from 218.84.101.81
Sep 28 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Invalid user maman from 36.88.163.34
Sep 28 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: input_userauth_request: invalid user maman [preauth]
Sep 28 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22255]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22251]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for invalid user admin from 218.84.101.81 port 36062 ssh2
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Connection closed by 218.84.101.81 port 36062 [preauth]
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22320]: Successful su for rubyman by root
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22320]: + ??? root:rubyman
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309248 of user rubyman.
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22320]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309248.
Sep 28 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Failed password for invalid user maman from 36.88.163.34 port 59078 ssh2
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Received disconnect from 36.88.163.34 port 59078:11: Bye Bye [preauth]
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Disconnected from 36.88.163.34 port 59078 [preauth]
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Invalid user admin from 218.84.101.81
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 218.84.101.81 port 38230 ssh2
Sep 28 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Connection closed by 218.84.101.81 port 38230 [preauth]
Sep 28 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session closed for user root
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: Invalid user admin from 218.84.101.81
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22252]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for root from 38.248.12.102 port 42746 ssh2
Sep 28 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Received disconnect from 38.248.12.102 port 42746:11: Bye Bye [preauth]
Sep 28 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Disconnected from 38.248.12.102 port 42746 [preauth]
Sep 28 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: Failed password for invalid user admin from 218.84.101.81 port 40150 ssh2
Sep 28 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22486]: Connection closed by 218.84.101.81 port 40150 [preauth]
Sep 28 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Invalid user admin from 218.84.101.81
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: Invalid user xyx from 190.129.122.12
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: input_userauth_request: invalid user xyx [preauth]
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: Failed password for invalid user xyx from 190.129.122.12 port 33641 ssh2
Sep 28 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Failed password for invalid user admin from 218.84.101.81 port 42288 ssh2
Sep 28 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: Received disconnect from 190.129.122.12 port 33641:11: Bye Bye [preauth]
Sep 28 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: Disconnected from 190.129.122.12 port 33641 [preauth]
Sep 28 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Connection closed by 218.84.101.81 port 42288 [preauth]
Sep 28 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Invalid user admin from 218.84.101.81
Sep 28 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Failed password for invalid user admin from 218.84.101.81 port 44210 ssh2
Sep 28 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Connection closed by 218.84.101.81 port 44210 [preauth]
Sep 28 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Invalid user admin from 218.84.101.81
Sep 28 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Failed password for invalid user admin from 218.84.101.81 port 46446 ssh2
Sep 28 15:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Connection closed by 218.84.101.81 port 46446 [preauth]
Sep 28 15:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Invalid user admin from 218.84.101.81
Sep 28 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Failed password for invalid user admin from 218.84.101.81 port 48552 ssh2
Sep 28 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Connection closed by 218.84.101.81 port 48552 [preauth]
Sep 28 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: Invalid user admin from 218.84.101.81
Sep 28 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: Failed password for invalid user admin from 218.84.101.81 port 50278 ssh2
Sep 28 15:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: Connection closed by 218.84.101.81 port 50278 [preauth]
Sep 28 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Invalid user admin from 218.84.101.81
Sep 28 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Failed password for invalid user admin from 218.84.101.81 port 52650 ssh2
Sep 28 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Connection closed by 218.84.101.81 port 52650 [preauth]
Sep 28 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Invalid user admin from 218.84.101.81
Sep 28 15:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Invalid user redmine from 178.27.90.142
Sep 28 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: input_userauth_request: invalid user redmine [preauth]
Sep 28 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Failed password for invalid user admin from 218.84.101.81 port 54860 ssh2
Sep 28 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Connection closed by 218.84.101.81 port 54860 [preauth]
Sep 28 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Failed password for invalid user redmine from 178.27.90.142 port 60042 ssh2
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session closed for user root
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Received disconnect from 178.27.90.142 port 60042:11: Bye Bye [preauth]
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Disconnected from 178.27.90.142 port 60042 [preauth]
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Invalid user admin from 218.84.101.81
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Failed password for invalid user admin from 218.84.101.81 port 57242 ssh2
Sep 28 15:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Connection closed by 218.84.101.81 port 57242 [preauth]
Sep 28 15:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Invalid user admin from 218.84.101.81
Sep 28 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Failed password for invalid user admin from 218.84.101.81 port 59600 ssh2
Sep 28 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Connection closed by 218.84.101.81 port 59600 [preauth]
Sep 28 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Invalid user dimas from 154.91.170.39
Sep 28 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: input_userauth_request: invalid user dimas [preauth]
Sep 28 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Invalid user admin from 218.84.101.81
Sep 28 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Failed password for invalid user dimas from 154.91.170.39 port 35224 ssh2
Sep 28 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Received disconnect from 154.91.170.39 port 35224:11: Bye Bye [preauth]
Sep 28 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Disconnected from 154.91.170.39 port 35224 [preauth]
Sep 28 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Failed password for invalid user admin from 218.84.101.81 port 61722 ssh2
Sep 28 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Connection closed by 218.84.101.81 port 61722 [preauth]
Sep 28 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Invalid user admin from 218.84.101.81
Sep 28 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for invalid user admin from 218.84.101.81 port 64130 ssh2
Sep 28 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Connection closed by 218.84.101.81 port 64130 [preauth]
Sep 28 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Invalid user admin from 218.84.101.81
Sep 28 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Failed password for invalid user admin from 218.84.101.81 port 34014 ssh2
Sep 28 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Connection closed by 218.84.101.81 port 34014 [preauth]
Sep 28 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Invalid user admin from 218.84.101.81
Sep 28 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Failed password for invalid user admin from 218.84.101.81 port 36192 ssh2
Sep 28 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Connection closed by 218.84.101.81 port 36192 [preauth]
Sep 28 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Invalid user admin from 218.84.101.81
Sep 28 15:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Failed password for invalid user admin from 218.84.101.81 port 38698 ssh2
Sep 28 15:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Connection closed by 218.84.101.81 port 38698 [preauth]
Sep 28 15:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: Invalid user admin from 218.84.101.81
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22941]: pam_unix(cron:session): session closed for user p13x
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: Successful su for rubyman by root
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: + ??? root:rubyman
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309252 of user rubyman.
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: pam_unix(su:session): session closed for user rubyman
Sep 28 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309252.
Sep 28 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Invalid user yogesh from 38.248.12.102
Sep 28 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: input_userauth_request: invalid user yogesh [preauth]
Sep 28 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: Failed password for invalid user admin from 218.84.101.81 port 41192 ssh2
Sep 28 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: Connection closed by 218.84.101.81 port 41192 [preauth]
Sep 28 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Failed password for invalid user yogesh from 38.248.12.102 port 49764 ssh2
Sep 28 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Received disconnect from 38.248.12.102 port 49764:11: Bye Bye [preauth]
Sep 28 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Disconnected from 38.248.12.102 port 49764 [preauth]
Sep 28 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Invalid user admin from 218.84.101.81
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19568]: pam_unix(cron:session): session closed for user root
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: User sandbox from 36.88.163.34 not allowed because not listed in AllowUsers
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: input_userauth_request: invalid user sandbox [preauth]
Sep 28 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=sandbox
Sep 28 15:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22942]: pam_unix(cron:session): session closed for user samftp
Sep 28 15:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Failed password for invalid user admin from 218.84.101.81 port 43758 ssh2
Sep 28 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Connection closed by 218.84.101.81 port 43758 [preauth]
Sep 28 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: Failed password for invalid user sandbox from 36.88.163.34 port 47018 ssh2
Sep 28 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: Received disconnect from 36.88.163.34 port 47018:11: Bye Bye [preauth]
Sep 28 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23244]: Disconnected from 36.88.163.34 port 47018 [preauth]
Sep 28 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: Invalid user admin from 218.84.101.81
Sep 28 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: Failed password for invalid user admin from 218.84.101.81 port 46230 ssh2
Sep 28 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23295]: Connection closed by 218.84.101.81 port 46230 [preauth]
Sep 28 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: Invalid user admin from 218.84.101.81
Sep 28 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: Failed password for invalid user admin from 218.84.101.81 port 48610 ssh2
Sep 28 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23307]: Connection closed by 218.84.101.81 port 48610 [preauth]
Sep 28 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: Invalid user admin from 218.84.101.81
Sep 28 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: input_userauth_request: invalid user admin [preauth]
Sep 28 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: Failed password for invalid user admin from 218.84.101.81 port 51194 ssh2
Sep 28 15:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23338]: Connection closed by 218.84.101.81 port 51194 [preauth]
Sep 28 15:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Invalid user pi from 218.84.101.81
Sep 28 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: input_userauth_request: invalid user pi [preauth]
Sep 28 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81
Sep 28 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Failed password for invalid user pi from 218.84.101.81 port 53496 ssh2
Sep 28 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Connection closed by 218.84.101.81 port 53496 [preauth]
Sep 28 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23354]: User ftp from 218.84.101.81 not allowed because not listed in AllowUsers
Sep 28 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23354]: input_userauth_request: invalid user ftp [preauth]
Sep 28 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.84.101.81  user=ftp
Sep 28 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Invalid user cristi from 190.129.122.12
Sep 28 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: input_userauth_request: invalid user cristi [preauth]
Sep 28 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23354]: Failed password for invalid user ftp from 218.84.101.81 port 55382 ssh2
Sep 28 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23354]: Connection closed by 218.84.101.81 port 55382 [preauth]
Sep 28 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Failed password for invalid user cristi from 190.129.122.12 port 1519 ssh2
Sep 28 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Received disconnect from 190.129.122.12 port 1519:11: Bye Bye [preauth]
Sep 28 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Disconnected from 190.129.122.12 port 1519 [preauth]
Sep 28 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21759]: pam_unix(cron:session): session closed for user root
Sep 28 15:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Invalid user michael from 154.91.170.39
Sep 28 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: input_userauth_request: invalid user michael [preauth]
Sep 28 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 15:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Failed password for invalid user michael from 154.91.170.39 port 35324 ssh2
Sep 28 15:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Received disconnect from 154.91.170.39 port 35324:11: Bye Bye [preauth]
Sep 28 15:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Disconnected from 154.91.170.39 port 35324 [preauth]
Sep 28 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Invalid user soporte from 38.248.12.102
Sep 28 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: input_userauth_request: invalid user soporte [preauth]
Sep 28 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Failed password for invalid user soporte from 38.248.12.102 port 60780 ssh2
Sep 28 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Received disconnect from 38.248.12.102 port 60780:11: Bye Bye [preauth]
Sep 28 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Disconnected from 38.248.12.102 port 60780 [preauth]
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23511]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23509]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session closed for user root
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session closed for user root
Sep 28 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23815]: Successful su for rubyman by root
Sep 28 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23815]: + ??? root:rubyman
Sep 28 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309257 of user rubyman.
Sep 28 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23815]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309257.
Sep 28 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session closed for user root
Sep 28 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23509]: pam_unix(cron:session): session closed for user root
Sep 28 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Failed password for root from 178.27.90.142 port 59631 ssh2
Sep 28 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Received disconnect from 178.27.90.142 port 59631:11: Bye Bye [preauth]
Sep 28 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Disconnected from 178.27.90.142 port 59631 [preauth]
Sep 28 16:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22255]: pam_unix(cron:session): session closed for user root
Sep 28 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Failed password for root from 154.91.170.39 port 35428 ssh2
Sep 28 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Received disconnect from 154.91.170.39 port 35428:11: Bye Bye [preauth]
Sep 28 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Disconnected from 154.91.170.39 port 35428 [preauth]
Sep 28 16:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: Failed password for root from 43.154.195.142 port 47864 ssh2
Sep 28 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: Received disconnect from 43.154.195.142 port 47864:11: Bye Bye [preauth]
Sep 28 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: Disconnected from 43.154.195.142 port 47864 [preauth]
Sep 28 16:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Failed password for root from 190.129.122.12 port 1393 ssh2
Sep 28 16:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Received disconnect from 190.129.122.12 port 1393:11: Bye Bye [preauth]
Sep 28 16:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Disconnected from 190.129.122.12 port 1393 [preauth]
Sep 28 16:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for root from 38.248.12.102 port 43918 ssh2
Sep 28 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Received disconnect from 38.248.12.102 port 43918:11: Bye Bye [preauth]
Sep 28 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Disconnected from 38.248.12.102 port 43918 [preauth]
Sep 28 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24312]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24395]: Successful su for rubyman by root
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24395]: + ??? root:rubyman
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309263 of user rubyman.
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24395]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309263.
Sep 28 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24306]: Failed password for root from 36.88.163.34 port 51130 ssh2
Sep 28 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24306]: Received disconnect from 36.88.163.34 port 51130:11: Bye Bye [preauth]
Sep 28 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24306]: Disconnected from 36.88.163.34 port 51130 [preauth]
Sep 28 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20752]: pam_unix(cron:session): session closed for user root
Sep 28 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Invalid user ruslan from 178.27.90.142
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: input_userauth_request: invalid user ruslan [preauth]
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Invalid user user1 from 154.91.170.39
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: input_userauth_request: invalid user user1 [preauth]
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Failed password for invalid user ruslan from 178.27.90.142 port 59289 ssh2
Sep 28 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Received disconnect from 178.27.90.142 port 59289:11: Bye Bye [preauth]
Sep 28 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Disconnected from 178.27.90.142 port 59289 [preauth]
Sep 28 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Failed password for invalid user user1 from 154.91.170.39 port 35534 ssh2
Sep 28 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Received disconnect from 154.91.170.39 port 35534:11: Bye Bye [preauth]
Sep 28 16:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Disconnected from 154.91.170.39 port 35534 [preauth]
Sep 28 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22944]: pam_unix(cron:session): session closed for user root
Sep 28 16:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Invalid user user from 43.154.195.142
Sep 28 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: input_userauth_request: invalid user user [preauth]
Sep 28 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Failed password for invalid user user from 43.154.195.142 port 54808 ssh2
Sep 28 16:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Received disconnect from 43.154.195.142 port 54808:11: Bye Bye [preauth]
Sep 28 16:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Disconnected from 43.154.195.142 port 54808 [preauth]
Sep 28 16:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Failed password for root from 38.248.12.102 port 54820 ssh2
Sep 28 16:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Received disconnect from 38.248.12.102 port 54820:11: Bye Bye [preauth]
Sep 28 16:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24750]: Disconnected from 38.248.12.102 port 54820 [preauth]
Sep 28 16:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Invalid user abhinav from 190.129.122.12
Sep 28 16:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: input_userauth_request: invalid user abhinav [preauth]
Sep 28 16:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for invalid user abhinav from 190.129.122.12 port 17276 ssh2
Sep 28 16:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Received disconnect from 190.129.122.12 port 17276:11: Bye Bye [preauth]
Sep 28 16:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Disconnected from 190.129.122.12 port 17276 [preauth]
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: Successful su for rubyman by root
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: + ??? root:rubyman
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309267 of user rubyman.
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24857]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309267.
Sep 28 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Invalid user kim from 36.88.163.34
Sep 28 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: input_userauth_request: invalid user kim [preauth]
Sep 28 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session closed for user root
Sep 28 16:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Failed password for invalid user kim from 36.88.163.34 port 39068 ssh2
Sep 28 16:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Received disconnect from 36.88.163.34 port 39068:11: Bye Bye [preauth]
Sep 28 16:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Disconnected from 36.88.163.34 port 39068 [preauth]
Sep 28 16:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24796]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for root from 154.91.170.39 port 35636 ssh2
Sep 28 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Received disconnect from 154.91.170.39 port 35636:11: Bye Bye [preauth]
Sep 28 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Disconnected from 154.91.170.39 port 35636 [preauth]
Sep 28 16:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: Failed password for root from 178.27.90.142 port 64821 ssh2
Sep 28 16:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: Received disconnect from 178.27.90.142 port 64821:11: Bye Bye [preauth]
Sep 28 16:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25105]: Disconnected from 178.27.90.142 port 64821 [preauth]
Sep 28 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23511]: pam_unix(cron:session): session closed for user root
Sep 28 16:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Invalid user valheim from 38.248.12.102
Sep 28 16:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: input_userauth_request: invalid user valheim [preauth]
Sep 28 16:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Failed password for invalid user valheim from 38.248.12.102 port 34046 ssh2
Sep 28 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Received disconnect from 38.248.12.102 port 34046:11: Bye Bye [preauth]
Sep 28 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Disconnected from 38.248.12.102 port 34046 [preauth]
Sep 28 16:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for root from 43.154.195.142 port 39622 ssh2
Sep 28 16:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Received disconnect from 43.154.195.142 port 39622:11: Bye Bye [preauth]
Sep 28 16:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Disconnected from 43.154.195.142 port 39622 [preauth]
Sep 28 16:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 16:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Failed password for root from 36.88.163.34 port 55256 ssh2
Sep 28 16:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Connection reset by 36.88.163.34 port 55256 [preauth]
Sep 28 16:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: Successful su for rubyman by root
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: + ??? root:rubyman
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309270 of user rubyman.
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25558]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309270.
Sep 28 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for root from 190.129.122.12 port 49646 ssh2
Sep 28 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Received disconnect from 190.129.122.12 port 49646:11: Bye Bye [preauth]
Sep 28 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Disconnected from 190.129.122.12 port 49646 [preauth]
Sep 28 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21758]: pam_unix(cron:session): session closed for user root
Sep 28 16:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Invalid user test from 178.27.90.142
Sep 28 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: input_userauth_request: invalid user test [preauth]
Sep 28 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Failed password for root from 154.91.170.39 port 35738 ssh2
Sep 28 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Received disconnect from 154.91.170.39 port 35738:11: Bye Bye [preauth]
Sep 28 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Disconnected from 154.91.170.39 port 35738 [preauth]
Sep 28 16:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for invalid user test from 178.27.90.142 port 61937 ssh2
Sep 28 16:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Received disconnect from 178.27.90.142 port 61937:11: Bye Bye [preauth]
Sep 28 16:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Disconnected from 178.27.90.142 port 61937 [preauth]
Sep 28 16:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Invalid user ash from 38.248.12.102
Sep 28 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: input_userauth_request: invalid user ash [preauth]
Sep 28 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Failed password for invalid user ash from 38.248.12.102 port 60128 ssh2
Sep 28 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Received disconnect from 38.248.12.102 port 60128:11: Bye Bye [preauth]
Sep 28 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Disconnected from 38.248.12.102 port 60128 [preauth]
Sep 28 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24312]: pam_unix(cron:session): session closed for user root
Sep 28 16:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: Failed password for root from 43.154.195.142 port 46104 ssh2
Sep 28 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: Received disconnect from 43.154.195.142 port 46104:11: Bye Bye [preauth]
Sep 28 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: Disconnected from 43.154.195.142 port 46104 [preauth]
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: Successful su for rubyman by root
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: + ??? root:rubyman
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309276 of user rubyman.
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26123]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309276.
Sep 28 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22253]: pam_unix(cron:session): session closed for user root
Sep 28 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Invalid user fluqueta from 154.91.170.39
Sep 28 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: input_userauth_request: invalid user fluqueta [preauth]
Sep 28 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Failed password for invalid user fluqueta from 154.91.170.39 port 35844 ssh2
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Received disconnect from 154.91.170.39 port 35844:11: Bye Bye [preauth]
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Disconnected from 154.91.170.39 port 35844 [preauth]
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Invalid user test2 from 178.27.90.142
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: input_userauth_request: invalid user test2 [preauth]
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Failed password for invalid user test2 from 178.27.90.142 port 60042 ssh2
Sep 28 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Received disconnect from 178.27.90.142 port 60042:11: Bye Bye [preauth]
Sep 28 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Disconnected from 178.27.90.142 port 60042 [preauth]
Sep 28 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Failed password for root from 36.88.163.34 port 43202 ssh2
Sep 28 16:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Received disconnect from 36.88.163.34 port 43202:11: Bye Bye [preauth]
Sep 28 16:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26354]: Disconnected from 36.88.163.34 port 43202 [preauth]
Sep 28 16:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 16:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Failed password for root from 190.129.122.12 port 17276 ssh2
Sep 28 16:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Received disconnect from 190.129.122.12 port 17276:11: Bye Bye [preauth]
Sep 28 16:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26361]: Disconnected from 190.129.122.12 port 17276 [preauth]
Sep 28 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Invalid user andrey from 38.248.12.102
Sep 28 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: input_userauth_request: invalid user andrey [preauth]
Sep 28 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for invalid user andrey from 38.248.12.102 port 43020 ssh2
Sep 28 16:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Received disconnect from 38.248.12.102 port 43020:11: Bye Bye [preauth]
Sep 28 16:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Disconnected from 38.248.12.102 port 43020 [preauth]
Sep 28 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session closed for user root
Sep 28 16:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session closed for user root
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: Successful su for rubyman by root
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: + ??? root:rubyman
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309279 of user rubyman.
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309279.
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: Invalid user h from 43.154.195.142
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: input_userauth_request: invalid user h [preauth]
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Failed password for root from 154.91.170.39 port 35944 ssh2
Sep 28 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Received disconnect from 154.91.170.39 port 35944:11: Bye Bye [preauth]
Sep 28 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Disconnected from 154.91.170.39 port 35944 [preauth]
Sep 28 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Invalid user no-reply from 178.27.90.142
Sep 28 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: input_userauth_request: invalid user no-reply [preauth]
Sep 28 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: Failed password for invalid user h from 43.154.195.142 port 52006 ssh2
Sep 28 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: Received disconnect from 43.154.195.142 port 52006:11: Bye Bye [preauth]
Sep 28 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26682]: Disconnected from 43.154.195.142 port 52006 [preauth]
Sep 28 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22943]: pam_unix(cron:session): session closed for user root
Sep 28 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26616]: pam_unix(cron:session): session closed for user root
Sep 28 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Failed password for invalid user no-reply from 178.27.90.142 port 59573 ssh2
Sep 28 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Received disconnect from 178.27.90.142 port 59573:11: Bye Bye [preauth]
Sep 28 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Disconnected from 178.27.90.142 port 59573 [preauth]
Sep 28 16:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26615]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Invalid user remote from 38.248.12.102
Sep 28 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: input_userauth_request: invalid user remote [preauth]
Sep 28 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user remote from 38.248.12.102 port 42762 ssh2
Sep 28 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Received disconnect from 38.248.12.102 port 42762:11: Bye Bye [preauth]
Sep 28 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Disconnected from 38.248.12.102 port 42762 [preauth]
Sep 28 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Invalid user albert from 190.129.122.12
Sep 28 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: input_userauth_request: invalid user albert [preauth]
Sep 28 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user root
Sep 28 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Failed password for invalid user albert from 190.129.122.12 port 17578 ssh2
Sep 28 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Received disconnect from 190.129.122.12 port 17578:11: Bye Bye [preauth]
Sep 28 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Disconnected from 190.129.122.12 port 17578 [preauth]
Sep 28 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Invalid user cowrie from 178.27.90.142
Sep 28 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: input_userauth_request: invalid user cowrie [preauth]
Sep 28 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Invalid user ash from 154.91.170.39
Sep 28 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: input_userauth_request: invalid user ash [preauth]
Sep 28 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Failed password for invalid user cowrie from 178.27.90.142 port 63604 ssh2
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Received disconnect from 178.27.90.142 port 63604:11: Bye Bye [preauth]
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Disconnected from 178.27.90.142 port 63604 [preauth]
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Failed password for invalid user ash from 154.91.170.39 port 36042 ssh2
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Received disconnect from 154.91.170.39 port 36042:11: Bye Bye [preauth]
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27231]: Disconnected from 154.91.170.39 port 36042 [preauth]
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: Successful su for rubyman by root
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: + ??? root:rubyman
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309284 of user rubyman.
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309284.
Sep 28 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session closed for user root
Sep 28 16:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 16:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Failed password for root from 43.154.195.142 port 33908 ssh2
Sep 28 16:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Received disconnect from 43.154.195.142 port 33908:11: Bye Bye [preauth]
Sep 28 16:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Disconnected from 43.154.195.142 port 33908 [preauth]
Sep 28 16:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Failed password for root from 36.88.163.34 port 47326 ssh2
Sep 28 16:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Received disconnect from 36.88.163.34 port 47326:11: Bye Bye [preauth]
Sep 28 16:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Disconnected from 36.88.163.34 port 47326 [preauth]
Sep 28 16:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Invalid user anil from 38.248.12.102
Sep 28 16:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: input_userauth_request: invalid user anil [preauth]
Sep 28 16:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Failed password for invalid user anil from 38.248.12.102 port 51776 ssh2
Sep 28 16:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Received disconnect from 38.248.12.102 port 51776:11: Bye Bye [preauth]
Sep 28 16:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Disconnected from 38.248.12.102 port 51776 [preauth]
Sep 28 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26059]: pam_unix(cron:session): session closed for user root
Sep 28 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Invalid user soporte from 190.129.122.12
Sep 28 16:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: input_userauth_request: invalid user soporte [preauth]
Sep 28 16:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Failed password for invalid user soporte from 190.129.122.12 port 49864 ssh2
Sep 28 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Received disconnect from 190.129.122.12 port 49864:11: Bye Bye [preauth]
Sep 28 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Disconnected from 190.129.122.12 port 49864 [preauth]
Sep 28 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Failed password for root from 178.27.90.142 port 62800 ssh2
Sep 28 16:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Received disconnect from 178.27.90.142 port 62800:11: Bye Bye [preauth]
Sep 28 16:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Disconnected from 178.27.90.142 port 62800 [preauth]
Sep 28 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: Failed password for root from 154.91.170.39 port 36146 ssh2
Sep 28 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: Received disconnect from 154.91.170.39 port 36146:11: Bye Bye [preauth]
Sep 28 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: Disconnected from 154.91.170.39 port 36146 [preauth]
Sep 28 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: Successful su for rubyman by root
Sep 28 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: + ??? root:rubyman
Sep 28 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309288 of user rubyman.
Sep 28 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309288.
Sep 28 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24311]: pam_unix(cron:session): session closed for user root
Sep 28 16:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27894]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Invalid user csgo from 43.154.195.142
Sep 28 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: input_userauth_request: invalid user csgo [preauth]
Sep 28 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Failed password for invalid user csgo from 43.154.195.142 port 40292 ssh2
Sep 28 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Received disconnect from 43.154.195.142 port 40292:11: Bye Bye [preauth]
Sep 28 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Disconnected from 43.154.195.142 port 40292 [preauth]
Sep 28 16:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Invalid user xyx from 36.88.163.34
Sep 28 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: input_userauth_request: invalid user xyx [preauth]
Sep 28 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Failed password for invalid user xyx from 36.88.163.34 port 35264 ssh2
Sep 28 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Received disconnect from 36.88.163.34 port 35264:11: Bye Bye [preauth]
Sep 28 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Disconnected from 36.88.163.34 port 35264 [preauth]
Sep 28 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Invalid user gptftp from 38.248.12.102
Sep 28 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: input_userauth_request: invalid user gptftp [preauth]
Sep 28 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Failed password for invalid user gptftp from 38.248.12.102 port 58188 ssh2
Sep 28 16:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Received disconnect from 38.248.12.102 port 58188:11: Bye Bye [preauth]
Sep 28 16:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Disconnected from 38.248.12.102 port 58188 [preauth]
Sep 28 16:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session closed for user root
Sep 28 16:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Invalid user ca from 178.27.90.142
Sep 28 16:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: input_userauth_request: invalid user ca [preauth]
Sep 28 16:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Failed password for invalid user ca from 178.27.90.142 port 62414 ssh2
Sep 28 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Received disconnect from 178.27.90.142 port 62414:11: Bye Bye [preauth]
Sep 28 16:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Disconnected from 178.27.90.142 port 62414 [preauth]
Sep 28 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Invalid user remote from 154.91.170.39
Sep 28 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: input_userauth_request: invalid user remote [preauth]
Sep 28 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Failed password for invalid user remote from 154.91.170.39 port 36250 ssh2
Sep 28 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Received disconnect from 154.91.170.39 port 36250:11: Bye Bye [preauth]
Sep 28 16:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Disconnected from 154.91.170.39 port 36250 [preauth]
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28352]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: Successful su for rubyman by root
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: + ??? root:rubyman
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309293 of user rubyman.
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309293.
Sep 28 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session closed for user root
Sep 28 16:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28351]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 16:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: Failed password for root from 190.129.122.12 port 17288 ssh2
Sep 28 16:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: Received disconnect from 190.129.122.12 port 17288:11: Bye Bye [preauth]
Sep 28 16:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: Disconnected from 190.129.122.12 port 17288 [preauth]
Sep 28 16:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: Invalid user test from 43.154.195.142
Sep 28 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: input_userauth_request: invalid user test [preauth]
Sep 28 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Invalid user alvaro from 38.248.12.102
Sep 28 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: input_userauth_request: invalid user alvaro [preauth]
Sep 28 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: Failed password for invalid user test from 43.154.195.142 port 34684 ssh2
Sep 28 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: Received disconnect from 43.154.195.142 port 34684:11: Bye Bye [preauth]
Sep 28 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: Disconnected from 43.154.195.142 port 34684 [preauth]
Sep 28 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Failed password for invalid user alvaro from 38.248.12.102 port 58320 ssh2
Sep 28 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Received disconnect from 38.248.12.102 port 58320:11: Bye Bye [preauth]
Sep 28 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Disconnected from 38.248.12.102 port 58320 [preauth]
Sep 28 16:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session closed for user root
Sep 28 16:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: Invalid user wy from 178.27.90.142
Sep 28 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: input_userauth_request: invalid user wy [preauth]
Sep 28 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: Failed password for invalid user wy from 178.27.90.142 port 59616 ssh2
Sep 28 16:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: Received disconnect from 178.27.90.142 port 59616:11: Bye Bye [preauth]
Sep 28 16:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28884]: Disconnected from 178.27.90.142 port 59616 [preauth]
Sep 28 16:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: Invalid user valheim from 154.91.170.39
Sep 28 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: input_userauth_request: invalid user valheim [preauth]
Sep 28 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: Failed password for invalid user valheim from 154.91.170.39 port 36352 ssh2
Sep 28 16:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: Received disconnect from 154.91.170.39 port 36352:11: Bye Bye [preauth]
Sep 28 16:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28918]: Disconnected from 154.91.170.39 port 36352 [preauth]
Sep 28 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29027]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29021]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29199]: Successful su for rubyman by root
Sep 28 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29199]: + ??? root:rubyman
Sep 28 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309296 of user rubyman.
Sep 28 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29199]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309296.
Sep 28 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user root
Sep 28 16:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session closed for user root
Sep 28 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Failed password for root from 38.248.12.102 port 53130 ssh2
Sep 28 16:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Received disconnect from 38.248.12.102 port 53130:11: Bye Bye [preauth]
Sep 28 16:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Disconnected from 38.248.12.102 port 53130 [preauth]
Sep 28 16:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: Invalid user ftpuser from 36.88.163.34
Sep 28 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: Failed password for invalid user ftpuser from 36.88.163.34 port 39376 ssh2
Sep 28 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: Received disconnect from 36.88.163.34 port 39376:11: Bye Bye [preauth]
Sep 28 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29451]: Disconnected from 36.88.163.34 port 39376 [preauth]
Sep 28 16:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Invalid user usuario2 from 43.154.195.142
Sep 28 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: input_userauth_request: invalid user usuario2 [preauth]
Sep 28 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Failed password for invalid user usuario2 from 43.154.195.142 port 44422 ssh2
Sep 28 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Received disconnect from 43.154.195.142 port 44422:11: Bye Bye [preauth]
Sep 28 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Disconnected from 43.154.195.142 port 44422 [preauth]
Sep 28 16:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: Invalid user vhserver from 190.129.122.12
Sep 28 16:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: input_userauth_request: invalid user vhserver [preauth]
Sep 28 16:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: Failed password for invalid user vhserver from 190.129.122.12 port 1181 ssh2
Sep 28 16:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: Received disconnect from 190.129.122.12 port 1181:11: Bye Bye [preauth]
Sep 28 16:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29486]: Disconnected from 190.129.122.12 port 1181 [preauth]
Sep 28 16:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Invalid user desenvolvimento from 178.27.90.142
Sep 28 16:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: input_userauth_request: invalid user desenvolvimento [preauth]
Sep 28 16:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Failed password for invalid user desenvolvimento from 178.27.90.142 port 63658 ssh2
Sep 28 16:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Received disconnect from 178.27.90.142 port 63658:11: Bye Bye [preauth]
Sep 28 16:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29520]: Disconnected from 178.27.90.142 port 63658 [preauth]
Sep 28 16:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session closed for user root
Sep 28 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for root from 154.91.170.39 port 36458 ssh2
Sep 28 16:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Received disconnect from 154.91.170.39 port 36458:11: Bye Bye [preauth]
Sep 28 16:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Disconnected from 154.91.170.39 port 36458 [preauth]
Sep 28 16:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: Invalid user dimas from 38.248.12.102
Sep 28 16:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: input_userauth_request: invalid user dimas [preauth]
Sep 28 16:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user root
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: Failed password for invalid user dimas from 38.248.12.102 port 44370 ssh2
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: Successful su for rubyman by root
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: + ??? root:rubyman
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309305 of user rubyman.
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29711]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: Received disconnect from 38.248.12.102 port 44370:11: Bye Bye [preauth]
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29626]: Disconnected from 38.248.12.102 port 44370 [preauth]
Sep 28 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309305.
Sep 28 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
Sep 28 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26058]: pam_unix(cron:session): session closed for user root
Sep 28 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Invalid user app from 36.88.163.34
Sep 28 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: input_userauth_request: invalid user app [preauth]
Sep 28 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34
Sep 28 16:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Failed password for invalid user app from 36.88.163.34 port 55550 ssh2
Sep 28 16:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Received disconnect from 36.88.163.34 port 55550:11: Bye Bye [preauth]
Sep 28 16:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29999]: Disconnected from 36.88.163.34 port 55550 [preauth]
Sep 28 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Invalid user ibrahim from 43.154.195.142
Sep 28 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: input_userauth_request: invalid user ibrahim [preauth]
Sep 28 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Failed password for invalid user ibrahim from 43.154.195.142 port 51610 ssh2
Sep 28 16:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Received disconnect from 43.154.195.142 port 51610:11: Bye Bye [preauth]
Sep 28 16:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Disconnected from 43.154.195.142 port 51610 [preauth]
Sep 28 16:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Invalid user testusr from 178.27.90.142
Sep 28 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: input_userauth_request: invalid user testusr [preauth]
Sep 28 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Failed password for invalid user testusr from 178.27.90.142 port 59452 ssh2
Sep 28 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Received disconnect from 178.27.90.142 port 59452:11: Bye Bye [preauth]
Sep 28 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Disconnected from 178.27.90.142 port 59452 [preauth]
Sep 28 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28353]: pam_unix(cron:session): session closed for user root
Sep 28 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Invalid user prowlarr from 190.129.122.12
Sep 28 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: input_userauth_request: invalid user prowlarr [preauth]
Sep 28 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Invalid user access from 154.91.170.39
Sep 28 16:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: input_userauth_request: invalid user access [preauth]
Sep 28 16:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user prowlarr from 190.129.122.12 port 49906 ssh2
Sep 28 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Received disconnect from 190.129.122.12 port 49906:11: Bye Bye [preauth]
Sep 28 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Disconnected from 190.129.122.12 port 49906 [preauth]
Sep 28 16:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Failed password for invalid user access from 154.91.170.39 port 36558 ssh2
Sep 28 16:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Received disconnect from 154.91.170.39 port 36558:11: Bye Bye [preauth]
Sep 28 16:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Disconnected from 154.91.170.39 port 36558 [preauth]
Sep 28 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Invalid user zy from 38.248.12.102
Sep 28 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: input_userauth_request: invalid user zy [preauth]
Sep 28 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Failed password for invalid user zy from 38.248.12.102 port 41196 ssh2
Sep 28 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Received disconnect from 38.248.12.102 port 41196:11: Bye Bye [preauth]
Sep 28 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Disconnected from 38.248.12.102 port 41196 [preauth]
Sep 28 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: Successful su for rubyman by root
Sep 28 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: + ??? root:rubyman
Sep 28 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309307 of user rubyman.
Sep 28 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309307.
Sep 28 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session closed for user root
Sep 28 16:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Invalid user userguest from 164.68.105.9
Sep 28 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: input_userauth_request: invalid user userguest [preauth]
Sep 28 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Invalid user connie from 178.27.90.142
Sep 28 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: input_userauth_request: invalid user connie [preauth]
Sep 28 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Failed password for invalid user userguest from 164.68.105.9 port 50426 ssh2
Sep 28 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Connection closed by 164.68.105.9 port 50426 [preauth]
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Failed password for invalid user connie from 178.27.90.142 port 63880 ssh2
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Received disconnect from 178.27.90.142 port 63880:11: Bye Bye [preauth]
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Disconnected from 178.27.90.142 port 63880 [preauth]
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Failed password for root from 36.88.163.34 port 43486 ssh2
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Invalid user lol from 43.154.195.142
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: input_userauth_request: invalid user lol [preauth]
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Received disconnect from 36.88.163.34 port 43486:11: Bye Bye [preauth]
Sep 28 16:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Disconnected from 36.88.163.34 port 43486 [preauth]
Sep 28 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Failed password for invalid user lol from 43.154.195.142 port 44988 ssh2
Sep 28 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Received disconnect from 43.154.195.142 port 44988:11: Bye Bye [preauth]
Sep 28 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Disconnected from 43.154.195.142 port 44988 [preauth]
Sep 28 16:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: Invalid user soporte from 154.91.170.39
Sep 28 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: input_userauth_request: invalid user soporte [preauth]
Sep 28 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: Failed password for invalid user soporte from 154.91.170.39 port 36660 ssh2
Sep 28 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: Received disconnect from 154.91.170.39 port 36660:11: Bye Bye [preauth]
Sep 28 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30670]: Disconnected from 154.91.170.39 port 36660 [preauth]
Sep 28 16:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29027]: pam_unix(cron:session): session closed for user root
Sep 28 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Invalid user maman from 190.129.122.12
Sep 28 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: input_userauth_request: invalid user maman [preauth]
Sep 28 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Failed password for invalid user maman from 190.129.122.12 port 49664 ssh2
Sep 28 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Received disconnect from 190.129.122.12 port 49664:11: Bye Bye [preauth]
Sep 28 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Disconnected from 190.129.122.12 port 49664 [preauth]
Sep 28 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Invalid user mailuser from 38.248.12.102
Sep 28 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: input_userauth_request: invalid user mailuser [preauth]
Sep 28 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Failed password for invalid user mailuser from 38.248.12.102 port 53796 ssh2
Sep 28 16:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Received disconnect from 38.248.12.102 port 53796:11: Bye Bye [preauth]
Sep 28 16:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Disconnected from 38.248.12.102 port 53796 [preauth]
Sep 28 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30764]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30763]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: Successful su for rubyman by root
Sep 28 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: + ??? root:rubyman
Sep 28 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309313 of user rubyman.
Sep 28 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30829]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309313.
Sep 28 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session closed for user root
Sep 28 16:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30762]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31094]: Failed password for root from 178.27.90.142 port 62371 ssh2
Sep 28 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31094]: Received disconnect from 178.27.90.142 port 62371:11: Bye Bye [preauth]
Sep 28 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31094]: Disconnected from 178.27.90.142 port 62371 [preauth]
Sep 28 16:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Invalid user gptftp from 154.91.170.39
Sep 28 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: input_userauth_request: invalid user gptftp [preauth]
Sep 28 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Failed password for invalid user gptftp from 154.91.170.39 port 36762 ssh2
Sep 28 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Received disconnect from 154.91.170.39 port 36762:11: Bye Bye [preauth]
Sep 28 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Disconnected from 154.91.170.39 port 36762 [preauth]
Sep 28 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
Sep 28 16:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for root from 43.154.195.142 port 37700 ssh2
Sep 28 16:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Received disconnect from 43.154.195.142 port 37700:11: Bye Bye [preauth]
Sep 28 16:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Disconnected from 43.154.195.142 port 37700 [preauth]
Sep 28 16:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for root from 38.248.12.102 port 47950 ssh2
Sep 28 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Received disconnect from 38.248.12.102 port 47950:11: Bye Bye [preauth]
Sep 28 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Disconnected from 38.248.12.102 port 47950 [preauth]
Sep 28 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Invalid user rishu from 190.129.122.12
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: input_userauth_request: invalid user rishu [preauth]
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31293]: Successful su for rubyman by root
Sep 28 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31293]: + ??? root:rubyman
Sep 28 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309316 of user rubyman.
Sep 28 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31293]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309316.
Sep 28 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Failed password for invalid user rishu from 190.129.122.12 port 17472 ssh2
Sep 28 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Received disconnect from 190.129.122.12 port 17472:11: Bye Bye [preauth]
Sep 28 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31222]: Disconnected from 190.129.122.12 port 17472 [preauth]
Sep 28 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session closed for user root
Sep 28 16:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.88.163.34  user=root
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: Invalid user andrey from 154.91.170.39
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: input_userauth_request: invalid user andrey [preauth]
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Invalid user ci from 178.27.90.142
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: input_userauth_request: invalid user ci [preauth]
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Failed password for root from 36.88.163.34 port 47600 ssh2
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Received disconnect from 36.88.163.34 port 47600:11: Bye Bye [preauth]
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Disconnected from 36.88.163.34 port 47600 [preauth]
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: Failed password for invalid user andrey from 154.91.170.39 port 36862 ssh2
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: Received disconnect from 154.91.170.39 port 36862:11: Bye Bye [preauth]
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: Disconnected from 154.91.170.39 port 36862 [preauth]
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Failed password for invalid user ci from 178.27.90.142 port 60489 ssh2
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Received disconnect from 178.27.90.142 port 60489:11: Bye Bye [preauth]
Sep 28 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31594]: Disconnected from 178.27.90.142 port 60489 [preauth]
Sep 28 16:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30171]: pam_unix(cron:session): session closed for user root
Sep 28 16:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: Invalid user kjs from 38.248.12.102
Sep 28 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: input_userauth_request: invalid user kjs [preauth]
Sep 28 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: Failed password for root from 43.154.195.142 port 49732 ssh2
Sep 28 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: Received disconnect from 43.154.195.142 port 49732:11: Bye Bye [preauth]
Sep 28 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: Disconnected from 43.154.195.142 port 49732 [preauth]
Sep 28 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: Failed password for invalid user kjs from 38.248.12.102 port 40898 ssh2
Sep 28 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: Received disconnect from 38.248.12.102 port 40898:11: Bye Bye [preauth]
Sep 28 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31683]: Disconnected from 38.248.12.102 port 40898 [preauth]
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: Successful su for rubyman by root
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: + ??? root:rubyman
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309319 of user rubyman.
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309319.
Sep 28 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28352]: pam_unix(cron:session): session closed for user root
Sep 28 16:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Invalid user ftpuser from 190.129.122.12
Sep 28 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Failed password for invalid user ftpuser from 190.129.122.12 port 17158 ssh2
Sep 28 16:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Received disconnect from 190.129.122.12 port 17158:11: Bye Bye [preauth]
Sep 28 16:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Disconnected from 190.129.122.12 port 17158 [preauth]
Sep 28 16:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: Invalid user ander from 154.91.170.39
Sep 28 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: input_userauth_request: invalid user ander [preauth]
Sep 28 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: Failed password for invalid user ander from 154.91.170.39 port 36964 ssh2
Sep 28 16:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: Received disconnect from 154.91.170.39 port 36964:11: Bye Bye [preauth]
Sep 28 16:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: Disconnected from 154.91.170.39 port 36964 [preauth]
Sep 28 16:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Failed password for root from 178.27.90.142 port 61293 ssh2
Sep 28 16:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Received disconnect from 178.27.90.142 port 61293:11: Bye Bye [preauth]
Sep 28 16:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Disconnected from 178.27.90.142 port 61293 [preauth]
Sep 28 16:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30764]: pam_unix(cron:session): session closed for user root
Sep 28 16:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Failed password for root from 38.248.12.102 port 42012 ssh2
Sep 28 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Received disconnect from 38.248.12.102 port 42012:11: Bye Bye [preauth]
Sep 28 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Disconnected from 38.248.12.102 port 42012 [preauth]
Sep 28 16:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Invalid user devops from 43.154.195.142
Sep 28 16:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: input_userauth_request: invalid user devops [preauth]
Sep 28 16:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Failed password for invalid user devops from 43.154.195.142 port 34878 ssh2
Sep 28 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Received disconnect from 43.154.195.142 port 34878:11: Bye Bye [preauth]
Sep 28 16:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Disconnected from 43.154.195.142 port 34878 [preauth]
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32174]: pam_unix(cron:session): session closed for user root
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32167]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: Successful su for rubyman by root
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: + ??? root:rubyman
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309327 of user rubyman.
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32242]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309327.
Sep 28 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32170]: pam_unix(cron:session): session closed for user root
Sep 28 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session closed for user root
Sep 28 16:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32168]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Invalid user test1 from 154.91.170.39
Sep 28 16:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: input_userauth_request: invalid user test1 [preauth]
Sep 28 16:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Failed password for invalid user test1 from 154.91.170.39 port 37066 ssh2
Sep 28 16:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Received disconnect from 154.91.170.39 port 37066:11: Bye Bye [preauth]
Sep 28 16:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Disconnected from 154.91.170.39 port 37066 [preauth]
Sep 28 16:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32498]: Failed password for root from 178.27.90.142 port 63334 ssh2
Sep 28 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32498]: Received disconnect from 178.27.90.142 port 63334:11: Bye Bye [preauth]
Sep 28 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32498]: Disconnected from 178.27.90.142 port 63334 [preauth]
Sep 28 16:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 16:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Failed password for root from 190.129.122.12 port 17568 ssh2
Sep 28 16:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Received disconnect from 190.129.122.12 port 17568:11: Bye Bye [preauth]
Sep 28 16:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32513]: Disconnected from 190.129.122.12 port 17568 [preauth]
Sep 28 16:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session closed for user root
Sep 28 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Failed password for root from 38.248.12.102 port 48716 ssh2
Sep 28 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Received disconnect from 38.248.12.102 port 48716:11: Bye Bye [preauth]
Sep 28 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Disconnected from 38.248.12.102 port 48716 [preauth]
Sep 28 16:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Invalid user webuser from 43.154.195.142
Sep 28 16:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: input_userauth_request: invalid user webuser [preauth]
Sep 28 16:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Failed password for invalid user webuser from 43.154.195.142 port 57620 ssh2
Sep 28 16:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Received disconnect from 43.154.195.142 port 57620:11: Bye Bye [preauth]
Sep 28 16:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Disconnected from 43.154.195.142 port 57620 [preauth]
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32641]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32712]: Successful su for rubyman by root
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32712]: + ??? root:rubyman
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309329 of user rubyman.
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32712]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309329.
Sep 28 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Invalid user iot from 154.91.170.39
Sep 28 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: input_userauth_request: invalid user iot [preauth]
Sep 28 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Sep 28 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Failed password for invalid user iot from 154.91.170.39 port 37164 ssh2
Sep 28 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Received disconnect from 154.91.170.39 port 37164:11: Bye Bye [preauth]
Sep 28 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Disconnected from 154.91.170.39 port 37164 [preauth]
Sep 28 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32642]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Invalid user oracle from 178.27.90.142
Sep 28 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: input_userauth_request: invalid user oracle [preauth]
Sep 28 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Failed password for invalid user oracle from 178.27.90.142 port 64337 ssh2
Sep 28 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Received disconnect from 178.27.90.142 port 64337:11: Bye Bye [preauth]
Sep 28 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Disconnected from 178.27.90.142 port 64337 [preauth]
Sep 28 16:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: Invalid user developer from 190.103.202.7
Sep 28 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: input_userauth_request: invalid user developer [preauth]
Sep 28 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 16:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: Failed password for invalid user developer from 190.103.202.7 port 44324 ssh2
Sep 28 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Invalid user ander from 38.248.12.102
Sep 28 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: input_userauth_request: invalid user ander [preauth]
Sep 28 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[535]: Connection closed by 190.103.202.7 port 44324 [preauth]
Sep 28 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session closed for user root
Sep 28 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Failed password for invalid user ander from 38.248.12.102 port 47950 ssh2
Sep 28 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Received disconnect from 38.248.12.102 port 47950:11: Bye Bye [preauth]
Sep 28 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Disconnected from 38.248.12.102 port 47950 [preauth]
Sep 28 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Invalid user yby from 190.129.122.12
Sep 28 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: input_userauth_request: invalid user yby [preauth]
Sep 28 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12
Sep 28 16:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Failed password for invalid user yby from 190.129.122.12 port 17324 ssh2
Sep 28 16:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Received disconnect from 190.129.122.12 port 17324:11: Bye Bye [preauth]
Sep 28 16:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Disconnected from 190.129.122.12 port 17324 [preauth]
Sep 28 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Invalid user kjs from 154.91.170.39
Sep 28 16:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: input_userauth_request: invalid user kjs [preauth]
Sep 28 16:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session closed for user root
Sep 28 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[700]: Successful su for rubyman by root
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[700]: + ??? root:rubyman
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309334 of user rubyman.
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[700]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309334.
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Failed password for invalid user kjs from 154.91.170.39 port 37270 ssh2
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Received disconnect from 154.91.170.39 port 37270:11: Bye Bye [preauth]
Sep 28 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Disconnected from 154.91.170.39 port 37270 [preauth]
Sep 28 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session closed for user root
Sep 28 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Failed password for root from 43.154.195.142 port 47698 ssh2
Sep 28 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Received disconnect from 43.154.195.142 port 47698:11: Bye Bye [preauth]
Sep 28 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Disconnected from 43.154.195.142 port 47698 [preauth]
Sep 28 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Invalid user mf from 178.27.90.142
Sep 28 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: input_userauth_request: invalid user mf [preauth]
Sep 28 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Failed password for invalid user mf from 178.27.90.142 port 62776 ssh2
Sep 28 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Received disconnect from 178.27.90.142 port 62776:11: Bye Bye [preauth]
Sep 28 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Disconnected from 178.27.90.142 port 62776 [preauth]
Sep 28 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Invalid user openbravo from 38.248.12.102
Sep 28 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: input_userauth_request: invalid user openbravo [preauth]
Sep 28 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Failed password for invalid user openbravo from 38.248.12.102 port 36984 ssh2
Sep 28 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Received disconnect from 38.248.12.102 port 36984:11: Bye Bye [preauth]
Sep 28 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Disconnected from 38.248.12.102 port 36984 [preauth]
Sep 28 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32173]: pam_unix(cron:session): session closed for user root
Sep 28 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=root
Sep 28 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Failed password for root from 190.129.122.12 port 17362 ssh2
Sep 28 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Received disconnect from 190.129.122.12 port 17362:11: Bye Bye [preauth]
Sep 28 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Disconnected from 190.129.122.12 port 17362 [preauth]
Sep 28 16:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Invalid user yogesh from 154.91.170.39
Sep 28 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: input_userauth_request: invalid user yogesh [preauth]
Sep 28 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for invalid user yogesh from 154.91.170.39 port 37372 ssh2
Sep 28 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Received disconnect from 154.91.170.39 port 37372:11: Bye Bye [preauth]
Sep 28 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Disconnected from 154.91.170.39 port 37372 [preauth]
Sep 28 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1179]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1253]: Successful su for rubyman by root
Sep 28 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1253]: + ??? root:rubyman
Sep 28 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309340 of user rubyman.
Sep 28 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1253]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309340.
Sep 28 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30763]: pam_unix(cron:session): session closed for user root
Sep 28 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1180]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Failed password for root from 43.154.195.142 port 60444 ssh2
Sep 28 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Received disconnect from 43.154.195.142 port 60444:11: Bye Bye [preauth]
Sep 28 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Disconnected from 43.154.195.142 port 60444 [preauth]
Sep 28 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: Invalid user app from 178.27.90.142
Sep 28 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: input_userauth_request: invalid user app [preauth]
Sep 28 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: Failed password for invalid user app from 178.27.90.142 port 63784 ssh2
Sep 28 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: Received disconnect from 178.27.90.142 port 63784:11: Bye Bye [preauth]
Sep 28 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1510]: Disconnected from 178.27.90.142 port 63784 [preauth]
Sep 28 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Failed password for root from 38.248.12.102 port 39268 ssh2
Sep 28 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Received disconnect from 38.248.12.102 port 39268:11: Bye Bye [preauth]
Sep 28 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Disconnected from 38.248.12.102 port 39268 [preauth]
Sep 28 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32644]: pam_unix(cron:session): session closed for user root
Sep 28 16:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 154.91.170.39 port 37476 ssh2
Sep 28 16:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Received disconnect from 154.91.170.39 port 37476:11: Bye Bye [preauth]
Sep 28 16:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Disconnected from 154.91.170.39 port 37476 [preauth]
Sep 28 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1674]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1673]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1671]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: Successful su for rubyman by root
Sep 28 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: + ??? root:rubyman
Sep 28 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309342 of user rubyman.
Sep 28 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309342.
Sep 28 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31228]: pam_unix(cron:session): session closed for user root
Sep 28 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: User sandbox from 190.129.122.12 not allowed because not listed in AllowUsers
Sep 28 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: input_userauth_request: invalid user sandbox [preauth]
Sep 28 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.129.122.12  user=sandbox
Sep 28 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1672]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: Failed password for invalid user sandbox from 190.129.122.12 port 17298 ssh2
Sep 28 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: Received disconnect from 190.129.122.12 port 17298:11: Bye Bye [preauth]
Sep 28 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1902]: Disconnected from 190.129.122.12 port 17298 [preauth]
Sep 28 16:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Failed password for root from 178.27.90.142 port 61283 ssh2
Sep 28 16:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Received disconnect from 178.27.90.142 port 61283:11: Bye Bye [preauth]
Sep 28 16:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Disconnected from 178.27.90.142 port 61283 [preauth]
Sep 28 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Invalid user admin from 43.154.195.142
Sep 28 16:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: input_userauth_request: invalid user admin [preauth]
Sep 28 16:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Failed password for invalid user admin from 43.154.195.142 port 50230 ssh2
Sep 28 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Received disconnect from 43.154.195.142 port 50230:11: Bye Bye [preauth]
Sep 28 16:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Disconnected from 43.154.195.142 port 50230 [preauth]
Sep 28 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Failed password for root from 38.248.12.102 port 46580 ssh2
Sep 28 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Received disconnect from 38.248.12.102 port 46580:11: Bye Bye [preauth]
Sep 28 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Disconnected from 38.248.12.102 port 46580 [preauth]
Sep 28 16:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user root
Sep 28 16:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Invalid user saeid from 154.91.170.39
Sep 28 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: input_userauth_request: invalid user saeid [preauth]
Sep 28 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Failed password for invalid user saeid from 154.91.170.39 port 37574 ssh2
Sep 28 16:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Received disconnect from 154.91.170.39 port 37574:11: Bye Bye [preauth]
Sep 28 16:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2100]: Disconnected from 154.91.170.39 port 37574 [preauth]
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session closed for user root
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2203]: Successful su for rubyman by root
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2203]: + ??? root:rubyman
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309348 of user rubyman.
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2203]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309348.
Sep 28 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session closed for user root
Sep 28 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session closed for user root
Sep 28 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Invalid user allan from 178.27.90.142
Sep 28 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: input_userauth_request: invalid user allan [preauth]
Sep 28 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Failed password for invalid user allan from 178.27.90.142 port 64354 ssh2
Sep 28 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Received disconnect from 178.27.90.142 port 64354:11: Bye Bye [preauth]
Sep 28 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Disconnected from 178.27.90.142 port 64354 [preauth]
Sep 28 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Invalid user iot from 38.248.12.102
Sep 28 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: input_userauth_request: invalid user iot [preauth]
Sep 28 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Invalid user transmission from 43.154.195.142
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: input_userauth_request: invalid user transmission [preauth]
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Failed password for invalid user iot from 38.248.12.102 port 38852 ssh2
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Received disconnect from 38.248.12.102 port 38852:11: Bye Bye [preauth]
Sep 28 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Disconnected from 38.248.12.102 port 38852 [preauth]
Sep 28 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Failed password for invalid user transmission from 43.154.195.142 port 50302 ssh2
Sep 28 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Received disconnect from 43.154.195.142 port 50302:11: Bye Bye [preauth]
Sep 28 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2497]: Disconnected from 43.154.195.142 port 50302 [preauth]
Sep 28 16:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1182]: pam_unix(cron:session): session closed for user root
Sep 28 16:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Invalid user alvaro from 154.91.170.39
Sep 28 16:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: input_userauth_request: invalid user alvaro [preauth]
Sep 28 16:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Failed password for invalid user alvaro from 154.91.170.39 port 37682 ssh2
Sep 28 16:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Received disconnect from 154.91.170.39 port 37682:11: Bye Bye [preauth]
Sep 28 16:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Disconnected from 154.91.170.39 port 37682 [preauth]
Sep 28 16:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Invalid user solarwinds from 178.27.90.142
Sep 28 16:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: input_userauth_request: invalid user solarwinds [preauth]
Sep 28 16:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Failed password for invalid user solarwinds from 178.27.90.142 port 65027 ssh2
Sep 28 16:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Received disconnect from 178.27.90.142 port 65027:11: Bye Bye [preauth]
Sep 28 16:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Disconnected from 178.27.90.142 port 65027 [preauth]
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: Successful su for rubyman by root
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: + ??? root:rubyman
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309353 of user rubyman.
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309353.
Sep 28 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32171]: pam_unix(cron:session): session closed for user root
Sep 28 16:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102  user=root
Sep 28 16:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Failed password for root from 38.248.12.102 port 51154 ssh2
Sep 28 16:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Received disconnect from 38.248.12.102 port 51154:11: Bye Bye [preauth]
Sep 28 16:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Disconnected from 38.248.12.102 port 51154 [preauth]
Sep 28 16:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Invalid user matt from 43.154.195.142
Sep 28 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: input_userauth_request: invalid user matt [preauth]
Sep 28 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user matt from 43.154.195.142 port 53008 ssh2
Sep 28 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Received disconnect from 43.154.195.142 port 53008:11: Bye Bye [preauth]
Sep 28 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Disconnected from 43.154.195.142 port 53008 [preauth]
Sep 28 16:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1674]: pam_unix(cron:session): session closed for user root
Sep 28 16:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Invalid user anil from 154.91.170.39
Sep 28 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: input_userauth_request: invalid user anil [preauth]
Sep 28 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Failed password for invalid user anil from 154.91.170.39 port 37782 ssh2
Sep 28 16:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Received disconnect from 154.91.170.39 port 37782:11: Bye Bye [preauth]
Sep 28 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Disconnected from 154.91.170.39 port 37782 [preauth]
Sep 28 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Failed password for root from 178.27.90.142 port 62265 ssh2
Sep 28 16:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Received disconnect from 178.27.90.142 port 62265:11: Bye Bye [preauth]
Sep 28 16:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Disconnected from 178.27.90.142 port 62265 [preauth]
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: Successful su for rubyman by root
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: + ??? root:rubyman
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309356 of user rubyman.
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309356.
Sep 28 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32643]: pam_unix(cron:session): session closed for user root
Sep 28 16:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Invalid user saeid from 38.248.12.102
Sep 28 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: input_userauth_request: invalid user saeid [preauth]
Sep 28 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Failed password for invalid user saeid from 38.248.12.102 port 37464 ssh2
Sep 28 16:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Received disconnect from 38.248.12.102 port 37464:11: Bye Bye [preauth]
Sep 28 16:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Disconnected from 38.248.12.102 port 37464 [preauth]
Sep 28 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Invalid user wow from 154.91.170.39
Sep 28 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: input_userauth_request: invalid user wow [preauth]
Sep 28 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2127]: pam_unix(cron:session): session closed for user root
Sep 28 16:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Failed password for invalid user wow from 154.91.170.39 port 37884 ssh2
Sep 28 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Received disconnect from 154.91.170.39 port 37884:11: Bye Bye [preauth]
Sep 28 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Disconnected from 154.91.170.39 port 37884 [preauth]
Sep 28 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Failed password for root from 43.154.195.142 port 33168 ssh2
Sep 28 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Received disconnect from 43.154.195.142 port 33168:11: Bye Bye [preauth]
Sep 28 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Disconnected from 43.154.195.142 port 33168 [preauth]
Sep 28 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: Invalid user ankit from 178.27.90.142
Sep 28 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: input_userauth_request: invalid user ankit [preauth]
Sep 28 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: Failed password for invalid user ankit from 178.27.90.142 port 62887 ssh2
Sep 28 16:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: Received disconnect from 178.27.90.142 port 62887:11: Bye Bye [preauth]
Sep 28 16:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: Disconnected from 178.27.90.142 port 62887 [preauth]
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3542]: Successful su for rubyman by root
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3542]: + ??? root:rubyman
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309361 of user rubyman.
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3542]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309361.
Sep 28 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session closed for user root
Sep 28 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Invalid user michael from 38.248.12.102
Sep 28 16:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: input_userauth_request: invalid user michael [preauth]
Sep 28 16:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Failed password for invalid user michael from 38.248.12.102 port 58540 ssh2
Sep 28 16:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Received disconnect from 38.248.12.102 port 58540:11: Bye Bye [preauth]
Sep 28 16:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Disconnected from 38.248.12.102 port 58540 [preauth]
Sep 28 16:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Invalid user mailuser from 154.91.170.39
Sep 28 16:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: input_userauth_request: invalid user mailuser [preauth]
Sep 28 16:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Failed password for invalid user mailuser from 154.91.170.39 port 37984 ssh2
Sep 28 16:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Received disconnect from 154.91.170.39 port 37984:11: Bye Bye [preauth]
Sep 28 16:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3809]: Disconnected from 154.91.170.39 port 37984 [preauth]
Sep 28 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session closed for user root
Sep 28 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Invalid user debian from 43.154.195.142
Sep 28 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: input_userauth_request: invalid user debian [preauth]
Sep 28 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Failed password for invalid user debian from 43.154.195.142 port 45428 ssh2
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Received disconnect from 43.154.195.142 port 45428:11: Bye Bye [preauth]
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Disconnected from 43.154.195.142 port 45428 [preauth]
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Invalid user rsync from 178.27.90.142
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: input_userauth_request: invalid user rsync [preauth]
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Failed password for invalid user rsync from 178.27.90.142 port 61072 ssh2
Sep 28 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Received disconnect from 178.27.90.142 port 61072:11: Bye Bye [preauth]
Sep 28 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3869]: Disconnected from 178.27.90.142 port 61072 [preauth]
Sep 28 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3983]: Successful su for rubyman by root
Sep 28 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3983]: + ??? root:rubyman
Sep 28 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309364 of user rubyman.
Sep 28 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3983]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309364.
Sep 28 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Invalid user access from 38.248.12.102
Sep 28 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: input_userauth_request: invalid user access [preauth]
Sep 28 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1181]: pam_unix(cron:session): session closed for user root
Sep 28 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Failed password for invalid user access from 38.248.12.102 port 36028 ssh2
Sep 28 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Received disconnect from 38.248.12.102 port 36028:11: Bye Bye [preauth]
Sep 28 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Disconnected from 38.248.12.102 port 36028 [preauth]
Sep 28 16:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Invalid user zy from 154.91.170.39
Sep 28 16:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: input_userauth_request: invalid user zy [preauth]
Sep 28 16:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39
Sep 28 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Failed password for invalid user zy from 154.91.170.39 port 38086 ssh2
Sep 28 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Received disconnect from 154.91.170.39 port 38086:11: Bye Bye [preauth]
Sep 28 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Disconnected from 154.91.170.39 port 38086 [preauth]
Sep 28 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session closed for user root
Sep 28 16:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Failed password for root from 178.27.90.142 port 61174 ssh2
Sep 28 16:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Received disconnect from 178.27.90.142 port 61174:11: Bye Bye [preauth]
Sep 28 16:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Disconnected from 178.27.90.142 port 61174 [preauth]
Sep 28 16:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: Invalid user hr from 43.154.195.142
Sep 28 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: input_userauth_request: invalid user hr [preauth]
Sep 28 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: Failed password for invalid user hr from 43.154.195.142 port 37034 ssh2
Sep 28 16:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: Received disconnect from 43.154.195.142 port 37034:11: Bye Bye [preauth]
Sep 28 16:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4333]: Disconnected from 43.154.195.142 port 37034 [preauth]
Sep 28 16:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4369]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4368]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4370]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4366]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4370]: pam_unix(cron:session): session closed for user root
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Invalid user fluqueta from 38.248.12.102
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: input_userauth_request: invalid user fluqueta [preauth]
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4442]: Successful su for rubyman by root
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4442]: + ??? root:rubyman
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4442]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309368 of user rubyman.
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309368.
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Failed password for invalid user fluqueta from 38.248.12.102 port 54314 ssh2
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Received disconnect from 38.248.12.102 port 54314:11: Bye Bye [preauth]
Sep 28 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Disconnected from 38.248.12.102 port 54314 [preauth]
Sep 28 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1673]: pam_unix(cron:session): session closed for user root
Sep 28 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4366]: pam_unix(cron:session): session closed for user root
Sep 28 16:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4365]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.91.170.39  user=root
Sep 28 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: Failed password for root from 154.91.170.39 port 38186 ssh2
Sep 28 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: Received disconnect from 154.91.170.39 port 38186:11: Bye Bye [preauth]
Sep 28 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: Disconnected from 154.91.170.39 port 38186 [preauth]
Sep 28 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3481]: pam_unix(cron:session): session closed for user root
Sep 28 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Invalid user lfs from 178.27.90.142
Sep 28 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: input_userauth_request: invalid user lfs [preauth]
Sep 28 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Failed password for invalid user lfs from 178.27.90.142 port 62896 ssh2
Sep 28 16:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Received disconnect from 178.27.90.142 port 62896:11: Bye Bye [preauth]
Sep 28 16:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Disconnected from 178.27.90.142 port 62896 [preauth]
Sep 28 16:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Failed password for root from 43.154.195.142 port 44926 ssh2
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Received disconnect from 43.154.195.142 port 44926:11: Bye Bye [preauth]
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Disconnected from 43.154.195.142 port 44926 [preauth]
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Invalid user user1 from 38.248.12.102
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: input_userauth_request: invalid user user1 [preauth]
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.248.12.102
Sep 28 16:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Failed password for invalid user user1 from 38.248.12.102 port 38326 ssh2
Sep 28 16:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Received disconnect from 38.248.12.102 port 38326:11: Bye Bye [preauth]
Sep 28 16:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Disconnected from 38.248.12.102 port 38326 [preauth]
Sep 28 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4841]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4917]: Successful su for rubyman by root
Sep 28 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4917]: + ??? root:rubyman
Sep 28 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309376 of user rubyman.
Sep 28 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4917]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309376.
Sep 28 16:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session closed for user root
Sep 28 16:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4842]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session closed for user root
Sep 28 16:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Failed password for root from 178.27.90.142 port 61113 ssh2
Sep 28 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Received disconnect from 178.27.90.142 port 61113:11: Bye Bye [preauth]
Sep 28 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5231]: Disconnected from 178.27.90.142 port 61113 [preauth]
Sep 28 16:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Invalid user systems from 43.154.195.142
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: input_userauth_request: invalid user systems [preauth]
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5300]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5455]: Successful su for rubyman by root
Sep 28 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5455]: + ??? root:rubyman
Sep 28 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309379 of user rubyman.
Sep 28 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5455]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309379.
Sep 28 16:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Failed password for invalid user systems from 43.154.195.142 port 40428 ssh2
Sep 28 16:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Received disconnect from 43.154.195.142 port 40428:11: Bye Bye [preauth]
Sep 28 16:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5295]: Disconnected from 43.154.195.142 port 40428 [preauth]
Sep 28 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session closed for user root
Sep 28 16:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5301]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Invalid user joseph from 178.27.90.142
Sep 28 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: input_userauth_request: invalid user joseph [preauth]
Sep 28 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Failed password for invalid user joseph from 178.27.90.142 port 63787 ssh2
Sep 28 16:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Received disconnect from 178.27.90.142 port 63787:11: Bye Bye [preauth]
Sep 28 16:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Disconnected from 178.27.90.142 port 63787 [preauth]
Sep 28 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4369]: pam_unix(cron:session): session closed for user root
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5834]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5903]: Successful su for rubyman by root
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5903]: + ??? root:rubyman
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309382 of user rubyman.
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5903]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309382.
Sep 28 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session closed for user root
Sep 28 16:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5835]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Invalid user a from 43.154.195.142
Sep 28 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: input_userauth_request: invalid user a [preauth]
Sep 28 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Failed password for invalid user a from 43.154.195.142 port 55894 ssh2
Sep 28 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Received disconnect from 43.154.195.142 port 55894:11: Bye Bye [preauth]
Sep 28 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6100]: Disconnected from 43.154.195.142 port 55894 [preauth]
Sep 28 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Invalid user yaya from 178.27.90.142
Sep 28 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: input_userauth_request: invalid user yaya [preauth]
Sep 28 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Failed password for invalid user yaya from 178.27.90.142 port 64699 ssh2
Sep 28 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Received disconnect from 178.27.90.142 port 64699:11: Bye Bye [preauth]
Sep 28 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Disconnected from 178.27.90.142 port 64699 [preauth]
Sep 28 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4844]: pam_unix(cron:session): session closed for user root
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: Successful su for rubyman by root
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: + ??? root:rubyman
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309386 of user rubyman.
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309386.
Sep 28 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session closed for user root
Sep 28 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Invalid user ws from 43.154.195.142
Sep 28 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: input_userauth_request: invalid user ws [preauth]
Sep 28 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Failed password for invalid user ws from 43.154.195.142 port 38220 ssh2
Sep 28 16:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Received disconnect from 43.154.195.142 port 38220:11: Bye Bye [preauth]
Sep 28 16:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Disconnected from 43.154.195.142 port 38220 [preauth]
Sep 28 16:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: Invalid user pwserver from 178.27.90.142
Sep 28 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: input_userauth_request: invalid user pwserver [preauth]
Sep 28 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: Failed password for invalid user pwserver from 178.27.90.142 port 65089 ssh2
Sep 28 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: Received disconnect from 178.27.90.142 port 65089:11: Bye Bye [preauth]
Sep 28 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6696]: Disconnected from 178.27.90.142 port 65089 [preauth]
Sep 28 16:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5303]: pam_unix(cron:session): session closed for user root
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session closed for user root
Sep 28 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: Successful su for rubyman by root
Sep 28 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: + ??? root:rubyman
Sep 28 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309393 of user rubyman.
Sep 28 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309393.
Sep 28 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
Sep 28 16:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session closed for user root
Sep 28 16:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142  user=root
Sep 28 16:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Failed password for root from 178.27.90.142 port 64922 ssh2
Sep 28 16:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Received disconnect from 178.27.90.142 port 64922:11: Bye Bye [preauth]
Sep 28 16:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Disconnected from 178.27.90.142 port 64922 [preauth]
Sep 28 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Failed password for root from 43.154.195.142 port 35992 ssh2
Sep 28 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Received disconnect from 43.154.195.142 port 35992:11: Bye Bye [preauth]
Sep 28 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Disconnected from 43.154.195.142 port 35992 [preauth]
Sep 28 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5838]: pam_unix(cron:session): session closed for user root
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7463]: Successful su for rubyman by root
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7463]: + ??? root:rubyman
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309396 of user rubyman.
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7463]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309396.
Sep 28 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 28 16:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Failed password for root from 164.68.105.9 port 51470 ssh2
Sep 28 16:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Connection closed by 164.68.105.9 port 51470 [preauth]
Sep 28 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7393]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4368]: pam_unix(cron:session): session closed for user root
Sep 28 16:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Invalid user oleh from 178.27.90.142
Sep 28 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: input_userauth_request: invalid user oleh [preauth]
Sep 28 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.27.90.142
Sep 28 16:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Failed password for invalid user oleh from 178.27.90.142 port 63909 ssh2
Sep 28 16:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Received disconnect from 178.27.90.142 port 63909:11: Bye Bye [preauth]
Sep 28 16:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Disconnected from 178.27.90.142 port 63909 [preauth]
Sep 28 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user root
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Failed password for root from 43.154.195.142 port 46936 ssh2
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Invalid user admin from 80.94.95.112
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: input_userauth_request: invalid user admin [preauth]
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Received disconnect from 43.154.195.142 port 46936:11: Bye Bye [preauth]
Sep 28 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Disconnected from 43.154.195.142 port 46936 [preauth]
Sep 28 16:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Failed password for invalid user admin from 80.94.95.112 port 19043 ssh2
Sep 28 16:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Failed password for invalid user admin from 80.94.95.112 port 19043 ssh2
Sep 28 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Failed password for invalid user admin from 80.94.95.112 port 19043 ssh2
Sep 28 16:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Failed password for invalid user admin from 80.94.95.112 port 19043 ssh2
Sep 28 16:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Failed password for invalid user admin from 80.94.95.112 port 19043 ssh2
Sep 28 16:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Received disconnect from 80.94.95.112 port 19043:11: Bye [preauth]
Sep 28 16:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: Disconnected from 80.94.95.112 port 19043 [preauth]
Sep 28 16:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 16:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7726]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: Successful su for rubyman by root
Sep 28 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: + ??? root:rubyman
Sep 28 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309400 of user rubyman.
Sep 28 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309400.
Sep 28 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4843]: pam_unix(cron:session): session closed for user root
Sep 28 16:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session closed for user root
Sep 28 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Invalid user devil from 43.154.195.142
Sep 28 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: input_userauth_request: invalid user devil [preauth]
Sep 28 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Failed password for invalid user devil from 43.154.195.142 port 44010 ssh2
Sep 28 16:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Received disconnect from 43.154.195.142 port 44010:11: Bye Bye [preauth]
Sep 28 16:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Disconnected from 43.154.195.142 port 44010 [preauth]
Sep 28 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8336]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: Successful su for rubyman by root
Sep 28 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: + ??? root:rubyman
Sep 28 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309405 of user rubyman.
Sep 28 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309405.
Sep 28 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5302]: pam_unix(cron:session): session closed for user root
Sep 28 16:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7395]: pam_unix(cron:session): session closed for user root
Sep 28 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: Invalid user ubuntu from 43.154.195.142
Sep 28 16:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 16:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: Failed password for invalid user ubuntu from 43.154.195.142 port 54592 ssh2
Sep 28 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: Received disconnect from 43.154.195.142 port 54592:11: Bye Bye [preauth]
Sep 28 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: Disconnected from 43.154.195.142 port 54592 [preauth]
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: Successful su for rubyman by root
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: + ??? root:rubyman
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309409 of user rubyman.
Sep 28 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309409.
Sep 28 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5836]: pam_unix(cron:session): session closed for user root
Sep 28 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user root
Sep 28 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Failed password for root from 43.154.195.142 port 57126 ssh2
Sep 28 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Received disconnect from 43.154.195.142 port 57126:11: Bye Bye [preauth]
Sep 28 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Disconnected from 43.154.195.142 port 57126 [preauth]
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9464]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9466]: pam_unix(cron:session): session closed for user root
Sep 28 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9530]: Successful su for rubyman by root
Sep 28 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9530]: + ??? root:rubyman
Sep 28 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309417 of user rubyman.
Sep 28 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9530]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309417.
Sep 28 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session closed for user root
Sep 28 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user root
Sep 28 16:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 28 16:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: Failed password for root from 213.209.157.9 port 61682 ssh2
Sep 28 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: Connection closed by 213.209.157.9 port 61682 [preauth]
Sep 28 16:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session closed for user root
Sep 28 16:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Invalid user bounce from 43.154.195.142
Sep 28 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: input_userauth_request: invalid user bounce [preauth]
Sep 28 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142
Sep 28 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Failed password for invalid user bounce from 43.154.195.142 port 49302 ssh2
Sep 28 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Received disconnect from 43.154.195.142 port 49302:11: Bye Bye [preauth]
Sep 28 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Disconnected from 43.154.195.142 port 49302 [preauth]
Sep 28 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10055]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: Successful su for rubyman by root
Sep 28 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: + ??? root:rubyman
Sep 28 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309419 of user rubyman.
Sep 28 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309419.
Sep 28 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session closed for user root
Sep 28 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10056]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session closed for user root
Sep 28 16:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.195.142  user=root
Sep 28 16:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10502]: Failed password for root from 43.154.195.142 port 57264 ssh2
Sep 28 16:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10502]: Received disconnect from 43.154.195.142 port 57264:11: Bye Bye [preauth]
Sep 28 16:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10502]: Disconnected from 43.154.195.142 port 57264 [preauth]
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10525]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10526]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10523]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10594]: Successful su for rubyman by root
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10594]: + ??? root:rubyman
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309423 of user rubyman.
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10594]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309423.
Sep 28 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session closed for user root
Sep 28 16:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10524]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session closed for user root
Sep 28 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10957]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11024]: Successful su for rubyman by root
Sep 28 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11024]: + ??? root:rubyman
Sep 28 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309427 of user rubyman.
Sep 28 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11024]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309427.
Sep 28 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session closed for user root
Sep 28 16:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10959]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Invalid user loginuser from 190.103.202.7
Sep 28 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: input_userauth_request: invalid user loginuser [preauth]
Sep 28 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 16:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Failed password for invalid user loginuser from 190.103.202.7 port 51558 ssh2
Sep 28 16:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Connection closed by 190.103.202.7 port 51558 [preauth]
Sep 28 16:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10058]: pam_unix(cron:session): session closed for user root
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11396]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11393]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: Successful su for rubyman by root
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: + ??? root:rubyman
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309432 of user rubyman.
Sep 28 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11531]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309432.
Sep 28 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session closed for user root
Sep 28 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8338]: pam_unix(cron:session): session closed for user root
Sep 28 16:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10526]: pam_unix(cron:session): session closed for user root
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session closed for user root
Sep 28 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12003]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12077]: Successful su for rubyman by root
Sep 28 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12077]: + ??? root:rubyman
Sep 28 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309440 of user rubyman.
Sep 28 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12077]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309440.
Sep 28 16:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session closed for user root
Sep 28 16:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12005]: pam_unix(cron:session): session closed for user root
Sep 28 16:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12004]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10961]: pam_unix(cron:session): session closed for user root
Sep 28 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12477]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: Successful su for rubyman by root
Sep 28 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: + ??? root:rubyman
Sep 28 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309441 of user rubyman.
Sep 28 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309441.
Sep 28 16:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9464]: pam_unix(cron:session): session closed for user root
Sep 28 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11396]: pam_unix(cron:session): session closed for user root
Sep 28 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13006]: Successful su for rubyman by root
Sep 28 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13006]: + ??? root:rubyman
Sep 28 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309445 of user rubyman.
Sep 28 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13006]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309445.
Sep 28 16:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10057]: pam_unix(cron:session): session closed for user root
Sep 28 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12007]: pam_unix(cron:session): session closed for user root
Sep 28 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: Successful su for rubyman by root
Sep 28 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: + ??? root:rubyman
Sep 28 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309449 of user rubyman.
Sep 28 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13440]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309449.
Sep 28 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10525]: pam_unix(cron:session): session closed for user root
Sep 28 16:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12477]: pam_unix(cron:session): session closed for user root
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: Successful su for rubyman by root
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: + ??? root:rubyman
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309455 of user rubyman.
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309455.
Sep 28 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10960]: pam_unix(cron:session): session closed for user root
Sep 28 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13792]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12935]: pam_unix(cron:session): session closed for user root
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session closed for user root
Sep 28 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: Successful su for rubyman by root
Sep 28 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: + ??? root:rubyman
Sep 28 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309457 of user rubyman.
Sep 28 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309457.
Sep 28 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session closed for user root
Sep 28 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session closed for user root
Sep 28 16:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13375]: pam_unix(cron:session): session closed for user root
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: Successful su for rubyman by root
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: + ??? root:rubyman
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309463 of user rubyman.
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309463.
Sep 28 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12006]: pam_unix(cron:session): session closed for user root
Sep 28 16:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session closed for user root
Sep 28 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: Successful su for rubyman by root
Sep 28 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: + ??? root:rubyman
Sep 28 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309467 of user rubyman.
Sep 28 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309467.
Sep 28 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session closed for user root
Sep 28 16:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session closed for user root
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: Successful su for rubyman by root
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: + ??? root:rubyman
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309473 of user rubyman.
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309473.
Sep 28 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session closed for user root
Sep 28 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Invalid user vpn from 14.224.251.70
Sep 28 16:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: input_userauth_request: invalid user vpn [preauth]
Sep 28 16:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 16:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Failed password for invalid user vpn from 14.224.251.70 port 45138 ssh2
Sep 28 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Received disconnect from 14.224.251.70 port 45138:11: Bye Bye [preauth]
Sep 28 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Disconnected from 14.224.251.70 port 45138 [preauth]
Sep 28 16:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Failed password for root from 103.176.78.213 port 35614 ssh2
Sep 28 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Received disconnect from 103.176.78.213 port 35614:11: Bye Bye [preauth]
Sep 28 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Disconnected from 103.176.78.213 port 35614 [preauth]
Sep 28 16:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session closed for user root
Sep 28 16:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16013]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for root from 93.152.230.176 port 25184 ssh2
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Received disconnect from 93.152.230.176 port 25184:11: Client disconnecting normally [preauth]
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Disconnected from 93.152.230.176 port 25184 [preauth]
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: Successful su for rubyman by root
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: + ??? root:rubyman
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309476 of user rubyman.
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309476.
Sep 28 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session closed for user root
Sep 28 16:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16014]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session closed for user root
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16443]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session closed for user root
Sep 28 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: Successful su for rubyman by root
Sep 28 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: + ??? root:rubyman
Sep 28 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309481 of user rubyman.
Sep 28 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16514]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309481.
Sep 28 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16443]: pam_unix(cron:session): session closed for user root
Sep 28 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session closed for user root
Sep 28 16:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16442]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Invalid user admin from 139.19.117.131
Sep 28 16:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: input_userauth_request: invalid user admin [preauth]
Sep 28 16:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Connection closed by 139.19.117.131 port 36684 [preauth]
Sep 28 16:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user root
Sep 28 16:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Invalid user aa11 from 14.224.251.70
Sep 28 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: input_userauth_request: invalid user aa11 [preauth]
Sep 28 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 16:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for invalid user aa11 from 14.224.251.70 port 52326 ssh2
Sep 28 16:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Received disconnect from 14.224.251.70 port 52326:11: Bye Bye [preauth]
Sep 28 16:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Disconnected from 14.224.251.70 port 52326 [preauth]
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16921]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: Successful su for rubyman by root
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: + ??? root:rubyman
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309485 of user rubyman.
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309485.
Sep 28 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session closed for user root
Sep 28 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16922]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16017]: pam_unix(cron:session): session closed for user root
Sep 28 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Invalid user afa from 46.101.170.54
Sep 28 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: input_userauth_request: invalid user afa [preauth]
Sep 28 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 16:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Failed password for invalid user afa from 46.101.170.54 port 49426 ssh2
Sep 28 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Connection closed by 46.101.170.54 port 49426 [preauth]
Sep 28 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Failed password for root from 31.59.136.7 port 38344 ssh2
Sep 28 16:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Received disconnect from 31.59.136.7 port 38344:11: Bye Bye [preauth]
Sep 28 16:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Disconnected from 31.59.136.7 port 38344 [preauth]
Sep 28 16:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Invalid user user from 62.60.131.157
Sep 28 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: input_userauth_request: invalid user user [preauth]
Sep 28 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 16:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user user from 62.60.131.157 port 65071 ssh2
Sep 28 16:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user user from 62.60.131.157 port 65071 ssh2
Sep 28 16:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Invalid user soporte from 14.224.251.70
Sep 28 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: input_userauth_request: invalid user soporte [preauth]
Sep 28 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user user from 62.60.131.157 port 65071 ssh2
Sep 28 16:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for invalid user soporte from 14.224.251.70 port 47834 ssh2
Sep 28 16:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 16:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Received disconnect from 14.224.251.70 port 47834:11: Bye Bye [preauth]
Sep 28 16:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Disconnected from 14.224.251.70 port 47834 [preauth]
Sep 28 16:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user user from 62.60.131.157 port 65071 ssh2
Sep 28 16:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Failed password for root from 103.176.78.213 port 45176 ssh2
Sep 28 16:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Received disconnect from 103.176.78.213 port 45176:11: Bye Bye [preauth]
Sep 28 16:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Disconnected from 103.176.78.213 port 45176 [preauth]
Sep 28 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user user from 62.60.131.157 port 65071 ssh2
Sep 28 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Received disconnect from 62.60.131.157 port 65071:11: Bye [preauth]
Sep 28 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Disconnected from 62.60.131.157 port 65071 [preauth]
Sep 28 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17396]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17394]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: Successful su for rubyman by root
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: + ??? root:rubyman
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309490 of user rubyman.
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309490.
Sep 28 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session closed for user root
Sep 28 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17391]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 16:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: Invalid user owner from 193.176.251.229
Sep 28 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: input_userauth_request: invalid user owner [preauth]
Sep 28 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 16:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: Failed password for root from 162.253.132.241 port 49584 ssh2
Sep 28 16:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: Received disconnect from 162.253.132.241 port 49584:11: Bye Bye [preauth]
Sep 28 16:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: Disconnected from 162.253.132.241 port 49584 [preauth]
Sep 28 16:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: Failed password for invalid user owner from 193.176.251.229 port 54426 ssh2
Sep 28 16:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: Received disconnect from 193.176.251.229 port 54426:11: Bye Bye [preauth]
Sep 28 16:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17706]: Disconnected from 193.176.251.229 port 54426 [preauth]
Sep 28 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session closed for user root
Sep 28 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Failed password for root from 190.0.63.226 port 49018 ssh2
Sep 28 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Received disconnect from 190.0.63.226 port 49018:11: Bye Bye [preauth]
Sep 28 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Disconnected from 190.0.63.226 port 49018 [preauth]
Sep 28 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: Successful su for rubyman by root
Sep 28 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: + ??? root:rubyman
Sep 28 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309493 of user rubyman.
Sep 28 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309493.
Sep 28 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user root
Sep 28 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Invalid user minecraft from 14.224.251.70
Sep 28 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 16:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Failed password for invalid user minecraft from 14.224.251.70 port 43346 ssh2
Sep 28 16:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Received disconnect from 14.224.251.70 port 43346:11: Bye Bye [preauth]
Sep 28 16:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Disconnected from 14.224.251.70 port 43346 [preauth]
Sep 28 16:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16924]: pam_unix(cron:session): session closed for user root
Sep 28 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Failed password for root from 103.176.78.213 port 42466 ssh2
Sep 28 16:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Received disconnect from 103.176.78.213 port 42466:11: Bye Bye [preauth]
Sep 28 16:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Disconnected from 103.176.78.213 port 42466 [preauth]
Sep 28 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18702]: Successful su for rubyman by root
Sep 28 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18702]: + ??? root:rubyman
Sep 28 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309498 of user rubyman.
Sep 28 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18702]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309498.
Sep 28 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session closed for user root
Sep 28 16:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18632]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 16:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18984]: Failed password for root from 14.224.251.70 port 38858 ssh2
Sep 28 16:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18984]: Received disconnect from 14.224.251.70 port 38858:11: Bye Bye [preauth]
Sep 28 16:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18984]: Disconnected from 14.224.251.70 port 38858 [preauth]
Sep 28 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17396]: pam_unix(cron:session): session closed for user root
Sep 28 16:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Invalid user h3c from 196.28.242.198
Sep 28 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: input_userauth_request: invalid user h3c [preauth]
Sep 28 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Failed password for invalid user h3c from 196.28.242.198 port 56492 ssh2
Sep 28 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Received disconnect from 196.28.242.198 port 56492:11: Bye Bye [preauth]
Sep 28 16:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Disconnected from 196.28.242.198 port 56492 [preauth]
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session closed for user root
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: Successful su for rubyman by root
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: + ??? root:rubyman
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309503 of user rubyman.
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19184]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309503.
Sep 28 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16016]: pam_unix(cron:session): session closed for user root
Sep 28 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session closed for user root
Sep 28 16:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: Invalid user cdl from 103.176.78.213
Sep 28 16:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: input_userauth_request: invalid user cdl [preauth]
Sep 28 16:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: Failed password for invalid user cdl from 103.176.78.213 port 51332 ssh2
Sep 28 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: Received disconnect from 103.176.78.213 port 51332:11: Bye Bye [preauth]
Sep 28 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: Disconnected from 103.176.78.213 port 51332 [preauth]
Sep 28 16:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17928]: pam_unix(cron:session): session closed for user root
Sep 28 16:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 16:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Failed password for root from 193.176.251.229 port 50405 ssh2
Sep 28 16:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Received disconnect from 193.176.251.229 port 50405:11: Bye Bye [preauth]
Sep 28 16:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Disconnected from 193.176.251.229 port 50405 [preauth]
Sep 28 16:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 16:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for root from 31.59.136.7 port 54382 ssh2
Sep 28 16:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Received disconnect from 31.59.136.7 port 54382:11: Bye Bye [preauth]
Sep 28 16:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Disconnected from 31.59.136.7 port 54382 [preauth]
Sep 28 16:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 16:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: Failed password for root from 162.253.132.241 port 44712 ssh2
Sep 28 16:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: Received disconnect from 162.253.132.241 port 44712:11: Bye Bye [preauth]
Sep 28 16:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19914]: Disconnected from 162.253.132.241 port 44712 [preauth]
Sep 28 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Invalid user light from 190.0.63.226
Sep 28 16:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: input_userauth_request: invalid user light [preauth]
Sep 28 16:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Failed password for invalid user light from 190.0.63.226 port 36146 ssh2
Sep 28 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Received disconnect from 190.0.63.226 port 36146:11: Bye Bye [preauth]
Sep 28 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Disconnected from 190.0.63.226 port 36146 [preauth]
Sep 28 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19963]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Failed password for root from 14.224.251.70 port 34388 ssh2
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20046]: Successful su for rubyman by root
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20046]: + ??? root:rubyman
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309508 of user rubyman.
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20046]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309508.
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Received disconnect from 14.224.251.70 port 34388:11: Bye Bye [preauth]
Sep 28 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Disconnected from 14.224.251.70 port 34388 [preauth]
Sep 28 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user root
Sep 28 16:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: Invalid user rony from 196.28.242.198
Sep 28 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: input_userauth_request: invalid user rony [preauth]
Sep 28 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 16:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: Failed password for invalid user rony from 196.28.242.198 port 60260 ssh2
Sep 28 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: Received disconnect from 196.28.242.198 port 60260:11: Bye Bye [preauth]
Sep 28 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20351]: Disconnected from 196.28.242.198 port 60260 [preauth]
Sep 28 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session closed for user root
Sep 28 16:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 16:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Failed password for root from 193.176.251.229 port 33355 ssh2
Sep 28 16:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Received disconnect from 193.176.251.229 port 33355:11: Bye Bye [preauth]
Sep 28 16:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Disconnected from 193.176.251.229 port 33355 [preauth]
Sep 28 16:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Invalid user rami from 103.176.78.213
Sep 28 16:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: input_userauth_request: invalid user rami [preauth]
Sep 28 16:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 16:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Failed password for invalid user rami from 103.176.78.213 port 35440 ssh2
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Received disconnect from 103.176.78.213 port 35440:11: Bye Bye [preauth]
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Disconnected from 103.176.78.213 port 35440 [preauth]
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Invalid user nigger from 162.253.132.241
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: input_userauth_request: invalid user nigger [preauth]
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 16:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Failed password for invalid user nigger from 162.253.132.241 port 39896 ssh2
Sep 28 16:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Received disconnect from 162.253.132.241 port 39896:11: Bye Bye [preauth]
Sep 28 16:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Disconnected from 162.253.132.241 port 39896 [preauth]
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20534]: Successful su for rubyman by root
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20534]: + ??? root:rubyman
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309511 of user rubyman.
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20534]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309511.
Sep 28 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16923]: pam_unix(cron:session): session closed for user root
Sep 28 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20464]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Failed password for root from 190.0.63.226 port 60560 ssh2
Sep 28 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Received disconnect from 190.0.63.226 port 60560:11: Bye Bye [preauth]
Sep 28 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Disconnected from 190.0.63.226 port 60560 [preauth]
Sep 28 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 16:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Invalid user ubuntu from 14.224.251.70
Sep 28 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20784]: Failed password for root from 31.59.136.7 port 43176 ssh2
Sep 28 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20784]: Received disconnect from 31.59.136.7 port 43176:11: Bye Bye [preauth]
Sep 28 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20784]: Disconnected from 31.59.136.7 port 43176 [preauth]
Sep 28 16:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Failed password for invalid user ubuntu from 14.224.251.70 port 58132 ssh2
Sep 28 16:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Received disconnect from 14.224.251.70 port 58132:11: Bye Bye [preauth]
Sep 28 16:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Disconnected from 14.224.251.70 port 58132 [preauth]
Sep 28 16:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session closed for user root
Sep 28 16:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: Failed password for root from 193.176.251.229 port 44537 ssh2
Sep 28 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: Received disconnect from 193.176.251.229 port 44537:11: Bye Bye [preauth]
Sep 28 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: Disconnected from 193.176.251.229 port 44537 [preauth]
Sep 28 16:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: Invalid user test from 196.28.242.198
Sep 28 16:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: input_userauth_request: invalid user test [preauth]
Sep 28 16:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 16:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: Failed password for invalid user test from 196.28.242.198 port 51326 ssh2
Sep 28 16:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: Received disconnect from 196.28.242.198 port 51326:11: Bye Bye [preauth]
Sep 28 16:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20866]: Disconnected from 196.28.242.198 port 51326 [preauth]
Sep 28 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Invalid user factorio from 162.253.132.241
Sep 28 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: input_userauth_request: invalid user factorio [preauth]
Sep 28 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Failed password for invalid user factorio from 162.253.132.241 port 35086 ssh2
Sep 28 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Received disconnect from 162.253.132.241 port 35086:11: Bye Bye [preauth]
Sep 28 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Disconnected from 162.253.132.241 port 35086 [preauth]
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: Successful su for rubyman by root
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: + ??? root:rubyman
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309516 of user rubyman.
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309516.
Sep 28 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17394]: pam_unix(cron:session): session closed for user root
Sep 28 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 16:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Invalid user soksuser from 190.0.63.226
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: input_userauth_request: invalid user soksuser [preauth]
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for root from 103.176.78.213 port 60766 ssh2
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Received disconnect from 103.176.78.213 port 60766:11: Bye Bye [preauth]
Sep 28 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Disconnected from 103.176.78.213 port 60766 [preauth]
Sep 28 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Failed password for invalid user soksuser from 190.0.63.226 port 56740 ssh2
Sep 28 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Received disconnect from 190.0.63.226 port 56740:11: Bye Bye [preauth]
Sep 28 16:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Disconnected from 190.0.63.226 port 56740 [preauth]
Sep 28 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19963]: pam_unix(cron:session): session closed for user root
Sep 28 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Invalid user light from 193.176.251.229
Sep 28 16:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: input_userauth_request: invalid user light [preauth]
Sep 28 16:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Failed password for invalid user light from 193.176.251.229 port 55716 ssh2
Sep 28 16:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Received disconnect from 193.176.251.229 port 55716:11: Bye Bye [preauth]
Sep 28 16:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21299]: Disconnected from 193.176.251.229 port 55716 [preauth]
Sep 28 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 16:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21333]: Failed password for root from 162.253.132.241 port 58506 ssh2
Sep 28 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21333]: Received disconnect from 162.253.132.241 port 58506:11: Bye Bye [preauth]
Sep 28 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21333]: Disconnected from 162.253.132.241 port 58506 [preauth]
Sep 28 16:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: Failed password for root from 14.224.251.70 port 53660 ssh2
Sep 28 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: Received disconnect from 14.224.251.70 port 53660:11: Bye Bye [preauth]
Sep 28 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: Disconnected from 14.224.251.70 port 53660 [preauth]
Sep 28 16:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Failed password for root from 31.59.136.7 port 44688 ssh2
Sep 28 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Received disconnect from 31.59.136.7 port 44688:11: Bye Bye [preauth]
Sep 28 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Disconnected from 31.59.136.7 port 44688 [preauth]
Sep 28 16:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Failed password for root from 196.28.242.198 port 49124 ssh2
Sep 28 16:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Received disconnect from 196.28.242.198 port 49124:11: Bye Bye [preauth]
Sep 28 16:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Disconnected from 196.28.242.198 port 49124 [preauth]
Sep 28 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21366]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21362]: pam_unix(cron:session): session closed for user p13x
Sep 28 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21427]: Successful su for rubyman by root
Sep 28 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21427]: + ??? root:rubyman
Sep 28 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309519 of user rubyman.
Sep 28 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21427]: pam_unix(su:session): session closed for user rubyman
Sep 28 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309519.
Sep 28 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session closed for user root
Sep 28 16:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21363]: pam_unix(cron:session): session closed for user samftp
Sep 28 16:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Invalid user test from 190.0.63.226
Sep 28 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: input_userauth_request: invalid user test [preauth]
Sep 28 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for invalid user test from 190.0.63.226 port 52914 ssh2
Sep 28 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Received disconnect from 190.0.63.226 port 52914:11: Bye Bye [preauth]
Sep 28 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Disconnected from 190.0.63.226 port 52914 [preauth]
Sep 28 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20467]: pam_unix(cron:session): session closed for user root
Sep 28 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Failed password for root from 193.176.251.229 port 38662 ssh2
Sep 28 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Received disconnect from 193.176.251.229 port 38662:11: Bye Bye [preauth]
Sep 28 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Disconnected from 193.176.251.229 port 38662 [preauth]
Sep 28 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Invalid user sameer from 162.253.132.241
Sep 28 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: input_userauth_request: invalid user sameer [preauth]
Sep 28 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 16:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Failed password for invalid user sameer from 162.253.132.241 port 53684 ssh2
Sep 28 16:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Received disconnect from 162.253.132.241 port 53684:11: Bye Bye [preauth]
Sep 28 16:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21770]: Disconnected from 162.253.132.241 port 53684 [preauth]
Sep 28 16:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Invalid user adrian from 103.176.78.213
Sep 28 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: input_userauth_request: invalid user adrian [preauth]
Sep 28 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 16:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for invalid user adrian from 103.176.78.213 port 46912 ssh2
Sep 28 16:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Received disconnect from 103.176.78.213 port 46912:11: Bye Bye [preauth]
Sep 28 16:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Disconnected from 103.176.78.213 port 46912 [preauth]
Sep 28 16:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Failed password for root from 196.28.242.198 port 33402 ssh2
Sep 28 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Received disconnect from 196.28.242.198 port 33402:11: Bye Bye [preauth]
Sep 28 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Disconnected from 196.28.242.198 port 33402 [preauth]
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session closed for user root
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session closed for user root
Sep 28 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: Successful su for rubyman by root
Sep 28 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: + ??? root:rubyman
Sep 28 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309526 of user rubyman.
Sep 28 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309526.
Sep 28 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session closed for user root
Sep 28 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18633]: pam_unix(cron:session): session closed for user root
Sep 28 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Invalid user kris from 14.224.251.70
Sep 28 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: input_userauth_request: invalid user kris [preauth]
Sep 28 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Failed password for invalid user kris from 14.224.251.70 port 49172 ssh2
Sep 28 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Received disconnect from 14.224.251.70 port 49172:11: Bye Bye [preauth]
Sep 28 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Disconnected from 14.224.251.70 port 49172 [preauth]
Sep 28 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Failed password for root from 31.59.136.7 port 32902 ssh2
Sep 28 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Received disconnect from 31.59.136.7 port 32902:11: Bye Bye [preauth]
Sep 28 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Disconnected from 31.59.136.7 port 32902 [preauth]
Sep 28 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session closed for user root
Sep 28 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: Invalid user test from 193.176.251.229
Sep 28 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: input_userauth_request: invalid user test [preauth]
Sep 28 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: Failed password for invalid user test from 193.176.251.229 port 49846 ssh2
Sep 28 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: Received disconnect from 193.176.251.229 port 49846:11: Bye Bye [preauth]
Sep 28 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22291]: Disconnected from 193.176.251.229 port 49846 [preauth]
Sep 28 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Invalid user tung from 190.0.63.226
Sep 28 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: input_userauth_request: invalid user tung [preauth]
Sep 28 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Failed password for invalid user tung from 190.0.63.226 port 49090 ssh2
Sep 28 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Received disconnect from 190.0.63.226 port 49090:11: Bye Bye [preauth]
Sep 28 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Disconnected from 190.0.63.226 port 49090 [preauth]
Sep 28 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Invalid user ubuntu from 162.253.132.241
Sep 28 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user ubuntu from 162.253.132.241 port 48884 ssh2
Sep 28 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Received disconnect from 162.253.132.241 port 48884:11: Bye Bye [preauth]
Sep 28 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Disconnected from 162.253.132.241 port 48884 [preauth]
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22384]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22462]: Successful su for rubyman by root
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22462]: + ??? root:rubyman
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309530 of user rubyman.
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22462]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309530.
Sep 28 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Invalid user kodi from 196.28.242.198
Sep 28 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: input_userauth_request: invalid user kodi [preauth]
Sep 28 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Failed password for invalid user kodi from 196.28.242.198 port 50536 ssh2
Sep 28 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Received disconnect from 196.28.242.198 port 50536:11: Bye Bye [preauth]
Sep 28 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22513]: Disconnected from 196.28.242.198 port 50536 [preauth]
Sep 28 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session closed for user root
Sep 28 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22382]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Invalid user josiah from 103.176.78.213
Sep 28 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: input_userauth_request: invalid user josiah [preauth]
Sep 28 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Invalid user debug from 14.224.251.70
Sep 28 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: input_userauth_request: invalid user debug [preauth]
Sep 28 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Failed password for invalid user josiah from 103.176.78.213 port 38364 ssh2
Sep 28 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Received disconnect from 103.176.78.213 port 38364:11: Bye Bye [preauth]
Sep 28 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Disconnected from 103.176.78.213 port 38364 [preauth]
Sep 28 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Failed password for invalid user debug from 14.224.251.70 port 44674 ssh2
Sep 28 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Received disconnect from 14.224.251.70 port 44674:11: Bye Bye [preauth]
Sep 28 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Disconnected from 14.224.251.70 port 44674 [preauth]
Sep 28 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22937]: Failed password for root from 193.176.251.229 port 32792 ssh2
Sep 28 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22937]: Received disconnect from 193.176.251.229 port 32792:11: Bye Bye [preauth]
Sep 28 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22937]: Disconnected from 193.176.251.229 port 32792 [preauth]
Sep 28 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21366]: pam_unix(cron:session): session closed for user root
Sep 28 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Invalid user test from 162.253.132.241
Sep 28 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: input_userauth_request: invalid user test [preauth]
Sep 28 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Failed password for invalid user test from 162.253.132.241 port 44062 ssh2
Sep 28 17:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Received disconnect from 162.253.132.241 port 44062:11: Bye Bye [preauth]
Sep 28 17:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Disconnected from 162.253.132.241 port 44062 [preauth]
Sep 28 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23028]: Failed password for root from 190.0.63.226 port 45300 ssh2
Sep 28 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23028]: Received disconnect from 190.0.63.226 port 45300:11: Bye Bye [preauth]
Sep 28 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23028]: Disconnected from 190.0.63.226 port 45300 [preauth]
Sep 28 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23055]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23150]: Successful su for rubyman by root
Sep 28 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23150]: + ??? root:rubyman
Sep 28 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309534 of user rubyman.
Sep 28 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23150]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309534.
Sep 28 17:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session closed for user root
Sep 28 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Failed password for root from 31.59.136.7 port 54852 ssh2
Sep 28 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Received disconnect from 31.59.136.7 port 54852:11: Bye Bye [preauth]
Sep 28 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Disconnected from 31.59.136.7 port 54852 [preauth]
Sep 28 17:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23056]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Invalid user test from 196.28.242.198
Sep 28 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: input_userauth_request: invalid user test [preauth]
Sep 28 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Failed password for invalid user test from 196.28.242.198 port 37110 ssh2
Sep 28 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Received disconnect from 196.28.242.198 port 37110:11: Bye Bye [preauth]
Sep 28 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Disconnected from 196.28.242.198 port 37110 [preauth]
Sep 28 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23483]: Failed password for root from 193.176.251.229 port 43974 ssh2
Sep 28 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23483]: Received disconnect from 193.176.251.229 port 43974:11: Bye Bye [preauth]
Sep 28 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23483]: Disconnected from 193.176.251.229 port 43974 [preauth]
Sep 28 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Invalid user tung from 162.253.132.241
Sep 28 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: input_userauth_request: invalid user tung [preauth]
Sep 28 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session closed for user root
Sep 28 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Failed password for invalid user tung from 162.253.132.241 port 39250 ssh2
Sep 28 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Received disconnect from 162.253.132.241 port 39250:11: Bye Bye [preauth]
Sep 28 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Disconnected from 162.253.132.241 port 39250 [preauth]
Sep 28 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Failed password for root from 14.224.251.70 port 40190 ssh2
Sep 28 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Received disconnect from 14.224.251.70 port 40190:11: Bye Bye [preauth]
Sep 28 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Disconnected from 14.224.251.70 port 40190 [preauth]
Sep 28 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23800]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23865]: Successful su for rubyman by root
Sep 28 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23865]: + ??? root:rubyman
Sep 28 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309540 of user rubyman.
Sep 28 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23865]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309540.
Sep 28 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Failed password for root from 103.176.78.213 port 40006 ssh2
Sep 28 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Received disconnect from 103.176.78.213 port 40006:11: Bye Bye [preauth]
Sep 28 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Disconnected from 103.176.78.213 port 40006 [preauth]
Sep 28 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20466]: pam_unix(cron:session): session closed for user root
Sep 28 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Failed password for root from 190.0.63.226 port 41480 ssh2
Sep 28 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Received disconnect from 190.0.63.226 port 41480:11: Bye Bye [preauth]
Sep 28 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24073]: Disconnected from 190.0.63.226 port 41480 [preauth]
Sep 28 17:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Invalid user user4 from 196.28.242.198
Sep 28 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: input_userauth_request: invalid user user4 [preauth]
Sep 28 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for invalid user user4 from 196.28.242.198 port 39156 ssh2
Sep 28 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Received disconnect from 196.28.242.198 port 39156:11: Bye Bye [preauth]
Sep 28 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Disconnected from 196.28.242.198 port 39156 [preauth]
Sep 28 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Invalid user ubuntu from 193.176.251.229
Sep 28 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Failed password for invalid user ubuntu from 193.176.251.229 port 55151 ssh2
Sep 28 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Received disconnect from 193.176.251.229 port 55151:11: Bye Bye [preauth]
Sep 28 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Disconnected from 193.176.251.229 port 55151 [preauth]
Sep 28 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22384]: pam_unix(cron:session): session closed for user root
Sep 28 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Failed password for root from 162.253.132.241 port 34434 ssh2
Sep 28 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Received disconnect from 162.253.132.241 port 34434:11: Bye Bye [preauth]
Sep 28 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Disconnected from 162.253.132.241 port 34434 [preauth]
Sep 28 17:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Failed password for root from 31.59.136.7 port 50352 ssh2
Sep 28 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Received disconnect from 31.59.136.7 port 50352:11: Bye Bye [preauth]
Sep 28 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Disconnected from 31.59.136.7 port 50352 [preauth]
Sep 28 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24368]: Successful su for rubyman by root
Sep 28 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24368]: + ??? root:rubyman
Sep 28 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309542 of user rubyman.
Sep 28 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24368]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309542.
Sep 28 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20925]: pam_unix(cron:session): session closed for user root
Sep 28 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Invalid user gitlab-runner from 14.224.251.70
Sep 28 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 28 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24291]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Failed password for invalid user gitlab-runner from 14.224.251.70 port 35704 ssh2
Sep 28 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Received disconnect from 14.224.251.70 port 35704:11: Bye Bye [preauth]
Sep 28 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Disconnected from 14.224.251.70 port 35704 [preauth]
Sep 28 17:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Invalid user test from 190.0.63.226
Sep 28 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: input_userauth_request: invalid user test [preauth]
Sep 28 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Invalid user dorian from 193.176.251.229
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: input_userauth_request: invalid user dorian [preauth]
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Failed password for invalid user test from 190.0.63.226 port 37670 ssh2
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Received disconnect from 190.0.63.226 port 37670:11: Bye Bye [preauth]
Sep 28 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Disconnected from 190.0.63.226 port 37670 [preauth]
Sep 28 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Failed password for invalid user dorian from 193.176.251.229 port 38095 ssh2
Sep 28 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Received disconnect from 193.176.251.229 port 38095:11: Bye Bye [preauth]
Sep 28 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Disconnected from 193.176.251.229 port 38095 [preauth]
Sep 28 17:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Invalid user role1 from 196.28.242.198
Sep 28 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: input_userauth_request: invalid user role1 [preauth]
Sep 28 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Failed password for invalid user role1 from 196.28.242.198 port 37380 ssh2
Sep 28 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Received disconnect from 196.28.242.198 port 37380:11: Bye Bye [preauth]
Sep 28 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Disconnected from 196.28.242.198 port 37380 [preauth]
Sep 28 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Invalid user owner from 162.253.132.241
Sep 28 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: input_userauth_request: invalid user owner [preauth]
Sep 28 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session closed for user root
Sep 28 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Failed password for invalid user owner from 162.253.132.241 port 57852 ssh2
Sep 28 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Received disconnect from 162.253.132.241 port 57852:11: Bye Bye [preauth]
Sep 28 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Disconnected from 162.253.132.241 port 57852 [preauth]
Sep 28 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Invalid user admin from 103.176.78.213
Sep 28 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: input_userauth_request: invalid user admin [preauth]
Sep 28 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Failed password for invalid user admin from 103.176.78.213 port 45292 ssh2
Sep 28 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Received disconnect from 103.176.78.213 port 45292:11: Bye Bye [preauth]
Sep 28 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Disconnected from 103.176.78.213 port 45292 [preauth]
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session closed for user root
Sep 28 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24771]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24844]: Successful su for rubyman by root
Sep 28 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24844]: + ??? root:rubyman
Sep 28 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309548 of user rubyman.
Sep 28 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24844]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309548.
Sep 28 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session closed for user root
Sep 28 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session closed for user root
Sep 28 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24772]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Invalid user user4 from 31.59.136.7
Sep 28 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: input_userauth_request: invalid user user4 [preauth]
Sep 28 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Failed password for invalid user user4 from 31.59.136.7 port 42648 ssh2
Sep 28 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Received disconnect from 31.59.136.7 port 42648:11: Bye Bye [preauth]
Sep 28 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Disconnected from 31.59.136.7 port 42648 [preauth]
Sep 28 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for root from 193.176.251.229 port 49276 ssh2
Sep 28 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Received disconnect from 193.176.251.229 port 49276:11: Bye Bye [preauth]
Sep 28 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Disconnected from 193.176.251.229 port 49276 [preauth]
Sep 28 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Failed password for root from 14.224.251.70 port 59450 ssh2
Sep 28 17:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Received disconnect from 14.224.251.70 port 59450:11: Bye Bye [preauth]
Sep 28 17:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Disconnected from 14.224.251.70 port 59450 [preauth]
Sep 28 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Invalid user role1 from 162.253.132.241
Sep 28 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: input_userauth_request: invalid user role1 [preauth]
Sep 28 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Failed password for invalid user role1 from 162.253.132.241 port 53032 ssh2
Sep 28 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Received disconnect from 162.253.132.241 port 53032:11: Bye Bye [preauth]
Sep 28 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Disconnected from 162.253.132.241 port 53032 [preauth]
Sep 28 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Invalid user test from 196.28.242.198
Sep 28 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: input_userauth_request: invalid user test [preauth]
Sep 28 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23800]: pam_unix(cron:session): session closed for user root
Sep 28 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Failed password for invalid user test from 196.28.242.198 port 58090 ssh2
Sep 28 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Received disconnect from 196.28.242.198 port 58090:11: Bye Bye [preauth]
Sep 28 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Disconnected from 196.28.242.198 port 58090 [preauth]
Sep 28 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Invalid user factorio from 190.0.63.226
Sep 28 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: input_userauth_request: invalid user factorio [preauth]
Sep 28 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for invalid user factorio from 190.0.63.226 port 33848 ssh2
Sep 28 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Received disconnect from 190.0.63.226 port 33848:11: Bye Bye [preauth]
Sep 28 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Disconnected from 190.0.63.226 port 33848 [preauth]
Sep 28 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25305]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25575]: Successful su for rubyman by root
Sep 28 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25575]: + ??? root:rubyman
Sep 28 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309555 of user rubyman.
Sep 28 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25575]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309555.
Sep 28 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session closed for user root
Sep 28 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25306]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Invalid user smp from 103.176.78.213
Sep 28 17:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: input_userauth_request: invalid user smp [preauth]
Sep 28 17:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Failed password for invalid user smp from 103.176.78.213 port 46266 ssh2
Sep 28 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Received disconnect from 103.176.78.213 port 46266:11: Bye Bye [preauth]
Sep 28 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Disconnected from 103.176.78.213 port 46266 [preauth]
Sep 28 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: Failed password for root from 193.176.251.229 port 60458 ssh2
Sep 28 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: Received disconnect from 193.176.251.229 port 60458:11: Bye Bye [preauth]
Sep 28 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25906]: Disconnected from 193.176.251.229 port 60458 [preauth]
Sep 28 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Failed password for root from 162.253.132.241 port 48206 ssh2
Sep 28 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Received disconnect from 162.253.132.241 port 48206:11: Bye Bye [preauth]
Sep 28 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Disconnected from 162.253.132.241 port 48206 [preauth]
Sep 28 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session closed for user root
Sep 28 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Invalid user promo from 14.224.251.70
Sep 28 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: input_userauth_request: invalid user promo [preauth]
Sep 28 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Failed password for root from 196.28.242.198 port 41672 ssh2
Sep 28 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Received disconnect from 196.28.242.198 port 41672:11: Bye Bye [preauth]
Sep 28 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Disconnected from 196.28.242.198 port 41672 [preauth]
Sep 28 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Failed password for invalid user promo from 14.224.251.70 port 54962 ssh2
Sep 28 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Received disconnect from 14.224.251.70 port 54962:11: Bye Bye [preauth]
Sep 28 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Disconnected from 14.224.251.70 port 54962 [preauth]
Sep 28 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Invalid user nigger from 31.59.136.7
Sep 28 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: input_userauth_request: invalid user nigger [preauth]
Sep 28 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Failed password for invalid user nigger from 31.59.136.7 port 34958 ssh2
Sep 28 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Received disconnect from 31.59.136.7 port 34958:11: Bye Bye [preauth]
Sep 28 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Disconnected from 31.59.136.7 port 34958 [preauth]
Sep 28 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26057]: Failed password for root from 190.0.63.226 port 58276 ssh2
Sep 28 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26057]: Received disconnect from 190.0.63.226 port 58276:11: Bye Bye [preauth]
Sep 28 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26057]: Disconnected from 190.0.63.226 port 58276 [preauth]
Sep 28 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26080]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26078]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: Successful su for rubyman by root
Sep 28 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: + ??? root:rubyman
Sep 28 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309556 of user rubyman.
Sep 28 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309556.
Sep 28 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22383]: pam_unix(cron:session): session closed for user root
Sep 28 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26079]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Invalid user factorio from 193.176.251.229
Sep 28 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: input_userauth_request: invalid user factorio [preauth]
Sep 28 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for invalid user factorio from 193.176.251.229 port 43404 ssh2
Sep 28 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Received disconnect from 193.176.251.229 port 43404:11: Bye Bye [preauth]
Sep 28 17:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Disconnected from 193.176.251.229 port 43404 [preauth]
Sep 28 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Invalid user light from 162.253.132.241
Sep 28 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: input_userauth_request: invalid user light [preauth]
Sep 28 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Failed password for invalid user light from 162.253.132.241 port 43384 ssh2
Sep 28 17:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Received disconnect from 162.253.132.241 port 43384:11: Bye Bye [preauth]
Sep 28 17:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Disconnected from 162.253.132.241 port 43384 [preauth]
Sep 28 17:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session closed for user root
Sep 28 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Invalid user tung from 196.28.242.198
Sep 28 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: input_userauth_request: invalid user tung [preauth]
Sep 28 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: Failed password for root from 103.176.78.213 port 50992 ssh2
Sep 28 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: Received disconnect from 103.176.78.213 port 50992:11: Bye Bye [preauth]
Sep 28 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26609]: Disconnected from 103.176.78.213 port 50992 [preauth]
Sep 28 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Failed password for invalid user tung from 196.28.242.198 port 43914 ssh2
Sep 28 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Received disconnect from 196.28.242.198 port 43914:11: Bye Bye [preauth]
Sep 28 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Disconnected from 196.28.242.198 port 43914 [preauth]
Sep 28 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26724]: Successful su for rubyman by root
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26724]: + ??? root:rubyman
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309562 of user rubyman.
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26724]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309562.
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Invalid user h3c from 190.0.63.226
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: input_userauth_request: invalid user h3c [preauth]
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed password for root from 14.224.251.70 port 50478 ssh2
Sep 28 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Received disconnect from 14.224.251.70 port 50478:11: Bye Bye [preauth]
Sep 28 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Disconnected from 14.224.251.70 port 50478 [preauth]
Sep 28 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Failed password for invalid user h3c from 190.0.63.226 port 54456 ssh2
Sep 28 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Received disconnect from 190.0.63.226 port 54456:11: Bye Bye [preauth]
Sep 28 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Disconnected from 190.0.63.226 port 54456 [preauth]
Sep 28 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session closed for user root
Sep 28 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27033]: Failed password for root from 193.176.251.229 port 54588 ssh2
Sep 28 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27033]: Received disconnect from 193.176.251.229 port 54588:11: Bye Bye [preauth]
Sep 28 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27033]: Disconnected from 193.176.251.229 port 54588 [preauth]
Sep 28 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Invalid user test from 31.59.136.7
Sep 28 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: input_userauth_request: invalid user test [preauth]
Sep 28 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Failed password for invalid user test from 31.59.136.7 port 44550 ssh2
Sep 28 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Received disconnect from 31.59.136.7 port 44550:11: Bye Bye [preauth]
Sep 28 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Disconnected from 31.59.136.7 port 44550 [preauth]
Sep 28 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Invalid user user4 from 162.253.132.241
Sep 28 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: input_userauth_request: invalid user user4 [preauth]
Sep 28 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Failed password for invalid user user4 from 162.253.132.241 port 38578 ssh2
Sep 28 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Received disconnect from 162.253.132.241 port 38578:11: Bye Bye [preauth]
Sep 28 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Disconnected from 162.253.132.241 port 38578 [preauth]
Sep 28 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25315]: pam_unix(cron:session): session closed for user root
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27219]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: Successful su for rubyman by root
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: + ??? root:rubyman
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309565 of user rubyman.
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27387]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309565.
Sep 28 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session closed for user root
Sep 28 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23799]: pam_unix(cron:session): session closed for user root
Sep 28 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27473]: Failed password for root from 196.28.242.198 port 56160 ssh2
Sep 28 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27473]: Received disconnect from 196.28.242.198 port 56160:11: Bye Bye [preauth]
Sep 28 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27473]: Disconnected from 196.28.242.198 port 56160 [preauth]
Sep 28 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Failed password for root from 193.176.251.229 port 37534 ssh2
Sep 28 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Received disconnect from 193.176.251.229 port 37534:11: Bye Bye [preauth]
Sep 28 17:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Disconnected from 193.176.251.229 port 37534 [preauth]
Sep 28 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: Failed password for root from 190.0.63.226 port 50650 ssh2
Sep 28 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: Received disconnect from 190.0.63.226 port 50650:11: Bye Bye [preauth]
Sep 28 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27818]: Disconnected from 190.0.63.226 port 50650 [preauth]
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Invalid user rony from 162.253.132.241
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: input_userauth_request: invalid user rony [preauth]
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: Invalid user tomcat from 14.224.251.70
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Failed password for invalid user rony from 162.253.132.241 port 33768 ssh2
Sep 28 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Received disconnect from 162.253.132.241 port 33768:11: Bye Bye [preauth]
Sep 28 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Disconnected from 162.253.132.241 port 33768 [preauth]
Sep 28 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: Failed password for invalid user tomcat from 14.224.251.70 port 45992 ssh2
Sep 28 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: Received disconnect from 14.224.251.70 port 45992:11: Bye Bye [preauth]
Sep 28 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: Disconnected from 14.224.251.70 port 45992 [preauth]
Sep 28 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Invalid user host03 from 20.163.71.109
Sep 28 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: input_userauth_request: invalid user host03 [preauth]
Sep 28 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Failed password for root from 103.176.78.213 port 55520 ssh2
Sep 28 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Received disconnect from 103.176.78.213 port 55520:11: Bye Bye [preauth]
Sep 28 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Disconnected from 103.176.78.213 port 55520 [preauth]
Sep 28 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Failed password for invalid user host03 from 20.163.71.109 port 57504 ssh2
Sep 28 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Connection closed by 20.163.71.109 port 57504 [preauth]
Sep 28 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26081]: pam_unix(cron:session): session closed for user root
Sep 28 17:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Invalid user owner from 31.59.136.7
Sep 28 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: input_userauth_request: invalid user owner [preauth]
Sep 28 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Failed password for invalid user owner from 31.59.136.7 port 41632 ssh2
Sep 28 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Received disconnect from 31.59.136.7 port 41632:11: Bye Bye [preauth]
Sep 28 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Disconnected from 31.59.136.7 port 41632 [preauth]
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session closed for user root
Sep 28 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: Successful su for rubyman by root
Sep 28 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: + ??? root:rubyman
Sep 28 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309571 of user rubyman.
Sep 28 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28052]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309571.
Sep 28 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session closed for user root
Sep 28 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session closed for user root
Sep 28 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Failed password for root from 193.176.251.229 port 48717 ssh2
Sep 28 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Received disconnect from 193.176.251.229 port 48717:11: Bye Bye [preauth]
Sep 28 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Disconnected from 193.176.251.229 port 48717 [preauth]
Sep 28 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Failed password for root from 196.28.242.198 port 59878 ssh2
Sep 28 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Received disconnect from 196.28.242.198 port 59878:11: Bye Bye [preauth]
Sep 28 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Disconnected from 196.28.242.198 port 59878 [preauth]
Sep 28 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for root from 162.253.132.241 port 57170 ssh2
Sep 28 17:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Received disconnect from 162.253.132.241 port 57170:11: Bye Bye [preauth]
Sep 28 17:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Disconnected from 162.253.132.241 port 57170 [preauth]
Sep 28 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user root
Sep 28 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Invalid user role1 from 190.0.63.226
Sep 28 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: input_userauth_request: invalid user role1 [preauth]
Sep 28 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Failed password for invalid user role1 from 190.0.63.226 port 46836 ssh2
Sep 28 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Received disconnect from 190.0.63.226 port 46836:11: Bye Bye [preauth]
Sep 28 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Disconnected from 190.0.63.226 port 46836 [preauth]
Sep 28 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Failed password for root from 14.224.251.70 port 41510 ssh2
Sep 28 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Received disconnect from 14.224.251.70 port 41510:11: Bye Bye [preauth]
Sep 28 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Disconnected from 14.224.251.70 port 41510 [preauth]
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28666]: Successful su for rubyman by root
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28666]: + ??? root:rubyman
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309575 of user rubyman.
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28666]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309575.
Sep 28 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session closed for user root
Sep 28 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Invalid user ftp_user from 103.176.78.213
Sep 28 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: input_userauth_request: invalid user ftp_user [preauth]
Sep 28 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Failed password for invalid user ftp_user from 103.176.78.213 port 59394 ssh2
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Received disconnect from 103.176.78.213 port 59394:11: Bye Bye [preauth]
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Disconnected from 103.176.78.213 port 59394 [preauth]
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Invalid user sameer from 31.59.136.7
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: input_userauth_request: invalid user sameer [preauth]
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Invalid user nigger from 193.176.251.229
Sep 28 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: input_userauth_request: invalid user nigger [preauth]
Sep 28 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Failed password for invalid user sameer from 31.59.136.7 port 37270 ssh2
Sep 28 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Failed password for invalid user nigger from 193.176.251.229 port 59895 ssh2
Sep 28 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Received disconnect from 31.59.136.7 port 37270:11: Bye Bye [preauth]
Sep 28 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Disconnected from 31.59.136.7 port 37270 [preauth]
Sep 28 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Received disconnect from 193.176.251.229 port 59895:11: Bye Bye [preauth]
Sep 28 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Disconnected from 193.176.251.229 port 59895 [preauth]
Sep 28 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Failed password for root from 162.253.132.241 port 52358 ssh2
Sep 28 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Received disconnect from 162.253.132.241 port 52358:11: Bye Bye [preauth]
Sep 28 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Disconnected from 162.253.132.241 port 52358 [preauth]
Sep 28 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Failed password for root from 196.28.242.198 port 36416 ssh2
Sep 28 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Received disconnect from 196.28.242.198 port 36416:11: Bye Bye [preauth]
Sep 28 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Disconnected from 196.28.242.198 port 36416 [preauth]
Sep 28 17:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session closed for user root
Sep 28 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Invalid user sajid from 14.224.251.70
Sep 28 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: input_userauth_request: invalid user sajid [preauth]
Sep 28 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Invalid user test from 190.0.63.226
Sep 28 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: input_userauth_request: invalid user test [preauth]
Sep 28 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Failed password for invalid user sajid from 14.224.251.70 port 37020 ssh2
Sep 28 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Received disconnect from 14.224.251.70 port 37020:11: Bye Bye [preauth]
Sep 28 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Disconnected from 14.224.251.70 port 37020 [preauth]
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29246]: Successful su for rubyman by root
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29246]: + ??? root:rubyman
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309579 of user rubyman.
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29246]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309579.
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Failed password for invalid user test from 190.0.63.226 port 43030 ssh2
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Received disconnect from 190.0.63.226 port 43030:11: Bye Bye [preauth]
Sep 28 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Disconnected from 190.0.63.226 port 43030 [preauth]
Sep 28 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25314]: pam_unix(cron:session): session closed for user root
Sep 28 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29174]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for root from 193.176.251.229 port 42841 ssh2
Sep 28 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Received disconnect from 193.176.251.229 port 42841:11: Bye Bye [preauth]
Sep 28 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Disconnected from 193.176.251.229 port 42841 [preauth]
Sep 28 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Invalid user kodi from 162.253.132.241
Sep 28 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: input_userauth_request: invalid user kodi [preauth]
Sep 28 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Failed password for invalid user kodi from 162.253.132.241 port 47534 ssh2
Sep 28 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Received disconnect from 162.253.132.241 port 47534:11: Bye Bye [preauth]
Sep 28 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Disconnected from 162.253.132.241 port 47534 [preauth]
Sep 28 17:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Failed password for root from 196.28.242.198 port 33780 ssh2
Sep 28 17:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Received disconnect from 196.28.242.198 port 33780:11: Bye Bye [preauth]
Sep 28 17:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Disconnected from 196.28.242.198 port 33780 [preauth]
Sep 28 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27970]: pam_unix(cron:session): session closed for user root
Sep 28 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Invalid user soporte from 103.176.78.213
Sep 28 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: input_userauth_request: invalid user soporte [preauth]
Sep 28 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Failed password for invalid user soporte from 103.176.78.213 port 59468 ssh2
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Invalid user kodi from 31.59.136.7
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: input_userauth_request: invalid user kodi [preauth]
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Received disconnect from 103.176.78.213 port 59468:11: Bye Bye [preauth]
Sep 28 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Disconnected from 103.176.78.213 port 59468 [preauth]
Sep 28 17:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Failed password for invalid user kodi from 31.59.136.7 port 57482 ssh2
Sep 28 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Received disconnect from 31.59.136.7 port 57482:11: Bye Bye [preauth]
Sep 28 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Disconnected from 31.59.136.7 port 57482 [preauth]
Sep 28 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29651]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29720]: Successful su for rubyman by root
Sep 28 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29720]: + ??? root:rubyman
Sep 28 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309585 of user rubyman.
Sep 28 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29720]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309585.
Sep 28 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26080]: pam_unix(cron:session): session closed for user root
Sep 28 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Invalid user test from 162.253.132.241
Sep 28 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: input_userauth_request: invalid user test [preauth]
Sep 28 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Failed password for root from 193.176.251.229 port 54021 ssh2
Sep 28 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29652]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Received disconnect from 193.176.251.229 port 54021:11: Bye Bye [preauth]
Sep 28 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Disconnected from 193.176.251.229 port 54021 [preauth]
Sep 28 17:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Failed password for invalid user test from 162.253.132.241 port 42702 ssh2
Sep 28 17:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Received disconnect from 162.253.132.241 port 42702:11: Bye Bye [preauth]
Sep 28 17:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Disconnected from 162.253.132.241 port 42702 [preauth]
Sep 28 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: Invalid user user4 from 190.0.63.226
Sep 28 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: input_userauth_request: invalid user user4 [preauth]
Sep 28 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: Failed password for invalid user user4 from 190.0.63.226 port 39214 ssh2
Sep 28 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: Received disconnect from 190.0.63.226 port 39214:11: Bye Bye [preauth]
Sep 28 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29966]: Disconnected from 190.0.63.226 port 39214 [preauth]
Sep 28 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Failed password for root from 14.224.251.70 port 60764 ssh2
Sep 28 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Received disconnect from 14.224.251.70 port 60764:11: Bye Bye [preauth]
Sep 28 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Disconnected from 14.224.251.70 port 60764 [preauth]
Sep 28 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session closed for user root
Sep 28 17:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Invalid user owner from 196.28.242.198
Sep 28 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: input_userauth_request: invalid user owner [preauth]
Sep 28 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Failed password for invalid user owner from 196.28.242.198 port 59390 ssh2
Sep 28 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Received disconnect from 196.28.242.198 port 59390:11: Bye Bye [preauth]
Sep 28 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Disconnected from 196.28.242.198 port 59390 [preauth]
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: Successful su for rubyman by root
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: + ??? root:rubyman
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309588 of user rubyman.
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309588.
Sep 28 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Failed password for root from 193.176.251.229 port 36965 ssh2
Sep 28 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Received disconnect from 193.176.251.229 port 36965:11: Bye Bye [preauth]
Sep 28 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Disconnected from 193.176.251.229 port 36965 [preauth]
Sep 28 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session closed for user root
Sep 28 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: Failed password for root from 162.253.132.241 port 37882 ssh2
Sep 28 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: Received disconnect from 162.253.132.241 port 37882:11: Bye Bye [preauth]
Sep 28 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: Disconnected from 162.253.132.241 port 37882 [preauth]
Sep 28 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Invalid user mikeb from 103.176.78.213
Sep 28 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: input_userauth_request: invalid user mikeb [preauth]
Sep 28 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Failed password for invalid user mikeb from 103.176.78.213 port 39548 ssh2
Sep 28 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Received disconnect from 103.176.78.213 port 39548:11: Bye Bye [preauth]
Sep 28 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30537]: Disconnected from 103.176.78.213 port 39548 [preauth]
Sep 28 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Invalid user test from 31.59.136.7
Sep 28 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: input_userauth_request: invalid user test [preauth]
Sep 28 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Failed password for invalid user test from 31.59.136.7 port 46012 ssh2
Sep 28 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Received disconnect from 31.59.136.7 port 46012:11: Bye Bye [preauth]
Sep 28 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Disconnected from 31.59.136.7 port 46012 [preauth]
Sep 28 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Invalid user sprixin from 14.224.251.70
Sep 28 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: input_userauth_request: invalid user sprixin [preauth]
Sep 28 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Invalid user sameer from 190.0.63.226
Sep 28 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: input_userauth_request: invalid user sameer [preauth]
Sep 28 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session closed for user root
Sep 28 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Failed password for invalid user sprixin from 14.224.251.70 port 56276 ssh2
Sep 28 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Received disconnect from 14.224.251.70 port 56276:11: Bye Bye [preauth]
Sep 28 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Disconnected from 14.224.251.70 port 56276 [preauth]
Sep 28 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Failed password for invalid user sameer from 190.0.63.226 port 35414 ssh2
Sep 28 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Received disconnect from 190.0.63.226 port 35414:11: Bye Bye [preauth]
Sep 28 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Disconnected from 190.0.63.226 port 35414 [preauth]
Sep 28 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Failed password for root from 196.28.242.198 port 60102 ssh2
Sep 28 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Received disconnect from 196.28.242.198 port 60102:11: Bye Bye [preauth]
Sep 28 17:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Disconnected from 196.28.242.198 port 60102 [preauth]
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Invalid user test from 162.253.132.241
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: input_userauth_request: invalid user test [preauth]
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session closed for user root
Sep 28 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30816]: Successful su for rubyman by root
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30816]: + ??? root:rubyman
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309595 of user rubyman.
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30816]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309595.
Sep 28 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Failed password for invalid user test from 162.253.132.241 port 33060 ssh2
Sep 28 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Received disconnect from 162.253.132.241 port 33060:11: Bye Bye [preauth]
Sep 28 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Disconnected from 162.253.132.241 port 33060 [preauth]
Sep 28 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session closed for user root
Sep 28 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session closed for user root
Sep 28 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for root from 193.176.251.229 port 48148 ssh2
Sep 28 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Received disconnect from 193.176.251.229 port 48148:11: Bye Bye [preauth]
Sep 28 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Disconnected from 193.176.251.229 port 48148 [preauth]
Sep 28 17:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session closed for user root
Sep 28 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for root from 103.176.78.213 port 59324 ssh2
Sep 28 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Received disconnect from 103.176.78.213 port 59324:11: Bye Bye [preauth]
Sep 28 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Disconnected from 103.176.78.213 port 59324 [preauth]
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Invalid user h3c from 31.59.136.7
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: input_userauth_request: invalid user h3c [preauth]
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Failed password for root from 190.0.63.226 port 59834 ssh2
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Received disconnect from 190.0.63.226 port 59834:11: Bye Bye [preauth]
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Disconnected from 190.0.63.226 port 59834 [preauth]
Sep 28 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Invalid user giulia from 14.224.251.70
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: input_userauth_request: invalid user giulia [preauth]
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Invalid user factorio from 196.28.242.198
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: input_userauth_request: invalid user factorio [preauth]
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Failed password for invalid user h3c from 31.59.136.7 port 59700 ssh2
Sep 28 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Received disconnect from 31.59.136.7 port 59700:11: Bye Bye [preauth]
Sep 28 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Disconnected from 31.59.136.7 port 59700 [preauth]
Sep 28 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Failed password for invalid user giulia from 14.224.251.70 port 51788 ssh2
Sep 28 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Received disconnect from 14.224.251.70 port 51788:11: Bye Bye [preauth]
Sep 28 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31217]: Disconnected from 14.224.251.70 port 51788 [preauth]
Sep 28 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Failed password for invalid user factorio from 196.28.242.198 port 58610 ssh2
Sep 28 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Received disconnect from 196.28.242.198 port 58610:11: Bye Bye [preauth]
Sep 28 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Disconnected from 196.28.242.198 port 58610 [preauth]
Sep 28 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Invalid user h3c from 162.253.132.241
Sep 28 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: input_userauth_request: invalid user h3c [preauth]
Sep 28 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: Successful su for rubyman by root
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: + ??? root:rubyman
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309597 of user rubyman.
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309597.
Sep 28 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Failed password for invalid user h3c from 162.253.132.241 port 56488 ssh2
Sep 28 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Received disconnect from 162.253.132.241 port 56488:11: Bye Bye [preauth]
Sep 28 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Disconnected from 162.253.132.241 port 56488 [preauth]
Sep 28 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session closed for user root
Sep 28 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Failed password for root from 193.176.251.229 port 59332 ssh2
Sep 28 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Received disconnect from 193.176.251.229 port 59332:11: Bye Bye [preauth]
Sep 28 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Disconnected from 193.176.251.229 port 59332 [preauth]
Sep 28 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session closed for user root
Sep 28 17:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Failed password for root from 162.253.132.241 port 51670 ssh2
Sep 28 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Received disconnect from 162.253.132.241 port 51670:11: Bye Bye [preauth]
Sep 28 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Disconnected from 162.253.132.241 port 51670 [preauth]
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31737]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31739]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session closed for user root
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31805]: Successful su for rubyman by root
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31805]: + ??? root:rubyman
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309601 of user rubyman.
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31805]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309601.
Sep 28 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Failed password for root from 196.28.242.198 port 40956 ssh2
Sep 28 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Received disconnect from 196.28.242.198 port 40956:11: Bye Bye [preauth]
Sep 28 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Disconnected from 196.28.242.198 port 40956 [preauth]
Sep 28 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session closed for user root
Sep 28 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: Invalid user test from 193.176.251.229
Sep 28 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: input_userauth_request: invalid user test [preauth]
Sep 28 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Failed password for root from 190.0.63.226 port 56008 ssh2
Sep 28 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Received disconnect from 190.0.63.226 port 56008:11: Bye Bye [preauth]
Sep 28 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Disconnected from 190.0.63.226 port 56008 [preauth]
Sep 28 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: Failed password for invalid user test from 193.176.251.229 port 42279 ssh2
Sep 28 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: Received disconnect from 193.176.251.229 port 42279:11: Bye Bye [preauth]
Sep 28 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31922]: Disconnected from 193.176.251.229 port 42279 [preauth]
Sep 28 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: Invalid user msf from 14.224.251.70
Sep 28 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: input_userauth_request: invalid user msf [preauth]
Sep 28 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: Failed password for invalid user msf from 14.224.251.70 port 47300 ssh2
Sep 28 17:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: Received disconnect from 14.224.251.70 port 47300:11: Bye Bye [preauth]
Sep 28 17:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32025]: Disconnected from 14.224.251.70 port 47300 [preauth]
Sep 28 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Invalid user rony from 31.59.136.7
Sep 28 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: input_userauth_request: invalid user rony [preauth]
Sep 28 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Invalid user az from 103.176.78.213
Sep 28 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: input_userauth_request: invalid user az [preauth]
Sep 28 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Failed password for invalid user rony from 31.59.136.7 port 51706 ssh2
Sep 28 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Received disconnect from 31.59.136.7 port 51706:11: Bye Bye [preauth]
Sep 28 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Disconnected from 31.59.136.7 port 51706 [preauth]
Sep 28 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for invalid user az from 103.176.78.213 port 56002 ssh2
Sep 28 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Received disconnect from 103.176.78.213 port 56002:11: Bye Bye [preauth]
Sep 28 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Disconnected from 103.176.78.213 port 56002 [preauth]
Sep 28 17:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session closed for user root
Sep 28 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32181]: Failed password for root from 162.253.132.241 port 46846 ssh2
Sep 28 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32181]: Received disconnect from 162.253.132.241 port 46846:11: Bye Bye [preauth]
Sep 28 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32181]: Disconnected from 162.253.132.241 port 46846 [preauth]
Sep 28 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Invalid user tung from 193.176.251.229
Sep 28 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: input_userauth_request: invalid user tung [preauth]
Sep 28 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32200]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32197]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: Successful su for rubyman by root
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: + ??? root:rubyman
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309608 of user rubyman.
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309608.
Sep 28 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Failed password for invalid user tung from 193.176.251.229 port 53459 ssh2
Sep 28 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Received disconnect from 193.176.251.229 port 53459:11: Bye Bye [preauth]
Sep 28 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Disconnected from 193.176.251.229 port 53459 [preauth]
Sep 28 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user root
Sep 28 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32198]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Failed password for root from 196.28.242.198 port 40946 ssh2
Sep 28 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Received disconnect from 196.28.242.198 port 40946:11: Bye Bye [preauth]
Sep 28 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Disconnected from 196.28.242.198 port 40946 [preauth]
Sep 28 17:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for root from 190.0.63.226 port 52184 ssh2
Sep 28 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Received disconnect from 190.0.63.226 port 52184:11: Bye Bye [preauth]
Sep 28 17:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Disconnected from 190.0.63.226 port 52184 [preauth]
Sep 28 17:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: Invalid user librenms from 14.224.251.70
Sep 28 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: input_userauth_request: invalid user librenms [preauth]
Sep 28 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: Failed password for invalid user librenms from 14.224.251.70 port 42810 ssh2
Sep 28 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: Received disconnect from 14.224.251.70 port 42810:11: Bye Bye [preauth]
Sep 28 17:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: Disconnected from 14.224.251.70 port 42810 [preauth]
Sep 28 17:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session closed for user root
Sep 28 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Invalid user soksuser from 31.59.136.7
Sep 28 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: input_userauth_request: invalid user soksuser [preauth]
Sep 28 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: Failed password for root from 162.253.132.241 port 42026 ssh2
Sep 28 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: Received disconnect from 162.253.132.241 port 42026:11: Bye Bye [preauth]
Sep 28 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32606]: Disconnected from 162.253.132.241 port 42026 [preauth]
Sep 28 17:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Failed password for invalid user soksuser from 31.59.136.7 port 51518 ssh2
Sep 28 17:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Received disconnect from 31.59.136.7 port 51518:11: Bye Bye [preauth]
Sep 28 17:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Disconnected from 31.59.136.7 port 51518 [preauth]
Sep 28 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: Invalid user gildata from 103.176.78.213
Sep 28 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: input_userauth_request: invalid user gildata [preauth]
Sep 28 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Invalid user role1 from 193.176.251.229
Sep 28 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: input_userauth_request: invalid user role1 [preauth]
Sep 28 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: Failed password for invalid user gildata from 103.176.78.213 port 38794 ssh2
Sep 28 17:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: Received disconnect from 103.176.78.213 port 38794:11: Bye Bye [preauth]
Sep 28 17:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32624]: Disconnected from 103.176.78.213 port 38794 [preauth]
Sep 28 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Failed password for invalid user role1 from 193.176.251.229 port 36410 ssh2
Sep 28 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Received disconnect from 193.176.251.229 port 36410:11: Bye Bye [preauth]
Sep 28 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32626]: Disconnected from 193.176.251.229 port 36410 [preauth]
Sep 28 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32639]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32704]: Successful su for rubyman by root
Sep 28 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32704]: + ??? root:rubyman
Sep 28 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309610 of user rubyman.
Sep 28 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32704]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309610.
Sep 28 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session closed for user root
Sep 28 17:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32640]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Invalid user light from 196.28.242.198
Sep 28 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: input_userauth_request: invalid user light [preauth]
Sep 28 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Failed password for invalid user light from 196.28.242.198 port 36390 ssh2
Sep 28 17:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Received disconnect from 196.28.242.198 port 36390:11: Bye Bye [preauth]
Sep 28 17:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Disconnected from 196.28.242.198 port 36390 [preauth]
Sep 28 17:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Invalid user owner from 190.0.63.226
Sep 28 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: input_userauth_request: invalid user owner [preauth]
Sep 28 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Failed password for invalid user owner from 190.0.63.226 port 48370 ssh2
Sep 28 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Received disconnect from 190.0.63.226 port 48370:11: Bye Bye [preauth]
Sep 28 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Disconnected from 190.0.63.226 port 48370 [preauth]
Sep 28 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31739]: pam_unix(cron:session): session closed for user root
Sep 28 17:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[589]: Failed password for root from 14.224.251.70 port 38328 ssh2
Sep 28 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[589]: Received disconnect from 14.224.251.70 port 38328:11: Bye Bye [preauth]
Sep 28 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[589]: Disconnected from 14.224.251.70 port 38328 [preauth]
Sep 28 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Failed password for root from 162.253.132.241 port 37206 ssh2
Sep 28 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Received disconnect from 162.253.132.241 port 37206:11: Bye Bye [preauth]
Sep 28 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Disconnected from 162.253.132.241 port 37206 [preauth]
Sep 28 17:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for root from 193.176.251.229 port 47583 ssh2
Sep 28 17:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Received disconnect from 193.176.251.229 port 47583:11: Bye Bye [preauth]
Sep 28 17:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Disconnected from 193.176.251.229 port 47583 [preauth]
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[626]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user root
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: Successful su for rubyman by root
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: + ??? root:rubyman
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309614 of user rubyman.
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309614.
Sep 28 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session closed for user root
Sep 28 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session closed for user root
Sep 28 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Invalid user admin from 78.128.112.74
Sep 28 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: input_userauth_request: invalid user admin [preauth]
Sep 28 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 17:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Failed password for invalid user admin from 78.128.112.74 port 42804 ssh2
Sep 28 17:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Connection closed by 78.128.112.74 port 42804 [preauth]
Sep 28 17:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Failed password for root from 196.28.242.198 port 45646 ssh2
Sep 28 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Received disconnect from 196.28.242.198 port 45646:11: Bye Bye [preauth]
Sep 28 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Disconnected from 196.28.242.198 port 45646 [preauth]
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Invalid user ubuntu from 31.59.136.7
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Invalid user samba from 103.176.78.213
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: input_userauth_request: invalid user samba [preauth]
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Failed password for invalid user ubuntu from 31.59.136.7 port 41934 ssh2
Sep 28 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Failed password for invalid user samba from 103.176.78.213 port 48998 ssh2
Sep 28 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Received disconnect from 31.59.136.7 port 41934:11: Bye Bye [preauth]
Sep 28 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Disconnected from 31.59.136.7 port 41934 [preauth]
Sep 28 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Received disconnect from 103.176.78.213 port 48998:11: Bye Bye [preauth]
Sep 28 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Disconnected from 103.176.78.213 port 48998 [preauth]
Sep 28 17:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32200]: pam_unix(cron:session): session closed for user root
Sep 28 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Failed password for root from 190.0.63.226 port 44546 ssh2
Sep 28 17:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Received disconnect from 190.0.63.226 port 44546:11: Bye Bye [preauth]
Sep 28 17:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Disconnected from 190.0.63.226 port 44546 [preauth]
Sep 28 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Invalid user dorian from 162.253.132.241
Sep 28 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: input_userauth_request: invalid user dorian [preauth]
Sep 28 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for invalid user dorian from 162.253.132.241 port 60626 ssh2
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Received disconnect from 162.253.132.241 port 60626:11: Bye Bye [preauth]
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Disconnected from 162.253.132.241 port 60626 [preauth]
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Invalid user user4 from 193.176.251.229
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: input_userauth_request: invalid user user4 [preauth]
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user user4 from 193.176.251.229 port 58765 ssh2
Sep 28 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Received disconnect from 193.176.251.229 port 58765:11: Bye Bye [preauth]
Sep 28 17:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Disconnected from 193.176.251.229 port 58765 [preauth]
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1288]: Successful su for rubyman by root
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1288]: + ??? root:rubyman
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309621 of user rubyman.
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1288]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309621.
Sep 28 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session closed for user root
Sep 28 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Invalid user ashish from 14.224.251.70
Sep 28 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: input_userauth_request: invalid user ashish [preauth]
Sep 28 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Failed password for invalid user ashish from 14.224.251.70 port 33840 ssh2
Sep 28 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Received disconnect from 14.224.251.70 port 33840:11: Bye Bye [preauth]
Sep 28 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Disconnected from 14.224.251.70 port 33840 [preauth]
Sep 28 17:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32642]: pam_unix(cron:session): session closed for user root
Sep 28 17:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Invalid user dorian from 196.28.242.198
Sep 28 17:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: input_userauth_request: invalid user dorian [preauth]
Sep 28 17:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Failed password for invalid user dorian from 196.28.242.198 port 47654 ssh2
Sep 28 17:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Received disconnect from 196.28.242.198 port 47654:11: Bye Bye [preauth]
Sep 28 17:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Disconnected from 196.28.242.198 port 47654 [preauth]
Sep 28 17:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Invalid user h3c from 193.176.251.229
Sep 28 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: input_userauth_request: invalid user h3c [preauth]
Sep 28 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Failed password for root from 162.253.132.241 port 55818 ssh2
Sep 28 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Received disconnect from 162.253.132.241 port 55818:11: Bye Bye [preauth]
Sep 28 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Disconnected from 162.253.132.241 port 55818 [preauth]
Sep 28 17:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Failed password for invalid user h3c from 193.176.251.229 port 41710 ssh2
Sep 28 17:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Received disconnect from 193.176.251.229 port 41710:11: Bye Bye [preauth]
Sep 28 17:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Disconnected from 193.176.251.229 port 41710 [preauth]
Sep 28 17:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Failed password for root from 190.0.63.226 port 40734 ssh2
Sep 28 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Received disconnect from 190.0.63.226 port 40734:11: Bye Bye [preauth]
Sep 28 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Disconnected from 190.0.63.226 port 40734 [preauth]
Sep 28 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1699]: Failed password for root from 31.59.136.7 port 53504 ssh2
Sep 28 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1699]: Received disconnect from 31.59.136.7 port 53504:11: Bye Bye [preauth]
Sep 28 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1699]: Disconnected from 31.59.136.7 port 53504 [preauth]
Sep 28 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1780]: Successful su for rubyman by root
Sep 28 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1780]: + ??? root:rubyman
Sep 28 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309625 of user rubyman.
Sep 28 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1780]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309625.
Sep 28 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session closed for user root
Sep 28 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1714]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Failed password for root from 103.176.78.213 port 47146 ssh2
Sep 28 17:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Received disconnect from 103.176.78.213 port 47146:11: Bye Bye [preauth]
Sep 28 17:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Disconnected from 103.176.78.213 port 47146 [preauth]
Sep 28 17:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2055]: Failed password for root from 14.224.251.70 port 57592 ssh2
Sep 28 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2055]: Received disconnect from 14.224.251.70 port 57592:11: Bye Bye [preauth]
Sep 28 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2055]: Disconnected from 14.224.251.70 port 57592 [preauth]
Sep 28 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[626]: pam_unix(cron:session): session closed for user root
Sep 28 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
Sep 28 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Failed password for root from 162.253.132.241 port 50998 ssh2
Sep 28 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Received disconnect from 162.253.132.241 port 50998:11: Bye Bye [preauth]
Sep 28 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Disconnected from 162.253.132.241 port 50998 [preauth]
Sep 28 17:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Failed password for root from 193.176.251.229 port 52890 ssh2
Sep 28 17:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Received disconnect from 193.176.251.229 port 52890:11: Bye Bye [preauth]
Sep 28 17:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Disconnected from 193.176.251.229 port 52890 [preauth]
Sep 28 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: Failed password for root from 196.28.242.198 port 38120 ssh2
Sep 28 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: Received disconnect from 196.28.242.198 port 38120:11: Bye Bye [preauth]
Sep 28 17:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: Disconnected from 196.28.242.198 port 38120 [preauth]
Sep 28 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: Successful su for rubyman by root
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: + ??? root:rubyman
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309628 of user rubyman.
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2233]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309628.
Sep 28 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31737]: pam_unix(cron:session): session closed for user root
Sep 28 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2163]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Invalid user kodi from 190.0.63.226
Sep 28 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: input_userauth_request: invalid user kodi [preauth]
Sep 28 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Failed password for invalid user kodi from 190.0.63.226 port 36914 ssh2
Sep 28 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Received disconnect from 190.0.63.226 port 36914:11: Bye Bye [preauth]
Sep 28 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Disconnected from 190.0.63.226 port 36914 [preauth]
Sep 28 17:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Failed password for root from 31.59.136.7 port 45596 ssh2
Sep 28 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Received disconnect from 31.59.136.7 port 45596:11: Bye Bye [preauth]
Sep 28 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Disconnected from 31.59.136.7 port 45596 [preauth]
Sep 28 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user root
Sep 28 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Failed password for root from 162.253.132.241 port 46176 ssh2
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Received disconnect from 162.253.132.241 port 46176:11: Bye Bye [preauth]
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Disconnected from 162.253.132.241 port 46176 [preauth]
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Invalid user rony from 193.176.251.229
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: input_userauth_request: invalid user rony [preauth]
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Invalid user elasticsearch from 14.224.251.70
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Failed password for root from 103.176.78.213 port 55426 ssh2
Sep 28 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Received disconnect from 103.176.78.213 port 55426:11: Bye Bye [preauth]
Sep 28 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Disconnected from 103.176.78.213 port 55426 [preauth]
Sep 28 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Failed password for invalid user rony from 193.176.251.229 port 35835 ssh2
Sep 28 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Failed password for invalid user elasticsearch from 14.224.251.70 port 53104 ssh2
Sep 28 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Received disconnect from 193.176.251.229 port 35835:11: Bye Bye [preauth]
Sep 28 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2590]: Disconnected from 193.176.251.229 port 35835 [preauth]
Sep 28 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Received disconnect from 14.224.251.70 port 53104:11: Bye Bye [preauth]
Sep 28 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Disconnected from 14.224.251.70 port 53104 [preauth]
Sep 28 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2612]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: Successful su for rubyman by root
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: + ??? root:rubyman
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309632 of user rubyman.
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309632.
Sep 28 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Failed password for root from 196.28.242.198 port 43924 ssh2
Sep 28 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Received disconnect from 196.28.242.198 port 43924:11: Bye Bye [preauth]
Sep 28 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Disconnected from 196.28.242.198 port 43924 [preauth]
Sep 28 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32199]: pam_unix(cron:session): session closed for user root
Sep 28 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2613]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Invalid user rony from 190.0.63.226
Sep 28 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: input_userauth_request: invalid user rony [preauth]
Sep 28 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Failed password for invalid user rony from 190.0.63.226 port 33094 ssh2
Sep 28 17:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Received disconnect from 190.0.63.226 port 33094:11: Bye Bye [preauth]
Sep 28 17:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Disconnected from 190.0.63.226 port 33094 [preauth]
Sep 28 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1716]: pam_unix(cron:session): session closed for user root
Sep 28 17:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Invalid user pi from 93.152.230.176
Sep 28 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: input_userauth_request: invalid user pi [preauth]
Sep 28 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Invalid user soksuser from 162.253.132.241
Sep 28 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: input_userauth_request: invalid user soksuser [preauth]
Sep 28 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241
Sep 28 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Failed password for invalid user pi from 93.152.230.176 port 26772 ssh2
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Received disconnect from 93.152.230.176 port 26772:11: Client disconnecting normally [preauth]
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Disconnected from 93.152.230.176 port 26772 [preauth]
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: Invalid user test from 193.176.251.229
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: input_userauth_request: invalid user test [preauth]
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for invalid user soksuser from 162.253.132.241 port 41354 ssh2
Sep 28 17:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Received disconnect from 162.253.132.241 port 41354:11: Bye Bye [preauth]
Sep 28 17:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Disconnected from 162.253.132.241 port 41354 [preauth]
Sep 28 17:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: Failed password for invalid user test from 193.176.251.229 port 47012 ssh2
Sep 28 17:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: Received disconnect from 193.176.251.229 port 47012:11: Bye Bye [preauth]
Sep 28 17:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3002]: Disconnected from 193.176.251.229 port 47012 [preauth]
Sep 28 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Failed password for root from 31.59.136.7 port 52312 ssh2
Sep 28 17:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Received disconnect from 31.59.136.7 port 52312:11: Bye Bye [preauth]
Sep 28 17:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3029]: Disconnected from 31.59.136.7 port 52312 [preauth]
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session closed for user root
Sep 28 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: Successful su for rubyman by root
Sep 28 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: + ??? root:rubyman
Sep 28 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309636 of user rubyman.
Sep 28 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309636.
Sep 28 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32641]: pam_unix(cron:session): session closed for user root
Sep 28 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session closed for user root
Sep 28 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: Failed password for root from 14.224.251.70 port 48616 ssh2
Sep 28 17:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: Received disconnect from 14.224.251.70 port 48616:11: Bye Bye [preauth]
Sep 28 17:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: Disconnected from 14.224.251.70 port 48616 [preauth]
Sep 28 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Failed password for root from 196.28.242.198 port 33062 ssh2
Sep 28 17:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Received disconnect from 196.28.242.198 port 33062:11: Bye Bye [preauth]
Sep 28 17:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Disconnected from 196.28.242.198 port 33062 [preauth]
Sep 28 17:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for root from 103.176.78.213 port 49282 ssh2
Sep 28 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Received disconnect from 103.176.78.213 port 49282:11: Bye Bye [preauth]
Sep 28 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Disconnected from 103.176.78.213 port 49282 [preauth]
Sep 28 17:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2166]: pam_unix(cron:session): session closed for user root
Sep 28 17:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Invalid user ubuntu from 190.0.63.226
Sep 28 17:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 17:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Failed password for invalid user ubuntu from 190.0.63.226 port 57508 ssh2
Sep 28 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Received disconnect from 190.0.63.226 port 57508:11: Bye Bye [preauth]
Sep 28 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Disconnected from 190.0.63.226 port 57508 [preauth]
Sep 28 17:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Invalid user soksuser from 193.176.251.229
Sep 28 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: input_userauth_request: invalid user soksuser [preauth]
Sep 28 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Failed password for invalid user soksuser from 193.176.251.229 port 58190 ssh2
Sep 28 17:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Received disconnect from 193.176.251.229 port 58190:11: Bye Bye [preauth]
Sep 28 17:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Disconnected from 193.176.251.229 port 58190 [preauth]
Sep 28 17:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Failed password for root from 162.253.132.241 port 36540 ssh2
Sep 28 17:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Received disconnect from 162.253.132.241 port 36540:11: Bye Bye [preauth]
Sep 28 17:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Disconnected from 162.253.132.241 port 36540 [preauth]
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3521]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: Successful su for rubyman by root
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: + ??? root:rubyman
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309642 of user rubyman.
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309642.
Sep 28 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session closed for user root
Sep 28 17:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3522]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: Failed password for root from 196.28.242.198 port 46224 ssh2
Sep 28 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: Received disconnect from 196.28.242.198 port 46224:11: Bye Bye [preauth]
Sep 28 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3814]: Disconnected from 196.28.242.198 port 46224 [preauth]
Sep 28 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Invalid user factorio from 31.59.136.7
Sep 28 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: input_userauth_request: invalid user factorio [preauth]
Sep 28 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Failed password for invalid user factorio from 31.59.136.7 port 33562 ssh2
Sep 28 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for root from 14.224.251.70 port 44132 ssh2
Sep 28 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Received disconnect from 31.59.136.7 port 33562:11: Bye Bye [preauth]
Sep 28 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Disconnected from 31.59.136.7 port 33562 [preauth]
Sep 28 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Received disconnect from 14.224.251.70 port 44132:11: Bye Bye [preauth]
Sep 28 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Disconnected from 14.224.251.70 port 44132 [preauth]
Sep 28 17:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session closed for user root
Sep 28 17:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Invalid user sameer from 193.176.251.229
Sep 28 17:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: input_userauth_request: invalid user sameer [preauth]
Sep 28 17:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Failed password for invalid user sameer from 193.176.251.229 port 41133 ssh2
Sep 28 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Received disconnect from 193.176.251.229 port 41133:11: Bye Bye [preauth]
Sep 28 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Disconnected from 193.176.251.229 port 41133 [preauth]
Sep 28 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Failed password for root from 162.253.132.241 port 59952 ssh2
Sep 28 17:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Received disconnect from 162.253.132.241 port 59952:11: Bye Bye [preauth]
Sep 28 17:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3904]: Disconnected from 162.253.132.241 port 59952 [preauth]
Sep 28 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Failed password for root from 190.0.63.226 port 53698 ssh2
Sep 28 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Received disconnect from 190.0.63.226 port 53698:11: Bye Bye [preauth]
Sep 28 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Disconnected from 190.0.63.226 port 53698 [preauth]
Sep 28 17:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: Invalid user roott from 103.176.78.213
Sep 28 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: input_userauth_request: invalid user roott [preauth]
Sep 28 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3975]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3974]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3970]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: Successful su for rubyman by root
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: + ??? root:rubyman
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309646 of user rubyman.
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4036]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309646.
Sep 28 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: Failed password for invalid user roott from 103.176.78.213 port 48704 ssh2
Sep 28 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: Received disconnect from 103.176.78.213 port 48704:11: Bye Bye [preauth]
Sep 28 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3957]: Disconnected from 103.176.78.213 port 48704 [preauth]
Sep 28 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session closed for user root
Sep 28 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3972]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Invalid user pos from 46.101.170.54
Sep 28 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: input_userauth_request: invalid user pos [preauth]
Sep 28 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 17:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Failed password for invalid user pos from 46.101.170.54 port 57914 ssh2
Sep 28 17:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Connection closed by 46.101.170.54 port 57914 [preauth]
Sep 28 17:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Invalid user sameer from 196.28.242.198
Sep 28 17:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: input_userauth_request: invalid user sameer [preauth]
Sep 28 17:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Failed password for invalid user sameer from 196.28.242.198 port 51140 ssh2
Sep 28 17:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Received disconnect from 196.28.242.198 port 51140:11: Bye Bye [preauth]
Sep 28 17:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Disconnected from 196.28.242.198 port 51140 [preauth]
Sep 28 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Invalid user kodi from 193.176.251.229
Sep 28 17:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: input_userauth_request: invalid user kodi [preauth]
Sep 28 17:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
Sep 28 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Failed password for invalid user kodi from 193.176.251.229 port 52312 ssh2
Sep 28 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Received disconnect from 193.176.251.229 port 52312:11: Bye Bye [preauth]
Sep 28 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Disconnected from 193.176.251.229 port 52312 [preauth]
Sep 28 17:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.253.132.241  user=root
Sep 28 17:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session closed for user root
Sep 28 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Failed password for root from 162.253.132.241 port 55138 ssh2
Sep 28 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Received disconnect from 162.253.132.241 port 55138:11: Bye Bye [preauth]
Sep 28 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Disconnected from 162.253.132.241 port 55138 [preauth]
Sep 28 17:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Invalid user gaurav from 14.224.251.70
Sep 28 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: input_userauth_request: invalid user gaurav [preauth]
Sep 28 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Failed password for invalid user gaurav from 14.224.251.70 port 39644 ssh2
Sep 28 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Received disconnect from 14.224.251.70 port 39644:11: Bye Bye [preauth]
Sep 28 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Disconnected from 14.224.251.70 port 39644 [preauth]
Sep 28 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: Failed password for root from 31.59.136.7 port 54470 ssh2
Sep 28 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: Received disconnect from 31.59.136.7 port 54470:11: Bye Bye [preauth]
Sep 28 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: Disconnected from 31.59.136.7 port 54470 [preauth]
Sep 28 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4488]: Successful su for rubyman by root
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4488]: + ??? root:rubyman
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309651 of user rubyman.
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4488]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309651.
Sep 28 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Failed password for root from 190.0.63.226 port 49888 ssh2
Sep 28 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Received disconnect from 190.0.63.226 port 49888:11: Bye Bye [preauth]
Sep 28 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Disconnected from 190.0.63.226 port 49888 [preauth]
Sep 28 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session closed for user root
Sep 28 17:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3524]: pam_unix(cron:session): session closed for user root
Sep 28 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Invalid user nigger from 196.28.242.198
Sep 28 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: input_userauth_request: invalid user nigger [preauth]
Sep 28 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Failed password for invalid user nigger from 196.28.242.198 port 36930 ssh2
Sep 28 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Received disconnect from 196.28.242.198 port 36930:11: Bye Bye [preauth]
Sep 28 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Disconnected from 196.28.242.198 port 36930 [preauth]
Sep 28 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: Invalid user misha from 103.176.78.213
Sep 28 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: input_userauth_request: invalid user misha [preauth]
Sep 28 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: Failed password for invalid user misha from 103.176.78.213 port 60994 ssh2
Sep 28 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: Received disconnect from 103.176.78.213 port 60994:11: Bye Bye [preauth]
Sep 28 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4792]: Disconnected from 103.176.78.213 port 60994 [preauth]
Sep 28 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4863]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4864]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4929]: Successful su for rubyman by root
Sep 28 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4929]: + ??? root:rubyman
Sep 28 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309655 of user rubyman.
Sep 28 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4929]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309655.
Sep 28 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2165]: pam_unix(cron:session): session closed for user root
Sep 28 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Invalid user liu from 14.224.251.70
Sep 28 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: input_userauth_request: invalid user liu [preauth]
Sep 28 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Failed password for invalid user liu from 14.224.251.70 port 35158 ssh2
Sep 28 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Received disconnect from 14.224.251.70 port 35158:11: Bye Bye [preauth]
Sep 28 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Disconnected from 14.224.251.70 port 35158 [preauth]
Sep 28 17:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Failed password for root from 190.0.63.226 port 46068 ssh2
Sep 28 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Received disconnect from 190.0.63.226 port 46068:11: Bye Bye [preauth]
Sep 28 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5171]: Disconnected from 190.0.63.226 port 46068 [preauth]
Sep 28 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: Failed password for root from 31.59.136.7 port 33218 ssh2
Sep 28 17:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: Received disconnect from 31.59.136.7 port 33218:11: Bye Bye [preauth]
Sep 28 17:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: Disconnected from 31.59.136.7 port 33218 [preauth]
Sep 28 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3975]: pam_unix(cron:session): session closed for user root
Sep 28 17:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: Failed password for root from 196.28.242.198 port 54972 ssh2
Sep 28 17:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: Received disconnect from 196.28.242.198 port 54972:11: Bye Bye [preauth]
Sep 28 17:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5264]: Disconnected from 196.28.242.198 port 54972 [preauth]
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5406]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user root
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: Successful su for rubyman by root
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: + ??? root:rubyman
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309658 of user rubyman.
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309658.
Sep 28 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session closed for user root
Sep 28 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5405]: pam_unix(cron:session): session closed for user root
Sep 28 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Invalid user ymoreno from 103.176.78.213
Sep 28 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: input_userauth_request: invalid user ymoreno [preauth]
Sep 28 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Failed password for invalid user ymoreno from 103.176.78.213 port 44694 ssh2
Sep 28 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Received disconnect from 103.176.78.213 port 44694:11: Bye Bye [preauth]
Sep 28 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Disconnected from 103.176.78.213 port 44694 [preauth]
Sep 28 17:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Invalid user postgres from 14.224.251.70
Sep 28 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: input_userauth_request: invalid user postgres [preauth]
Sep 28 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user postgres from 14.224.251.70 port 58902 ssh2
Sep 28 17:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Received disconnect from 14.224.251.70 port 58902:11: Bye Bye [preauth]
Sep 28 17:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Disconnected from 14.224.251.70 port 58902 [preauth]
Sep 28 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for root from 190.0.63.226 port 42242 ssh2
Sep 28 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Received disconnect from 190.0.63.226 port 42242:11: Bye Bye [preauth]
Sep 28 17:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Disconnected from 190.0.63.226 port 42242 [preauth]
Sep 28 17:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session closed for user root
Sep 28 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5865]: Failed password for root from 196.28.242.198 port 35074 ssh2
Sep 28 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5865]: Received disconnect from 196.28.242.198 port 35074:11: Bye Bye [preauth]
Sep 28 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5865]: Disconnected from 196.28.242.198 port 35074 [preauth]
Sep 28 17:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Failed password for root from 31.59.136.7 port 33436 ssh2
Sep 28 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Received disconnect from 31.59.136.7 port 33436:11: Bye Bye [preauth]
Sep 28 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5884]: Disconnected from 31.59.136.7 port 33436 [preauth]
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: Successful su for rubyman by root
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: + ??? root:rubyman
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309664 of user rubyman.
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5972]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309664.
Sep 28 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session closed for user root
Sep 28 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4864]: pam_unix(cron:session): session closed for user root
Sep 28 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Failed password for root from 190.0.63.226 port 38420 ssh2
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Received disconnect from 190.0.63.226 port 38420:11: Bye Bye [preauth]
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Disconnected from 190.0.63.226 port 38420 [preauth]
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Invalid user info from 103.176.78.213
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: input_userauth_request: invalid user info [preauth]
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for root from 14.224.251.70 port 54418 ssh2
Sep 28 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Received disconnect from 14.224.251.70 port 54418:11: Bye Bye [preauth]
Sep 28 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Disconnected from 14.224.251.70 port 54418 [preauth]
Sep 28 17:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for invalid user info from 103.176.78.213 port 44640 ssh2
Sep 28 17:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Received disconnect from 103.176.78.213 port 44640:11: Bye Bye [preauth]
Sep 28 17:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Disconnected from 103.176.78.213 port 44640 [preauth]
Sep 28 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Invalid user soksuser from 196.28.242.198
Sep 28 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: input_userauth_request: invalid user soksuser [preauth]
Sep 28 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Failed password for invalid user soksuser from 196.28.242.198 port 55804 ssh2
Sep 28 17:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Received disconnect from 196.28.242.198 port 55804:11: Bye Bye [preauth]
Sep 28 17:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Disconnected from 196.28.242.198 port 55804 [preauth]
Sep 28 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6348]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6347]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6344]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6410]: Successful su for rubyman by root
Sep 28 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6410]: + ??? root:rubyman
Sep 28 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309668 of user rubyman.
Sep 28 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6410]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309668.
Sep 28 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3523]: pam_unix(cron:session): session closed for user root
Sep 28 17:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6346]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Failed password for root from 31.59.136.7 port 49464 ssh2
Sep 28 17:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Received disconnect from 31.59.136.7 port 49464:11: Bye Bye [preauth]
Sep 28 17:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Disconnected from 31.59.136.7 port 49464 [preauth]
Sep 28 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session closed for user root
Sep 28 17:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Invalid user dorian from 190.0.63.226
Sep 28 17:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: input_userauth_request: invalid user dorian [preauth]
Sep 28 17:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Failed password for invalid user dorian from 190.0.63.226 port 34604 ssh2
Sep 28 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Received disconnect from 190.0.63.226 port 34604:11: Bye Bye [preauth]
Sep 28 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Disconnected from 190.0.63.226 port 34604 [preauth]
Sep 28 17:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6888]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6886]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6954]: Successful su for rubyman by root
Sep 28 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6954]: + ??? root:rubyman
Sep 28 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309672 of user rubyman.
Sep 28 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6954]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309672.
Sep 28 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Failed password for root from 14.224.251.70 port 49934 ssh2
Sep 28 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Received disconnect from 14.224.251.70 port 49934:11: Bye Bye [preauth]
Sep 28 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Disconnected from 14.224.251.70 port 49934 [preauth]
Sep 28 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3974]: pam_unix(cron:session): session closed for user root
Sep 28 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198  user=root
Sep 28 17:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Failed password for root from 196.28.242.198 port 51908 ssh2
Sep 28 17:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6887]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Received disconnect from 196.28.242.198 port 51908:11: Bye Bye [preauth]
Sep 28 17:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7154]: Disconnected from 196.28.242.198 port 51908 [preauth]
Sep 28 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Invalid user steam from 103.176.78.213
Sep 28 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: input_userauth_request: invalid user steam [preauth]
Sep 28 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Failed password for invalid user steam from 103.176.78.213 port 48192 ssh2
Sep 28 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Received disconnect from 103.176.78.213 port 48192:11: Bye Bye [preauth]
Sep 28 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Disconnected from 103.176.78.213 port 48192 [preauth]
Sep 28 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5901]: pam_unix(cron:session): session closed for user root
Sep 28 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Invalid user test from 31.59.136.7
Sep 28 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: input_userauth_request: invalid user test [preauth]
Sep 28 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Failed password for invalid user test from 31.59.136.7 port 46932 ssh2
Sep 28 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Received disconnect from 31.59.136.7 port 46932:11: Bye Bye [preauth]
Sep 28 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Disconnected from 31.59.136.7 port 46932 [preauth]
Sep 28 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7433]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7495]: Successful su for rubyman by root
Sep 28 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7495]: + ??? root:rubyman
Sep 28 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309676 of user rubyman.
Sep 28 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7495]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309676.
Sep 28 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session closed for user root
Sep 28 17:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7432]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Failed password for root from 190.0.63.226 port 59012 ssh2
Sep 28 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Received disconnect from 190.0.63.226 port 59012:11: Bye Bye [preauth]
Sep 28 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Disconnected from 190.0.63.226 port 59012 [preauth]
Sep 28 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Invalid user ubuntu from 196.28.242.198
Sep 28 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.28.242.198
Sep 28 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70  user=root
Sep 28 17:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Failed password for invalid user ubuntu from 196.28.242.198 port 34328 ssh2
Sep 28 17:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Received disconnect from 196.28.242.198 port 34328:11: Bye Bye [preauth]
Sep 28 17:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Disconnected from 196.28.242.198 port 34328 [preauth]
Sep 28 17:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Failed password for root from 14.224.251.70 port 45450 ssh2
Sep 28 17:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Received disconnect from 14.224.251.70 port 45450:11: Bye Bye [preauth]
Sep 28 17:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Disconnected from 14.224.251.70 port 45450 [preauth]
Sep 28 17:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6348]: pam_unix(cron:session): session closed for user root
Sep 28 17:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Invalid user abc from 164.68.105.9
Sep 28 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: input_userauth_request: invalid user abc [preauth]
Sep 28 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Failed password for invalid user abc from 164.68.105.9 port 51154 ssh2
Sep 28 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Connection closed by 164.68.105.9 port 51154 [preauth]
Sep 28 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Failed password for root from 103.176.78.213 port 43006 ssh2
Sep 28 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Received disconnect from 103.176.78.213 port 43006:11: Bye Bye [preauth]
Sep 28 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Disconnected from 103.176.78.213 port 43006 [preauth]
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session closed for user root
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7976]: Successful su for rubyman by root
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7976]: + ??? root:rubyman
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309683 of user rubyman.
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7976]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309683.
Sep 28 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7902]: pam_unix(cron:session): session closed for user root
Sep 28 17:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4863]: pam_unix(cron:session): session closed for user root
Sep 28 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7901]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Failed password for root from 31.59.136.7 port 57138 ssh2
Sep 28 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Received disconnect from 31.59.136.7 port 57138:11: Bye Bye [preauth]
Sep 28 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Disconnected from 31.59.136.7 port 57138 [preauth]
Sep 28 17:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226  user=root
Sep 28 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Failed password for root from 190.0.63.226 port 55190 ssh2
Sep 28 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Received disconnect from 190.0.63.226 port 55190:11: Bye Bye [preauth]
Sep 28 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8283]: Disconnected from 190.0.63.226 port 55190 [preauth]
Sep 28 17:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6889]: pam_unix(cron:session): session closed for user root
Sep 28 17:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Invalid user epro from 14.224.251.70
Sep 28 17:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: input_userauth_request: invalid user epro [preauth]
Sep 28 17:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.224.251.70
Sep 28 17:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Failed password for invalid user epro from 14.224.251.70 port 40964 ssh2
Sep 28 17:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Received disconnect from 14.224.251.70 port 40964:11: Bye Bye [preauth]
Sep 28 17:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Disconnected from 14.224.251.70 port 40964 [preauth]
Sep 28 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8429]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: Successful su for rubyman by root
Sep 28 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: + ??? root:rubyman
Sep 28 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309687 of user rubyman.
Sep 28 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8505]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309687.
Sep 28 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5406]: pam_unix(cron:session): session closed for user root
Sep 28 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8430]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Invalid user term1 from 103.176.78.213
Sep 28 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: input_userauth_request: invalid user term1 [preauth]
Sep 28 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for invalid user term1 from 103.176.78.213 port 36102 ssh2
Sep 28 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Received disconnect from 103.176.78.213 port 36102:11: Bye Bye [preauth]
Sep 28 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Disconnected from 103.176.78.213 port 36102 [preauth]
Sep 28 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7434]: pam_unix(cron:session): session closed for user root
Sep 28 17:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Invalid user nigger from 190.0.63.226
Sep 28 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: input_userauth_request: invalid user nigger [preauth]
Sep 28 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.0.63.226
Sep 28 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Failed password for invalid user nigger from 190.0.63.226 port 51378 ssh2
Sep 28 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Received disconnect from 190.0.63.226 port 51378:11: Bye Bye [preauth]
Sep 28 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8939]: Disconnected from 190.0.63.226 port 51378 [preauth]
Sep 28 17:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Invalid user light from 31.59.136.7
Sep 28 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: input_userauth_request: invalid user light [preauth]
Sep 28 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Failed password for invalid user light from 31.59.136.7 port 37534 ssh2
Sep 28 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Received disconnect from 31.59.136.7 port 37534:11: Bye Bye [preauth]
Sep 28 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Disconnected from 31.59.136.7 port 37534 [preauth]
Sep 28 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9001]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9069]: Successful su for rubyman by root
Sep 28 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9069]: + ??? root:rubyman
Sep 28 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309690 of user rubyman.
Sep 28 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9069]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309690.
Sep 28 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5900]: pam_unix(cron:session): session closed for user root
Sep 28 17:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session closed for user root
Sep 28 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9542]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: Successful su for rubyman by root
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: + ??? root:rubyman
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309694 of user rubyman.
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9614]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309694.
Sep 28 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6347]: pam_unix(cron:session): session closed for user root
Sep 28 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Failed password for root from 103.176.78.213 port 43808 ssh2
Sep 28 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Received disconnect from 103.176.78.213 port 43808:11: Bye Bye [preauth]
Sep 28 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Disconnected from 103.176.78.213 port 43808 [preauth]
Sep 28 17:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Failed password for root from 31.59.136.7 port 46498 ssh2
Sep 28 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Received disconnect from 31.59.136.7 port 46498:11: Bye Bye [preauth]
Sep 28 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Disconnected from 31.59.136.7 port 46498 [preauth]
Sep 28 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session closed for user root
Sep 28 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Invalid user admin from 93.152.230.176
Sep 28 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: input_userauth_request: invalid user admin [preauth]
Sep 28 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Failed password for invalid user admin from 93.152.230.176 port 40464 ssh2
Sep 28 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Received disconnect from 93.152.230.176 port 40464:11: Client disconnecting normally [preauth]
Sep 28 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10070]: Disconnected from 93.152.230.176 port 40464 [preauth]
Sep 28 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10110]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10274]: Successful su for rubyman by root
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10274]: + ??? root:rubyman
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309701 of user rubyman.
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10274]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309701.
Sep 28 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10108]: pam_unix(cron:session): session closed for user root
Sep 28 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6888]: pam_unix(cron:session): session closed for user root
Sep 28 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10111]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session closed for user root
Sep 28 17:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Failed password for root from 103.176.78.213 port 47074 ssh2
Sep 28 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Received disconnect from 103.176.78.213 port 47074:11: Bye Bye [preauth]
Sep 28 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Disconnected from 103.176.78.213 port 47074 [preauth]
Sep 28 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: Invalid user dorian from 31.59.136.7
Sep 28 17:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: input_userauth_request: invalid user dorian [preauth]
Sep 28 17:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: Failed password for invalid user dorian from 31.59.136.7 port 44554 ssh2
Sep 28 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: Received disconnect from 31.59.136.7 port 44554:11: Bye Bye [preauth]
Sep 28 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: Disconnected from 31.59.136.7 port 44554 [preauth]
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session closed for user root
Sep 28 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10755]: Successful su for rubyman by root
Sep 28 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10755]: + ??? root:rubyman
Sep 28 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309703 of user rubyman.
Sep 28 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10755]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309703.
Sep 28 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10679]: pam_unix(cron:session): session closed for user root
Sep 28 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7433]: pam_unix(cron:session): session closed for user root
Sep 28 17:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10678]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9545]: pam_unix(cron:session): session closed for user root
Sep 28 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11204]: Successful su for rubyman by root
Sep 28 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11204]: + ??? root:rubyman
Sep 28 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309710 of user rubyman.
Sep 28 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11204]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309710.
Sep 28 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session closed for user root
Sep 28 17:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Invalid user role1 from 31.59.136.7
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: input_userauth_request: invalid user role1 [preauth]
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Invalid user runner from 103.176.78.213
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: input_userauth_request: invalid user runner [preauth]
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Failed password for invalid user role1 from 31.59.136.7 port 33340 ssh2
Sep 28 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Received disconnect from 31.59.136.7 port 33340:11: Bye Bye [preauth]
Sep 28 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Disconnected from 31.59.136.7 port 33340 [preauth]
Sep 28 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Failed password for invalid user runner from 103.176.78.213 port 37544 ssh2
Sep 28 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Received disconnect from 103.176.78.213 port 37544:11: Bye Bye [preauth]
Sep 28 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Disconnected from 103.176.78.213 port 37544 [preauth]
Sep 28 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session closed for user root
Sep 28 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11654]: Successful su for rubyman by root
Sep 28 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11654]: + ??? root:rubyman
Sep 28 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309714 of user rubyman.
Sep 28 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11654]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309714.
Sep 28 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8431]: pam_unix(cron:session): session closed for user root
Sep 28 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session closed for user root
Sep 28 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Failed password for root from 31.59.136.7 port 33308 ssh2
Sep 28 17:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Received disconnect from 31.59.136.7 port 33308:11: Bye Bye [preauth]
Sep 28 17:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Disconnected from 31.59.136.7 port 33308 [preauth]
Sep 28 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Invalid user jp from 103.176.78.213
Sep 28 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: input_userauth_request: invalid user jp [preauth]
Sep 28 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: Successful su for rubyman by root
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: + ??? root:rubyman
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309718 of user rubyman.
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309718.
Sep 28 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for invalid user jp from 103.176.78.213 port 48468 ssh2
Sep 28 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Received disconnect from 103.176.78.213 port 48468:11: Bye Bye [preauth]
Sep 28 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Disconnected from 103.176.78.213 port 48468 [preauth]
Sep 28 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session closed for user root
Sep 28 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session closed for user root
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12599]: Successful su for rubyman by root
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12599]: + ??? root:rubyman
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309722 of user rubyman.
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12599]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309722.
Sep 28 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session closed for user root
Sep 28 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Invalid user tung from 31.59.136.7
Sep 28 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: input_userauth_request: invalid user tung [preauth]
Sep 28 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7
Sep 28 17:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Failed password for invalid user tung from 31.59.136.7 port 37148 ssh2
Sep 28 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Received disconnect from 31.59.136.7 port 37148:11: Bye Bye [preauth]
Sep 28 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Disconnected from 31.59.136.7 port 37148 [preauth]
Sep 28 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user root
Sep 28 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213  user=root
Sep 28 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Failed password for root from 103.176.78.213 port 49054 ssh2
Sep 28 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Received disconnect from 103.176.78.213 port 49054:11: Bye Bye [preauth]
Sep 28 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Disconnected from 103.176.78.213 port 49054 [preauth]
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13006]: pam_unix(cron:session): session closed for user root
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12995]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13072]: Successful su for rubyman by root
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13072]: + ??? root:rubyman
Sep 28 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309725 of user rubyman.
Sep 28 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13072]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309725.
Sep 28 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user root
Sep 28 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session closed for user root
Sep 28 17:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session closed for user root
Sep 28 17:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.59.136.7  user=root
Sep 28 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Failed password for root from 31.59.136.7 port 42294 ssh2
Sep 28 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Received disconnect from 31.59.136.7 port 42294:11: Bye Bye [preauth]
Sep 28 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Disconnected from 31.59.136.7 port 42294 [preauth]
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13468]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13541]: Successful su for rubyman by root
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13541]: + ??? root:rubyman
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309731 of user rubyman.
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13541]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309731.
Sep 28 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session closed for user root
Sep 28 17:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13469]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Invalid user pwserver from 103.176.78.213
Sep 28 17:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: input_userauth_request: invalid user pwserver [preauth]
Sep 28 17:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.213
Sep 28 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Failed password for invalid user pwserver from 103.176.78.213 port 45368 ssh2
Sep 28 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Received disconnect from 103.176.78.213 port 45368:11: Bye Bye [preauth]
Sep 28 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Disconnected from 103.176.78.213 port 45368 [preauth]
Sep 28 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session closed for user root
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: Successful su for rubyman by root
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: + ??? root:rubyman
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309736 of user rubyman.
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13965]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309736.
Sep 28 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11138]: pam_unix(cron:session): session closed for user root
Sep 28 17:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13001]: pam_unix(cron:session): session closed for user root
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14414]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14475]: Successful su for rubyman by root
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14475]: + ??? root:rubyman
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309740 of user rubyman.
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14475]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309740.
Sep 28 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user root
Sep 28 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13471]: pam_unix(cron:session): session closed for user root
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14830]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14894]: Successful su for rubyman by root
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14894]: + ??? root:rubyman
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309743 of user rubyman.
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14894]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309743.
Sep 28 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user root
Sep 28 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14831]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13902]: pam_unix(cron:session): session closed for user root
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session closed for user root
Sep 28 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15239]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: Successful su for rubyman by root
Sep 28 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: + ??? root:rubyman
Sep 28 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309750 of user rubyman.
Sep 28 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309750.
Sep 28 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session closed for user root
Sep 28 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session closed for user root
Sep 28 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15240]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session closed for user root
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: Successful su for rubyman by root
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: + ??? root:rubyman
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309753 of user rubyman.
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15772]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309753.
Sep 28 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session closed for user root
Sep 28 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14833]: pam_unix(cron:session): session closed for user root
Sep 28 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16122]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16120]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: Successful su for rubyman by root
Sep 28 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: + ??? root:rubyman
Sep 28 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309758 of user rubyman.
Sep 28 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16186]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309758.
Sep 28 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13470]: pam_unix(cron:session): session closed for user root
Sep 28 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16121]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Invalid user freebsd from 93.152.230.176
Sep 28 17:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: input_userauth_request: invalid user freebsd [preauth]
Sep 28 17:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 17:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Failed password for invalid user freebsd from 93.152.230.176 port 7544 ssh2
Sep 28 17:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Received disconnect from 93.152.230.176 port 7544:11: Client disconnecting normally [preauth]
Sep 28 17:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Disconnected from 93.152.230.176 port 7544 [preauth]
Sep 28 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session closed for user root
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: Successful su for rubyman by root
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: + ??? root:rubyman
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309762 of user rubyman.
Sep 28 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309762.
Sep 28 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session closed for user root
Sep 28 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user root
Sep 28 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Invalid user user from 62.60.131.157
Sep 28 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: input_userauth_request: invalid user user [preauth]
Sep 28 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17002]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: Successful su for rubyman by root
Sep 28 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: + ??? root:rubyman
Sep 28 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309767 of user rubyman.
Sep 28 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17067]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309767.
Sep 28 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for invalid user user from 62.60.131.157 port 46884 ssh2
Sep 28 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session closed for user root
Sep 28 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for invalid user user from 62.60.131.157 port 46884 ssh2
Sep 28 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for invalid user user from 62.60.131.157 port 46884 ssh2
Sep 28 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for invalid user user from 62.60.131.157 port 46884 ssh2
Sep 28 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for invalid user user from 62.60.131.157 port 46884 ssh2
Sep 28 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Received disconnect from 62.60.131.157 port 46884:11: Bye [preauth]
Sep 28 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Disconnected from 62.60.131.157 port 46884 [preauth]
Sep 28 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user root
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17448]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session closed for user root
Sep 28 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17446]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: Successful su for rubyman by root
Sep 28 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: + ??? root:rubyman
Sep 28 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309771 of user rubyman.
Sep 28 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17520]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309771.
Sep 28 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17448]: pam_unix(cron:session): session closed for user root
Sep 28 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14832]: pam_unix(cron:session): session closed for user root
Sep 28 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session closed for user root
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: Successful su for rubyman by root
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: + ??? root:rubyman
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309776 of user rubyman.
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309776.
Sep 28 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session closed for user root
Sep 28 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session closed for user root
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: Successful su for rubyman by root
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: + ??? root:rubyman
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309780 of user rubyman.
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18799]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309780.
Sep 28 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user root
Sep 28 17:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user root
Sep 28 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: Successful su for rubyman by root
Sep 28 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: + ??? root:rubyman
Sep 28 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309784 of user rubyman.
Sep 28 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19290]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309784.
Sep 28 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16122]: pam_unix(cron:session): session closed for user root
Sep 28 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user root
Sep 28 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20004]: pam_unix(cron:session): session closed for user p13x
Sep 28 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: Successful su for rubyman by root
Sep 28 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: + ??? root:rubyman
Sep 28 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309788 of user rubyman.
Sep 28 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20084]: pam_unix(su:session): session closed for user rubyman
Sep 28 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309788.
Sep 28 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user root
Sep 28 17:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session closed for user samftp
Sep 28 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Bad protocol version identification 'GET / HTTP/1.1' from 159.65.53.14 port 40146
Sep 28 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20361]: Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 159.65.53.14 port 40160
Sep 28 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18733]: pam_unix(cron:session): session closed for user root
Sep 28 17:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: Invalid user tianyu from 106.13.135.26
Sep 28 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: input_userauth_request: invalid user tianyu [preauth]
Sep 28 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.135.26
Sep 28 17:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: Failed password for invalid user tianyu from 106.13.135.26 port 53974 ssh2
Sep 28 17:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: Received disconnect from 106.13.135.26 port 53974:11: Bye Bye [preauth]
Sep 28 17:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20436]: Disconnected from 106.13.135.26 port 53974 [preauth]
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user root
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session closed for user root
Sep 28 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20490]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: Successful su for rubyman by root
Sep 28 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: + ??? root:rubyman
Sep 28 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309791 of user rubyman.
Sep 28 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20603]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309791.
Sep 28 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user root
Sep 28 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user root
Sep 28 18:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session closed for user root
Sep 28 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21126]: Successful su for rubyman by root
Sep 28 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21126]: + ??? root:rubyman
Sep 28 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309798 of user rubyman.
Sep 28 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21126]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309798.
Sep 28 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session closed for user root
Sep 28 18:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21054]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20009]: pam_unix(cron:session): session closed for user root
Sep 28 18:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21428]: Bad protocol version identification 'GET / HTTP/1.1' from 45.55.82.89 port 52668
Sep 28 18:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21429]: Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 45.55.82.89 port 52680
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: Successful su for rubyman by root
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: + ??? root:rubyman
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309802 of user rubyman.
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309802.
Sep 28 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session closed for user root
Sep 28 18:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21922]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21990]: Successful su for rubyman by root
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21990]: + ??? root:rubyman
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309808 of user rubyman.
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21990]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309808.
Sep 28 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session closed for user root
Sep 28 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21923]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user root
Sep 28 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22368]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: Successful su for rubyman by root
Sep 28 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: + ??? root:rubyman
Sep 28 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309810 of user rubyman.
Sep 28 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309810.
Sep 28 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session closed for user root
Sep 28 18:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session closed for user root
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23011]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session closed for user root
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23112]: Successful su for rubyman by root
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23112]: + ??? root:rubyman
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309816 of user rubyman.
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23112]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309816.
Sep 28 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23011]: pam_unix(cron:session): session closed for user root
Sep 28 18:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session closed for user root
Sep 28 18:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session closed for user root
Sep 28 18:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Invalid user postgres from 93.152.230.176
Sep 28 18:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: input_userauth_request: invalid user postgres [preauth]
Sep 28 18:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 18:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Failed password for invalid user postgres from 93.152.230.176 port 43186 ssh2
Sep 28 18:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Received disconnect from 93.152.230.176 port 43186:11: Client disconnecting normally [preauth]
Sep 28 18:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23756]: Disconnected from 93.152.230.176 port 43186 [preauth]
Sep 28 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23780]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23853]: Successful su for rubyman by root
Sep 28 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23853]: + ??? root:rubyman
Sep 28 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309820 of user rubyman.
Sep 28 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23853]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309820.
Sep 28 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user root
Sep 28 18:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23781]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22368]: pam_unix(cron:session): session closed for user root
Sep 28 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24265]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: Successful su for rubyman by root
Sep 28 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: + ??? root:rubyman
Sep 28 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309824 of user rubyman.
Sep 28 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24334]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309824.
Sep 28 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user root
Sep 28 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24266]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session closed for user root
Sep 28 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24725]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: Successful su for rubyman by root
Sep 28 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: + ??? root:rubyman
Sep 28 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309830 of user rubyman.
Sep 28 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309830.
Sep 28 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session closed for user root
Sep 28 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24726]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23783]: pam_unix(cron:session): session closed for user root
Sep 28 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25561]: Successful su for rubyman by root
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25561]: + ??? root:rubyman
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309835 of user rubyman.
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25561]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309835.
Sep 28 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session closed for user root
Sep 28 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21924]: pam_unix(cron:session): session closed for user root
Sep 28 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user root
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session closed for user root
Sep 28 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26067]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26143]: Successful su for rubyman by root
Sep 28 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26143]: + ??? root:rubyman
Sep 28 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309838 of user rubyman.
Sep 28 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26143]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309838.
Sep 28 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26069]: pam_unix(cron:session): session closed for user root
Sep 28 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session closed for user root
Sep 28 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26068]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session closed for user root
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: Successful su for rubyman by root
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: + ??? root:rubyman
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309843 of user rubyman.
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309843.
Sep 28 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session closed for user root
Sep 28 18:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session closed for user root
Sep 28 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27291]: Successful su for rubyman by root
Sep 28 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27291]: + ??? root:rubyman
Sep 28 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309850 of user rubyman.
Sep 28 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27291]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309850.
Sep 28 18:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23782]: pam_unix(cron:session): session closed for user root
Sep 28 18:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27226]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session closed for user root
Sep 28 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27860]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27861]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27858]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: Successful su for rubyman by root
Sep 28 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: + ??? root:rubyman
Sep 28 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309852 of user rubyman.
Sep 28 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309852.
Sep 28 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session closed for user root
Sep 28 18:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27859]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session closed for user root
Sep 28 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28376]: Successful su for rubyman by root
Sep 28 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28376]: + ??? root:rubyman
Sep 28 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309856 of user rubyman.
Sep 28 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28376]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309856.
Sep 28 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24727]: pam_unix(cron:session): session closed for user root
Sep 28 18:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session closed for user root
Sep 28 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Did not receive identification string from 135.237.125.195
Sep 28 18:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 135.237.125.195 port 59694
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28894]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session closed for user root
Sep 28 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29069]: Successful su for rubyman by root
Sep 28 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29069]: + ??? root:rubyman
Sep 28 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309859 of user rubyman.
Sep 28 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29069]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309859.
Sep 28 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session closed for user root
Sep 28 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session closed for user root
Sep 28 18:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28891]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27861]: pam_unix(cron:session): session closed for user root
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29491]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29489]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: Successful su for rubyman by root
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: + ??? root:rubyman
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309866 of user rubyman.
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309866.
Sep 28 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session closed for user root
Sep 28 18:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29490]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session closed for user root
Sep 28 18:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.135.26  user=root
Sep 28 18:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for root from 106.13.135.26 port 50286 ssh2
Sep 28 18:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Received disconnect from 106.13.135.26 port 50286:11: Bye Bye [preauth]
Sep 28 18:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Disconnected from 106.13.135.26 port 50286 [preauth]
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29966]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29966]: pam_unix(cron:session): session closed for user root
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29968]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: Successful su for rubyman by root
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: + ??? root:rubyman
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309869 of user rubyman.
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309869.
Sep 28 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session closed for user root
Sep 28 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29970]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28894]: pam_unix(cron:session): session closed for user root
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: Successful su for rubyman by root
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: + ??? root:rubyman
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309874 of user rubyman.
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309874.
Sep 28 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Invalid user db2fenc1 from 20.163.71.109
Sep 28 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: input_userauth_request: invalid user db2fenc1 [preauth]
Sep 28 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Failed password for invalid user db2fenc1 from 20.163.71.109 port 37666 ssh2
Sep 28 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session closed for user root
Sep 28 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Connection closed by 20.163.71.109 port 37666 [preauth]
Sep 28 18:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 28 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Failed password for root from 164.68.105.9 port 36328 ssh2
Sep 28 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Connection closed by 164.68.105.9 port 36328 [preauth]
Sep 28 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29492]: pam_unix(cron:session): session closed for user root
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31021]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31020]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31093]: Successful su for rubyman by root
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31093]: + ??? root:rubyman
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309878 of user rubyman.
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31093]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309878.
Sep 28 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27860]: pam_unix(cron:session): session closed for user root
Sep 28 18:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Invalid user pi from 93.152.230.176
Sep 28 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: input_userauth_request: invalid user pi [preauth]
Sep 28 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Failed password for invalid user pi from 93.152.230.176 port 4049 ssh2
Sep 28 18:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Received disconnect from 93.152.230.176 port 4049:11: Client disconnecting normally [preauth]
Sep 28 18:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Disconnected from 93.152.230.176 port 4049 [preauth]
Sep 28 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29973]: pam_unix(cron:session): session closed for user root
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session closed for user root
Sep 28 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31587]: Successful su for rubyman by root
Sep 28 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31587]: + ??? root:rubyman
Sep 28 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309883 of user rubyman.
Sep 28 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31587]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309883.
Sep 28 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user root
Sep 28 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session closed for user root
Sep 28 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user root
Sep 28 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32050]: Successful su for rubyman by root
Sep 28 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32050]: + ??? root:rubyman
Sep 28 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309891 of user rubyman.
Sep 28 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32050]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309891.
Sep 28 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session closed for user root
Sep 28 18:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31974]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31021]: pam_unix(cron:session): session closed for user root
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32412]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: Successful su for rubyman by root
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: + ??? root:rubyman
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309892 of user rubyman.
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309892.
Sep 28 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29491]: pam_unix(cron:session): session closed for user root
Sep 28 18:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session closed for user root
Sep 28 18:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Invalid user guest from 51.68.138.190
Sep 28 18:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: input_userauth_request: invalid user guest [preauth]
Sep 28 18:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[381]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[377]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Failed password for invalid user guest from 51.68.138.190 port 45286 ssh2
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[460]: Successful su for rubyman by root
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[460]: + ??? root:rubyman
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309896 of user rubyman.
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[460]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309896.
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Received disconnect from 51.68.138.190 port 45286:11: Bye Bye [preauth]
Sep 28 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Disconnected from 51.68.138.190 port 45286 [preauth]
Sep 28 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session closed for user root
Sep 28 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31976]: pam_unix(cron:session): session closed for user root
Sep 28 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: Successful su for rubyman by root
Sep 28 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: + ??? root:rubyman
Sep 28 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309900 of user rubyman.
Sep 28 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[944]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309900.
Sep 28 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user root
Sep 28 18:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session closed for user root
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session closed for user root
Sep 28 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1474]: Successful su for rubyman by root
Sep 28 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1474]: + ??? root:rubyman
Sep 28 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1474]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309905 of user rubyman.
Sep 28 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309905.
Sep 28 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31020]: pam_unix(cron:session): session closed for user root
Sep 28 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session closed for user root
Sep 28 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1649]: Failed password for root from 51.68.138.190 port 50898 ssh2
Sep 28 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1649]: Received disconnect from 51.68.138.190 port 50898:11: Bye Bye [preauth]
Sep 28 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1649]: Disconnected from 51.68.138.190 port 50898 [preauth]
Sep 28 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[381]: pam_unix(cron:session): session closed for user root
Sep 28 18:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.135.26  user=root
Sep 28 18:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: Failed password for root from 106.13.135.26 port 44122 ssh2
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1876]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1956]: Successful su for rubyman by root
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1956]: + ??? root:rubyman
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309910 of user rubyman.
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1956]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309910.
Sep 28 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31503]: pam_unix(cron:session): session closed for user root
Sep 28 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1877]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Failed password for root from 51.68.138.190 port 56596 ssh2
Sep 28 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Received disconnect from 51.68.138.190 port 56596:11: Bye Bye [preauth]
Sep 28 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Disconnected from 51.68.138.190 port 56596 [preauth]
Sep 28 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session closed for user root
Sep 28 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Invalid user pi from 185.148.253.22
Sep 28 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: input_userauth_request: invalid user pi [preauth]
Sep 28 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.253.22
Sep 28 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Invalid user pi from 185.148.253.22
Sep 28 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: input_userauth_request: invalid user pi [preauth]
Sep 28 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.253.22
Sep 28 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Failed password for invalid user pi from 185.148.253.22 port 46970 ssh2
Sep 28 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Connection closed by 185.148.253.22 port 46970 [preauth]
Sep 28 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Failed password for invalid user pi from 185.148.253.22 port 46982 ssh2
Sep 28 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Connection closed by 185.148.253.22 port 46982 [preauth]
Sep 28 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: Successful su for rubyman by root
Sep 28 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: + ??? root:rubyman
Sep 28 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309914 of user rubyman.
Sep 28 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309914.
Sep 28 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31975]: pam_unix(cron:session): session closed for user root
Sep 28 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Invalid user sammy from 51.68.138.190
Sep 28 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: input_userauth_request: invalid user sammy [preauth]
Sep 28 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Failed password for invalid user sammy from 51.68.138.190 port 46120 ssh2
Sep 28 18:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Received disconnect from 51.68.138.190 port 46120:11: Bye Bye [preauth]
Sep 28 18:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Disconnected from 51.68.138.190 port 46120 [preauth]
Sep 28 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2636]: Did not receive identification string from 118.200.206.183
Sep 28 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session closed for user root
Sep 28 18:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Invalid user wtl from 51.68.138.190
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: input_userauth_request: invalid user wtl [preauth]
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: Successful su for rubyman by root
Sep 28 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: + ??? root:rubyman
Sep 28 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309918 of user rubyman.
Sep 28 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309918.
Sep 28 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Failed password for invalid user wtl from 51.68.138.190 port 54500 ssh2
Sep 28 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Received disconnect from 51.68.138.190 port 54500:11: Bye Bye [preauth]
Sep 28 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Disconnected from 51.68.138.190 port 54500 [preauth]
Sep 28 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session closed for user root
Sep 28 18:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session closed for user root
Sep 28 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Invalid user mariusz from 51.68.138.190
Sep 28 18:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: input_userauth_request: invalid user mariusz [preauth]
Sep 28 18:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user mariusz from 51.68.138.190 port 40472 ssh2
Sep 28 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Received disconnect from 51.68.138.190 port 40472:11: Bye Bye [preauth]
Sep 28 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Disconnected from 51.68.138.190 port 40472 [preauth]
Sep 28 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3249]: Successful su for rubyman by root
Sep 28 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3249]: + ??? root:rubyman
Sep 28 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309922 of user rubyman.
Sep 28 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3249]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309922.
Sep 28 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session closed for user root
Sep 28 18:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3183]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session closed for user root
Sep 28 18:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Invalid user test from 51.68.138.190
Sep 28 18:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: input_userauth_request: invalid user test [preauth]
Sep 28 18:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Failed password for invalid user test from 51.68.138.190 port 59608 ssh2
Sep 28 18:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Received disconnect from 51.68.138.190 port 59608:11: Bye Bye [preauth]
Sep 28 18:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Disconnected from 51.68.138.190 port 59608 [preauth]
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session closed for user root
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3611]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: Successful su for rubyman by root
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: + ??? root:rubyman
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309930 of user rubyman.
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3678]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309930.
Sep 28 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session closed for user root
Sep 28 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session closed for user root
Sep 28 18:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Did not receive identification string from 169.211.232.182
Sep 28 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user root
Sep 28 18:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: Failed password for root from 51.68.138.190 port 38978 ssh2
Sep 28 18:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: Received disconnect from 51.68.138.190 port 38978:11: Bye Bye [preauth]
Sep 28 18:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4036]: Disconnected from 51.68.138.190 port 38978 [preauth]
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: Successful su for rubyman by root
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: + ??? root:rubyman
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309932 of user rubyman.
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309932.
Sep 28 18:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1372]: pam_unix(cron:session): session closed for user root
Sep 28 18:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session closed for user root
Sep 28 18:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Invalid user jenkins from 51.68.138.190
Sep 28 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: input_userauth_request: invalid user jenkins [preauth]
Sep 28 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Failed password for invalid user jenkins from 51.68.138.190 port 49708 ssh2
Sep 28 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Received disconnect from 51.68.138.190 port 49708:11: Bye Bye [preauth]
Sep 28 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Disconnected from 51.68.138.190 port 49708 [preauth]
Sep 28 18:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Invalid user lion from 190.103.202.7
Sep 28 18:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: input_userauth_request: invalid user lion [preauth]
Sep 28 18:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 18:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Failed password for invalid user lion from 190.103.202.7 port 42280 ssh2
Sep 28 18:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Connection closed by 190.103.202.7 port 42280 [preauth]
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4599]: Successful su for rubyman by root
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4599]: + ??? root:rubyman
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309936 of user rubyman.
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4599]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309936.
Sep 28 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session closed for user root
Sep 28 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4530]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 28 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Failed password for root from 93.152.230.176 port 51069 ssh2
Sep 28 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Received disconnect from 93.152.230.176 port 51069:11: Client disconnecting normally [preauth]
Sep 28 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Disconnected from 93.152.230.176 port 51069 [preauth]
Sep 28 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session closed for user root
Sep 28 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Invalid user kevin from 51.68.138.190
Sep 28 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: input_userauth_request: invalid user kevin [preauth]
Sep 28 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Failed password for invalid user kevin from 51.68.138.190 port 43924 ssh2
Sep 28 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Received disconnect from 51.68.138.190 port 43924:11: Bye Bye [preauth]
Sep 28 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Disconnected from 51.68.138.190 port 43924 [preauth]
Sep 28 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4975]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4973]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: Successful su for rubyman by root
Sep 28 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: + ??? root:rubyman
Sep 28 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309941 of user rubyman.
Sep 28 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309941.
Sep 28 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session closed for user root
Sep 28 18:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4974]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Invalid user ubuntu from 51.68.138.190
Sep 28 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Failed password for invalid user ubuntu from 51.68.138.190 port 52570 ssh2
Sep 28 18:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Received disconnect from 51.68.138.190 port 52570:11: Bye Bye [preauth]
Sep 28 18:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Disconnected from 51.68.138.190 port 52570 [preauth]
Sep 28 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session closed for user root
Sep 28 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5575]: Successful su for rubyman by root
Sep 28 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5575]: + ??? root:rubyman
Sep 28 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309945 of user rubyman.
Sep 28 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5575]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309945.
Sep 28 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user root
Sep 28 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Invalid user nvr from 51.68.138.190
Sep 28 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: input_userauth_request: invalid user nvr [preauth]
Sep 28 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Failed password for invalid user nvr from 51.68.138.190 port 56974 ssh2
Sep 28 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Received disconnect from 51.68.138.190 port 56974:11: Bye Bye [preauth]
Sep 28 18:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Disconnected from 51.68.138.190 port 56974 [preauth]
Sep 28 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4532]: pam_unix(cron:session): session closed for user root
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session closed for user root
Sep 28 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6029]: Successful su for rubyman by root
Sep 28 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6029]: + ??? root:rubyman
Sep 28 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309950 of user rubyman.
Sep 28 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6029]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309950.
Sep 28 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session closed for user root
Sep 28 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session closed for user root
Sep 28 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Failed password for root from 51.68.138.190 port 55880 ssh2
Sep 28 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Received disconnect from 51.68.138.190 port 55880:11: Bye Bye [preauth]
Sep 28 18:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Disconnected from 51.68.138.190 port 55880 [preauth]
Sep 28 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4977]: pam_unix(cron:session): session closed for user root
Sep 28 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6496]: Successful su for rubyman by root
Sep 28 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6496]: + ??? root:rubyman
Sep 28 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309955 of user rubyman.
Sep 28 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6496]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309955.
Sep 28 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3614]: pam_unix(cron:session): session closed for user root
Sep 28 18:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Failed password for root from 51.68.138.190 port 52304 ssh2
Sep 28 18:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Received disconnect from 51.68.138.190 port 52304:11: Bye Bye [preauth]
Sep 28 18:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Disconnected from 51.68.138.190 port 52304 [preauth]
Sep 28 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session closed for user root
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6969]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: Successful su for rubyman by root
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: + ??? root:rubyman
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309960 of user rubyman.
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309960.
Sep 28 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session closed for user root
Sep 28 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6968]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Invalid user caja2 from 51.68.138.190
Sep 28 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: input_userauth_request: invalid user caja2 [preauth]
Sep 28 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Failed password for invalid user caja2 from 51.68.138.190 port 44870 ssh2
Sep 28 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Received disconnect from 51.68.138.190 port 44870:11: Bye Bye [preauth]
Sep 28 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Disconnected from 51.68.138.190 port 44870 [preauth]
Sep 28 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session closed for user root
Sep 28 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7505]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7502]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: Successful su for rubyman by root
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: + ??? root:rubyman
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309963 of user rubyman.
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7573]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309963.
Sep 28 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session closed for user root
Sep 28 18:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7504]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Invalid user vyos from 51.68.138.190
Sep 28 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: input_userauth_request: invalid user vyos [preauth]
Sep 28 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Failed password for invalid user vyos from 51.68.138.190 port 42520 ssh2
Sep 28 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Received disconnect from 51.68.138.190 port 42520:11: Bye Bye [preauth]
Sep 28 18:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Disconnected from 51.68.138.190 port 42520 [preauth]
Sep 28 18:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session closed for user root
Sep 28 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7968]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8153]: Successful su for rubyman by root
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8153]: + ??? root:rubyman
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309967 of user rubyman.
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8153]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309967.
Sep 28 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session closed for user root
Sep 28 18:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4975]: pam_unix(cron:session): session closed for user root
Sep 28 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Invalid user yuan from 51.68.138.190
Sep 28 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: input_userauth_request: invalid user yuan [preauth]
Sep 28 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Failed password for invalid user yuan from 51.68.138.190 port 40016 ssh2
Sep 28 18:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Received disconnect from 51.68.138.190 port 40016:11: Bye Bye [preauth]
Sep 28 18:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Disconnected from 51.68.138.190 port 40016 [preauth]
Sep 28 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6970]: pam_unix(cron:session): session closed for user root
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8565]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8566]: pam_unix(cron:session): session closed for user root
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8646]: Successful su for rubyman by root
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8646]: + ??? root:rubyman
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309976 of user rubyman.
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8646]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309976.
Sep 28 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user root
Sep 28 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5508]: pam_unix(cron:session): session closed for user root
Sep 28 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Failed password for root from 51.68.138.190 port 50608 ssh2
Sep 28 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Received disconnect from 51.68.138.190 port 50608:11: Bye Bye [preauth]
Sep 28 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Disconnected from 51.68.138.190 port 50608 [preauth]
Sep 28 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7506]: pam_unix(cron:session): session closed for user root
Sep 28 18:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Invalid user admin from 51.68.138.190
Sep 28 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: input_userauth_request: invalid user admin [preauth]
Sep 28 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Failed password for invalid user admin from 51.68.138.190 port 58682 ssh2
Sep 28 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Received disconnect from 51.68.138.190 port 58682:11: Bye Bye [preauth]
Sep 28 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Disconnected from 51.68.138.190 port 58682 [preauth]
Sep 28 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: Successful su for rubyman by root
Sep 28 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: + ??? root:rubyman
Sep 28 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309977 of user rubyman.
Sep 28 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9337]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309977.
Sep 28 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session closed for user root
Sep 28 18:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9253]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session closed for user root
Sep 28 18:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: Invalid user tony from 51.68.138.190
Sep 28 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: input_userauth_request: invalid user tony [preauth]
Sep 28 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: Failed password for invalid user tony from 51.68.138.190 port 49464 ssh2
Sep 28 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: Received disconnect from 51.68.138.190 port 49464:11: Bye Bye [preauth]
Sep 28 18:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9791]: Disconnected from 51.68.138.190 port 49464 [preauth]
Sep 28 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9896]: Successful su for rubyman by root
Sep 28 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9896]: + ??? root:rubyman
Sep 28 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309981 of user rubyman.
Sep 28 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9896]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309981.
Sep 28 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user root
Sep 28 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9825]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8565]: pam_unix(cron:session): session closed for user root
Sep 28 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Failed password for root from 51.68.138.190 port 59324 ssh2
Sep 28 18:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Received disconnect from 51.68.138.190 port 59324:11: Bye Bye [preauth]
Sep 28 18:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Disconnected from 51.68.138.190 port 59324 [preauth]
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: Successful su for rubyman by root
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: + ??? root:rubyman
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309985 of user rubyman.
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309985.
Sep 28 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6969]: pam_unix(cron:session): session closed for user root
Sep 28 18:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9256]: pam_unix(cron:session): session closed for user root
Sep 28 18:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10689]: Failed password for root from 51.68.138.190 port 46400 ssh2
Sep 28 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10689]: Received disconnect from 51.68.138.190 port 46400:11: Bye Bye [preauth]
Sep 28 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10689]: Disconnected from 51.68.138.190 port 46400 [preauth]
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10737]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10801]: Successful su for rubyman by root
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10801]: + ??? root:rubyman
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309989 of user rubyman.
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10801]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309989.
Sep 28 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7505]: pam_unix(cron:session): session closed for user root
Sep 28 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Invalid user admin from 139.19.117.131
Sep 28 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: input_userauth_request: invalid user admin [preauth]
Sep 28 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10983]: Connection closed by 139.19.117.131 port 43732 [preauth]
Sep 28 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session closed for user root
Sep 28 18:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Failed password for root from 51.68.138.190 port 46556 ssh2
Sep 28 18:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Received disconnect from 51.68.138.190 port 46556:11: Bye Bye [preauth]
Sep 28 18:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Disconnected from 51.68.138.190 port 46556 [preauth]
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user root
Sep 28 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: Successful su for rubyman by root
Sep 28 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: + ??? root:rubyman
Sep 28 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 309998 of user rubyman.
Sep 28 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 309998.
Sep 28 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session closed for user root
Sep 28 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session closed for user root
Sep 28 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10287]: pam_unix(cron:session): session closed for user root
Sep 28 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Failed password for root from 51.68.138.190 port 36130 ssh2
Sep 28 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Received disconnect from 51.68.138.190 port 36130:11: Bye Bye [preauth]
Sep 28 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Disconnected from 51.68.138.190 port 36130 [preauth]
Sep 28 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Invalid user admin from 93.152.230.176
Sep 28 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: input_userauth_request: invalid user admin [preauth]
Sep 28 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Failed password for invalid user admin from 93.152.230.176 port 21613 ssh2
Sep 28 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Received disconnect from 93.152.230.176 port 21613:11: Client disconnecting normally [preauth]
Sep 28 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Disconnected from 93.152.230.176 port 21613 [preauth]
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11796]: Successful su for rubyman by root
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11796]: + ??? root:rubyman
Sep 28 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310000 of user rubyman.
Sep 28 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11796]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310000.
Sep 28 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session closed for user root
Sep 28 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Invalid user six from 20.163.71.109
Sep 28 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: input_userauth_request: invalid user six [preauth]
Sep 28 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 18:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Failed password for invalid user six from 20.163.71.109 port 36148 ssh2
Sep 28 18:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Connection closed by 20.163.71.109 port 36148 [preauth]
Sep 28 18:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Invalid user deploy from 51.68.138.190
Sep 28 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: input_userauth_request: invalid user deploy [preauth]
Sep 28 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Failed password for invalid user deploy from 51.68.138.190 port 49210 ssh2
Sep 28 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Received disconnect from 51.68.138.190 port 49210:11: Bye Bye [preauth]
Sep 28 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12062]: Disconnected from 51.68.138.190 port 49210 [preauth]
Sep 28 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user root
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12159]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: Successful su for rubyman by root
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: + ??? root:rubyman
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310003 of user rubyman.
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12233]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310003.
Sep 28 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session closed for user root
Sep 28 18:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.137.255.140  user=root
Sep 28 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Failed password for root from 23.137.255.140 port 34228 ssh2
Sep 28 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Received disconnect from 23.137.255.140 port 34228:11: Bye Bye [preauth]
Sep 28 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Disconnected from 23.137.255.140 port 34228 [preauth]
Sep 28 18:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Failed password for root from 51.68.138.190 port 42314 ssh2
Sep 28 18:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Received disconnect from 51.68.138.190 port 42314:11: Bye Bye [preauth]
Sep 28 18:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Disconnected from 51.68.138.190 port 42314 [preauth]
Sep 28 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user root
Sep 28 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12679]: Successful su for rubyman by root
Sep 28 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12679]: + ??? root:rubyman
Sep 28 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310007 of user rubyman.
Sep 28 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12679]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310007.
Sep 28 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session closed for user root
Sep 28 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Invalid user kkk from 51.68.138.190
Sep 28 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: input_userauth_request: invalid user kkk [preauth]
Sep 28 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Failed password for invalid user kkk from 51.68.138.190 port 57252 ssh2
Sep 28 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Received disconnect from 51.68.138.190 port 57252:11: Bye Bye [preauth]
Sep 28 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Disconnected from 51.68.138.190 port 57252 [preauth]
Sep 28 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user root
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: Successful su for rubyman by root
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: + ??? root:rubyman
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310014 of user rubyman.
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310014.
Sep 28 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10286]: pam_unix(cron:session): session closed for user root
Sep 28 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Invalid user mila from 51.68.138.190
Sep 28 18:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: input_userauth_request: invalid user mila [preauth]
Sep 28 18:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for invalid user mila from 51.68.138.190 port 51100 ssh2
Sep 28 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Received disconnect from 51.68.138.190 port 51100:11: Bye Bye [preauth]
Sep 28 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Disconnected from 51.68.138.190 port 51100 [preauth]
Sep 28 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12159]: pam_unix(cron:session): session closed for user root
Sep 28 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session closed for user root
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: Successful su for rubyman by root
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: + ??? root:rubyman
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310015 of user rubyman.
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310015.
Sep 28 18:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session closed for user root
Sep 28 18:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session closed for user root
Sep 28 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Invalid user nexus from 51.68.138.190
Sep 28 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: input_userauth_request: invalid user nexus [preauth]
Sep 28 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Failed password for invalid user nexus from 51.68.138.190 port 45806 ssh2
Sep 28 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Received disconnect from 51.68.138.190 port 45806:11: Bye Bye [preauth]
Sep 28 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13833]: Disconnected from 51.68.138.190 port 45806 [preauth]
Sep 28 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session closed for user root
Sep 28 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13958]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: Successful su for rubyman by root
Sep 28 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: + ??? root:rubyman
Sep 28 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310023 of user rubyman.
Sep 28 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310023.
Sep 28 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user root
Sep 28 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Invalid user teamcity from 51.68.138.190
Sep 28 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: input_userauth_request: invalid user teamcity [preauth]
Sep 28 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user teamcity from 51.68.138.190 port 40118 ssh2
Sep 28 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Received disconnect from 51.68.138.190 port 40118:11: Bye Bye [preauth]
Sep 28 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Disconnected from 51.68.138.190 port 40118 [preauth]
Sep 28 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session closed for user root
Sep 28 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Did not receive identification string from 223.86.84.208
Sep 28 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.86.84.208  user=root
Sep 28 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for root from 223.86.84.208 port 36674 ssh2
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: Successful su for rubyman by root
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: + ??? root:rubyman
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310025 of user rubyman.
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310025.
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Connection closed by 223.86.84.208 port 36674 [preauth]
Sep 28 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.86.84.208  user=root
Sep 28 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user root
Sep 28 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Failed password for root from 223.86.84.208 port 36686 ssh2
Sep 28 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Connection closed by 223.86.84.208 port 36686 [preauth]
Sep 28 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.86.84.208  user=root
Sep 28 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Failed password for root from 223.86.84.208 port 36696 ssh2
Sep 28 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Connection closed by 223.86.84.208 port 36696 [preauth]
Sep 28 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.86.84.208  user=root
Sep 28 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: Failed password for root from 223.86.84.208 port 49430 ssh2
Sep 28 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: Invalid user root1 from 51.68.138.190
Sep 28 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: input_userauth_request: invalid user root1 [preauth]
Sep 28 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: Failed password for invalid user root1 from 51.68.138.190 port 53492 ssh2
Sep 28 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: Received disconnect from 51.68.138.190 port 53492:11: Bye Bye [preauth]
Sep 28 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: Disconnected from 51.68.138.190 port 53492 [preauth]
Sep 28 18:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session closed for user root
Sep 28 18:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Invalid user local from 46.101.170.54
Sep 28 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: input_userauth_request: invalid user local [preauth]
Sep 28 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 18:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Failed password for invalid user local from 46.101.170.54 port 43814 ssh2
Sep 28 18:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Connection closed by 46.101.170.54 port 43814 [preauth]
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14962]: Successful su for rubyman by root
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14962]: + ??? root:rubyman
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310029 of user rubyman.
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14962]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310029.
Sep 28 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session closed for user root
Sep 28 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Invalid user eloa from 51.68.138.190
Sep 28 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: input_userauth_request: invalid user eloa [preauth]
Sep 28 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Failed password for invalid user eloa from 51.68.138.190 port 39798 ssh2
Sep 28 18:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Received disconnect from 51.68.138.190 port 39798:11: Bye Bye [preauth]
Sep 28 18:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Disconnected from 51.68.138.190 port 39798 [preauth]
Sep 28 18:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user root
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15391]: Successful su for rubyman by root
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15391]: + ??? root:rubyman
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310036 of user rubyman.
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15391]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310036.
Sep 28 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Invalid user mt from 51.68.138.190
Sep 28 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: input_userauth_request: invalid user mt [preauth]
Sep 28 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Failed password for invalid user mt from 51.68.138.190 port 35284 ssh2
Sep 28 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Received disconnect from 51.68.138.190 port 35284:11: Bye Bye [preauth]
Sep 28 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Disconnected from 51.68.138.190 port 35284 [preauth]
Sep 28 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session closed for user root
Sep 28 18:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14470]: pam_unix(cron:session): session closed for user root
Sep 28 18:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190  user=root
Sep 28 18:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15734]: Failed password for root from 51.68.138.190 port 52194 ssh2
Sep 28 18:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15734]: Received disconnect from 51.68.138.190 port 52194:11: Bye Bye [preauth]
Sep 28 18:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15734]: Disconnected from 51.68.138.190 port 52194 [preauth]
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session closed for user root
Sep 28 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15815]: Successful su for rubyman by root
Sep 28 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15815]: + ??? root:rubyman
Sep 28 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310039 of user rubyman.
Sep 28 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15815]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310039.
Sep 28 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user root
Sep 28 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session closed for user root
Sep 28 18:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14900]: pam_unix(cron:session): session closed for user root
Sep 28 18:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Invalid user user from 62.60.131.157
Sep 28 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: input_userauth_request: invalid user user [preauth]
Sep 28 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user user from 62.60.131.157 port 42769 ssh2
Sep 28 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user user from 62.60.131.157 port 42769 ssh2
Sep 28 18:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Invalid user pivpn from 51.68.138.190
Sep 28 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: input_userauth_request: invalid user pivpn [preauth]
Sep 28 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.138.190
Sep 28 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user user from 62.60.131.157 port 42769 ssh2
Sep 28 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Failed password for invalid user pivpn from 51.68.138.190 port 59294 ssh2
Sep 28 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Received disconnect from 51.68.138.190 port 59294:11: Bye Bye [preauth]
Sep 28 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Disconnected from 51.68.138.190 port 59294 [preauth]
Sep 28 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user user from 62.60.131.157 port 42769 ssh2
Sep 28 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user user from 62.60.131.157 port 42769 ssh2
Sep 28 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Received disconnect from 62.60.131.157 port 42769:11: Bye [preauth]
Sep 28 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Disconnected from 62.60.131.157 port 42769 [preauth]
Sep 28 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: Successful su for rubyman by root
Sep 28 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: + ??? root:rubyman
Sep 28 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310045 of user rubyman.
Sep 28 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310045.
Sep 28 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session closed for user root
Sep 28 18:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session closed for user root
Sep 28 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: Successful su for rubyman by root
Sep 28 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: + ??? root:rubyman
Sep 28 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310048 of user rubyman.
Sep 28 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310048.
Sep 28 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session closed for user root
Sep 28 18:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Invalid user dj from 190.103.202.7
Sep 28 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: input_userauth_request: invalid user dj [preauth]
Sep 28 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 18:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Failed password for invalid user dj from 190.103.202.7 port 48512 ssh2
Sep 28 18:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Connection closed by 190.103.202.7 port 48512 [preauth]
Sep 28 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session closed for user root
Sep 28 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17162]: Successful su for rubyman by root
Sep 28 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17162]: + ??? root:rubyman
Sep 28 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310052 of user rubyman.
Sep 28 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17162]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310052.
Sep 28 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session closed for user root
Sep 28 18:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session closed for user root
Sep 28 18:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Invalid user admin from 93.152.230.176
Sep 28 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: input_userauth_request: invalid user admin [preauth]
Sep 28 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 18:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Failed password for invalid user admin from 93.152.230.176 port 41655 ssh2
Sep 28 18:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Received disconnect from 93.152.230.176 port 41655:11: Client disconnecting normally [preauth]
Sep 28 18:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Disconnected from 93.152.230.176 port 41655 [preauth]
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session closed for user p13x
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17600]: Successful su for rubyman by root
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17600]: + ??? root:rubyman
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310055 of user rubyman.
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17600]: pam_unix(su:session): session closed for user rubyman
Sep 28 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310055.
Sep 28 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session closed for user root
Sep 28 18:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session closed for user samftp
Sep 28 18:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16650]: pam_unix(cron:session): session closed for user root
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18083]: pam_unix(cron:session): session closed for user root
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session closed for user root
Sep 28 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: Successful su for rubyman by root
Sep 28 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: + ??? root:rubyman
Sep 28 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310062 of user rubyman.
Sep 28 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310062.
Sep 28 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user root
Sep 28 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session closed for user root
Sep 28 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17088]: pam_unix(cron:session): session closed for user root
Sep 28 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: Successful su for rubyman by root
Sep 28 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: + ??? root:rubyman
Sep 28 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310066 of user rubyman.
Sep 28 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18978]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310066.
Sep 28 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session closed for user root
Sep 28 19:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17533]: pam_unix(cron:session): session closed for user root
Sep 28 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19703]: Successful su for rubyman by root
Sep 28 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19703]: + ??? root:rubyman
Sep 28 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310070 of user rubyman.
Sep 28 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19703]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310070.
Sep 28 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session closed for user root
Sep 28 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19568]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18082]: pam_unix(cron:session): session closed for user root
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: Successful su for rubyman by root
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: + ??? root:rubyman
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310075 of user rubyman.
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20272]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310075.
Sep 28 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session closed for user root
Sep 28 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20180]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session closed for user root
Sep 28 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: Successful su for rubyman by root
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: + ??? root:rubyman
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310078 of user rubyman.
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310078.
Sep 28 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session closed for user root
Sep 28 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20645]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19571]: pam_unix(cron:session): session closed for user root
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user root
Sep 28 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21103]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: Successful su for rubyman by root
Sep 28 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: + ??? root:rubyman
Sep 28 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310087 of user rubyman.
Sep 28 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310087.
Sep 28 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user root
Sep 28 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17532]: pam_unix(cron:session): session closed for user root
Sep 28 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session closed for user root
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21559]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: Successful su for rubyman by root
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: + ??? root:rubyman
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310088 of user rubyman.
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310088.
Sep 28 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18081]: pam_unix(cron:session): session closed for user root
Sep 28 19:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21560]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20648]: pam_unix(cron:session): session closed for user root
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22008]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22074]: Successful su for rubyman by root
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22074]: + ??? root:rubyman
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310092 of user rubyman.
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22074]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310092.
Sep 28 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user root
Sep 28 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user root
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: Successful su for rubyman by root
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: + ??? root:rubyman
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310096 of user rubyman.
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22516]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310096.
Sep 28 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19570]: pam_unix(cron:session): session closed for user root
Sep 28 19:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21563]: pam_unix(cron:session): session closed for user root
Sep 28 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23311]: Successful su for rubyman by root
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23311]: + ??? root:rubyman
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310100 of user rubyman.
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23311]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310100.
Sep 28 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session closed for user root
Sep 28 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session closed for user root
Sep 28 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22008]: pam_unix(cron:session): session closed for user root
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session closed for user root
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24008]: Successful su for rubyman by root
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24008]: + ??? root:rubyman
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310107 of user rubyman.
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24008]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310107.
Sep 28 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session closed for user root
Sep 28 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20647]: pam_unix(cron:session): session closed for user root
Sep 28 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user root
Sep 28 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24459]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24460]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24456]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24537]: Successful su for rubyman by root
Sep 28 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24537]: + ??? root:rubyman
Sep 28 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310113 of user rubyman.
Sep 28 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24537]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310113.
Sep 28 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user root
Sep 28 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24457]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23126]: pam_unix(cron:session): session closed for user root
Sep 28 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Invalid user default from 93.152.230.176
Sep 28 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: input_userauth_request: invalid user default [preauth]
Sep 28 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Failed password for invalid user default from 93.152.230.176 port 37784 ssh2
Sep 28 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Received disconnect from 93.152.230.176 port 37784:11: Client disconnecting normally [preauth]
Sep 28 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Disconnected from 93.152.230.176 port 37784 [preauth]
Sep 28 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24905]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24983]: Successful su for rubyman by root
Sep 28 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24983]: + ??? root:rubyman
Sep 28 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310117 of user rubyman.
Sep 28 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24983]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310117.
Sep 28 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21561]: pam_unix(cron:session): session closed for user root
Sep 28 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24906]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23929]: pam_unix(cron:session): session closed for user root
Sep 28 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25598]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: Successful su for rubyman by root
Sep 28 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: + ??? root:rubyman
Sep 28 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310122 of user rubyman.
Sep 28 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25661]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310122.
Sep 28 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22006]: pam_unix(cron:session): session closed for user root
Sep 28 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24460]: pam_unix(cron:session): session closed for user root
Sep 28 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Invalid user admin2 from 164.68.105.9
Sep 28 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: input_userauth_request: invalid user admin2 [preauth]
Sep 28 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Failed password for invalid user admin2 from 164.68.105.9 port 54994 ssh2
Sep 28 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Connection closed by 164.68.105.9 port 54994 [preauth]
Sep 28 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: Successful su for rubyman by root
Sep 28 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: + ??? root:rubyman
Sep 28 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310123 of user rubyman.
Sep 28 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26226]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310123.
Sep 28 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user root
Sep 28 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session closed for user root
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26717]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26719]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26720]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26720]: pam_unix(cron:session): session closed for user root
Sep 28 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26715]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: Successful su for rubyman by root
Sep 28 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: + ??? root:rubyman
Sep 28 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310129 of user rubyman.
Sep 28 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310129.
Sep 28 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26717]: pam_unix(cron:session): session closed for user root
Sep 28 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user root
Sep 28 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26716]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user root
Sep 28 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27300]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27396]: Successful su for rubyman by root
Sep 28 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27396]: + ??? root:rubyman
Sep 28 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310133 of user rubyman.
Sep 28 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27396]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310133.
Sep 28 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user root
Sep 28 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Invalid user admin from 78.128.112.74
Sep 28 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: input_userauth_request: invalid user admin [preauth]
Sep 28 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Failed password for invalid user admin from 78.128.112.74 port 43542 ssh2
Sep 28 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Connection closed by 78.128.112.74 port 43542 [preauth]
Sep 28 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user root
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session closed for user root
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27945]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28020]: Successful su for rubyman by root
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28020]: + ??? root:rubyman
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310137 of user rubyman.
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28020]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310137.
Sep 28 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24459]: pam_unix(cron:session): session closed for user root
Sep 28 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27947]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26719]: pam_unix(cron:session): session closed for user root
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28482]: Successful su for rubyman by root
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28482]: + ??? root:rubyman
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310142 of user rubyman.
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28482]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310142.
Sep 28 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24907]: pam_unix(cron:session): session closed for user root
Sep 28 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27303]: pam_unix(cron:session): session closed for user root
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29079]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: Successful su for rubyman by root
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: + ??? root:rubyman
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310146 of user rubyman.
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310146.
Sep 28 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25598]: pam_unix(cron:session): session closed for user root
Sep 28 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29080]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27949]: pam_unix(cron:session): session closed for user root
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session closed for user root
Sep 28 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29622]: Successful su for rubyman by root
Sep 28 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29622]: + ??? root:rubyman
Sep 28 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310155 of user rubyman.
Sep 28 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29622]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310155.
Sep 28 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session closed for user root
Sep 28 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session closed for user root
Sep 28 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session closed for user root
Sep 28 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30139]: Successful su for rubyman by root
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30139]: + ??? root:rubyman
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310157 of user rubyman.
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30139]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310157.
Sep 28 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26718]: pam_unix(cron:session): session closed for user root
Sep 28 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session closed for user root
Sep 28 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: Successful su for rubyman by root
Sep 28 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: + ??? root:rubyman
Sep 28 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310161 of user rubyman.
Sep 28 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310161.
Sep 28 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27302]: pam_unix(cron:session): session closed for user root
Sep 28 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session closed for user root
Sep 28 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: Successful su for rubyman by root
Sep 28 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: + ??? root:rubyman
Sep 28 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310165 of user rubyman.
Sep 28 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31175]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310165.
Sep 28 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27948]: pam_unix(cron:session): session closed for user root
Sep 28 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session closed for user root
Sep 28 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31587]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: Successful su for rubyman by root
Sep 28 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: + ??? root:rubyman
Sep 28 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310169 of user rubyman.
Sep 28 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310169.
Sep 28 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user root
Sep 28 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31588]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Invalid user ubnt from 93.152.230.176
Sep 28 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: input_userauth_request: invalid user ubnt [preauth]
Sep 28 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Failed password for invalid user ubnt from 93.152.230.176 port 3658 ssh2
Sep 28 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Received disconnect from 93.152.230.176 port 3658:11: Client disconnecting normally [preauth]
Sep 28 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Disconnected from 93.152.230.176 port 3658 [preauth]
Sep 28 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session closed for user root
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32018]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session closed for user root
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32016]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: Successful su for rubyman by root
Sep 28 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: + ??? root:rubyman
Sep 28 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310177 of user rubyman.
Sep 28 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310177.
Sep 28 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29081]: pam_unix(cron:session): session closed for user root
Sep 28 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32018]: pam_unix(cron:session): session closed for user root
Sep 28 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32017]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user root
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: Successful su for rubyman by root
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: + ??? root:rubyman
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310178 of user rubyman.
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310178.
Sep 28 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session closed for user root
Sep 28 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session closed for user root
Sep 28 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[459]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[534]: Successful su for rubyman by root
Sep 28 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[534]: + ??? root:rubyman
Sep 28 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310182 of user rubyman.
Sep 28 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[534]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310182.
Sep 28 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30059]: pam_unix(cron:session): session closed for user root
Sep 28 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[460]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session closed for user root
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[945]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[942]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1056]: Successful su for rubyman by root
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1056]: + ??? root:rubyman
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310188 of user rubyman.
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1056]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310188.
Sep 28 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session closed for user root
Sep 28 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session closed for user root
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1464]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: Successful su for rubyman by root
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: + ??? root:rubyman
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310190 of user rubyman.
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310190.
Sep 28 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user root
Sep 28 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1465]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[462]: pam_unix(cron:session): session closed for user root
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1904]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session closed for user root
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1902]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: Successful su for rubyman by root
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: + ??? root:rubyman
Sep 28 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310196 of user rubyman.
Sep 28 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1983]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310196.
Sep 28 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1904]: pam_unix(cron:session): session closed for user root
Sep 28 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session closed for user root
Sep 28 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1903]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[945]: pam_unix(cron:session): session closed for user root
Sep 28 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2368]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: Successful su for rubyman by root
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: + ??? root:rubyman
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310201 of user rubyman.
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310201.
Sep 28 19:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2369]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session closed for user root
Sep 28 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1467]: pam_unix(cron:session): session closed for user root
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2811]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2873]: Successful su for rubyman by root
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2873]: + ??? root:rubyman
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310204 of user rubyman.
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2873]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310204.
Sep 28 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session closed for user root
Sep 28 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user root
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: Successful su for rubyman by root
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: + ??? root:rubyman
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310208 of user rubyman.
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3298]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310208.
Sep 28 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[461]: pam_unix(cron:session): session closed for user root
Sep 28 19:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session closed for user root
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3712]: Successful su for rubyman by root
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3712]: + ??? root:rubyman
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310213 of user rubyman.
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3712]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310213.
Sep 28 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session closed for user root
Sep 28 19:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2812]: pam_unix(cron:session): session closed for user root
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session closed for user root
Sep 28 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: Successful su for rubyman by root
Sep 28 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: + ??? root:rubyman
Sep 28 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310217 of user rubyman.
Sep 28 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4174]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310217.
Sep 28 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user root
Sep 28 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1466]: pam_unix(cron:session): session closed for user root
Sep 28 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4088]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3231]: pam_unix(cron:session): session closed for user root
Sep 28 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: Successful su for rubyman by root
Sep 28 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: + ??? root:rubyman
Sep 28 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310222 of user rubyman.
Sep 28 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310222.
Sep 28 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1905]: pam_unix(cron:session): session closed for user root
Sep 28 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session closed for user root
Sep 28 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5010]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5004]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: Successful su for rubyman by root
Sep 28 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: + ??? root:rubyman
Sep 28 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310226 of user rubyman.
Sep 28 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310226.
Sep 28 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session closed for user root
Sep 28 19:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5005]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Invalid user admin from 93.152.230.176
Sep 28 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: input_userauth_request: invalid user admin [preauth]
Sep 28 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for invalid user admin from 93.152.230.176 port 32649 ssh2
Sep 28 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Received disconnect from 93.152.230.176 port 32649:11: Client disconnecting normally [preauth]
Sep 28 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Disconnected from 93.152.230.176 port 32649 [preauth]
Sep 28 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session closed for user root
Sep 28 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5542]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: Successful su for rubyman by root
Sep 28 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: + ??? root:rubyman
Sep 28 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310230 of user rubyman.
Sep 28 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310230.
Sep 28 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2811]: pam_unix(cron:session): session closed for user root
Sep 28 19:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session closed for user root
Sep 28 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6131]: Successful su for rubyman by root
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6131]: + ??? root:rubyman
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310235 of user rubyman.
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6131]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310235.
Sep 28 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session closed for user root
Sep 28 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user root
Sep 28 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5984]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Invalid user admin from 80.94.95.112
Sep 28 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: input_userauth_request: invalid user admin [preauth]
Sep 28 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 19:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user admin from 80.94.95.112 port 48246 ssh2
Sep 28 19:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user admin from 80.94.95.112 port 48246 ssh2
Sep 28 19:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user admin from 80.94.95.112 port 48246 ssh2
Sep 28 19:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user admin from 80.94.95.112 port 48246 ssh2
Sep 28 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for invalid user admin from 80.94.95.112 port 48246 ssh2
Sep 28 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Received disconnect from 80.94.95.112 port 48246:11: Bye [preauth]
Sep 28 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Disconnected from 80.94.95.112 port 48246 [preauth]
Sep 28 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 19:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5010]: pam_unix(cron:session): session closed for user root
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session closed for user root
Sep 28 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6691]: Successful su for rubyman by root
Sep 28 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6691]: + ??? root:rubyman
Sep 28 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310239 of user rubyman.
Sep 28 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6691]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310239.
Sep 28 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session closed for user root
Sep 28 19:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session closed for user root
Sep 28 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5543]: pam_unix(cron:session): session closed for user root
Sep 28 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7131]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: Successful su for rubyman by root
Sep 28 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: + ??? root:rubyman
Sep 28 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310245 of user rubyman.
Sep 28 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310245.
Sep 28 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session closed for user root
Sep 28 19:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7132]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user root
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7634]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7709]: Successful su for rubyman by root
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7709]: + ??? root:rubyman
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310251 of user rubyman.
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7709]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310251.
Sep 28 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user root
Sep 28 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session closed for user root
Sep 28 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8203]: Successful su for rubyman by root
Sep 28 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8203]: + ??? root:rubyman
Sep 28 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310255 of user rubyman.
Sep 28 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8203]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310255.
Sep 28 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5009]: pam_unix(cron:session): session closed for user root
Sep 28 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user root
Sep 28 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Invalid user admin from 139.19.117.131
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: input_userauth_request: invalid user admin [preauth]
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8667]: Successful su for rubyman by root
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8667]: + ??? root:rubyman
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310257 of user rubyman.
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8667]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310257.
Sep 28 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5542]: pam_unix(cron:session): session closed for user root
Sep 28 19:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Connection closed by 139.19.117.131 port 33008 [preauth]
Sep 28 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7638]: pam_unix(cron:session): session closed for user root
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9243]: pam_unix(cron:session): session closed for user root
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9238]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: Successful su for rubyman by root
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: + ??? root:rubyman
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310261 of user rubyman.
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310261.
Sep 28 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9240]: pam_unix(cron:session): session closed for user root
Sep 28 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session closed for user root
Sep 28 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9239]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8127]: pam_unix(cron:session): session closed for user root
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9917]: Successful su for rubyman by root
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9917]: + ??? root:rubyman
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310267 of user rubyman.
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9917]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310267.
Sep 28 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user root
Sep 28 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session closed for user root
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: Successful su for rubyman by root
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: + ??? root:rubyman
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310271 of user rubyman.
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10379]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310271.
Sep 28 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user root
Sep 28 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session closed for user root
Sep 28 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Did not receive identification string from 80.82.70.133
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: Did not receive identification string from 94.102.49.155
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Connection closed by 94.102.49.155 port 17465 [preauth]
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10820]: Successful su for rubyman by root
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10820]: + ??? root:rubyman
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310275 of user rubyman.
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10820]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310275.
Sep 28 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7637]: pam_unix(cron:session): session closed for user root
Sep 28 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9842]: pam_unix(cron:session): session closed for user root
Sep 28 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: Successful su for rubyman by root
Sep 28 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: + ??? root:rubyman
Sep 28 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310279 of user rubyman.
Sep 28 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310279.
Sep 28 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session closed for user root
Sep 28 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user root
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Invalid user alarm from 93.152.230.176
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: input_userauth_request: invalid user alarm [preauth]
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11604]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session closed for user root
Sep 28 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11774]: Successful su for rubyman by root
Sep 28 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11774]: + ??? root:rubyman
Sep 28 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310285 of user rubyman.
Sep 28 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11774]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310285.
Sep 28 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Failed password for invalid user alarm from 93.152.230.176 port 57687 ssh2
Sep 28 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Received disconnect from 93.152.230.176 port 57687:11: Client disconnecting normally [preauth]
Sep 28 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Disconnected from 93.152.230.176 port 57687 [preauth]
Sep 28 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session closed for user root
Sep 28 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session closed for user root
Sep 28 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11602]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session closed for user root
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12159]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: Successful su for rubyman by root
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: + ??? root:rubyman
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310290 of user rubyman.
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310290.
Sep 28 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session closed for user root
Sep 28 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session closed for user root
Sep 28 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12602]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12600]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: Successful su for rubyman by root
Sep 28 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: + ??? root:rubyman
Sep 28 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310293 of user rubyman.
Sep 28 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310293.
Sep 28 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session closed for user root
Sep 28 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12601]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11605]: pam_unix(cron:session): session closed for user root
Sep 28 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: Successful su for rubyman by root
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: + ??? root:rubyman
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310299 of user rubyman.
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13127]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310299.
Sep 28 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10304]: pam_unix(cron:session): session closed for user root
Sep 28 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12160]: pam_unix(cron:session): session closed for user root
Sep 28 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13562]: Successful su for rubyman by root
Sep 28 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13562]: + ??? root:rubyman
Sep 28 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310302 of user rubyman.
Sep 28 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13562]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310302.
Sep 28 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session closed for user root
Sep 28 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12606]: pam_unix(cron:session): session closed for user root
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13922]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13925]: pam_unix(cron:session): session closed for user root
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13918]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: Successful su for rubyman by root
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: + ??? root:rubyman
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310307 of user rubyman.
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13991]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310307.
Sep 28 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13922]: pam_unix(cron:session): session closed for user root
Sep 28 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session closed for user root
Sep 28 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session closed for user root
Sep 28 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14524]: Successful su for rubyman by root
Sep 28 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14524]: + ??? root:rubyman
Sep 28 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310312 of user rubyman.
Sep 28 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14524]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310312.
Sep 28 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11604]: pam_unix(cron:session): session closed for user root
Sep 28 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: Failed password for root from 46.101.170.54 port 57586 ssh2
Sep 28 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: Connection closed by 46.101.170.54 port 57586 [preauth]
Sep 28 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session closed for user root
Sep 28 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14885]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14884]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14945]: Successful su for rubyman by root
Sep 28 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14945]: + ??? root:rubyman
Sep 28 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310315 of user rubyman.
Sep 28 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14945]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310315.
Sep 28 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12159]: pam_unix(cron:session): session closed for user root
Sep 28 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Invalid user user from 62.60.131.157
Sep 28 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: input_userauth_request: invalid user user [preauth]
Sep 28 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 19:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for invalid user user from 62.60.131.157 port 48718 ssh2
Sep 28 19:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for invalid user user from 62.60.131.157 port 48718 ssh2
Sep 28 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for invalid user user from 62.60.131.157 port 48718 ssh2
Sep 28 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for invalid user user from 62.60.131.157 port 48718 ssh2
Sep 28 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for invalid user user from 62.60.131.157 port 48718 ssh2
Sep 28 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Received disconnect from 62.60.131.157 port 48718:11: Bye [preauth]
Sep 28 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Disconnected from 62.60.131.157 port 48718 [preauth]
Sep 28 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13924]: pam_unix(cron:session): session closed for user root
Sep 28 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15371]: Successful su for rubyman by root
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15371]: + ??? root:rubyman
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310320 of user rubyman.
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15371]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310320.
Sep 28 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12602]: pam_unix(cron:session): session closed for user root
Sep 28 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15300]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session closed for user root
Sep 28 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15719]: pam_unix(cron:session): session closed for user p13x
Sep 28 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: Successful su for rubyman by root
Sep 28 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: + ??? root:rubyman
Sep 28 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310324 of user rubyman.
Sep 28 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: pam_unix(su:session): session closed for user rubyman
Sep 28 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310324.
Sep 28 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session closed for user root
Sep 28 19:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session closed for user samftp
Sep 28 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Invalid user csgoserver from 197.199.224.52
Sep 28 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: input_userauth_request: invalid user csgoserver [preauth]
Sep 28 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Failed password for invalid user csgoserver from 197.199.224.52 port 47662 ssh2
Sep 28 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Received disconnect from 197.199.224.52 port 47662:11: Bye Bye [preauth]
Sep 28 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Disconnected from 197.199.224.52 port 47662 [preauth]
Sep 28 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14885]: pam_unix(cron:session): session closed for user root
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session closed for user root
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session closed for user root
Sep 28 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16130]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16249]: Successful su for rubyman by root
Sep 28 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16249]: + ??? root:rubyman
Sep 28 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310332 of user rubyman.
Sep 28 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16249]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310332.
Sep 28 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session closed for user root
Sep 28 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user root
Sep 28 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Invalid user user1 from 134.199.225.42
Sep 28 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: input_userauth_request: invalid user user1 [preauth]
Sep 28 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Failed password for invalid user user1 from 134.199.225.42 port 57204 ssh2
Sep 28 20:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Received disconnect from 134.199.225.42 port 57204:11: Bye Bye [preauth]
Sep 28 20:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Disconnected from 134.199.225.42 port 57204 [preauth]
Sep 28 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session closed for user root
Sep 28 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16679]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16764]: Successful su for rubyman by root
Sep 28 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16764]: + ??? root:rubyman
Sep 28 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310334 of user rubyman.
Sep 28 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16764]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310334.
Sep 28 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13923]: pam_unix(cron:session): session closed for user root
Sep 28 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=git@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 28 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=git rhost=::ffff:45.142.193.185
Sep 28 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session closed for user root
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17221]: Successful su for rubyman by root
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17221]: + ??? root:rubyman
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310339 of user rubyman.
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17221]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310339.
Sep 28 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14452]: pam_unix(cron:session): session closed for user root
Sep 28 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Failed password for root from 197.199.224.52 port 34222 ssh2
Sep 28 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Received disconnect from 197.199.224.52 port 34222:11: Bye Bye [preauth]
Sep 28 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Disconnected from 197.199.224.52 port 34222 [preauth]
Sep 28 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Invalid user mourad from 134.199.225.42
Sep 28 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: input_userauth_request: invalid user mourad [preauth]
Sep 28 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for invalid user mourad from 134.199.225.42 port 43136 ssh2
Sep 28 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Received disconnect from 134.199.225.42 port 43136:11: Bye Bye [preauth]
Sep 28 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Disconnected from 134.199.225.42 port 43136 [preauth]
Sep 28 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session closed for user root
Sep 28 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Invalid user admin from 93.152.230.176
Sep 28 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for invalid user admin from 93.152.230.176 port 54249 ssh2
Sep 28 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Received disconnect from 93.152.230.176 port 54249:11: Client disconnecting normally [preauth]
Sep 28 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Disconnected from 93.152.230.176 port 54249 [preauth]
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17597]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17595]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: Successful su for rubyman by root
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: + ??? root:rubyman
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310343 of user rubyman.
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310343.
Sep 28 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14884]: pam_unix(cron:session): session closed for user root
Sep 28 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17596]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Failed password for root from 197.199.224.52 port 59158 ssh2
Sep 28 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Received disconnect from 197.199.224.52 port 59158:11: Bye Bye [preauth]
Sep 28 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Disconnected from 197.199.224.52 port 59158 [preauth]
Sep 28 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for root from 134.199.225.42 port 34562 ssh2
Sep 28 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Received disconnect from 134.199.225.42 port 34562:11: Bye Bye [preauth]
Sep 28 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Disconnected from 134.199.225.42 port 34562 [preauth]
Sep 28 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session closed for user root
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: Successful su for rubyman by root
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: + ??? root:rubyman
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310346 of user rubyman.
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310346.
Sep 28 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session closed for user root
Sep 28 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Failed password for root from 134.199.225.42 port 33756 ssh2
Sep 28 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Received disconnect from 134.199.225.42 port 33756:11: Bye Bye [preauth]
Sep 28 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Disconnected from 134.199.225.42 port 33756 [preauth]
Sep 28 20:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Invalid user redis from 197.199.224.52
Sep 28 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: input_userauth_request: invalid user redis [preauth]
Sep 28 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Failed password for invalid user redis from 197.199.224.52 port 55870 ssh2
Sep 28 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Received disconnect from 197.199.224.52 port 55870:11: Bye Bye [preauth]
Sep 28 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Disconnected from 197.199.224.52 port 55870 [preauth]
Sep 28 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17156]: pam_unix(cron:session): session closed for user root
Sep 28 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Invalid user deploy from 134.199.225.42
Sep 28 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: input_userauth_request: invalid user deploy [preauth]
Sep 28 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session closed for user root
Sep 28 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Failed password for invalid user deploy from 134.199.225.42 port 55146 ssh2
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Received disconnect from 134.199.225.42 port 55146:11: Bye Bye [preauth]
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18851]: Disconnected from 134.199.225.42 port 55146 [preauth]
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: Successful su for rubyman by root
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: + ??? root:rubyman
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310353 of user rubyman.
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310353.
Sep 28 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session closed for user root
Sep 28 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
Sep 28 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Failed password for root from 197.199.224.52 port 52576 ssh2
Sep 28 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Received disconnect from 197.199.224.52 port 52576:11: Bye Bye [preauth]
Sep 28 20:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Disconnected from 197.199.224.52 port 52576 [preauth]
Sep 28 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session closed for user root
Sep 28 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Invalid user guest from 134.199.225.42
Sep 28 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: input_userauth_request: invalid user guest [preauth]
Sep 28 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Failed password for invalid user guest from 134.199.225.42 port 58806 ssh2
Sep 28 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Received disconnect from 134.199.225.42 port 58806:11: Bye Bye [preauth]
Sep 28 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Disconnected from 134.199.225.42 port 58806 [preauth]
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: Successful su for rubyman by root
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: + ??? root:rubyman
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310357 of user rubyman.
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19744]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310357.
Sep 28 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
Sep 28 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19566]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Invalid user azuracast from 197.199.224.52
Sep 28 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: input_userauth_request: invalid user azuracast [preauth]
Sep 28 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Failed password for invalid user azuracast from 197.199.224.52 port 49280 ssh2
Sep 28 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Received disconnect from 197.199.224.52 port 49280:11: Bye Bye [preauth]
Sep 28 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Disconnected from 197.199.224.52 port 49280 [preauth]
Sep 28 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18267]: pam_unix(cron:session): session closed for user root
Sep 28 20:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Failed password for root from 134.199.225.42 port 38990 ssh2
Sep 28 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Received disconnect from 134.199.225.42 port 38990:11: Bye Bye [preauth]
Sep 28 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Disconnected from 134.199.225.42 port 38990 [preauth]
Sep 28 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20193]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20191]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: Successful su for rubyman by root
Sep 28 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: + ??? root:rubyman
Sep 28 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310361 of user rubyman.
Sep 28 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310361.
Sep 28 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session closed for user root
Sep 28 20:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20192]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Failed password for root from 197.199.224.52 port 45980 ssh2
Sep 28 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Received disconnect from 197.199.224.52 port 45980:11: Bye Bye [preauth]
Sep 28 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Disconnected from 197.199.224.52 port 45980 [preauth]
Sep 28 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session closed for user root
Sep 28 20:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Failed password for root from 134.199.225.42 port 46528 ssh2
Sep 28 20:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Received disconnect from 134.199.225.42 port 46528:11: Bye Bye [preauth]
Sep 28 20:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Disconnected from 134.199.225.42 port 46528 [preauth]
Sep 28 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20660]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20661]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: Successful su for rubyman by root
Sep 28 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: + ??? root:rubyman
Sep 28 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310364 of user rubyman.
Sep 28 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310364.
Sep 28 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17155]: pam_unix(cron:session): session closed for user root
Sep 28 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20659]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Invalid user deploy from 197.199.224.52
Sep 28 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: input_userauth_request: invalid user deploy [preauth]
Sep 28 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Failed password for invalid user deploy from 197.199.224.52 port 42676 ssh2
Sep 28 20:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Received disconnect from 197.199.224.52 port 42676:11: Bye Bye [preauth]
Sep 28 20:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Disconnected from 197.199.224.52 port 42676 [preauth]
Sep 28 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19568]: pam_unix(cron:session): session closed for user root
Sep 28 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Invalid user azuracast from 134.199.225.42
Sep 28 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: input_userauth_request: invalid user azuracast [preauth]
Sep 28 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Failed password for invalid user azuracast from 134.199.225.42 port 59102 ssh2
Sep 28 20:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Received disconnect from 134.199.225.42 port 59102:11: Bye Bye [preauth]
Sep 28 20:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Disconnected from 134.199.225.42 port 59102 [preauth]
Sep 28 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21121]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21115]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: Successful su for rubyman by root
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: + ??? root:rubyman
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310368 of user rubyman.
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21254]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310368.
Sep 28 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session closed for user root
Sep 28 20:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17597]: pam_unix(cron:session): session closed for user root
Sep 28 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Failed password for root from 197.199.224.52 port 39382 ssh2
Sep 28 20:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Received disconnect from 197.199.224.52 port 39382:11: Bye Bye [preauth]
Sep 28 20:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Disconnected from 197.199.224.52 port 39382 [preauth]
Sep 28 20:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20197]: pam_unix(cron:session): session closed for user root
Sep 28 20:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Invalid user kodi from 134.199.225.42
Sep 28 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: input_userauth_request: invalid user kodi [preauth]
Sep 28 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Failed password for invalid user kodi from 134.199.225.42 port 36224 ssh2
Sep 28 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Received disconnect from 134.199.225.42 port 36224:11: Bye Bye [preauth]
Sep 28 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Disconnected from 134.199.225.42 port 36224 [preauth]
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session closed for user root
Sep 28 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21714]: Successful su for rubyman by root
Sep 28 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21714]: + ??? root:rubyman
Sep 28 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310377 of user rubyman.
Sep 28 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21714]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310377.
Sep 28 20:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18265]: pam_unix(cron:session): session closed for user root
Sep 28 20:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user root
Sep 28 20:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Invalid user user from 197.199.224.52
Sep 28 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: input_userauth_request: invalid user user [preauth]
Sep 28 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Failed password for invalid user user from 197.199.224.52 port 36088 ssh2
Sep 28 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Received disconnect from 197.199.224.52 port 36088:11: Bye Bye [preauth]
Sep 28 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Disconnected from 197.199.224.52 port 36088 [preauth]
Sep 28 20:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20661]: pam_unix(cron:session): session closed for user root
Sep 28 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: Invalid user ke from 134.199.225.42
Sep 28 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: input_userauth_request: invalid user ke [preauth]
Sep 28 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: Failed password for invalid user ke from 134.199.225.42 port 55714 ssh2
Sep 28 20:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: Received disconnect from 134.199.225.42 port 55714:11: Bye Bye [preauth]
Sep 28 20:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: Disconnected from 134.199.225.42 port 55714 [preauth]
Sep 28 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22123]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22198]: Successful su for rubyman by root
Sep 28 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22198]: + ??? root:rubyman
Sep 28 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310379 of user rubyman.
Sep 28 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22198]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310379.
Sep 28 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
Sep 28 20:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Invalid user admin from 197.199.224.52
Sep 28 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Failed password for invalid user admin from 197.199.224.52 port 32792 ssh2
Sep 28 20:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Received disconnect from 197.199.224.52 port 32792:11: Bye Bye [preauth]
Sep 28 20:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Disconnected from 197.199.224.52 port 32792 [preauth]
Sep 28 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Invalid user choi from 134.199.225.42
Sep 28 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: input_userauth_request: invalid user choi [preauth]
Sep 28 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21121]: pam_unix(cron:session): session closed for user root
Sep 28 20:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Failed password for invalid user choi from 134.199.225.42 port 50390 ssh2
Sep 28 20:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Received disconnect from 134.199.225.42 port 50390:11: Bye Bye [preauth]
Sep 28 20:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Disconnected from 134.199.225.42 port 50390 [preauth]
Sep 28 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22575]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22574]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22572]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: Successful su for rubyman by root
Sep 28 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: + ??? root:rubyman
Sep 28 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310383 of user rubyman.
Sep 28 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22651]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310383.
Sep 28 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session closed for user root
Sep 28 20:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Invalid user marc from 197.199.224.52
Sep 28 20:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: input_userauth_request: invalid user marc [preauth]
Sep 28 20:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user marc from 197.199.224.52 port 57742 ssh2
Sep 28 20:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Received disconnect from 197.199.224.52 port 57742:11: Bye Bye [preauth]
Sep 28 20:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Disconnected from 197.199.224.52 port 57742 [preauth]
Sep 28 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Failed password for root from 134.199.225.42 port 40240 ssh2
Sep 28 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Received disconnect from 134.199.225.42 port 40240:11: Bye Bye [preauth]
Sep 28 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Disconnected from 134.199.225.42 port 40240 [preauth]
Sep 28 20:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user root
Sep 28 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23367]: Successful su for rubyman by root
Sep 28 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23367]: + ??? root:rubyman
Sep 28 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310388 of user rubyman.
Sep 28 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23367]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310388.
Sep 28 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20193]: pam_unix(cron:session): session closed for user root
Sep 28 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: Failed password for root from 197.199.224.52 port 54436 ssh2
Sep 28 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: Received disconnect from 197.199.224.52 port 54436:11: Bye Bye [preauth]
Sep 28 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23824]: Disconnected from 197.199.224.52 port 54436 [preauth]
Sep 28 20:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Failed password for root from 134.199.225.42 port 40668 ssh2
Sep 28 20:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Received disconnect from 134.199.225.42 port 40668:11: Bye Bye [preauth]
Sep 28 20:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Disconnected from 134.199.225.42 port 40668 [preauth]
Sep 28 20:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22126]: pam_unix(cron:session): session closed for user root
Sep 28 20:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Did not receive identification string from 147.185.132.43
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24039]: Successful su for rubyman by root
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24039]: + ??? root:rubyman
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310391 of user rubyman.
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24039]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310391.
Sep 28 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20660]: pam_unix(cron:session): session closed for user root
Sep 28 20:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for root from 197.199.224.52 port 51156 ssh2
Sep 28 20:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Received disconnect from 197.199.224.52 port 51156:11: Bye Bye [preauth]
Sep 28 20:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Disconnected from 197.199.224.52 port 51156 [preauth]
Sep 28 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Invalid user hyperchain from 134.199.225.42
Sep 28 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: input_userauth_request: invalid user hyperchain [preauth]
Sep 28 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Failed password for invalid user hyperchain from 134.199.225.42 port 39964 ssh2
Sep 28 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Received disconnect from 134.199.225.42 port 39964:11: Bye Bye [preauth]
Sep 28 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Disconnected from 134.199.225.42 port 39964 [preauth]
Sep 28 20:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22575]: pam_unix(cron:session): session closed for user root
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session closed for user root
Sep 28 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24462]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: Successful su for rubyman by root
Sep 28 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: + ??? root:rubyman
Sep 28 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310395 of user rubyman.
Sep 28 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24545]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310395.
Sep 28 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session closed for user root
Sep 28 20:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session closed for user root
Sep 28 20:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Invalid user debian from 93.152.230.176
Sep 28 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: input_userauth_request: invalid user debian [preauth]
Sep 28 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Failed password for invalid user debian from 93.152.230.176 port 30543 ssh2
Sep 28 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Received disconnect from 93.152.230.176 port 30543:11: Client disconnecting normally [preauth]
Sep 28 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24819]: Disconnected from 93.152.230.176 port 30543 [preauth]
Sep 28 20:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Invalid user cassandra from 197.199.224.52
Sep 28 20:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: input_userauth_request: invalid user cassandra [preauth]
Sep 28 20:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Failed password for invalid user cassandra from 197.199.224.52 port 47870 ssh2
Sep 28 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Received disconnect from 197.199.224.52 port 47870:11: Bye Bye [preauth]
Sep 28 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Disconnected from 197.199.224.52 port 47870 [preauth]
Sep 28 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Failed password for root from 134.199.225.42 port 56218 ssh2
Sep 28 20:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Received disconnect from 134.199.225.42 port 56218:11: Bye Bye [preauth]
Sep 28 20:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Disconnected from 134.199.225.42 port 56218 [preauth]
Sep 28 20:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user root
Sep 28 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: Successful su for rubyman by root
Sep 28 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: + ??? root:rubyman
Sep 28 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310402 of user rubyman.
Sep 28 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310402.
Sep 28 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session closed for user root
Sep 28 20:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24945]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Invalid user myuser from 197.199.224.52
Sep 28 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: input_userauth_request: invalid user myuser [preauth]
Sep 28 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for root from 134.199.225.42 port 54852 ssh2
Sep 28 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Received disconnect from 134.199.225.42 port 54852:11: Bye Bye [preauth]
Sep 28 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Disconnected from 134.199.225.42 port 54852 [preauth]
Sep 28 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Failed password for invalid user myuser from 197.199.224.52 port 44584 ssh2
Sep 28 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Received disconnect from 197.199.224.52 port 44584:11: Bye Bye [preauth]
Sep 28 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25519]: Disconnected from 197.199.224.52 port 44584 [preauth]
Sep 28 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user root
Sep 28 20:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Invalid user admin from 192.241.169.58
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25648]: pam_unix(cron:session): session closed for user root
Sep 28 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25650]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: Successful su for rubyman by root
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: + ??? root:rubyman
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310408 of user rubyman.
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310408.
Sep 28 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Failed password for invalid user admin from 192.241.169.58 port 54544 ssh2
Sep 28 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Received disconnect from 192.241.169.58 port 54544:11: Bye Bye [preauth]
Sep 28 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Disconnected from 192.241.169.58 port 54544 [preauth]
Sep 28 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session closed for user root
Sep 28 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25651]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Invalid user ftpuser from 190.103.202.7
Sep 28 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 20:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Failed password for invalid user ftpuser from 190.103.202.7 port 60576 ssh2
Sep 28 20:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Connection closed by 190.103.202.7 port 60576 [preauth]
Sep 28 20:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for root from 134.199.225.42 port 49270 ssh2
Sep 28 20:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Received disconnect from 134.199.225.42 port 49270:11: Bye Bye [preauth]
Sep 28 20:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Disconnected from 134.199.225.42 port 49270 [preauth]
Sep 28 20:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Invalid user mourad from 197.199.224.52
Sep 28 20:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: input_userauth_request: invalid user mourad [preauth]
Sep 28 20:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Failed password for invalid user mourad from 197.199.224.52 port 41286 ssh2
Sep 28 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Received disconnect from 197.199.224.52 port 41286:11: Bye Bye [preauth]
Sep 28 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Disconnected from 197.199.224.52 port 41286 [preauth]
Sep 28 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session closed for user root
Sep 28 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26290]: Successful su for rubyman by root
Sep 28 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26290]: + ??? root:rubyman
Sep 28 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310411 of user rubyman.
Sep 28 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26290]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310411.
Sep 28 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22574]: pam_unix(cron:session): session closed for user root
Sep 28 20:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26220]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Failed password for root from 152.32.185.214 port 51296 ssh2
Sep 28 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Received disconnect from 152.32.185.214 port 51296:11: Bye Bye [preauth]
Sep 28 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Disconnected from 152.32.185.214 port 51296 [preauth]
Sep 28 20:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: Failed password for root from 134.199.225.42 port 60328 ssh2
Sep 28 20:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: Received disconnect from 134.199.225.42 port 60328:11: Bye Bye [preauth]
Sep 28 20:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26627]: Disconnected from 134.199.225.42 port 60328 [preauth]
Sep 28 20:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Failed password for root from 197.199.224.52 port 37984 ssh2
Sep 28 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Received disconnect from 197.199.224.52 port 37984:11: Bye Bye [preauth]
Sep 28 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Disconnected from 197.199.224.52 port 37984 [preauth]
Sep 28 20:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session closed for user root
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26921]: Successful su for rubyman by root
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26921]: + ??? root:rubyman
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310415 of user rubyman.
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26921]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310415.
Sep 28 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
Sep 28 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26812]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Invalid user admin from 134.199.225.42
Sep 28 20:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Failed password for invalid user admin from 134.199.225.42 port 58760 ssh2
Sep 28 20:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Received disconnect from 134.199.225.42 port 58760:11: Bye Bye [preauth]
Sep 28 20:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Disconnected from 134.199.225.42 port 58760 [preauth]
Sep 28 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Failed password for root from 197.199.224.52 port 34688 ssh2
Sep 28 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Received disconnect from 197.199.224.52 port 34688:11: Bye Bye [preauth]
Sep 28 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Disconnected from 197.199.224.52 port 34688 [preauth]
Sep 28 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session closed for user root
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session closed for user root
Sep 28 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27344]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: Successful su for rubyman by root
Sep 28 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: + ??? root:rubyman
Sep 28 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310420 of user rubyman.
Sep 28 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310420.
Sep 28 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user root
Sep 28 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user root
Sep 28 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: Failed password for root from 134.199.225.42 port 42232 ssh2
Sep 28 20:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: Received disconnect from 134.199.225.42 port 42232:11: Bye Bye [preauth]
Sep 28 20:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: Disconnected from 134.199.225.42 port 42232 [preauth]
Sep 28 20:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Failed password for root from 197.199.224.52 port 59628 ssh2
Sep 28 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Received disconnect from 197.199.224.52 port 59628:11: Bye Bye [preauth]
Sep 28 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Disconnected from 197.199.224.52 port 59628 [preauth]
Sep 28 20:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session closed for user root
Sep 28 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Failed password for root from 192.241.169.58 port 41966 ssh2
Sep 28 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Received disconnect from 192.241.169.58 port 41966:11: Bye Bye [preauth]
Sep 28 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Disconnected from 192.241.169.58 port 41966 [preauth]
Sep 28 20:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Invalid user qn from 152.32.185.214
Sep 28 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: input_userauth_request: invalid user qn [preauth]
Sep 28 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Failed password for invalid user qn from 152.32.185.214 port 55460 ssh2
Sep 28 20:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Received disconnect from 152.32.185.214 port 55460:11: Bye Bye [preauth]
Sep 28 20:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Disconnected from 152.32.185.214 port 55460 [preauth]
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28103]: Successful su for rubyman by root
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28103]: + ??? root:rubyman
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310424 of user rubyman.
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28103]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310424.
Sep 28 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session closed for user root
Sep 28 20:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Invalid user csgoserver from 134.199.225.42
Sep 28 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: input_userauth_request: invalid user csgoserver [preauth]
Sep 28 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Failed password for invalid user csgoserver from 134.199.225.42 port 57460 ssh2
Sep 28 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Received disconnect from 134.199.225.42 port 57460:11: Bye Bye [preauth]
Sep 28 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Disconnected from 134.199.225.42 port 57460 [preauth]
Sep 28 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for root from 46.101.170.54 port 46110 ssh2
Sep 28 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 46.101.170.54 port 46110 [preauth]
Sep 28 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Invalid user kodi from 197.199.224.52
Sep 28 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: input_userauth_request: invalid user kodi [preauth]
Sep 28 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Failed password for invalid user kodi from 197.199.224.52 port 56332 ssh2
Sep 28 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Received disconnect from 197.199.224.52 port 56332:11: Bye Bye [preauth]
Sep 28 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Disconnected from 197.199.224.52 port 56332 [preauth]
Sep 28 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session closed for user root
Sep 28 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Failed password for root from 192.241.169.58 port 52888 ssh2
Sep 28 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Received disconnect from 192.241.169.58 port 52888:11: Bye Bye [preauth]
Sep 28 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Disconnected from 192.241.169.58 port 52888 [preauth]
Sep 28 20:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28492]: Failed password for root from 152.32.185.214 port 39114 ssh2
Sep 28 20:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28492]: Received disconnect from 152.32.185.214 port 39114:11: Bye Bye [preauth]
Sep 28 20:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28492]: Disconnected from 152.32.185.214 port 39114 [preauth]
Sep 28 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28606]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: Successful su for rubyman by root
Sep 28 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: + ??? root:rubyman
Sep 28 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310430 of user rubyman.
Sep 28 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28682]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310430.
Sep 28 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session closed for user root
Sep 28 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: Failed password for root from 134.199.225.42 port 51170 ssh2
Sep 28 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: Received disconnect from 134.199.225.42 port 51170:11: Bye Bye [preauth]
Sep 28 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: Disconnected from 134.199.225.42 port 51170 [preauth]
Sep 28 20:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28607]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: Invalid user erp from 192.241.169.58
Sep 28 20:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: input_userauth_request: invalid user erp [preauth]
Sep 28 20:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: Failed password for invalid user erp from 192.241.169.58 port 44160 ssh2
Sep 28 20:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: Received disconnect from 192.241.169.58 port 44160:11: Bye Bye [preauth]
Sep 28 20:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29078]: Disconnected from 192.241.169.58 port 44160 [preauth]
Sep 28 20:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: Invalid user ke from 197.199.224.52
Sep 28 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: input_userauth_request: invalid user ke [preauth]
Sep 28 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: Failed password for invalid user ke from 197.199.224.52 port 53032 ssh2
Sep 28 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: Received disconnect from 197.199.224.52 port 53032:11: Bye Bye [preauth]
Sep 28 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: Disconnected from 197.199.224.52 port 53032 [preauth]
Sep 28 20:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user root
Sep 28 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Failed password for root from 134.199.225.42 port 34502 ssh2
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Received disconnect from 134.199.225.42 port 34502:11: Bye Bye [preauth]
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Disconnected from 134.199.225.42 port 34502 [preauth]
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29186]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29255]: Successful su for rubyman by root
Sep 28 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29255]: + ??? root:rubyman
Sep 28 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310433 of user rubyman.
Sep 28 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29255]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310433.
Sep 28 20:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25652]: pam_unix(cron:session): session closed for user root
Sep 28 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: Failed password for root from 152.32.185.214 port 59274 ssh2
Sep 28 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: Received disconnect from 152.32.185.214 port 59274:11: Bye Bye [preauth]
Sep 28 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: Disconnected from 152.32.185.214 port 59274 [preauth]
Sep 28 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Invalid user deploy from 192.241.169.58
Sep 28 20:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: input_userauth_request: invalid user deploy [preauth]
Sep 28 20:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Failed password for invalid user deploy from 192.241.169.58 port 52356 ssh2
Sep 28 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Received disconnect from 192.241.169.58 port 52356:11: Bye Bye [preauth]
Sep 28 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Disconnected from 192.241.169.58 port 52356 [preauth]
Sep 28 20:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: Invalid user andy from 197.199.224.52
Sep 28 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: input_userauth_request: invalid user andy [preauth]
Sep 28 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: Failed password for invalid user andy from 197.199.224.52 port 49728 ssh2
Sep 28 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: Received disconnect from 197.199.224.52 port 49728:11: Bye Bye [preauth]
Sep 28 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29552]: Disconnected from 197.199.224.52 port 49728 [preauth]
Sep 28 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session closed for user root
Sep 28 20:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Invalid user redis from 134.199.225.42
Sep 28 20:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: input_userauth_request: invalid user redis [preauth]
Sep 28 20:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Failed password for invalid user redis from 134.199.225.42 port 34796 ssh2
Sep 28 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Received disconnect from 134.199.225.42 port 34796:11: Bye Bye [preauth]
Sep 28 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Disconnected from 134.199.225.42 port 34796 [preauth]
Sep 28 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29664]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: Successful su for rubyman by root
Sep 28 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: + ??? root:rubyman
Sep 28 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310436 of user rubyman.
Sep 28 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29727]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310436.
Sep 28 20:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user root
Sep 28 20:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Invalid user admin from 152.32.185.214
Sep 28 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Invalid user github from 192.241.169.58
Sep 28 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: input_userauth_request: invalid user github [preauth]
Sep 28 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Failed password for invalid user github from 192.241.169.58 port 39964 ssh2
Sep 28 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Received disconnect from 192.241.169.58 port 39964:11: Bye Bye [preauth]
Sep 28 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Disconnected from 192.241.169.58 port 39964 [preauth]
Sep 28 20:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Failed password for invalid user admin from 152.32.185.214 port 37394 ssh2
Sep 28 20:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Received disconnect from 152.32.185.214 port 37394:11: Bye Bye [preauth]
Sep 28 20:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Disconnected from 152.32.185.214 port 37394 [preauth]
Sep 28 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Failed password for root from 197.199.224.52 port 46436 ssh2
Sep 28 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Received disconnect from 197.199.224.52 port 46436:11: Bye Bye [preauth]
Sep 28 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Disconnected from 197.199.224.52 port 46436 [preauth]
Sep 28 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28611]: pam_unix(cron:session): session closed for user root
Sep 28 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Invalid user prometheus from 134.199.225.42
Sep 28 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: input_userauth_request: invalid user prometheus [preauth]
Sep 28 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Failed password for invalid user prometheus from 134.199.225.42 port 43802 ssh2
Sep 28 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Received disconnect from 134.199.225.42 port 43802:11: Bye Bye [preauth]
Sep 28 20:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Disconnected from 134.199.225.42 port 43802 [preauth]
Sep 28 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Failed password for root from 192.241.169.58 port 41246 ssh2
Sep 28 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Received disconnect from 192.241.169.58 port 41246:11: Bye Bye [preauth]
Sep 28 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Disconnected from 192.241.169.58 port 41246 [preauth]
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session closed for user root
Sep 28 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: Successful su for rubyman by root
Sep 28 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: + ??? root:rubyman
Sep 28 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310443 of user rubyman.
Sep 28 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30248]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310443.
Sep 28 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session closed for user root
Sep 28 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session closed for user root
Sep 28 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Invalid user sbbs from 152.32.185.214
Sep 28 20:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: input_userauth_request: invalid user sbbs [preauth]
Sep 28 20:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Failed password for invalid user sbbs from 152.32.185.214 port 36308 ssh2
Sep 28 20:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Received disconnect from 152.32.185.214 port 36308:11: Bye Bye [preauth]
Sep 28 20:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Disconnected from 152.32.185.214 port 36308 [preauth]
Sep 28 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session closed for user root
Sep 28 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Failed password for root from 197.199.224.52 port 43144 ssh2
Sep 28 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Received disconnect from 197.199.224.52 port 43144:11: Bye Bye [preauth]
Sep 28 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Disconnected from 197.199.224.52 port 43144 [preauth]
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Invalid user user from 134.199.225.42
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: input_userauth_request: invalid user user [preauth]
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Invalid user vishal from 192.241.169.58
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: input_userauth_request: invalid user vishal [preauth]
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Failed password for invalid user user from 134.199.225.42 port 46176 ssh2
Sep 28 20:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Received disconnect from 134.199.225.42 port 46176:11: Bye Bye [preauth]
Sep 28 20:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Disconnected from 134.199.225.42 port 46176 [preauth]
Sep 28 20:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Failed password for invalid user vishal from 192.241.169.58 port 51006 ssh2
Sep 28 20:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Received disconnect from 192.241.169.58 port 51006:11: Bye Bye [preauth]
Sep 28 20:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Disconnected from 192.241.169.58 port 51006 [preauth]
Sep 28 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30775]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: Successful su for rubyman by root
Sep 28 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: + ??? root:rubyman
Sep 28 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310447 of user rubyman.
Sep 28 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30854]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310447.
Sep 28 20:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session closed for user root
Sep 28 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30776]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Invalid user energy from 152.32.185.214
Sep 28 20:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: input_userauth_request: invalid user energy [preauth]
Sep 28 20:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Failed password for invalid user energy from 152.32.185.214 port 38334 ssh2
Sep 28 20:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Received disconnect from 152.32.185.214 port 38334:11: Bye Bye [preauth]
Sep 28 20:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Disconnected from 152.32.185.214 port 38334 [preauth]
Sep 28 20:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session closed for user root
Sep 28 20:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Failed password for root from 197.199.224.52 port 39836 ssh2
Sep 28 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Received disconnect from 197.199.224.52 port 39836:11: Bye Bye [preauth]
Sep 28 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Disconnected from 197.199.224.52 port 39836 [preauth]
Sep 28 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Invalid user soporte from 192.241.169.58
Sep 28 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: input_userauth_request: invalid user soporte [preauth]
Sep 28 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Failed password for invalid user soporte from 192.241.169.58 port 54504 ssh2
Sep 28 20:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Received disconnect from 192.241.169.58 port 54504:11: Bye Bye [preauth]
Sep 28 20:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Disconnected from 192.241.169.58 port 54504 [preauth]
Sep 28 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Invalid user andy from 134.199.225.42
Sep 28 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: input_userauth_request: invalid user andy [preauth]
Sep 28 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Failed password for invalid user andy from 134.199.225.42 port 49252 ssh2
Sep 28 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Received disconnect from 134.199.225.42 port 49252:11: Bye Bye [preauth]
Sep 28 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Disconnected from 134.199.225.42 port 49252 [preauth]
Sep 28 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: Successful su for rubyman by root
Sep 28 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: + ??? root:rubyman
Sep 28 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310451 of user rubyman.
Sep 28 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310451.
Sep 28 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session closed for user root
Sep 28 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Invalid user test1 from 152.32.185.214
Sep 28 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: input_userauth_request: invalid user test1 [preauth]
Sep 28 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Failed password for invalid user test1 from 152.32.185.214 port 50944 ssh2
Sep 28 20:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Received disconnect from 152.32.185.214 port 50944:11: Bye Bye [preauth]
Sep 28 20:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Disconnected from 152.32.185.214 port 50944 [preauth]
Sep 28 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: Invalid user sbbs from 192.241.169.58
Sep 28 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: input_userauth_request: invalid user sbbs [preauth]
Sep 28 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: Failed password for invalid user sbbs from 192.241.169.58 port 36170 ssh2
Sep 28 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: Received disconnect from 192.241.169.58 port 36170:11: Bye Bye [preauth]
Sep 28 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31635]: Disconnected from 192.241.169.58 port 36170 [preauth]
Sep 28 20:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30158]: pam_unix(cron:session): session closed for user root
Sep 28 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: Invalid user choi from 197.199.224.52
Sep 28 20:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: input_userauth_request: invalid user choi [preauth]
Sep 28 20:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: Failed password for invalid user choi from 197.199.224.52 port 36544 ssh2
Sep 28 20:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: Received disconnect from 197.199.224.52 port 36544:11: Bye Bye [preauth]
Sep 28 20:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31675]: Disconnected from 197.199.224.52 port 36544 [preauth]
Sep 28 20:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Failed password for root from 134.199.225.42 port 54312 ssh2
Sep 28 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Received disconnect from 134.199.225.42 port 54312:11: Bye Bye [preauth]
Sep 28 20:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Disconnected from 134.199.225.42 port 54312 [preauth]
Sep 28 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Invalid user vpn from 93.152.230.176
Sep 28 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: input_userauth_request: invalid user vpn [preauth]
Sep 28 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 20:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Failed password for invalid user vpn from 93.152.230.176 port 18975 ssh2
Sep 28 20:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Received disconnect from 93.152.230.176 port 18975:11: Client disconnecting normally [preauth]
Sep 28 20:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Disconnected from 93.152.230.176 port 18975 [preauth]
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31801]: Successful su for rubyman by root
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31801]: + ??? root:rubyman
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310454 of user rubyman.
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31801]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310454.
Sep 28 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28608]: pam_unix(cron:session): session closed for user root
Sep 28 20:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: Invalid user kent from 152.32.185.214
Sep 28 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: input_userauth_request: invalid user kent [preauth]
Sep 28 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Invalid user webuser from 192.241.169.58
Sep 28 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: input_userauth_request: invalid user webuser [preauth]
Sep 28 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: Failed password for invalid user kent from 152.32.185.214 port 41756 ssh2
Sep 28 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: Received disconnect from 152.32.185.214 port 41756:11: Bye Bye [preauth]
Sep 28 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32029]: Disconnected from 152.32.185.214 port 41756 [preauth]
Sep 28 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Failed password for invalid user webuser from 192.241.169.58 port 33568 ssh2
Sep 28 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Received disconnect from 192.241.169.58 port 33568:11: Bye Bye [preauth]
Sep 28 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Disconnected from 192.241.169.58 port 33568 [preauth]
Sep 28 20:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session closed for user root
Sep 28 20:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: Invalid user prometheus from 197.199.224.52
Sep 28 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: input_userauth_request: invalid user prometheus [preauth]
Sep 28 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: Failed password for invalid user prometheus from 197.199.224.52 port 33248 ssh2
Sep 28 20:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: Received disconnect from 197.199.224.52 port 33248:11: Bye Bye [preauth]
Sep 28 20:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32120]: Disconnected from 197.199.224.52 port 33248 [preauth]
Sep 28 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Invalid user cassandra from 134.199.225.42
Sep 28 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: input_userauth_request: invalid user cassandra [preauth]
Sep 28 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Failed password for invalid user cassandra from 134.199.225.42 port 39148 ssh2
Sep 28 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Received disconnect from 134.199.225.42 port 39148:11: Bye Bye [preauth]
Sep 28 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Disconnected from 134.199.225.42 port 39148 [preauth]
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32184]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32251]: Successful su for rubyman by root
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32251]: + ??? root:rubyman
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310458 of user rubyman.
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32251]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310458.
Sep 28 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session closed for user root
Sep 28 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Invalid user kent from 192.241.169.58
Sep 28 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: input_userauth_request: invalid user kent [preauth]
Sep 28 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Failed password for invalid user kent from 192.241.169.58 port 60844 ssh2
Sep 28 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Received disconnect from 192.241.169.58 port 60844:11: Bye Bye [preauth]
Sep 28 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Disconnected from 192.241.169.58 port 60844 [preauth]
Sep 28 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32185]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Invalid user opus from 152.32.185.214
Sep 28 20:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: input_userauth_request: invalid user opus [preauth]
Sep 28 20:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for invalid user opus from 152.32.185.214 port 60132 ssh2
Sep 28 20:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Received disconnect from 152.32.185.214 port 60132:11: Bye Bye [preauth]
Sep 28 20:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Disconnected from 152.32.185.214 port 60132 [preauth]
Sep 28 20:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31251]: pam_unix(cron:session): session closed for user root
Sep 28 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: Invalid user marc from 134.199.225.42
Sep 28 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: input_userauth_request: invalid user marc [preauth]
Sep 28 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: Failed password for invalid user marc from 134.199.225.42 port 46598 ssh2
Sep 28 20:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: Received disconnect from 134.199.225.42 port 46598:11: Bye Bye [preauth]
Sep 28 20:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32548]: Disconnected from 134.199.225.42 port 46598 [preauth]
Sep 28 20:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Invalid user soporte from 197.199.224.52
Sep 28 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: input_userauth_request: invalid user soporte [preauth]
Sep 28 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Failed password for invalid user soporte from 197.199.224.52 port 58194 ssh2
Sep 28 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Received disconnect from 197.199.224.52 port 58194:11: Bye Bye [preauth]
Sep 28 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32559]: Disconnected from 197.199.224.52 port 58194 [preauth]
Sep 28 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Invalid user app from 192.241.169.58
Sep 28 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: input_userauth_request: invalid user app [preauth]
Sep 28 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Failed password for invalid user app from 192.241.169.58 port 52976 ssh2
Sep 28 20:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Received disconnect from 192.241.169.58 port 52976:11: Bye Bye [preauth]
Sep 28 20:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32595]: Disconnected from 192.241.169.58 port 52976 [preauth]
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32629]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32629]: pam_unix(cron:session): session closed for user root
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: Successful su for rubyman by root
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: + ??? root:rubyman
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310463 of user rubyman.
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310463.
Sep 28 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session closed for user root
Sep 28 20:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29664]: pam_unix(cron:session): session closed for user root
Sep 28 20:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Failed password for root from 152.32.185.214 port 47804 ssh2
Sep 28 20:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Received disconnect from 152.32.185.214 port 47804:11: Bye Bye [preauth]
Sep 28 20:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Disconnected from 152.32.185.214 port 47804 [preauth]
Sep 28 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: Invalid user soporte from 134.199.225.42
Sep 28 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: input_userauth_request: invalid user soporte [preauth]
Sep 28 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: Failed password for invalid user soporte from 134.199.225.42 port 36724 ssh2
Sep 28 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: Received disconnect from 134.199.225.42 port 36724:11: Bye Bye [preauth]
Sep 28 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: Disconnected from 134.199.225.42 port 36724 [preauth]
Sep 28 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session closed for user root
Sep 28 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Invalid user user1 from 197.199.224.52
Sep 28 20:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: input_userauth_request: invalid user user1 [preauth]
Sep 28 20:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Invalid user test1 from 192.241.169.58
Sep 28 20:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: input_userauth_request: invalid user test1 [preauth]
Sep 28 20:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Failed password for invalid user user1 from 197.199.224.52 port 54896 ssh2
Sep 28 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Received disconnect from 197.199.224.52 port 54896:11: Bye Bye [preauth]
Sep 28 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Disconnected from 197.199.224.52 port 54896 [preauth]
Sep 28 20:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Failed password for invalid user test1 from 192.241.169.58 port 58418 ssh2
Sep 28 20:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Received disconnect from 192.241.169.58 port 58418:11: Bye Bye [preauth]
Sep 28 20:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Disconnected from 192.241.169.58 port 58418 [preauth]
Sep 28 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: Successful su for rubyman by root
Sep 28 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: + ??? root:rubyman
Sep 28 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310468 of user rubyman.
Sep 28 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310468.
Sep 28 20:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30157]: pam_unix(cron:session): session closed for user root
Sep 28 20:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1051]: Failed password for root from 152.32.185.214 port 46968 ssh2
Sep 28 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1051]: Received disconnect from 152.32.185.214 port 46968:11: Bye Bye [preauth]
Sep 28 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1051]: Disconnected from 152.32.185.214 port 46968 [preauth]
Sep 28 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Invalid user fluqueta from 192.241.169.58
Sep 28 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: input_userauth_request: invalid user fluqueta [preauth]
Sep 28 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Failed password for root from 134.199.225.42 port 60968 ssh2
Sep 28 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Received disconnect from 134.199.225.42 port 60968:11: Bye Bye [preauth]
Sep 28 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Disconnected from 134.199.225.42 port 60968 [preauth]
Sep 28 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Failed password for invalid user fluqueta from 192.241.169.58 port 50148 ssh2
Sep 28 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Received disconnect from 192.241.169.58 port 50148:11: Bye Bye [preauth]
Sep 28 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Disconnected from 192.241.169.58 port 50148 [preauth]
Sep 28 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32188]: pam_unix(cron:session): session closed for user root
Sep 28 20:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Invalid user guest from 197.199.224.52
Sep 28 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: input_userauth_request: invalid user guest [preauth]
Sep 28 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for invalid user guest from 197.199.224.52 port 51614 ssh2
Sep 28 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Received disconnect from 197.199.224.52 port 51614:11: Bye Bye [preauth]
Sep 28 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Disconnected from 197.199.224.52 port 51614 [preauth]
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1190]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1191]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1188]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1265]: Successful su for rubyman by root
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1265]: + ??? root:rubyman
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310473 of user rubyman.
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1265]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310473.
Sep 28 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session closed for user root
Sep 28 20:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1189]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Invalid user magento from 152.32.185.214
Sep 28 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: input_userauth_request: invalid user magento [preauth]
Sep 28 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Failed password for invalid user magento from 152.32.185.214 port 46380 ssh2
Sep 28 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Received disconnect from 152.32.185.214 port 46380:11: Bye Bye [preauth]
Sep 28 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Disconnected from 152.32.185.214 port 46380 [preauth]
Sep 28 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 28 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for root from 192.241.169.58 port 46114 ssh2
Sep 28 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Received disconnect from 192.241.169.58 port 46114:11: Bye Bye [preauth]
Sep 28 20:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Disconnected from 192.241.169.58 port 46114 [preauth]
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Invalid user gustavo from 134.199.225.42
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: input_userauth_request: invalid user gustavo [preauth]
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: Failed password for root from 190.103.202.7 port 51754 ssh2
Sep 28 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1553]: Connection closed by 190.103.202.7 port 51754 [preauth]
Sep 28 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Failed password for invalid user gustavo from 134.199.225.42 port 43778 ssh2
Sep 28 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Received disconnect from 134.199.225.42 port 43778:11: Bye Bye [preauth]
Sep 28 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Disconnected from 134.199.225.42 port 43778 [preauth]
Sep 28 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session closed for user root
Sep 28 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Invalid user gustavo from 197.199.224.52
Sep 28 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: input_userauth_request: invalid user gustavo [preauth]
Sep 28 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Failed password for invalid user gustavo from 197.199.224.52 port 48322 ssh2
Sep 28 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Received disconnect from 197.199.224.52 port 48322:11: Bye Bye [preauth]
Sep 28 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Disconnected from 197.199.224.52 port 48322 [preauth]
Sep 28 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1686]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: Successful su for rubyman by root
Sep 28 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: + ??? root:rubyman
Sep 28 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310477 of user rubyman.
Sep 28 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1758]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310477.
Sep 28 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session closed for user root
Sep 28 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Invalid user cheeki from 192.241.169.58
Sep 28 20:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: input_userauth_request: invalid user cheeki [preauth]
Sep 28 20:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Failed password for invalid user cheeki from 192.241.169.58 port 37294 ssh2
Sep 28 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Received disconnect from 192.241.169.58 port 37294:11: Bye Bye [preauth]
Sep 28 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Disconnected from 192.241.169.58 port 37294 [preauth]
Sep 28 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Sep 28 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Failed password for root from 134.199.225.42 port 45022 ssh2
Sep 28 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Received disconnect from 134.199.225.42 port 45022:11: Bye Bye [preauth]
Sep 28 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Disconnected from 134.199.225.42 port 45022 [preauth]
Sep 28 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Invalid user cheeki from 152.32.185.214
Sep 28 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: input_userauth_request: invalid user cheeki [preauth]
Sep 28 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Failed password for invalid user cheeki from 152.32.185.214 port 34514 ssh2
Sep 28 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Received disconnect from 152.32.185.214 port 34514:11: Bye Bye [preauth]
Sep 28 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Disconnected from 152.32.185.214 port 34514 [preauth]
Sep 28 20:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[638]: pam_unix(cron:session): session closed for user root
Sep 28 20:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Failed password for root from 197.199.224.52 port 45024 ssh2
Sep 28 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Received disconnect from 197.199.224.52 port 45024:11: Bye Bye [preauth]
Sep 28 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Disconnected from 197.199.224.52 port 45024 [preauth]
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2136]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: Successful su for rubyman by root
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: + ??? root:rubyman
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310481 of user rubyman.
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310481.
Sep 28 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session closed for user root
Sep 28 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Failed password for root from 192.241.169.58 port 53246 ssh2
Sep 28 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Received disconnect from 192.241.169.58 port 53246:11: Bye Bye [preauth]
Sep 28 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Disconnected from 192.241.169.58 port 53246 [preauth]
Sep 28 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Invalid user myuser from 134.199.225.42
Sep 28 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: input_userauth_request: invalid user myuser [preauth]
Sep 28 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Sep 28 20:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Failed password for invalid user myuser from 134.199.225.42 port 45238 ssh2
Sep 28 20:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Received disconnect from 134.199.225.42 port 45238:11: Bye Bye [preauth]
Sep 28 20:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Disconnected from 134.199.225.42 port 45238 [preauth]
Sep 28 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1191]: pam_unix(cron:session): session closed for user root
Sep 28 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Invalid user vishal from 152.32.185.214
Sep 28 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: input_userauth_request: invalid user vishal [preauth]
Sep 28 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Failed password for invalid user vishal from 152.32.185.214 port 50708 ssh2
Sep 28 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Received disconnect from 152.32.185.214 port 50708:11: Bye Bye [preauth]
Sep 28 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Disconnected from 152.32.185.214 port 50708 [preauth]
Sep 28 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Invalid user hyperchain from 197.199.224.52
Sep 28 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: input_userauth_request: invalid user hyperchain [preauth]
Sep 28 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52
Sep 28 20:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Failed password for invalid user hyperchain from 197.199.224.52 port 41730 ssh2
Sep 28 20:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Received disconnect from 197.199.224.52 port 41730:11: Bye Bye [preauth]
Sep 28 20:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Disconnected from 197.199.224.52 port 41730 [preauth]
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2588]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2588]: pam_unix(cron:session): session closed for user root
Sep 28 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: Successful su for rubyman by root
Sep 28 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: + ??? root:rubyman
Sep 28 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310484 of user rubyman.
Sep 28 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2654]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310484.
Sep 28 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Invalid user energy from 192.241.169.58
Sep 28 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: input_userauth_request: invalid user energy [preauth]
Sep 28 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session closed for user root
Sep 28 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32186]: pam_unix(cron:session): session closed for user root
Sep 28 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Failed password for invalid user energy from 192.241.169.58 port 35456 ssh2
Sep 28 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Received disconnect from 192.241.169.58 port 35456:11: Bye Bye [preauth]
Sep 28 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Disconnected from 192.241.169.58 port 35456 [preauth]
Sep 28 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2583]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session closed for user root
Sep 28 20:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Invalid user fluqueta from 152.32.185.214
Sep 28 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: input_userauth_request: invalid user fluqueta [preauth]
Sep 28 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Failed password for invalid user fluqueta from 152.32.185.214 port 49072 ssh2
Sep 28 20:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Received disconnect from 152.32.185.214 port 49072:11: Bye Bye [preauth]
Sep 28 20:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Disconnected from 152.32.185.214 port 49072 [preauth]
Sep 28 20:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Failed password for root from 197.199.224.52 port 38426 ssh2
Sep 28 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Received disconnect from 197.199.224.52 port 38426:11: Bye Bye [preauth]
Sep 28 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Disconnected from 197.199.224.52 port 38426 [preauth]
Sep 28 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Failed password for root from 192.241.169.58 port 35870 ssh2
Sep 28 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Received disconnect from 192.241.169.58 port 35870:11: Bye Bye [preauth]
Sep 28 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Disconnected from 192.241.169.58 port 35870 [preauth]
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3118]: Successful su for rubyman by root
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3118]: + ??? root:rubyman
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310491 of user rubyman.
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3118]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310491.
Sep 28 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user root
Sep 28 20:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2139]: pam_unix(cron:session): session closed for user root
Sep 28 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Invalid user hadoop1 from 152.32.185.214
Sep 28 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: input_userauth_request: invalid user hadoop1 [preauth]
Sep 28 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Failed password for invalid user hadoop1 from 152.32.185.214 port 53120 ssh2
Sep 28 20:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Received disconnect from 152.32.185.214 port 53120:11: Bye Bye [preauth]
Sep 28 20:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Disconnected from 152.32.185.214 port 53120 [preauth]
Sep 28 20:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.199.224.52  user=root
Sep 28 20:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Failed password for root from 197.199.224.52 port 35120 ssh2
Sep 28 20:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Received disconnect from 197.199.224.52 port 35120:11: Bye Bye [preauth]
Sep 28 20:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Disconnected from 197.199.224.52 port 35120 [preauth]
Sep 28 20:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Failed password for root from 192.241.169.58 port 54486 ssh2
Sep 28 20:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Received disconnect from 192.241.169.58 port 54486:11: Bye Bye [preauth]
Sep 28 20:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3451]: Disconnected from 192.241.169.58 port 54486 [preauth]
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3485]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3550]: Successful su for rubyman by root
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3550]: + ??? root:rubyman
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310494 of user rubyman.
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3550]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310494.
Sep 28 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session closed for user root
Sep 28 20:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session closed for user root
Sep 28 20:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Failed password for root from 192.241.169.58 port 56580 ssh2
Sep 28 20:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Received disconnect from 192.241.169.58 port 56580:11: Bye Bye [preauth]
Sep 28 20:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Disconnected from 192.241.169.58 port 56580 [preauth]
Sep 28 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Failed password for root from 152.32.185.214 port 54542 ssh2
Sep 28 20:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Received disconnect from 152.32.185.214 port 54542:11: Bye Bye [preauth]
Sep 28 20:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Disconnected from 152.32.185.214 port 54542 [preauth]
Sep 28 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: Successful su for rubyman by root
Sep 28 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: + ??? root:rubyman
Sep 28 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310499 of user rubyman.
Sep 28 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310499.
Sep 28 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1190]: pam_unix(cron:session): session closed for user root
Sep 28 20:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Invalid user hadoop1 from 192.241.169.58
Sep 28 20:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: input_userauth_request: invalid user hadoop1 [preauth]
Sep 28 20:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Failed password for invalid user hadoop1 from 192.241.169.58 port 60346 ssh2
Sep 28 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Received disconnect from 192.241.169.58 port 60346:11: Bye Bye [preauth]
Sep 28 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Disconnected from 192.241.169.58 port 60346 [preauth]
Sep 28 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session closed for user root
Sep 28 20:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Invalid user mithun from 152.32.185.214
Sep 28 20:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: input_userauth_request: invalid user mithun [preauth]
Sep 28 20:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Failed password for invalid user mithun from 152.32.185.214 port 53210 ssh2
Sep 28 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Received disconnect from 152.32.185.214 port 53210:11: Bye Bye [preauth]
Sep 28 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4343]: Disconnected from 152.32.185.214 port 53210 [preauth]
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4368]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4366]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: Successful su for rubyman by root
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: + ??? root:rubyman
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310502 of user rubyman.
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310502.
Sep 28 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session closed for user root
Sep 28 20:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session closed for user root
Sep 28 20:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4365]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Invalid user itsupport from 192.241.169.58
Sep 28 20:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: input_userauth_request: invalid user itsupport [preauth]
Sep 28 20:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for invalid user itsupport from 192.241.169.58 port 55022 ssh2
Sep 28 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Received disconnect from 192.241.169.58 port 55022:11: Bye Bye [preauth]
Sep 28 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Disconnected from 192.241.169.58 port 55022 [preauth]
Sep 28 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session closed for user root
Sep 28 20:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Invalid user rajesh from 152.32.185.214
Sep 28 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: input_userauth_request: invalid user rajesh [preauth]
Sep 28 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Failed password for invalid user rajesh from 152.32.185.214 port 52022 ssh2
Sep 28 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Received disconnect from 152.32.185.214 port 52022:11: Bye Bye [preauth]
Sep 28 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Disconnected from 152.32.185.214 port 52022 [preauth]
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4906]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4906]: pam_unix(cron:session): session closed for user root
Sep 28 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4899]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: Successful su for rubyman by root
Sep 28 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: + ??? root:rubyman
Sep 28 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310510 of user rubyman.
Sep 28 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4977]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310510.
Sep 28 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session closed for user root
Sep 28 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session closed for user root
Sep 28 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4900]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Invalid user ubuntu from 192.241.169.58
Sep 28 20:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 20:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Failed password for invalid user ubuntu from 192.241.169.58 port 52568 ssh2
Sep 28 20:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Received disconnect from 192.241.169.58 port 52568:11: Bye Bye [preauth]
Sep 28 20:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Disconnected from 192.241.169.58 port 52568 [preauth]
Sep 28 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Invalid user admin from 93.152.230.176
Sep 28 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session closed for user root
Sep 28 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Failed password for invalid user admin from 93.152.230.176 port 1891 ssh2
Sep 28 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Received disconnect from 93.152.230.176 port 1891:11: Client disconnecting normally [preauth]
Sep 28 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Disconnected from 93.152.230.176 port 1891 [preauth]
Sep 28 20:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Invalid user ubuntu from 152.32.185.214
Sep 28 20:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 20:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Failed password for invalid user ubuntu from 152.32.185.214 port 32948 ssh2
Sep 28 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Received disconnect from 152.32.185.214 port 32948:11: Bye Bye [preauth]
Sep 28 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Disconnected from 152.32.185.214 port 32948 [preauth]
Sep 28 20:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5555]: Successful su for rubyman by root
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5555]: + ??? root:rubyman
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310513 of user rubyman.
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5555]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310513.
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Failed password for root from 192.241.169.58 port 44878 ssh2
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Received disconnect from 192.241.169.58 port 44878:11: Bye Bye [preauth]
Sep 28 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5475]: Disconnected from 192.241.169.58 port 44878 [preauth]
Sep 28 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session closed for user root
Sep 28 20:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4368]: pam_unix(cron:session): session closed for user root
Sep 28 20:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Invalid user qn from 192.241.169.58
Sep 28 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: input_userauth_request: invalid user qn [preauth]
Sep 28 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for invalid user qn from 192.241.169.58 port 34506 ssh2
Sep 28 20:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Received disconnect from 192.241.169.58 port 34506:11: Bye Bye [preauth]
Sep 28 20:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Disconnected from 192.241.169.58 port 34506 [preauth]
Sep 28 20:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Invalid user erp from 152.32.185.214
Sep 28 20:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: input_userauth_request: invalid user erp [preauth]
Sep 28 20:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Failed password for invalid user erp from 152.32.185.214 port 42312 ssh2
Sep 28 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Received disconnect from 152.32.185.214 port 42312:11: Bye Bye [preauth]
Sep 28 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Disconnected from 152.32.185.214 port 42312 [preauth]
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6003]: Successful su for rubyman by root
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6003]: + ??? root:rubyman
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310518 of user rubyman.
Sep 28 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6003]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310518.
Sep 28 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session closed for user root
Sep 28 20:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Connection closed by 58.26.207.19 port 54739 [preauth]
Sep 28 20:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session closed for user root
Sep 28 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Invalid user db from 192.241.169.58
Sep 28 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: input_userauth_request: invalid user db [preauth]
Sep 28 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Failed password for invalid user db from 192.241.169.58 port 50138 ssh2
Sep 28 20:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Received disconnect from 192.241.169.58 port 50138:11: Bye Bye [preauth]
Sep 28 20:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Disconnected from 192.241.169.58 port 50138 [preauth]
Sep 28 20:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Invalid user github from 152.32.185.214
Sep 28 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: input_userauth_request: invalid user github [preauth]
Sep 28 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Failed password for invalid user github from 152.32.185.214 port 37548 ssh2
Sep 28 20:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Received disconnect from 152.32.185.214 port 37548:11: Bye Bye [preauth]
Sep 28 20:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Disconnected from 152.32.185.214 port 37548 [preauth]
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6436]: Successful su for rubyman by root
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6436]: + ??? root:rubyman
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310522 of user rubyman.
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6436]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310522.
Sep 28 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session closed for user root
Sep 28 20:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Failed password for root from 192.241.169.58 port 55978 ssh2
Sep 28 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Received disconnect from 192.241.169.58 port 55978:11: Bye Bye [preauth]
Sep 28 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Disconnected from 192.241.169.58 port 55978 [preauth]
Sep 28 20:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5481]: pam_unix(cron:session): session closed for user root
Sep 28 20:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6920]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Failed password for root from 152.32.185.214 port 38774 ssh2
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Received disconnect from 152.32.185.214 port 38774:11: Bye Bye [preauth]
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Disconnected from 152.32.185.214 port 38774 [preauth]
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: Successful su for rubyman by root
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: + ??? root:rubyman
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310526 of user rubyman.
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310526.
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Invalid user admin from 139.19.117.131
Sep 28 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: input_userauth_request: invalid user admin [preauth]
Sep 28 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session closed for user root
Sep 28 20:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6921]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6917]: Connection closed by 139.19.117.131 port 38504 [preauth]
Sep 28 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Invalid user eadmin from 192.241.169.58
Sep 28 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: input_userauth_request: invalid user eadmin [preauth]
Sep 28 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: Connection closed by 58.26.207.19 port 54771 [preauth]
Sep 28 20:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Failed password for invalid user eadmin from 192.241.169.58 port 37094 ssh2
Sep 28 20:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Received disconnect from 192.241.169.58 port 37094:11: Bye Bye [preauth]
Sep 28 20:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Disconnected from 192.241.169.58 port 37094 [preauth]
Sep 28 20:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session closed for user root
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user root
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7457]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: Successful su for rubyman by root
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: + ??? root:rubyman
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310533 of user rubyman.
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7530]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310533.
Sep 28 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session closed for user root
Sep 28 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Failed password for root from 152.32.185.214 port 59638 ssh2
Sep 28 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Received disconnect from 152.32.185.214 port 59638:11: Bye Bye [preauth]
Sep 28 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Disconnected from 152.32.185.214 port 59638 [preauth]
Sep 28 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4366]: pam_unix(cron:session): session closed for user root
Sep 28 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7458]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Invalid user rajesh from 192.241.169.58
Sep 28 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: input_userauth_request: invalid user rajesh [preauth]
Sep 28 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Failed password for invalid user rajesh from 192.241.169.58 port 42268 ssh2
Sep 28 20:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Received disconnect from 192.241.169.58 port 42268:11: Bye Bye [preauth]
Sep 28 20:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Disconnected from 192.241.169.58 port 42268 [preauth]
Sep 28 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session closed for user root
Sep 28 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: Successful su for rubyman by root
Sep 28 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: + ??? root:rubyman
Sep 28 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310535 of user rubyman.
Sep 28 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8044]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310535.
Sep 28 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session closed for user root
Sep 28 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: Failed password for root from 192.241.169.58 port 47886 ssh2
Sep 28 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: Received disconnect from 192.241.169.58 port 47886:11: Bye Bye [preauth]
Sep 28 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8166]: Disconnected from 192.241.169.58 port 47886 [preauth]
Sep 28 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Invalid user db from 152.32.185.214
Sep 28 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: input_userauth_request: invalid user db [preauth]
Sep 28 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Failed password for invalid user db from 152.32.185.214 port 44894 ssh2
Sep 28 20:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Received disconnect from 152.32.185.214 port 44894:11: Bye Bye [preauth]
Sep 28 20:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8269]: Disconnected from 152.32.185.214 port 44894 [preauth]
Sep 28 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session closed for user root
Sep 28 20:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58  user=root
Sep 28 20:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Failed password for root from 192.241.169.58 port 48456 ssh2
Sep 28 20:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Received disconnect from 192.241.169.58 port 48456:11: Bye Bye [preauth]
Sep 28 20:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Disconnected from 192.241.169.58 port 48456 [preauth]
Sep 28 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8529]: Successful su for rubyman by root
Sep 28 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8529]: + ??? root:rubyman
Sep 28 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310541 of user rubyman.
Sep 28 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8529]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310541.
Sep 28 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session closed for user root
Sep 28 20:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8460]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Invalid user app from 152.32.185.214
Sep 28 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: input_userauth_request: invalid user app [preauth]
Sep 28 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Failed password for invalid user app from 152.32.185.214 port 55004 ssh2
Sep 28 20:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Received disconnect from 152.32.185.214 port 55004:11: Bye Bye [preauth]
Sep 28 20:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Disconnected from 152.32.185.214 port 55004 [preauth]
Sep 28 20:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session closed for user root
Sep 28 20:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Invalid user magento from 192.241.169.58
Sep 28 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: input_userauth_request: invalid user magento [preauth]
Sep 28 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Failed password for invalid user magento from 192.241.169.58 port 60086 ssh2
Sep 28 20:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Received disconnect from 192.241.169.58 port 60086:11: Bye Bye [preauth]
Sep 28 20:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8999]: Disconnected from 192.241.169.58 port 60086 [preauth]
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9022]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9087]: Successful su for rubyman by root
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9087]: + ??? root:rubyman
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310544 of user rubyman.
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9087]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310544.
Sep 28 20:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session closed for user root
Sep 28 20:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Invalid user webuser from 152.32.185.214
Sep 28 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: input_userauth_request: invalid user webuser [preauth]
Sep 28 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Failed password for invalid user webuser from 152.32.185.214 port 57170 ssh2
Sep 28 20:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Received disconnect from 152.32.185.214 port 57170:11: Bye Bye [preauth]
Sep 28 20:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Disconnected from 152.32.185.214 port 57170 [preauth]
Sep 28 20:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7961]: pam_unix(cron:session): session closed for user root
Sep 28 20:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Invalid user mithun from 192.241.169.58
Sep 28 20:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: input_userauth_request: invalid user mithun [preauth]
Sep 28 20:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Failed password for invalid user mithun from 192.241.169.58 port 45610 ssh2
Sep 28 20:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Received disconnect from 192.241.169.58 port 45610:11: Bye Bye [preauth]
Sep 28 20:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9512]: Disconnected from 192.241.169.58 port 45610 [preauth]
Sep 28 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: Successful su for rubyman by root
Sep 28 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: + ??? root:rubyman
Sep 28 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310548 of user rubyman.
Sep 28 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310548.
Sep 28 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session closed for user root
Sep 28 20:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Failed password for root from 152.32.185.214 port 40724 ssh2
Sep 28 20:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Received disconnect from 152.32.185.214 port 40724:11: Bye Bye [preauth]
Sep 28 20:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Disconnected from 152.32.185.214 port 40724 [preauth]
Sep 28 20:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: Invalid user opus from 192.241.169.58
Sep 28 20:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: input_userauth_request: invalid user opus [preauth]
Sep 28 20:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.169.58
Sep 28 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: Failed password for invalid user opus from 192.241.169.58 port 53490 ssh2
Sep 28 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: Received disconnect from 192.241.169.58 port 53490:11: Bye Bye [preauth]
Sep 28 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10036]: Disconnected from 192.241.169.58 port 53490 [preauth]
Sep 28 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session closed for user root
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session closed for user root
Sep 28 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10221]: Successful su for rubyman by root
Sep 28 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10221]: + ??? root:rubyman
Sep 28 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310553 of user rubyman.
Sep 28 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10221]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310553.
Sep 28 20:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session closed for user root
Sep 28 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session closed for user root
Sep 28 20:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Failed password for root from 152.32.185.214 port 55810 ssh2
Sep 28 20:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Received disconnect from 152.32.185.214 port 55810:11: Bye Bye [preauth]
Sep 28 20:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Disconnected from 152.32.185.214 port 55810 [preauth]
Sep 28 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session closed for user root
Sep 28 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10642]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: Successful su for rubyman by root
Sep 28 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: + ??? root:rubyman
Sep 28 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310558 of user rubyman.
Sep 28 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10717]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310558.
Sep 28 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user root
Sep 28 20:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Invalid user soporte from 152.32.185.214
Sep 28 20:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: input_userauth_request: invalid user soporte [preauth]
Sep 28 20:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Failed password for invalid user soporte from 152.32.185.214 port 56356 ssh2
Sep 28 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Received disconnect from 152.32.185.214 port 56356:11: Bye Bye [preauth]
Sep 28 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Disconnected from 152.32.185.214 port 56356 [preauth]
Sep 28 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session closed for user root
Sep 28 20:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: Invalid user jay from 164.68.105.9
Sep 28 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: input_userauth_request: invalid user jay [preauth]
Sep 28 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: Failed password for invalid user jay from 164.68.105.9 port 51084 ssh2
Sep 28 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: Connection closed by 164.68.105.9 port 51084 [preauth]
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11084]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11144]: Successful su for rubyman by root
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11144]: + ??? root:rubyman
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310562 of user rubyman.
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11144]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310562.
Sep 28 20:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7960]: pam_unix(cron:session): session closed for user root
Sep 28 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Invalid user eadmin from 152.32.185.214
Sep 28 20:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: input_userauth_request: invalid user eadmin [preauth]
Sep 28 20:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Failed password for invalid user eadmin from 152.32.185.214 port 50678 ssh2
Sep 28 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Received disconnect from 152.32.185.214 port 50678:11: Bye Bye [preauth]
Sep 28 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Disconnected from 152.32.185.214 port 50678 [preauth]
Sep 28 20:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10145]: pam_unix(cron:session): session closed for user root
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: Successful su for rubyman by root
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: + ??? root:rubyman
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310565 of user rubyman.
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11571]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310565.
Sep 28 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session closed for user root
Sep 28 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: Invalid user raspberrypi from 93.152.230.176
Sep 28 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: input_userauth_request: invalid user raspberrypi [preauth]
Sep 28 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: Failed password for invalid user raspberrypi from 93.152.230.176 port 47587 ssh2
Sep 28 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: Received disconnect from 93.152.230.176 port 47587:11: Client disconnecting normally [preauth]
Sep 28 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: Disconnected from 93.152.230.176 port 47587 [preauth]
Sep 28 20:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10646]: pam_unix(cron:session): session closed for user root
Sep 28 20:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Failed password for root from 152.32.185.214 port 59508 ssh2
Sep 28 20:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Received disconnect from 152.32.185.214 port 59508:11: Bye Bye [preauth]
Sep 28 20:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Disconnected from 152.32.185.214 port 59508 [preauth]
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: Successful su for rubyman by root
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: + ??? root:rubyman
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310570 of user rubyman.
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310570.
Sep 28 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9022]: pam_unix(cron:session): session closed for user root
Sep 28 20:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session closed for user root
Sep 28 20:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214  user=root
Sep 28 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: Failed password for root from 152.32.185.214 port 35094 ssh2
Sep 28 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: Received disconnect from 152.32.185.214 port 35094:11: Bye Bye [preauth]
Sep 28 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: Disconnected from 152.32.185.214 port 35094 [preauth]
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session closed for user root
Sep 28 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12544]: Successful su for rubyman by root
Sep 28 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12544]: + ??? root:rubyman
Sep 28 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310573 of user rubyman.
Sep 28 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12544]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310573.
Sep 28 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user root
Sep 28 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session closed for user root
Sep 28 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user root
Sep 28 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Invalid user itsupport from 152.32.185.214
Sep 28 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: input_userauth_request: invalid user itsupport [preauth]
Sep 28 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Failed password for invalid user itsupport from 152.32.185.214 port 51914 ssh2
Sep 28 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Received disconnect from 152.32.185.214 port 51914:11: Bye Bye [preauth]
Sep 28 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Disconnected from 152.32.185.214 port 51914 [preauth]
Sep 28 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12966]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12964]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: Successful su for rubyman by root
Sep 28 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: + ??? root:rubyman
Sep 28 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310580 of user rubyman.
Sep 28 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13043]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310580.
Sep 28 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10144]: pam_unix(cron:session): session closed for user root
Sep 28 20:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12965]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session closed for user root
Sep 28 20:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Invalid user deploy from 152.32.185.214
Sep 28 20:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: input_userauth_request: invalid user deploy [preauth]
Sep 28 20:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.185.214
Sep 28 20:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for invalid user deploy from 152.32.185.214 port 47432 ssh2
Sep 28 20:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Received disconnect from 152.32.185.214 port 47432:11: Bye Bye [preauth]
Sep 28 20:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Disconnected from 152.32.185.214 port 47432 [preauth]
Sep 28 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13419]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: Successful su for rubyman by root
Sep 28 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: + ??? root:rubyman
Sep 28 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310583 of user rubyman.
Sep 28 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310583.
Sep 28 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session closed for user root
Sep 28 20:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session closed for user root
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: Successful su for rubyman by root
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: + ??? root:rubyman
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310588 of user rubyman.
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310588.
Sep 28 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11084]: pam_unix(cron:session): session closed for user root
Sep 28 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13842]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Invalid user ubuntu from 138.68.58.124
Sep 28 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 28 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Failed password for invalid user ubuntu from 138.68.58.124 port 54162 ssh2
Sep 28 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14224]: Connection closed by 138.68.58.124 port 54162 [preauth]
Sep 28 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session closed for user root
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14349]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session closed for user p13x
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14408]: Successful su for rubyman by root
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14408]: + ??? root:rubyman
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310593 of user rubyman.
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14408]: pam_unix(su:session): session closed for user rubyman
Sep 28 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310593.
Sep 28 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user root
Sep 28 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Invalid user user from 62.60.131.157
Sep 28 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: input_userauth_request: invalid user user [preauth]
Sep 28 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 20:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session closed for user samftp
Sep 28 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for invalid user user from 62.60.131.157 port 13045 ssh2
Sep 28 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for invalid user user from 62.60.131.157 port 13045 ssh2
Sep 28 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for invalid user user from 62.60.131.157 port 13045 ssh2
Sep 28 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for invalid user user from 62.60.131.157 port 13045 ssh2
Sep 28 20:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 20:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for invalid user user from 62.60.131.157 port 13045 ssh2
Sep 28 20:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Received disconnect from 62.60.131.157 port 13045:11: Bye [preauth]
Sep 28 20:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Disconnected from 62.60.131.157 port 13045 [preauth]
Sep 28 20:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 20:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 20:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session closed for user root
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14757]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session closed for user root
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14757]: pam_unix(cron:session): session closed for user root
Sep 28 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14871]: Successful su for rubyman by root
Sep 28 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14871]: + ??? root:rubyman
Sep 28 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310599 of user rubyman.
Sep 28 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14871]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310599.
Sep 28 21:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session closed for user root
Sep 28 21:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session closed for user root
Sep 28 21:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13844]: pam_unix(cron:session): session closed for user root
Sep 28 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15281]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15279]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15364]: Successful su for rubyman by root
Sep 28 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15364]: + ??? root:rubyman
Sep 28 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310604 of user rubyman.
Sep 28 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15364]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310604.
Sep 28 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session closed for user root
Sep 28 21:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15280]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session closed for user root
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15776]: Successful su for rubyman by root
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15776]: + ??? root:rubyman
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310606 of user rubyman.
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15776]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310606.
Sep 28 21:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12966]: pam_unix(cron:session): session closed for user root
Sep 28 21:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session closed for user root
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16122]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16189]: Successful su for rubyman by root
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16189]: + ??? root:rubyman
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310610 of user rubyman.
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16189]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310610.
Sep 28 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session closed for user root
Sep 28 21:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15287]: pam_unix(cron:session): session closed for user root
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: Successful su for rubyman by root
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: + ??? root:rubyman
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310614 of user rubyman.
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16633]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310614.
Sep 28 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13843]: pam_unix(cron:session): session closed for user root
Sep 28 21:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session closed for user root
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user root
Sep 28 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17073]: Successful su for rubyman by root
Sep 28 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17073]: + ??? root:rubyman
Sep 28 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310618 of user rubyman.
Sep 28 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17073]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310618.
Sep 28 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session closed for user root
Sep 28 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14349]: pam_unix(cron:session): session closed for user root
Sep 28 21:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user root
Sep 28 21:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: Invalid user admin from 93.152.230.176
Sep 28 21:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 21:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: Failed password for invalid user admin from 93.152.230.176 port 55754 ssh2
Sep 28 21:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: Received disconnect from 93.152.230.176 port 55754:11: Client disconnecting normally [preauth]
Sep 28 21:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17426]: Disconnected from 93.152.230.176 port 55754 [preauth]
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17552]: Successful su for rubyman by root
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17552]: + ??? root:rubyman
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310624 of user rubyman.
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17552]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310624.
Sep 28 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session closed for user root
Sep 28 21:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session closed for user root
Sep 28 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18096]: Successful su for rubyman by root
Sep 28 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18096]: + ??? root:rubyman
Sep 28 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310630 of user rubyman.
Sep 28 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18096]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310630.
Sep 28 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15281]: pam_unix(cron:session): session closed for user root
Sep 28 21:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session closed for user root
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: Successful su for rubyman by root
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: + ??? root:rubyman
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310632 of user rubyman.
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310632.
Sep 28 21:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session closed for user root
Sep 28 21:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user root
Sep 28 21:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 21:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Failed password for root from 46.101.170.54 port 57034 ssh2
Sep 28 21:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Connection closed by 46.101.170.54 port 57034 [preauth]
Sep 28 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19566]: Successful su for rubyman by root
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19566]: + ??? root:rubyman
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310639 of user rubyman.
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19566]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310639.
Sep 28 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session closed for user root
Sep 28 21:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session closed for user root
Sep 28 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19926]: Did not receive identification string from 64.226.103.63
Sep 28 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Received disconnect from 91.224.92.108 port 61022:11:  [preauth]
Sep 28 21:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Disconnected from 91.224.92.108 port 61022 [preauth]
Sep 28 21:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18029]: pam_unix(cron:session): session closed for user root
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session closed for user root
Sep 28 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20210]: Successful su for rubyman by root
Sep 28 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20210]: + ??? root:rubyman
Sep 28 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310644 of user rubyman.
Sep 28 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20210]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310644.
Sep 28 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user root
Sep 28 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session closed for user root
Sep 28 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Received disconnect from 91.224.92.79 port 60186:11:  [preauth]
Sep 28 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Disconnected from 91.224.92.79 port 60186 [preauth]
Sep 28 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user root
Sep 28 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20631]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: Successful su for rubyman by root
Sep 28 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: + ??? root:rubyman
Sep 28 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310647 of user rubyman.
Sep 28 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310647.
Sep 28 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17002]: pam_unix(cron:session): session closed for user root
Sep 28 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20629]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user root
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21151]: Successful su for rubyman by root
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21151]: + ??? root:rubyman
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310652 of user rubyman.
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21151]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310652.
Sep 28 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17481]: pam_unix(cron:session): session closed for user root
Sep 28 21:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session closed for user root
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21505]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21574]: Successful su for rubyman by root
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21574]: + ??? root:rubyman
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310655 of user rubyman.
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21574]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310655.
Sep 28 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18028]: pam_unix(cron:session): session closed for user root
Sep 28 21:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21506]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20631]: pam_unix(cron:session): session closed for user root
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21946]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21942]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22015]: Successful su for rubyman by root
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22015]: + ??? root:rubyman
Sep 28 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310660 of user rubyman.
Sep 28 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22015]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310660.
Sep 28 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session closed for user root
Sep 28 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21943]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Invalid user admin from 78.128.112.74
Sep 28 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Failed password for invalid user admin from 78.128.112.74 port 56258 ssh2
Sep 28 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Connection closed by 78.128.112.74 port 56258 [preauth]
Sep 28 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session closed for user root
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session closed for user root
Sep 28 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22389]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: Successful su for rubyman by root
Sep 28 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: + ??? root:rubyman
Sep 28 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310664 of user rubyman.
Sep 28 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310664.
Sep 28 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
Sep 28 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user root
Sep 28 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session closed for user root
Sep 28 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23194]: Successful su for rubyman by root
Sep 28 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23194]: + ??? root:rubyman
Sep 28 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310669 of user rubyman.
Sep 28 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23194]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310669.
Sep 28 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20125]: pam_unix(cron:session): session closed for user root
Sep 28 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session closed for user root
Sep 28 21:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Invalid user develop from 103.182.234.219
Sep 28 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: input_userauth_request: invalid user develop [preauth]
Sep 28 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Failed password for invalid user develop from 103.182.234.219 port 57048 ssh2
Sep 28 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Received disconnect from 103.182.234.219 port 57048:11: Bye Bye [preauth]
Sep 28 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Disconnected from 103.182.234.219 port 57048 [preauth]
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23810]: pam_unix(cron:session): session closed for user root
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23813]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: Successful su for rubyman by root
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: + ??? root:rubyman
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310675 of user rubyman.
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310675.
Sep 28 21:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session closed for user root
Sep 28 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23814]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session closed for user root
Sep 28 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24297]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: Successful su for rubyman by root
Sep 28 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: + ??? root:rubyman
Sep 28 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310680 of user rubyman.
Sep 28 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310680.
Sep 28 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21090]: pam_unix(cron:session): session closed for user root
Sep 28 21:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24295]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Invalid user test from 93.152.230.176
Sep 28 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: input_userauth_request: invalid user test [preauth]
Sep 28 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Failed password for invalid user test from 93.152.230.176 port 53720 ssh2
Sep 28 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Received disconnect from 93.152.230.176 port 53720:11: Client disconnecting normally [preauth]
Sep 28 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Disconnected from 93.152.230.176 port 53720 [preauth]
Sep 28 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: Successful su for rubyman by root
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: + ??? root:rubyman
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310683 of user rubyman.
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310683.
Sep 28 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24967]: Bad protocol version identification '' from 3.149.59.26 port 60548
Sep 28 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21507]: pam_unix(cron:session): session closed for user root
Sep 28 21:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session closed for user root
Sep 28 21:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Invalid user stas from 103.80.27.9
Sep 28 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: input_userauth_request: invalid user stas [preauth]
Sep 28 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user stas from 103.80.27.9 port 53892 ssh2
Sep 28 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Received disconnect from 103.80.27.9 port 53892:11: Bye Bye [preauth]
Sep 28 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Disconnected from 103.80.27.9 port 53892 [preauth]
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25235]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25233]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session closed for user root
Sep 28 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25520]: Successful su for rubyman by root
Sep 28 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25520]: + ??? root:rubyman
Sep 28 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310687 of user rubyman.
Sep 28 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25520]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310687.
Sep 28 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Bad protocol version identification 'GET / HTTP/1.1' from 3.149.59.26 port 32866
Sep 28 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21946]: pam_unix(cron:session): session closed for user root
Sep 28 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25233]: pam_unix(cron:session): session closed for user root
Sep 28 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25232]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Invalid user mailadmin from 103.182.234.219
Sep 28 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: input_userauth_request: invalid user mailadmin [preauth]
Sep 28 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Failed password for invalid user mailadmin from 103.182.234.219 port 53813 ssh2
Sep 28 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Received disconnect from 103.182.234.219 port 53813:11: Bye Bye [preauth]
Sep 28 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Disconnected from 103.182.234.219 port 53813 [preauth]
Sep 28 21:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25927]: Connection reset by 205.210.31.52 port 62482 [preauth]
Sep 28 21:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24297]: pam_unix(cron:session): session closed for user root
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: Successful su for rubyman by root
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: + ??? root:rubyman
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310692 of user rubyman.
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26119]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310692.
Sep 28 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user root
Sep 28 21:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Invalid user mailadmin from 103.80.27.9
Sep 28 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: input_userauth_request: invalid user mailadmin [preauth]
Sep 28 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Failed password for invalid user mailadmin from 103.80.27.9 port 51928 ssh2
Sep 28 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Received disconnect from 103.80.27.9 port 51928:11: Bye Bye [preauth]
Sep 28 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Disconnected from 103.80.27.9 port 51928 [preauth]
Sep 28 21:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Invalid user db2fenc1 from 103.182.234.219
Sep 28 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: input_userauth_request: invalid user db2fenc1 [preauth]
Sep 28 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Failed password for invalid user db2fenc1 from 103.182.234.219 port 37227 ssh2
Sep 28 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Received disconnect from 103.182.234.219 port 37227:11: Bye Bye [preauth]
Sep 28 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Disconnected from 103.182.234.219 port 37227 [preauth]
Sep 28 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
Sep 28 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26598]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: Successful su for rubyman by root
Sep 28 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: + ??? root:rubyman
Sep 28 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310697 of user rubyman.
Sep 28 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26674]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310697.
Sep 28 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
Sep 28 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26599]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: Failed password for root from 103.80.27.9 port 41922 ssh2
Sep 28 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: Received disconnect from 103.80.27.9 port 41922:11: Bye Bye [preauth]
Sep 28 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27028]: Disconnected from 103.80.27.9 port 41922 [preauth]
Sep 28 21:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session closed for user root
Sep 28 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Bad protocol version identification 'GET / HTTP/1.1' from 3.149.59.26 port 37036
Sep 28 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Failed password for root from 103.182.234.219 port 48871 ssh2
Sep 28 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Received disconnect from 103.182.234.219 port 48871:11: Bye Bye [preauth]
Sep 28 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Disconnected from 103.182.234.219 port 48871 [preauth]
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27164]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: Successful su for rubyman by root
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: + ??? root:rubyman
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310700 of user rubyman.
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27241]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310700.
Sep 28 21:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Connection closed by 164.92.159.100 port 48194 [preauth]
Sep 28 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23815]: pam_unix(cron:session): session closed for user root
Sep 28 21:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27166]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Failed password for root from 103.80.27.9 port 36832 ssh2
Sep 28 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Received disconnect from 103.80.27.9 port 36832:11: Bye Bye [preauth]
Sep 28 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Disconnected from 103.80.27.9 port 36832 [preauth]
Sep 28 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session closed for user root
Sep 28 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27745]: Bad protocol version identification '\026\003\001' from 3.149.59.26 port 51332
Sep 28 21:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: Invalid user moshe from 103.182.234.219
Sep 28 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: input_userauth_request: invalid user moshe [preauth]
Sep 28 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: Failed password for invalid user moshe from 103.182.234.219 port 60518 ssh2
Sep 28 21:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: Received disconnect from 103.182.234.219 port 60518:11: Bye Bye [preauth]
Sep 28 21:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27796]: Disconnected from 103.182.234.219 port 60518 [preauth]
Sep 28 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27814]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27811]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27889]: Successful su for rubyman by root
Sep 28 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27889]: + ??? root:rubyman
Sep 28 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310704 of user rubyman.
Sep 28 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27889]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310704.
Sep 28 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24296]: pam_unix(cron:session): session closed for user root
Sep 28 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Invalid user edge from 103.80.27.9
Sep 28 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: input_userauth_request: invalid user edge [preauth]
Sep 28 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Failed password for invalid user edge from 103.80.27.9 port 59808 ssh2
Sep 28 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Received disconnect from 103.80.27.9 port 59808:11: Bye Bye [preauth]
Sep 28 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Disconnected from 103.80.27.9 port 59808 [preauth]
Sep 28 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session closed for user root
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session closed for user root
Sep 28 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: Successful su for rubyman by root
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: + ??? root:rubyman
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310713 of user rubyman.
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310713.
Sep 28 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Invalid user edge from 103.182.234.219
Sep 28 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: input_userauth_request: invalid user edge [preauth]
Sep 28 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Failed password for invalid user edge from 103.182.234.219 port 43937 ssh2
Sep 28 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Received disconnect from 103.182.234.219 port 43937:11: Bye Bye [preauth]
Sep 28 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Disconnected from 103.182.234.219 port 43937 [preauth]
Sep 28 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session closed for user root
Sep 28 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28265]: pam_unix(cron:session): session closed for user root
Sep 28 21:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Invalid user jona from 103.80.27.9
Sep 28 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: input_userauth_request: invalid user jona [preauth]
Sep 28 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user root
Sep 28 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Failed password for invalid user jona from 103.80.27.9 port 37038 ssh2
Sep 28 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Received disconnect from 103.80.27.9 port 37038:11: Bye Bye [preauth]
Sep 28 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Disconnected from 103.80.27.9 port 37038 [preauth]
Sep 28 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28891]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29068]: Successful su for rubyman by root
Sep 28 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29068]: + ??? root:rubyman
Sep 28 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310715 of user rubyman.
Sep 28 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29068]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310715.
Sep 28 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25235]: pam_unix(cron:session): session closed for user root
Sep 28 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: Invalid user admin from 103.182.234.219
Sep 28 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: Failed password for invalid user admin from 103.182.234.219 port 55585 ssh2
Sep 28 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: Received disconnect from 103.182.234.219 port 55585:11: Bye Bye [preauth]
Sep 28 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29300]: Disconnected from 103.182.234.219 port 55585 [preauth]
Sep 28 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27814]: pam_unix(cron:session): session closed for user root
Sep 28 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: Invalid user db2fenc1 from 103.80.27.9
Sep 28 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: input_userauth_request: invalid user db2fenc1 [preauth]
Sep 28 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: Failed password for invalid user db2fenc1 from 103.80.27.9 port 34796 ssh2
Sep 28 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: Received disconnect from 103.80.27.9 port 34796:11: Bye Bye [preauth]
Sep 28 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29386]: Disconnected from 103.80.27.9 port 34796 [preauth]
Sep 28 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29464]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29533]: Successful su for rubyman by root
Sep 28 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29533]: + ??? root:rubyman
Sep 28 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310718 of user rubyman.
Sep 28 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29533]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310718.
Sep 28 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session closed for user root
Sep 28 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Invalid user proxyuser from 103.182.234.219
Sep 28 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: input_userauth_request: invalid user proxyuser [preauth]
Sep 28 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Failed password for invalid user proxyuser from 103.182.234.219 port 38998 ssh2
Sep 28 21:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Received disconnect from 103.182.234.219 port 38998:11: Bye Bye [preauth]
Sep 28 21:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Disconnected from 103.182.234.219 port 38998 [preauth]
Sep 28 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session closed for user root
Sep 28 21:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Failed password for root from 103.80.27.9 port 33826 ssh2
Sep 28 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Received disconnect from 103.80.27.9 port 33826:11: Bye Bye [preauth]
Sep 28 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Disconnected from 103.80.27.9 port 33826 [preauth]
Sep 28 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 28 21:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: Failed password for root from 190.103.202.7 port 35392 ssh2
Sep 28 21:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29877]: Connection closed by 190.103.202.7 port 35392 [preauth]
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29937]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30010]: Successful su for rubyman by root
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30010]: + ??? root:rubyman
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310723 of user rubyman.
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30010]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310723.
Sep 28 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26600]: pam_unix(cron:session): session closed for user root
Sep 28 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30207]: Bad protocol version identification '\026\003\001' from 3.149.59.26 port 53088
Sep 28 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29938]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session closed for user root
Sep 28 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Invalid user amalia from 103.182.234.219
Sep 28 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: input_userauth_request: invalid user amalia [preauth]
Sep 28 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Failed password for invalid user amalia from 103.182.234.219 port 50643 ssh2
Sep 28 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Received disconnect from 103.182.234.219 port 50643:11: Bye Bye [preauth]
Sep 28 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Disconnected from 103.182.234.219 port 50643 [preauth]
Sep 28 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Failed password for root from 103.80.27.9 port 41638 ssh2
Sep 28 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Received disconnect from 103.80.27.9 port 41638:11: Bye Bye [preauth]
Sep 28 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Disconnected from 103.80.27.9 port 41638 [preauth]
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30464]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: Successful su for rubyman by root
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: + ??? root:rubyman
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310726 of user rubyman.
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310726.
Sep 28 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user root
Sep 28 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Invalid user csadmin from 138.68.58.124
Sep 28 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: input_userauth_request: invalid user csadmin [preauth]
Sep 28 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 28 21:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Failed password for invalid user csadmin from 138.68.58.124 port 38996 ssh2
Sep 28 21:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30851]: Connection closed by 138.68.58.124 port 38996 [preauth]
Sep 28 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session closed for user root
Sep 28 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: User bin from 103.80.27.9 not allowed because not listed in AllowUsers
Sep 28 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: input_userauth_request: invalid user bin [preauth]
Sep 28 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=bin
Sep 28 21:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30952]: Failed password for root from 103.182.234.219 port 34054 ssh2
Sep 28 21:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30952]: Received disconnect from 103.182.234.219 port 34054:11: Bye Bye [preauth]
Sep 28 21:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30952]: Disconnected from 103.182.234.219 port 34054 [preauth]
Sep 28 21:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Failed password for invalid user bin from 103.80.27.9 port 50964 ssh2
Sep 28 21:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Received disconnect from 103.80.27.9 port 50964:11: Bye Bye [preauth]
Sep 28 21:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30956]: Disconnected from 103.80.27.9 port 50964 [preauth]
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30999]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30999]: pam_unix(cron:session): session closed for user root
Sep 28 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30993]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: Successful su for rubyman by root
Sep 28 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: + ??? root:rubyman
Sep 28 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310733 of user rubyman.
Sep 28 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31076]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310733.
Sep 28 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30995]: pam_unix(cron:session): session closed for user root
Sep 28 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session closed for user root
Sep 28 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30994]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user root
Sep 28 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Invalid user ubuntu from 93.152.230.176
Sep 28 21:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 21:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Failed password for invalid user ubuntu from 93.152.230.176 port 32157 ssh2
Sep 28 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Received disconnect from 93.152.230.176 port 32157:11: Client disconnecting normally [preauth]
Sep 28 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31396]: Disconnected from 93.152.230.176 port 32157 [preauth]
Sep 28 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Invalid user newuser from 103.80.27.9
Sep 28 21:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: input_userauth_request: invalid user newuser [preauth]
Sep 28 21:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Failed password for invalid user newuser from 103.80.27.9 port 33840 ssh2
Sep 28 21:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Received disconnect from 103.80.27.9 port 33840:11: Bye Bye [preauth]
Sep 28 21:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Disconnected from 103.80.27.9 port 33840 [preauth]
Sep 28 21:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Invalid user admin from 103.182.234.219
Sep 28 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Failed password for invalid user admin from 103.182.234.219 port 45707 ssh2
Sep 28 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Received disconnect from 103.182.234.219 port 45707:11: Bye Bye [preauth]
Sep 28 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Disconnected from 103.182.234.219 port 45707 [preauth]
Sep 28 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: Successful su for rubyman by root
Sep 28 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: + ??? root:rubyman
Sep 28 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310736 of user rubyman.
Sep 28 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310736.
Sep 28 21:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session closed for user root
Sep 28 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30470]: pam_unix(cron:session): session closed for user root
Sep 28 21:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Invalid user zabbix from 103.80.27.9
Sep 28 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Failed password for invalid user zabbix from 103.80.27.9 port 37168 ssh2
Sep 28 21:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Received disconnect from 103.80.27.9 port 37168:11: Bye Bye [preauth]
Sep 28 21:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Disconnected from 103.80.27.9 port 37168 [preauth]
Sep 28 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31971]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31967]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32036]: Successful su for rubyman by root
Sep 28 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32036]: + ??? root:rubyman
Sep 28 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310740 of user rubyman.
Sep 28 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32036]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310740.
Sep 28 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28891]: pam_unix(cron:session): session closed for user root
Sep 28 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: User vncuser from 103.182.234.219 not allowed because not listed in AllowUsers
Sep 28 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: input_userauth_request: invalid user vncuser [preauth]
Sep 28 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=vncuser
Sep 28 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Failed password for invalid user vncuser from 103.182.234.219 port 57354 ssh2
Sep 28 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Received disconnect from 103.182.234.219 port 57354:11: Bye Bye [preauth]
Sep 28 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32167]: Disconnected from 103.182.234.219 port 57354 [preauth]
Sep 28 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31968]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session closed for user root
Sep 28 21:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Invalid user debug from 103.80.27.9
Sep 28 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: input_userauth_request: invalid user debug [preauth]
Sep 28 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Failed password for invalid user debug from 103.80.27.9 port 52718 ssh2
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Received disconnect from 103.80.27.9 port 52718:11: Bye Bye [preauth]
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32400]: Disconnected from 103.80.27.9 port 52718 [preauth]
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: Successful su for rubyman by root
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: + ??? root:rubyman
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310744 of user rubyman.
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32470]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310744.
Sep 28 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session closed for user root
Sep 28 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: Invalid user sarah from 103.182.234.219
Sep 28 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: input_userauth_request: invalid user sarah [preauth]
Sep 28 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: Failed password for invalid user sarah from 103.182.234.219 port 40768 ssh2
Sep 28 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: Received disconnect from 103.182.234.219 port 40768:11: Bye Bye [preauth]
Sep 28 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: Disconnected from 103.182.234.219 port 40768 [preauth]
Sep 28 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[452]: Successful su for rubyman by root
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[452]: + ??? root:rubyman
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310750 of user rubyman.
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[452]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310750.
Sep 28 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Invalid user email from 103.80.27.9
Sep 28 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: input_userauth_request: invalid user email [preauth]
Sep 28 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session closed for user root
Sep 28 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Failed password for invalid user email from 103.80.27.9 port 45012 ssh2
Sep 28 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Received disconnect from 103.80.27.9 port 45012:11: Bye Bye [preauth]
Sep 28 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Disconnected from 103.80.27.9 port 45012 [preauth]
Sep 28 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[372]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Invalid user training from 103.182.234.219
Sep 28 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: input_userauth_request: invalid user training [preauth]
Sep 28 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Failed password for invalid user training from 103.182.234.219 port 52414 ssh2
Sep 28 21:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Received disconnect from 103.182.234.219 port 52414:11: Bye Bye [preauth]
Sep 28 21:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[681]: Disconnected from 103.182.234.219 port 52414 [preauth]
Sep 28 21:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31971]: pam_unix(cron:session): session closed for user root
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session closed for user root
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[828]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: Successful su for rubyman by root
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: + ??? root:rubyman
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310753 of user rubyman.
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[961]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310753.
Sep 28 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[841]: pam_unix(cron:session): session closed for user root
Sep 28 21:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30466]: pam_unix(cron:session): session closed for user root
Sep 28 21:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[832]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Invalid user test from 103.80.27.9
Sep 28 21:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: input_userauth_request: invalid user test [preauth]
Sep 28 21:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Failed password for invalid user test from 103.80.27.9 port 38824 ssh2
Sep 28 21:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Received disconnect from 103.80.27.9 port 38824:11: Bye Bye [preauth]
Sep 28 21:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Disconnected from 103.80.27.9 port 38824 [preauth]
Sep 28 21:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Invalid user test from 103.182.234.219
Sep 28 21:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: input_userauth_request: invalid user test [preauth]
Sep 28 21:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Failed password for invalid user test from 103.182.234.219 port 35827 ssh2
Sep 28 21:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Received disconnect from 103.182.234.219 port 35827:11: Bye Bye [preauth]
Sep 28 21:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1296]: Disconnected from 103.182.234.219 port 35827 [preauth]
Sep 28 21:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session closed for user root
Sep 28 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: Successful su for rubyman by root
Sep 28 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: + ??? root:rubyman
Sep 28 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310758 of user rubyman.
Sep 28 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310758.
Sep 28 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30996]: pam_unix(cron:session): session closed for user root
Sep 28 21:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: Invalid user webadmin from 103.80.27.9
Sep 28 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: Failed password for invalid user webadmin from 103.80.27.9 port 41132 ssh2
Sep 28 21:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: Received disconnect from 103.80.27.9 port 41132:11: Bye Bye [preauth]
Sep 28 21:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: Disconnected from 103.80.27.9 port 41132 [preauth]
Sep 28 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[374]: pam_unix(cron:session): session closed for user root
Sep 28 21:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for root from 103.182.234.219 port 47472 ssh2
Sep 28 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Received disconnect from 103.182.234.219 port 47472:11: Bye Bye [preauth]
Sep 28 21:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Disconnected from 103.182.234.219 port 47472 [preauth]
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: Successful su for rubyman by root
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: + ??? root:rubyman
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310764 of user rubyman.
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310764.
Sep 28 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user root
Sep 28 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: Invalid user depot from 103.80.27.9
Sep 28 21:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: input_userauth_request: invalid user depot [preauth]
Sep 28 21:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: Failed password for invalid user depot from 103.80.27.9 port 55842 ssh2
Sep 28 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: Received disconnect from 103.80.27.9 port 55842:11: Bye Bye [preauth]
Sep 28 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2209]: Disconnected from 103.80.27.9 port 55842 [preauth]
Sep 28 21:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session closed for user root
Sep 28 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Failed password for root from 103.182.234.219 port 59116 ssh2
Sep 28 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Received disconnect from 103.182.234.219 port 59116:11: Bye Bye [preauth]
Sep 28 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Disconnected from 103.182.234.219 port 59116 [preauth]
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: Successful su for rubyman by root
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: + ??? root:rubyman
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310768 of user rubyman.
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2387]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310768.
Sep 28 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31970]: pam_unix(cron:session): session closed for user root
Sep 28 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user moshe from 103.80.27.9
Sep 28 21:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user moshe [preauth]
Sep 28 21:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user moshe from 103.80.27.9 port 42380 ssh2
Sep 28 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Received disconnect from 103.80.27.9 port 42380:11: Bye Bye [preauth]
Sep 28 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Disconnected from 103.80.27.9 port 42380 [preauth]
Sep 28 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session closed for user root
Sep 28 21:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: User bin from 103.182.234.219 not allowed because not listed in AllowUsers
Sep 28 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: input_userauth_request: invalid user bin [preauth]
Sep 28 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=bin
Sep 28 21:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Failed password for invalid user bin from 103.182.234.219 port 42528 ssh2
Sep 28 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Received disconnect from 103.182.234.219 port 42528:11: Bye Bye [preauth]
Sep 28 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Disconnected from 103.182.234.219 port 42528 [preauth]
Sep 28 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: Successful su for rubyman by root
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: + ??? root:rubyman
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310772 of user rubyman.
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310772.
Sep 28 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session closed for user root
Sep 28 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session closed for user root
Sep 28 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Invalid user cc from 20.163.71.109
Sep 28 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: input_userauth_request: invalid user cc [preauth]
Sep 28 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 21:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Failed password for invalid user cc from 20.163.71.109 port 41702 ssh2
Sep 28 21:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Connection closed by 20.163.71.109 port 41702 [preauth]
Sep 28 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: Failed password for root from 103.80.27.9 port 57862 ssh2
Sep 28 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: Received disconnect from 103.80.27.9 port 57862:11: Bye Bye [preauth]
Sep 28 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: Disconnected from 103.80.27.9 port 57862 [preauth]
Sep 28 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session closed for user root
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user root
Sep 28 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: Successful su for rubyman by root
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: + ??? root:rubyman
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310777 of user rubyman.
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310777.
Sep 28 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user root
Sep 28 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session closed for user root
Sep 28 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Failed password for root from 103.182.234.219 port 54180 ssh2
Sep 28 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Received disconnect from 103.182.234.219 port 54180:11: Bye Bye [preauth]
Sep 28 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Disconnected from 103.182.234.219 port 54180 [preauth]
Sep 28 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session closed for user root
Sep 28 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Invalid user training from 103.80.27.9
Sep 28 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: input_userauth_request: invalid user training [preauth]
Sep 28 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Failed password for invalid user training from 103.80.27.9 port 45174 ssh2
Sep 28 21:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Received disconnect from 103.80.27.9 port 45174:11: Bye Bye [preauth]
Sep 28 21:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Disconnected from 103.80.27.9 port 45174 [preauth]
Sep 28 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3743]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3824]: Successful su for rubyman by root
Sep 28 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3824]: + ??? root:rubyman
Sep 28 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310783 of user rubyman.
Sep 28 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3824]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310783.
Sep 28 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session closed for user root
Sep 28 21:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3744]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: Invalid user public from 103.182.234.219
Sep 28 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: input_userauth_request: invalid user public [preauth]
Sep 28 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: Failed password for invalid user public from 103.182.234.219 port 37595 ssh2
Sep 28 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: Received disconnect from 103.182.234.219 port 37595:11: Bye Bye [preauth]
Sep 28 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4045]: Disconnected from 103.182.234.219 port 37595 [preauth]
Sep 28 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 28 21:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: Failed password for root from 164.68.105.9 port 46096 ssh2
Sep 28 21:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: Connection closed by 164.68.105.9 port 46096 [preauth]
Sep 28 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user root
Sep 28 21:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for root from 103.80.27.9 port 43150 ssh2
Sep 28 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Received disconnect from 103.80.27.9 port 43150:11: Bye Bye [preauth]
Sep 28 21:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Disconnected from 103.80.27.9 port 43150 [preauth]
Sep 28 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4276]: Successful su for rubyman by root
Sep 28 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4276]: + ??? root:rubyman
Sep 28 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310787 of user rubyman.
Sep 28 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4276]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310787.
Sep 28 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session closed for user root
Sep 28 21:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Failed password for root from 103.182.234.219 port 49240 ssh2
Sep 28 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Received disconnect from 103.182.234.219 port 49240:11: Bye Bye [preauth]
Sep 28 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Disconnected from 103.182.234.219 port 49240 [preauth]
Sep 28 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user root
Sep 28 21:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for root from 103.80.27.9 port 35736 ssh2
Sep 28 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Received disconnect from 103.80.27.9 port 35736:11: Bye Bye [preauth]
Sep 28 21:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Disconnected from 103.80.27.9 port 35736 [preauth]
Sep 28 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 28 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: Failed password for root from 93.152.230.176 port 6571 ssh2
Sep 28 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: Received disconnect from 93.152.230.176 port 6571:11: Client disconnecting normally [preauth]
Sep 28 21:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4630]: Disconnected from 93.152.230.176 port 6571 [preauth]
Sep 28 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4644]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4715]: Successful su for rubyman by root
Sep 28 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4715]: + ??? root:rubyman
Sep 28 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310790 of user rubyman.
Sep 28 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4715]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310790.
Sep 28 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session closed for user root
Sep 28 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4645]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3747]: pam_unix(cron:session): session closed for user root
Sep 28 21:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Invalid user stas from 103.182.234.219
Sep 28 21:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: input_userauth_request: invalid user stas [preauth]
Sep 28 21:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for invalid user stas from 103.182.234.219 port 60885 ssh2
Sep 28 21:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Received disconnect from 103.182.234.219 port 60885:11: Bye Bye [preauth]
Sep 28 21:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Disconnected from 103.182.234.219 port 60885 [preauth]
Sep 28 21:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Invalid user sarah from 103.80.27.9
Sep 28 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: input_userauth_request: invalid user sarah [preauth]
Sep 28 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Failed password for invalid user sarah from 103.80.27.9 port 51636 ssh2
Sep 28 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Received disconnect from 103.80.27.9 port 51636:11: Bye Bye [preauth]
Sep 28 21:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Disconnected from 103.80.27.9 port 51636 [preauth]
Sep 28 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5099]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5096]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5161]: Successful su for rubyman by root
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5161]: + ??? root:rubyman
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310794 of user rubyman.
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5161]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310794.
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Invalid user admin from 139.19.117.131
Sep 28 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session closed for user root
Sep 28 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5097]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Connection closed by 139.19.117.131 port 44208 [preauth]
Sep 28 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session closed for user root
Sep 28 21:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Invalid user email from 103.182.234.219
Sep 28 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: input_userauth_request: invalid user email [preauth]
Sep 28 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Failed password for invalid user email from 103.182.234.219 port 44298 ssh2
Sep 28 21:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Received disconnect from 103.182.234.219 port 44298:11: Bye Bye [preauth]
Sep 28 21:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Disconnected from 103.182.234.219 port 44298 [preauth]
Sep 28 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Invalid user proxyuser from 103.80.27.9
Sep 28 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: input_userauth_request: invalid user proxyuser [preauth]
Sep 28 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Failed password for invalid user proxyuser from 103.80.27.9 port 33804 ssh2
Sep 28 21:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Received disconnect from 103.80.27.9 port 33804:11: Bye Bye [preauth]
Sep 28 21:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Disconnected from 103.80.27.9 port 33804 [preauth]
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5629]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5629]: pam_unix(cron:session): session closed for user root
Sep 28 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5698]: Successful su for rubyman by root
Sep 28 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5698]: + ??? root:rubyman
Sep 28 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310797 of user rubyman.
Sep 28 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5698]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310797.
Sep 28 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user root
Sep 28 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user root
Sep 28 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4648]: pam_unix(cron:session): session closed for user root
Sep 28 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6106]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6104]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: Successful su for rubyman by root
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: + ??? root:rubyman
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310803 of user rubyman.
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310803.
Sep 28 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Failed password for root from 103.182.234.219 port 55951 ssh2
Sep 28 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Received disconnect from 103.182.234.219 port 55951:11: Bye Bye [preauth]
Sep 28 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Disconnected from 103.182.234.219 port 55951 [preauth]
Sep 28 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Failed password for root from 103.80.27.9 port 44412 ssh2
Sep 28 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Received disconnect from 103.80.27.9 port 44412:11: Bye Bye [preauth]
Sep 28 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Disconnected from 103.80.27.9 port 44412 [preauth]
Sep 28 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user root
Sep 28 21:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6105]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5099]: pam_unix(cron:session): session closed for user root
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6560]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: Successful su for rubyman by root
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: + ??? root:rubyman
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310807 of user rubyman.
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310807.
Sep 28 21:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3745]: pam_unix(cron:session): session closed for user root
Sep 28 21:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6561]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: User vncuser from 103.80.27.9 not allowed because not listed in AllowUsers
Sep 28 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: input_userauth_request: invalid user vncuser [preauth]
Sep 28 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=vncuser
Sep 28 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Invalid user miguel from 103.182.234.219
Sep 28 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: input_userauth_request: invalid user miguel [preauth]
Sep 28 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user vncuser from 103.80.27.9 port 53270 ssh2
Sep 28 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Received disconnect from 103.80.27.9 port 53270:11: Bye Bye [preauth]
Sep 28 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Disconnected from 103.80.27.9 port 53270 [preauth]
Sep 28 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Failed password for invalid user miguel from 103.182.234.219 port 39361 ssh2
Sep 28 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Received disconnect from 103.182.234.219 port 39361:11: Bye Bye [preauth]
Sep 28 21:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Disconnected from 103.182.234.219 port 39361 [preauth]
Sep 28 21:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session closed for user root
Sep 28 21:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Invalid user images from 46.101.170.54
Sep 28 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: input_userauth_request: invalid user images [preauth]
Sep 28 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Failed password for invalid user images from 46.101.170.54 port 57008 ssh2
Sep 28 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Connection closed by 46.101.170.54 port 57008 [preauth]
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: Successful su for rubyman by root
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: + ??? root:rubyman
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310811 of user rubyman.
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310811.
Sep 28 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user root
Sep 28 21:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Invalid user admin from 103.80.27.9
Sep 28 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Failed password for invalid user admin from 103.80.27.9 port 56626 ssh2
Sep 28 21:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Received disconnect from 103.80.27.9 port 56626:11: Bye Bye [preauth]
Sep 28 21:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Disconnected from 103.80.27.9 port 56626 [preauth]
Sep 28 21:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Failed password for root from 103.182.234.219 port 51006 ssh2
Sep 28 21:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Received disconnect from 103.182.234.219 port 51006:11: Bye Bye [preauth]
Sep 28 21:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Disconnected from 103.182.234.219 port 51006 [preauth]
Sep 28 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6107]: pam_unix(cron:session): session closed for user root
Sep 28 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7629]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7630]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7627]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7696]: Successful su for rubyman by root
Sep 28 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7696]: + ??? root:rubyman
Sep 28 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310815 of user rubyman.
Sep 28 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7696]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310815.
Sep 28 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session closed for user root
Sep 28 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Invalid user admin from 103.80.27.9
Sep 28 21:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: input_userauth_request: invalid user admin [preauth]
Sep 28 21:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Failed password for invalid user admin from 103.80.27.9 port 41372 ssh2
Sep 28 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Received disconnect from 103.80.27.9 port 41372:11: Bye Bye [preauth]
Sep 28 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Disconnected from 103.80.27.9 port 41372 [preauth]
Sep 28 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6563]: pam_unix(cron:session): session closed for user root
Sep 28 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Invalid user depot from 103.182.234.219
Sep 28 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: input_userauth_request: invalid user depot [preauth]
Sep 28 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Failed password for invalid user depot from 103.182.234.219 port 34421 ssh2
Sep 28 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Received disconnect from 103.182.234.219 port 34421:11: Bye Bye [preauth]
Sep 28 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8007]: Disconnected from 103.182.234.219 port 34421 [preauth]
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session closed for user root
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8117]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: Successful su for rubyman by root
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: + ??? root:rubyman
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310820 of user rubyman.
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310820.
Sep 28 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5098]: pam_unix(cron:session): session closed for user root
Sep 28 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8119]: pam_unix(cron:session): session closed for user root
Sep 28 21:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8118]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Failed password for root from 103.80.27.9 port 42892 ssh2
Sep 28 21:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Received disconnect from 103.80.27.9 port 42892:11: Bye Bye [preauth]
Sep 28 21:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Disconnected from 103.80.27.9 port 42892 [preauth]
Sep 28 21:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session closed for user root
Sep 28 21:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Invalid user newuser from 103.182.234.219
Sep 28 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: input_userauth_request: invalid user newuser [preauth]
Sep 28 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Failed password for invalid user newuser from 103.182.234.219 port 46066 ssh2
Sep 28 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Received disconnect from 103.182.234.219 port 46066:11: Bye Bye [preauth]
Sep 28 21:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8566]: Disconnected from 103.182.234.219 port 46066 [preauth]
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8633]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8712]: Successful su for rubyman by root
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8712]: + ??? root:rubyman
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310827 of user rubyman.
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8712]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310827.
Sep 28 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session closed for user root
Sep 28 21:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8634]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Failed password for root from 103.80.27.9 port 58250 ssh2
Sep 28 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Received disconnect from 103.80.27.9 port 58250:11: Bye Bye [preauth]
Sep 28 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Disconnected from 103.80.27.9 port 58250 [preauth]
Sep 28 21:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7630]: pam_unix(cron:session): session closed for user root
Sep 28 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Failed password for root from 103.182.234.219 port 57712 ssh2
Sep 28 21:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Received disconnect from 103.182.234.219 port 57712:11: Bye Bye [preauth]
Sep 28 21:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Disconnected from 103.182.234.219 port 57712 [preauth]
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: Successful su for rubyman by root
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: + ??? root:rubyman
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310830 of user rubyman.
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310830.
Sep 28 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6106]: pam_unix(cron:session): session closed for user root
Sep 28 21:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Invalid user public from 103.80.27.9
Sep 28 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: input_userauth_request: invalid user public [preauth]
Sep 28 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Failed password for invalid user public from 103.80.27.9 port 44554 ssh2
Sep 28 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Received disconnect from 103.80.27.9 port 44554:11: Bye Bye [preauth]
Sep 28 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9653]: Disconnected from 103.80.27.9 port 44554 [preauth]
Sep 28 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user root
Sep 28 21:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Failed password for root from 103.182.234.219 port 41124 ssh2
Sep 28 21:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Received disconnect from 103.182.234.219 port 41124:11: Bye Bye [preauth]
Sep 28 21:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Disconnected from 103.182.234.219 port 41124 [preauth]
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9856]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9858]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: Successful su for rubyman by root
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: + ??? root:rubyman
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310833 of user rubyman.
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310833.
Sep 28 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6562]: pam_unix(cron:session): session closed for user root
Sep 28 21:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session closed for user root
Sep 28 21:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Invalid user miguel from 103.80.27.9
Sep 28 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: input_userauth_request: invalid user miguel [preauth]
Sep 28 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Failed password for invalid user miguel from 103.80.27.9 port 50298 ssh2
Sep 28 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Received disconnect from 103.80.27.9 port 50298:11: Bye Bye [preauth]
Sep 28 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Disconnected from 103.80.27.9 port 50298 [preauth]
Sep 28 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: Successful su for rubyman by root
Sep 28 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: + ??? root:rubyman
Sep 28 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310839 of user rubyman.
Sep 28 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310839.
Sep 28 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Invalid user webadmin from 103.182.234.219
Sep 28 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session closed for user root
Sep 28 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Failed password for invalid user webadmin from 103.182.234.219 port 52778 ssh2
Sep 28 21:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Received disconnect from 103.182.234.219 port 52778:11: Bye Bye [preauth]
Sep 28 21:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Disconnected from 103.182.234.219 port 52778 [preauth]
Sep 28 21:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session closed for user root
Sep 28 21:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9  user=root
Sep 28 21:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Failed password for root from 103.80.27.9 port 49684 ssh2
Sep 28 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Received disconnect from 103.80.27.9 port 49684:11: Bye Bye [preauth]
Sep 28 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Disconnected from 103.80.27.9 port 49684 [preauth]
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session closed for user root
Sep 28 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10767]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10838]: Successful su for rubyman by root
Sep 28 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10838]: + ??? root:rubyman
Sep 28 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310843 of user rubyman.
Sep 28 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10838]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310843.
Sep 28 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10769]: pam_unix(cron:session): session closed for user root
Sep 28 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7629]: pam_unix(cron:session): session closed for user root
Sep 28 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10768]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: Invalid user zabbix from 103.182.234.219
Sep 28 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: Failed password for invalid user zabbix from 103.182.234.219 port 36191 ssh2
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: Received disconnect from 103.182.234.219 port 36191:11: Bye Bye [preauth]
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: Disconnected from 103.182.234.219 port 36191 [preauth]
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: Invalid user odoo from 93.152.230.176
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: input_userauth_request: invalid user odoo [preauth]
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 21:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: Failed password for invalid user odoo from 93.152.230.176 port 49668 ssh2
Sep 28 21:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: Received disconnect from 93.152.230.176 port 49668:11: Client disconnecting normally [preauth]
Sep 28 21:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: Disconnected from 93.152.230.176 port 49668 [preauth]
Sep 28 21:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9858]: pam_unix(cron:session): session closed for user root
Sep 28 21:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: Invalid user develop from 103.80.27.9
Sep 28 21:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: input_userauth_request: invalid user develop [preauth]
Sep 28 21:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: Failed password for invalid user develop from 103.80.27.9 port 46692 ssh2
Sep 28 21:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: Received disconnect from 103.80.27.9 port 46692:11: Bye Bye [preauth]
Sep 28 21:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11203]: Disconnected from 103.80.27.9 port 46692 [preauth]
Sep 28 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: Successful su for rubyman by root
Sep 28 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: + ??? root:rubyman
Sep 28 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310848 of user rubyman.
Sep 28 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310848.
Sep 28 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user root
Sep 28 21:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219  user=root
Sep 28 21:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: Failed password for root from 103.182.234.219 port 47841 ssh2
Sep 28 21:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: Received disconnect from 103.182.234.219 port 47841:11: Bye Bye [preauth]
Sep 28 21:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11557]: Disconnected from 103.182.234.219 port 47841 [preauth]
Sep 28 21:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user root
Sep 28 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Invalid user amalia from 103.80.27.9
Sep 28 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: input_userauth_request: invalid user amalia [preauth]
Sep 28 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.80.27.9
Sep 28 21:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Failed password for invalid user amalia from 103.80.27.9 port 52836 ssh2
Sep 28 21:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Received disconnect from 103.80.27.9 port 52836:11: Bye Bye [preauth]
Sep 28 21:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Disconnected from 103.80.27.9 port 52836 [preauth]
Sep 28 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11755]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11836]: Successful su for rubyman by root
Sep 28 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11836]: + ??? root:rubyman
Sep 28 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310853 of user rubyman.
Sep 28 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11836]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310853.
Sep 28 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8635]: pam_unix(cron:session): session closed for user root
Sep 28 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11756]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Invalid user jona from 103.182.234.219
Sep 28 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: input_userauth_request: invalid user jona [preauth]
Sep 28 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session closed for user root
Sep 28 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for invalid user jona from 103.182.234.219 port 59485 ssh2
Sep 28 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Received disconnect from 103.182.234.219 port 59485:11: Bye Bye [preauth]
Sep 28 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Disconnected from 103.182.234.219 port 59485 [preauth]
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12189]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12266]: Successful su for rubyman by root
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12266]: + ??? root:rubyman
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310855 of user rubyman.
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12266]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310855.
Sep 28 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Sep 28 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session closed for user root
Sep 28 21:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Invalid user debug from 103.182.234.219
Sep 28 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: input_userauth_request: invalid user debug [preauth]
Sep 28 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 21:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.182.234.219
Sep 28 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Failed password for invalid user debug from 103.182.234.219 port 42901 ssh2
Sep 28 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Received disconnect from 103.182.234.219 port 42901:11: Bye Bye [preauth]
Sep 28 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12569]: Disconnected from 103.182.234.219 port 42901 [preauth]
Sep 28 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user p13x
Sep 28 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12707]: Successful su for rubyman by root
Sep 28 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12707]: + ??? root:rubyman
Sep 28 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310860 of user rubyman.
Sep 28 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12707]: pam_unix(su:session): session closed for user rubyman
Sep 28 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310860.
Sep 28 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9856]: pam_unix(cron:session): session closed for user root
Sep 28 21:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user samftp
Sep 28 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session closed for user root
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session closed for user root
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13093]: pam_unix(cron:session): session closed for user root
Sep 28 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: Successful su for rubyman by root
Sep 28 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: + ??? root:rubyman
Sep 28 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310868 of user rubyman.
Sep 28 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310868.
Sep 28 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session closed for user root
Sep 28 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
Sep 28 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Invalid user user from 62.60.131.157
Sep 28 22:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: input_userauth_request: invalid user user [preauth]
Sep 28 22:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 22:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user user from 62.60.131.157 port 17193 ssh2
Sep 28 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user user from 62.60.131.157 port 17193 ssh2
Sep 28 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user user from 62.60.131.157 port 17193 ssh2
Sep 28 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user user from 62.60.131.157 port 17193 ssh2
Sep 28 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Invalid user  from 134.122.46.149
Sep 28 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: input_userauth_request: invalid user  [preauth]
Sep 28 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for invalid user user from 62.60.131.157 port 17193 ssh2
Sep 28 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Received disconnect from 62.60.131.157 port 17193:11: Bye [preauth]
Sep 28 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Disconnected from 62.60.131.157 port 17193 [preauth]
Sep 28 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Connection closed by 134.122.46.149 port 41106 [preauth]
Sep 28 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session closed for user root
Sep 28 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13697]: Successful su for rubyman by root
Sep 28 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13697]: + ??? root:rubyman
Sep 28 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310871 of user rubyman.
Sep 28 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13697]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310871.
Sep 28 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session closed for user root
Sep 28 22:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Invalid user worker from 134.122.46.149
Sep 28 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: input_userauth_request: invalid user worker [preauth]
Sep 28 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Failed password for invalid user worker from 134.122.46.149 port 43790 ssh2
Sep 28 22:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13949]: Connection closed by 134.122.46.149 port 43790 [preauth]
Sep 28 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session closed for user root
Sep 28 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Invalid user redis from 134.122.46.149
Sep 28 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user redis from 134.122.46.149 port 60944 ssh2
Sep 28 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Connection closed by 134.122.46.149 port 60944 [preauth]
Sep 28 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: Invalid user airflow from 134.122.46.149
Sep 28 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: input_userauth_request: invalid user airflow [preauth]
Sep 28 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: Failed password for invalid user airflow from 134.122.46.149 port 48888 ssh2
Sep 28 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14126]: Connection closed by 134.122.46.149 port 48888 [preauth]
Sep 28 22:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: Invalid user ftpuser from 31.57.47.194
Sep 28 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: Failed password for invalid user ftpuser from 31.57.47.194 port 33054 ssh2
Sep 28 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: Received disconnect from 31.57.47.194 port 33054:11: Bye Bye [preauth]
Sep 28 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14137]: Disconnected from 31.57.47.194 port 33054 [preauth]
Sep 28 22:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Invalid user gitlab-runner from 134.122.46.149
Sep 28 22:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 28 22:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Failed password for invalid user gitlab-runner from 134.122.46.149 port 33810 ssh2
Sep 28 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Connection closed by 134.122.46.149 port 33810 [preauth]
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14166]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14236]: Successful su for rubyman by root
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14236]: + ??? root:rubyman
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310874 of user rubyman.
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14236]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310874.
Sep 28 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session closed for user root
Sep 28 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14167]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Invalid user test from 134.122.46.149
Sep 28 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: input_userauth_request: invalid user test [preauth]
Sep 28 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Failed password for invalid user test from 134.122.46.149 port 36394 ssh2
Sep 28 22:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Connection closed by 134.122.46.149 port 36394 [preauth]
Sep 28 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Invalid user latitude from 134.122.46.149
Sep 28 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: input_userauth_request: invalid user latitude [preauth]
Sep 28 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Failed password for invalid user latitude from 134.122.46.149 port 40384 ssh2
Sep 28 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14458]: Connection closed by 134.122.46.149 port 40384 [preauth]
Sep 28 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Invalid user bigdata from 134.122.46.149
Sep 28 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: input_userauth_request: invalid user bigdata [preauth]
Sep 28 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Failed password for invalid user bigdata from 134.122.46.149 port 41174 ssh2
Sep 28 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Connection closed by 134.122.46.149 port 41174 [preauth]
Sep 28 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13092]: pam_unix(cron:session): session closed for user root
Sep 28 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Invalid user aron from 181.188.172.6
Sep 28 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: input_userauth_request: invalid user aron [preauth]
Sep 28 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Failed password for invalid user aron from 181.188.172.6 port 51652 ssh2
Sep 28 22:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Received disconnect from 181.188.172.6 port 51652:11: Bye Bye [preauth]
Sep 28 22:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Disconnected from 181.188.172.6 port 51652 [preauth]
Sep 28 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Invalid user red5 from 134.122.46.149
Sep 28 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: input_userauth_request: invalid user red5 [preauth]
Sep 28 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Failed password for invalid user red5 from 134.122.46.149 port 56480 ssh2
Sep 28 22:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Connection closed by 134.122.46.149 port 56480 [preauth]
Sep 28 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=git@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 28 22:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 22:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=git rhost=::ffff:79.124.49.146
Sep 28 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Invalid user vagrant from 134.122.46.149
Sep 28 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user vagrant from 134.122.46.149 port 60822 ssh2
Sep 28 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Connection closed by 134.122.46.149 port 60822 [preauth]
Sep 28 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14666]: Successful su for rubyman by root
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14666]: + ??? root:rubyman
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310879 of user rubyman.
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14666]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310879.
Sep 28 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Invalid user orange from 122.54.18.220
Sep 28 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: input_userauth_request: invalid user orange [preauth]
Sep 28 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session closed for user root
Sep 28 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Failed password for invalid user orange from 122.54.18.220 port 5606 ssh2
Sep 28 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Received disconnect from 122.54.18.220 port 5606:11: Bye Bye [preauth]
Sep 28 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Disconnected from 122.54.18.220 port 5606 [preauth]
Sep 28 22:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Failed password for root from 134.122.46.149 port 56118 ssh2
Sep 28 22:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Connection closed by 134.122.46.149 port 56118 [preauth]
Sep 28 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Invalid user master from 134.122.46.149
Sep 28 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: input_userauth_request: invalid user master [preauth]
Sep 28 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Failed password for invalid user master from 134.122.46.149 port 55624 ssh2
Sep 28 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Connection closed by 134.122.46.149 port 55624 [preauth]
Sep 28 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Invalid user logstash from 134.122.46.149
Sep 28 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: input_userauth_request: invalid user logstash [preauth]
Sep 28 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Failed password for invalid user logstash from 134.122.46.149 port 57706 ssh2
Sep 28 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Connection closed by 134.122.46.149 port 57706 [preauth]
Sep 28 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session closed for user root
Sep 28 22:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Failed password for root from 134.122.46.149 port 38734 ssh2
Sep 28 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Connection closed by 134.122.46.149 port 38734 [preauth]
Sep 28 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Invalid user palworld from 134.122.46.149
Sep 28 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: input_userauth_request: invalid user palworld [preauth]
Sep 28 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Failed password for invalid user palworld from 134.122.46.149 port 46234 ssh2
Sep 28 22:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Connection closed by 134.122.46.149 port 46234 [preauth]
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15036]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15035]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15033]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: Successful su for rubyman by root
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: + ??? root:rubyman
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310883 of user rubyman.
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310883.
Sep 28 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session closed for user root
Sep 28 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: Invalid user deepspeed from 134.122.46.149
Sep 28 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: input_userauth_request: invalid user deepspeed [preauth]
Sep 28 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: Failed password for invalid user deepspeed from 134.122.46.149 port 51570 ssh2
Sep 28 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15266]: Connection closed by 134.122.46.149 port 51570 [preauth]
Sep 28 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Invalid user elasticsearch from 134.122.46.149
Sep 28 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Failed password for invalid user elasticsearch from 134.122.46.149 port 54760 ssh2
Sep 28 22:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Connection closed by 134.122.46.149 port 54760 [preauth]
Sep 28 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Invalid user user from 134.122.46.149
Sep 28 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: input_userauth_request: invalid user user [preauth]
Sep 28 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Failed password for invalid user user from 134.122.46.149 port 60980 ssh2
Sep 28 22:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Connection closed by 134.122.46.149 port 60980 [preauth]
Sep 28 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session closed for user root
Sep 28 22:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Invalid user vagrant from 134.122.46.149
Sep 28 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for invalid user vagrant from 134.122.46.149 port 32970 ssh2
Sep 28 22:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Connection closed by 134.122.46.149 port 32970 [preauth]
Sep 28 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Invalid user dolphin from 134.122.46.149
Sep 28 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Failed password for invalid user dolphin from 134.122.46.149 port 40642 ssh2
Sep 28 22:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Connection closed by 134.122.46.149 port 40642 [preauth]
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session closed for user root
Sep 28 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15461]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: Successful su for rubyman by root
Sep 28 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: + ??? root:rubyman
Sep 28 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310890 of user rubyman.
Sep 28 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310890.
Sep 28 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session closed for user root
Sep 28 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user root
Sep 28 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: Failed password for root from 134.122.46.149 port 45812 ssh2
Sep 28 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: Connection closed by 134.122.46.149 port 45812 [preauth]
Sep 28 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Invalid user sftp from 134.122.46.149
Sep 28 22:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: input_userauth_request: invalid user sftp [preauth]
Sep 28 22:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Failed password for invalid user sftp from 134.122.46.149 port 46880 ssh2
Sep 28 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Connection closed by 134.122.46.149 port 46880 [preauth]
Sep 28 22:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for root from 122.54.18.220 port 46193 ssh2
Sep 28 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Received disconnect from 122.54.18.220 port 46193:11: Bye Bye [preauth]
Sep 28 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Disconnected from 122.54.18.220 port 46193 [preauth]
Sep 28 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Invalid user deploy from 134.122.46.149
Sep 28 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: input_userauth_request: invalid user deploy [preauth]
Sep 28 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Failed password for invalid user deploy from 134.122.46.149 port 58382 ssh2
Sep 28 22:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Connection closed by 134.122.46.149 port 58382 [preauth]
Sep 28 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session closed for user root
Sep 28 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Invalid user arkserver from 134.122.46.149
Sep 28 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Failed password for invalid user arkserver from 134.122.46.149 port 44068 ssh2
Sep 28 22:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Connection closed by 134.122.46.149 port 44068 [preauth]
Sep 28 22:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Failed password for root from 134.122.46.149 port 58690 ssh2
Sep 28 22:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Connection closed by 134.122.46.149 port 58690 [preauth]
Sep 28 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for root from 181.188.172.6 port 46788 ssh2
Sep 28 22:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Received disconnect from 181.188.172.6 port 46788:11: Bye Bye [preauth]
Sep 28 22:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Disconnected from 181.188.172.6 port 46788 [preauth]
Sep 28 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: Successful su for rubyman by root
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: + ??? root:rubyman
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310892 of user rubyman.
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310892.
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Invalid user wang from 134.122.46.149
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: input_userauth_request: invalid user wang [preauth]
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Failed password for invalid user wang from 134.122.46.149 port 54262 ssh2
Sep 28 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Connection closed by 134.122.46.149 port 54262 [preauth]
Sep 28 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session closed for user root
Sep 28 22:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: Invalid user webadmin from 134.122.46.149
Sep 28 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: Failed password for invalid user webadmin from 134.122.46.149 port 52202 ssh2
Sep 28 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: Connection closed by 134.122.46.149 port 52202 [preauth]
Sep 28 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Invalid user test from 31.57.47.194
Sep 28 22:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: input_userauth_request: invalid user test [preauth]
Sep 28 22:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Failed password for invalid user test from 31.57.47.194 port 43458 ssh2
Sep 28 22:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Received disconnect from 31.57.47.194 port 43458:11: Bye Bye [preauth]
Sep 28 22:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Disconnected from 31.57.47.194 port 43458 [preauth]
Sep 28 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Invalid user nagios from 134.122.46.149
Sep 28 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: input_userauth_request: invalid user nagios [preauth]
Sep 28 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Failed password for invalid user nagios from 134.122.46.149 port 46790 ssh2
Sep 28 22:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Connection closed by 134.122.46.149 port 46790 [preauth]
Sep 28 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15036]: pam_unix(cron:session): session closed for user root
Sep 28 22:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: User bin from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: input_userauth_request: invalid user bin [preauth]
Sep 28 22:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=bin
Sep 28 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for root from 122.54.18.220 port 9057 ssh2
Sep 28 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Received disconnect from 122.54.18.220 port 9057:11: Bye Bye [preauth]
Sep 28 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Disconnected from 122.54.18.220 port 9057 [preauth]
Sep 28 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Failed password for invalid user bin from 134.122.46.149 port 37716 ssh2
Sep 28 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Connection closed by 134.122.46.149 port 37716 [preauth]
Sep 28 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Failed password for invalid user ubuntu from 134.122.46.149 port 59624 ssh2
Sep 28 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Connection closed by 134.122.46.149 port 59624 [preauth]
Sep 28 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Invalid user vagrant from 134.122.46.149
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16449]: Successful su for rubyman by root
Sep 28 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16449]: + ??? root:rubyman
Sep 28 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310896 of user rubyman.
Sep 28 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16449]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310896.
Sep 28 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Failed password for invalid user vagrant from 134.122.46.149 port 49780 ssh2
Sep 28 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Connection closed by 134.122.46.149 port 49780 [preauth]
Sep 28 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session closed for user root
Sep 28 22:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Invalid user elasticsearch from 134.122.46.149
Sep 28 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Failed password for invalid user elasticsearch from 134.122.46.149 port 59844 ssh2
Sep 28 22:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Connection closed by 134.122.46.149 port 59844 [preauth]
Sep 28 22:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Failed password for root from 181.188.172.6 port 59304 ssh2
Sep 28 22:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Received disconnect from 181.188.172.6 port 59304:11: Bye Bye [preauth]
Sep 28 22:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Disconnected from 181.188.172.6 port 59304 [preauth]
Sep 28 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: Invalid user terraria from 134.122.46.149
Sep 28 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: input_userauth_request: invalid user terraria [preauth]
Sep 28 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: Failed password for invalid user terraria from 134.122.46.149 port 42854 ssh2
Sep 28 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: Connection closed by 134.122.46.149 port 42854 [preauth]
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session closed for user root
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Invalid user ds from 134.122.46.149
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: input_userauth_request: invalid user ds [preauth]
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: User nobody from 93.152.230.176 not allowed because not listed in AllowUsers
Sep 28 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: input_userauth_request: invalid user nobody [preauth]
Sep 28 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=nobody
Sep 28 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for invalid user ds from 134.122.46.149 port 53888 ssh2
Sep 28 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Connection closed by 134.122.46.149 port 53888 [preauth]
Sep 28 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Failed password for invalid user nobody from 93.152.230.176 port 25043 ssh2
Sep 28 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Received disconnect from 93.152.230.176 port 25043:11: Client disconnecting normally [preauth]
Sep 28 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Disconnected from 93.152.230.176 port 25043 [preauth]
Sep 28 22:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Invalid user www from 134.122.46.149
Sep 28 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: input_userauth_request: invalid user www [preauth]
Sep 28 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for invalid user www from 134.122.46.149 port 57722 ssh2
Sep 28 22:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 134.122.46.149 port 57722 [preauth]
Sep 28 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Failed password for root from 122.54.18.220 port 10979 ssh2
Sep 28 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Received disconnect from 122.54.18.220 port 10979:11: Bye Bye [preauth]
Sep 28 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Disconnected from 122.54.18.220 port 10979 [preauth]
Sep 28 22:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Failed password for root from 134.122.46.149 port 37310 ssh2
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Connection closed by 134.122.46.149 port 37310 [preauth]
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: Successful su for rubyman by root
Sep 28 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: + ??? root:rubyman
Sep 28 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310901 of user rubyman.
Sep 28 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16909]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310901.
Sep 28 22:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14168]: pam_unix(cron:session): session closed for user root
Sep 28 22:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Invalid user redis from 134.122.46.149
Sep 28 22:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Failed password for invalid user redis from 134.122.46.149 port 47974 ssh2
Sep 28 22:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: Connection closed by 134.122.46.149 port 47974 [preauth]
Sep 28 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Invalid user nagios from 134.122.46.149
Sep 28 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: input_userauth_request: invalid user nagios [preauth]
Sep 28 22:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Failed password for invalid user nagios from 134.122.46.149 port 40228 ssh2
Sep 28 22:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Connection closed by 134.122.46.149 port 40228 [preauth]
Sep 28 22:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Invalid user t2 from 31.57.47.194
Sep 28 22:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: input_userauth_request: invalid user t2 [preauth]
Sep 28 22:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user t2 from 31.57.47.194 port 59266 ssh2
Sep 28 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Received disconnect from 31.57.47.194 port 59266:11: Bye Bye [preauth]
Sep 28 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Disconnected from 31.57.47.194 port 59266 [preauth]
Sep 28 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Invalid user ftpuser from 134.122.46.149
Sep 28 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session closed for user root
Sep 28 22:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Failed password for invalid user ftpuser from 134.122.46.149 port 33462 ssh2
Sep 28 22:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Connection closed by 134.122.46.149 port 33462 [preauth]
Sep 28 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Invalid user ctl from 181.188.172.6
Sep 28 22:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: input_userauth_request: invalid user ctl [preauth]
Sep 28 22:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Failed password for invalid user ctl from 181.188.172.6 port 43585 ssh2
Sep 28 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Received disconnect from 181.188.172.6 port 43585:11: Bye Bye [preauth]
Sep 28 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17237]: Disconnected from 181.188.172.6 port 43585 [preauth]
Sep 28 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: Invalid user wang from 134.122.46.149
Sep 28 22:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: input_userauth_request: invalid user wang [preauth]
Sep 28 22:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: Failed password for invalid user wang from 134.122.46.149 port 48620 ssh2
Sep 28 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: Connection closed by 134.122.46.149 port 48620 [preauth]
Sep 28 22:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Invalid user wordpress from 134.122.46.149
Sep 28 22:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 22:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Failed password for invalid user wordpress from 134.122.46.149 port 49332 ssh2
Sep 28 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Connection closed by 134.122.46.149 port 49332 [preauth]
Sep 28 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: Successful su for rubyman by root
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: + ??? root:rubyman
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310904 of user rubyman.
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310904.
Sep 28 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session closed for user root
Sep 28 22:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user root
Sep 28 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for root from 122.54.18.220 port 14045 ssh2
Sep 28 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Received disconnect from 122.54.18.220 port 14045:11: Bye Bye [preauth]
Sep 28 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Disconnected from 122.54.18.220 port 14045 [preauth]
Sep 28 22:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Failed password for root from 134.122.46.149 port 43534 ssh2
Sep 28 22:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Connection closed by 134.122.46.149 port 43534 [preauth]
Sep 28 22:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Invalid user tomcat from 134.122.46.149
Sep 28 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Failed password for invalid user tomcat from 134.122.46.149 port 47520 ssh2
Sep 28 22:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Connection closed by 134.122.46.149 port 47520 [preauth]
Sep 28 22:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Invalid user hadoop from 134.122.46.149
Sep 28 22:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 22:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Failed password for invalid user hadoop from 134.122.46.149 port 38058 ssh2
Sep 28 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Connection closed by 134.122.46.149 port 38058 [preauth]
Sep 28 22:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session closed for user root
Sep 28 22:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: Failed password for root from 134.122.46.149 port 55790 ssh2
Sep 28 22:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17888]: Connection closed by 134.122.46.149 port 55790 [preauth]
Sep 28 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: input_userauth_request: invalid user www-data [preauth]
Sep 28 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 22:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Failed password for invalid user www-data from 134.122.46.149 port 52114 ssh2
Sep 28 22:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17932]: Connection closed by 134.122.46.149 port 52114 [preauth]
Sep 28 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Failed password for root from 181.188.172.6 port 56101 ssh2
Sep 28 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Received disconnect from 181.188.172.6 port 56101:11: Bye Bye [preauth]
Sep 28 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Disconnected from 181.188.172.6 port 56101 [preauth]
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session closed for user root
Sep 28 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18032]: Successful su for rubyman by root
Sep 28 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18032]: + ??? root:rubyman
Sep 28 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310911 of user rubyman.
Sep 28 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18032]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310911.
Sep 28 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session closed for user root
Sep 28 22:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15035]: pam_unix(cron:session): session closed for user root
Sep 28 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: Invalid user test from 134.122.46.149
Sep 28 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: input_userauth_request: invalid user test [preauth]
Sep 28 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: Failed password for invalid user test from 134.122.46.149 port 38130 ssh2
Sep 28 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18471]: Connection closed by 134.122.46.149 port 38130 [preauth]
Sep 28 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17948]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Invalid user mtest from 122.54.18.220
Sep 28 22:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: input_userauth_request: invalid user mtest [preauth]
Sep 28 22:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Failed password for invalid user mtest from 122.54.18.220 port 31650 ssh2
Sep 28 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Received disconnect from 122.54.18.220 port 31650:11: Bye Bye [preauth]
Sep 28 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Disconnected from 122.54.18.220 port 31650 [preauth]
Sep 28 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: input_userauth_request: invalid user www-data [preauth]
Sep 28 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Failed password for invalid user www-data from 134.122.46.149 port 32858 ssh2
Sep 28 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18546]: Connection closed by 134.122.46.149 port 32858 [preauth]
Sep 28 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18589]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18589]: input_userauth_request: invalid user www-data [preauth]
Sep 28 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18589]: Failed password for invalid user www-data from 134.122.46.149 port 49454 ssh2
Sep 28 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18589]: Connection closed by 134.122.46.149 port 49454 [preauth]
Sep 28 22:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user root
Sep 28 22:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Failed password for root from 31.57.47.194 port 55648 ssh2
Sep 28 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Received disconnect from 31.57.47.194 port 55648:11: Bye Bye [preauth]
Sep 28 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Disconnected from 31.57.47.194 port 55648 [preauth]
Sep 28 22:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Invalid user postgres from 134.122.46.149
Sep 28 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user postgres from 134.122.46.149 port 42364 ssh2
Sep 28 22:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Connection closed by 134.122.46.149 port 42364 [preauth]
Sep 28 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Invalid user gpadmin from 134.122.46.149
Sep 28 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: input_userauth_request: invalid user gpadmin [preauth]
Sep 28 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Failed password for invalid user gpadmin from 134.122.46.149 port 47622 ssh2
Sep 28 22:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Connection closed by 134.122.46.149 port 47622 [preauth]
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: Successful su for rubyman by root
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: + ??? root:rubyman
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310915 of user rubyman.
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310915.
Sep 28 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Invalid user leo1 from 134.122.46.149
Sep 28 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: input_userauth_request: invalid user leo1 [preauth]
Sep 28 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session closed for user root
Sep 28 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for invalid user leo1 from 134.122.46.149 port 40066 ssh2
Sep 28 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Connection closed by 134.122.46.149 port 40066 [preauth]
Sep 28 22:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Invalid user ts from 181.188.172.6
Sep 28 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: input_userauth_request: invalid user ts [preauth]
Sep 28 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Failed password for invalid user ts from 181.188.172.6 port 40375 ssh2
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: Invalid user sysadmin from 134.122.46.149
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Received disconnect from 181.188.172.6 port 40375:11: Bye Bye [preauth]
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Disconnected from 181.188.172.6 port 40375 [preauth]
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: Failed password for invalid user sysadmin from 134.122.46.149 port 37966 ssh2
Sep 28 22:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19053]: Connection closed by 134.122.46.149 port 37966 [preauth]
Sep 28 22:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Invalid user postgres from 122.54.18.220
Sep 28 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Failed password for invalid user postgres from 122.54.18.220 port 2262 ssh2
Sep 28 22:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Received disconnect from 122.54.18.220 port 2262:11: Bye Bye [preauth]
Sep 28 22:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19065]: Disconnected from 122.54.18.220 port 2262 [preauth]
Sep 28 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Invalid user madsonic from 134.122.46.149
Sep 28 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: input_userauth_request: invalid user madsonic [preauth]
Sep 28 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Failed password for invalid user madsonic from 134.122.46.149 port 42488 ssh2
Sep 28 22:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Connection closed by 134.122.46.149 port 42488 [preauth]
Sep 28 22:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user root
Sep 28 22:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 28 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Failed password for root from 164.68.105.9 port 54774 ssh2
Sep 28 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Invalid user ranger from 134.122.46.149
Sep 28 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: input_userauth_request: invalid user ranger [preauth]
Sep 28 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Connection closed by 164.68.105.9 port 54774 [preauth]
Sep 28 22:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Failed password for invalid user ranger from 134.122.46.149 port 37062 ssh2
Sep 28 22:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Connection closed by 134.122.46.149 port 37062 [preauth]
Sep 28 22:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Invalid user hadoop from 134.122.46.149
Sep 28 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Failed password for invalid user hadoop from 134.122.46.149 port 50758 ssh2
Sep 28 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Connection closed by 134.122.46.149 port 50758 [preauth]
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19349]: Successful su for rubyman by root
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19349]: + ??? root:rubyman
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310920 of user rubyman.
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19349]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310920.
Sep 28 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: User mysql from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: input_userauth_request: invalid user mysql [preauth]
Sep 28 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=mysql
Sep 28 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15927]: pam_unix(cron:session): session closed for user root
Sep 28 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Failed password for invalid user mysql from 134.122.46.149 port 44972 ssh2
Sep 28 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Connection closed by 134.122.46.149 port 44972 [preauth]
Sep 28 22:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Invalid user ark from 134.122.46.149
Sep 28 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: input_userauth_request: invalid user ark [preauth]
Sep 28 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Failed password for invalid user ark from 134.122.46.149 port 37206 ssh2
Sep 28 22:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Connection closed by 134.122.46.149 port 37206 [preauth]
Sep 28 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: Invalid user pal from 134.122.46.149
Sep 28 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: input_userauth_request: invalid user pal [preauth]
Sep 28 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: Failed password for invalid user pal from 134.122.46.149 port 36732 ssh2
Sep 28 22:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: Connection closed by 134.122.46.149 port 36732 [preauth]
Sep 28 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: Failed password for root from 122.54.18.220 port 47465 ssh2
Sep 28 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: Received disconnect from 122.54.18.220 port 47465:11: Bye Bye [preauth]
Sep 28 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: Disconnected from 122.54.18.220 port 47465 [preauth]
Sep 28 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: Failed password for root from 181.188.172.6 port 52908 ssh2
Sep 28 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: Received disconnect from 181.188.172.6 port 52908:11: Bye Bye [preauth]
Sep 28 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: Disconnected from 181.188.172.6 port 52908 [preauth]
Sep 28 22:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session closed for user root
Sep 28 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: Invalid user palworld from 134.122.46.149
Sep 28 22:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: input_userauth_request: invalid user palworld [preauth]
Sep 28 22:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: Failed password for invalid user palworld from 134.122.46.149 port 37476 ssh2
Sep 28 22:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20011]: Connection closed by 134.122.46.149 port 37476 [preauth]
Sep 28 22:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Invalid user qq from 31.57.47.194
Sep 28 22:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: input_userauth_request: invalid user qq [preauth]
Sep 28 22:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Failed password for invalid user qq from 31.57.47.194 port 48716 ssh2
Sep 28 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Received disconnect from 31.57.47.194 port 48716:11: Bye Bye [preauth]
Sep 28 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20025]: Disconnected from 31.57.47.194 port 48716 [preauth]
Sep 28 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Invalid user blockchain from 134.122.46.149
Sep 28 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: input_userauth_request: invalid user blockchain [preauth]
Sep 28 22:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Failed password for invalid user blockchain from 134.122.46.149 port 35906 ssh2
Sep 28 22:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Connection closed by 134.122.46.149 port 35906 [preauth]
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20083]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20151]: Successful su for rubyman by root
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20151]: + ??? root:rubyman
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310924 of user rubyman.
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20151]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310924.
Sep 28 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Invalid user dstserver from 134.122.46.149
Sep 28 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: input_userauth_request: invalid user dstserver [preauth]
Sep 28 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Failed password for invalid user dstserver from 134.122.46.149 port 38128 ssh2
Sep 28 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Connection closed by 134.122.46.149 port 38128 [preauth]
Sep 28 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session closed for user root
Sep 28 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Invalid user postgres from 134.122.46.149
Sep 28 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Failed password for invalid user postgres from 134.122.46.149 port 57402 ssh2
Sep 28 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Connection closed by 134.122.46.149 port 57402 [preauth]
Sep 28 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: Invalid user nagios from 134.122.46.149
Sep 28 22:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: input_userauth_request: invalid user nagios [preauth]
Sep 28 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: Failed password for invalid user nagios from 134.122.46.149 port 43400 ssh2
Sep 28 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: Connection closed by 134.122.46.149 port 43400 [preauth]
Sep 28 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session closed for user root
Sep 28 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Invalid user sysadmin from 134.122.46.149
Sep 28 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Failed password for invalid user sysadmin from 134.122.46.149 port 60256 ssh2
Sep 28 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Connection closed by 134.122.46.149 port 60256 [preauth]
Sep 28 22:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Invalid user qq from 122.54.18.220
Sep 28 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: input_userauth_request: invalid user qq [preauth]
Sep 28 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Failed password for invalid user qq from 122.54.18.220 port 62806 ssh2
Sep 28 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Received disconnect from 122.54.18.220 port 62806:11: Bye Bye [preauth]
Sep 28 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Disconnected from 122.54.18.220 port 62806 [preauth]
Sep 28 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Invalid user ds from 134.122.46.149
Sep 28 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: input_userauth_request: invalid user ds [preauth]
Sep 28 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Failed password for invalid user ds from 134.122.46.149 port 42504 ssh2
Sep 28 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Connection closed by 134.122.46.149 port 42504 [preauth]
Sep 28 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Invalid user viola from 181.188.172.6
Sep 28 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: input_userauth_request: invalid user viola [preauth]
Sep 28 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Failed password for invalid user viola from 181.188.172.6 port 37190 ssh2
Sep 28 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Received disconnect from 181.188.172.6 port 37190:11: Bye Bye [preauth]
Sep 28 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Disconnected from 181.188.172.6 port 37190 [preauth]
Sep 28 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Invalid user appuser from 134.122.46.149
Sep 28 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: input_userauth_request: invalid user appuser [preauth]
Sep 28 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Failed password for root from 186.80.18.158 port 39764 ssh2
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Received disconnect from 186.80.18.158 port 39764:11: Bye Bye [preauth]
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Disconnected from 186.80.18.158 port 39764 [preauth]
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20573]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20640]: Successful su for rubyman by root
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20640]: + ??? root:rubyman
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310927 of user rubyman.
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20640]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310927.
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for invalid user appuser from 134.122.46.149 port 40644 ssh2
Sep 28 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Connection closed by 134.122.46.149 port 40644 [preauth]
Sep 28 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session closed for user root
Sep 28 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: Invalid user omsagent from 134.122.46.149
Sep 28 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: input_userauth_request: invalid user omsagent [preauth]
Sep 28 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: Failed password for invalid user omsagent from 134.122.46.149 port 45774 ssh2
Sep 28 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20867]: Connection closed by 134.122.46.149 port 45774 [preauth]
Sep 28 22:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: Failed password for root from 134.122.46.149 port 55062 ssh2
Sep 28 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20902]: Connection closed by 134.122.46.149 port 55062 [preauth]
Sep 28 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user root
Sep 28 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Failed password for root from 134.122.46.149 port 50832 ssh2
Sep 28 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Connection closed by 134.122.46.149 port 50832 [preauth]
Sep 28 22:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Failed password for root from 59.19.182.197 port 53232 ssh2
Sep 28 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Received disconnect from 59.19.182.197 port 53232:11: Bye Bye [preauth]
Sep 28 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Disconnected from 59.19.182.197 port 53232 [preauth]
Sep 28 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Invalid user dev from 134.122.46.149
Sep 28 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: input_userauth_request: invalid user dev [preauth]
Sep 28 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for invalid user dev from 134.122.46.149 port 53720 ssh2
Sep 28 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Connection closed by 134.122.46.149 port 53720 [preauth]
Sep 28 22:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Invalid user mtest from 31.57.47.194
Sep 28 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: input_userauth_request: invalid user mtest [preauth]
Sep 28 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Failed password for invalid user mtest from 31.57.47.194 port 55726 ssh2
Sep 28 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Received disconnect from 31.57.47.194 port 55726:11: Bye Bye [preauth]
Sep 28 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Disconnected from 31.57.47.194 port 55726 [preauth]
Sep 28 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21020]: Failed password for root from 122.54.18.220 port 43515 ssh2
Sep 28 22:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21020]: Received disconnect from 122.54.18.220 port 43515:11: Bye Bye [preauth]
Sep 28 22:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21020]: Disconnected from 122.54.18.220 port 43515 [preauth]
Sep 28 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Failed password for root from 134.122.46.149 port 60696 ssh2
Sep 28 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Connection closed by 134.122.46.149 port 60696 [preauth]
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session closed for user root
Sep 28 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21119]: Successful su for rubyman by root
Sep 28 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21119]: + ??? root:rubyman
Sep 28 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310934 of user rubyman.
Sep 28 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21119]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310934.
Sep 28 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user root
Sep 28 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session closed for user root
Sep 28 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Failed password for invalid user ubuntu from 134.122.46.149 port 58906 ssh2
Sep 28 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Connection closed by 134.122.46.149 port 58906 [preauth]
Sep 28 22:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Failed password for root from 181.188.172.6 port 49706 ssh2
Sep 28 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Received disconnect from 181.188.172.6 port 49706:11: Bye Bye [preauth]
Sep 28 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Disconnected from 181.188.172.6 port 49706 [preauth]
Sep 28 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Invalid user testuser from 134.122.46.149
Sep 28 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: input_userauth_request: invalid user testuser [preauth]
Sep 28 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Failed password for invalid user testuser from 134.122.46.149 port 45570 ssh2
Sep 28 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Connection closed by 134.122.46.149 port 45570 [preauth]
Sep 28 22:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: User uucp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: input_userauth_request: invalid user uucp [preauth]
Sep 28 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=uucp
Sep 28 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20086]: pam_unix(cron:session): session closed for user root
Sep 28 22:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Failed password for invalid user uucp from 134.122.46.149 port 46972 ssh2
Sep 28 22:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Connection closed by 134.122.46.149 port 46972 [preauth]
Sep 28 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 39736 ssh2
Sep 28 22:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Connection closed by 134.122.46.149 port 39736 [preauth]
Sep 28 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: Invalid user oracle from 134.122.46.149
Sep 28 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: input_userauth_request: invalid user oracle [preauth]
Sep 28 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: Failed password for invalid user oracle from 134.122.46.149 port 60378 ssh2
Sep 28 22:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21499]: Connection closed by 134.122.46.149 port 60378 [preauth]
Sep 28 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21588]: Successful su for rubyman by root
Sep 28 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21588]: + ??? root:rubyman
Sep 28 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310937 of user rubyman.
Sep 28 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21588]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310937.
Sep 28 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Invalid user test from 122.54.18.220
Sep 28 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: input_userauth_request: invalid user test [preauth]
Sep 28 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session closed for user root
Sep 28 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Failed password for invalid user test from 122.54.18.220 port 35588 ssh2
Sep 28 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Received disconnect from 122.54.18.220 port 35588:11: Bye Bye [preauth]
Sep 28 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Disconnected from 122.54.18.220 port 35588 [preauth]
Sep 28 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Invalid user sftp from 134.122.46.149
Sep 28 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: input_userauth_request: invalid user sftp [preauth]
Sep 28 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Failed password for invalid user sftp from 134.122.46.149 port 54226 ssh2
Sep 28 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Connection closed by 134.122.46.149 port 54226 [preauth]
Sep 28 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: Failed password for root from 134.122.46.149 port 41874 ssh2
Sep 28 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21828]: Connection closed by 134.122.46.149 port 41874 [preauth]
Sep 28 22:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: Invalid user ozankoyuk from 134.122.46.149
Sep 28 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: input_userauth_request: invalid user ozankoyuk [preauth]
Sep 28 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: Failed password for invalid user ozankoyuk from 134.122.46.149 port 47690 ssh2
Sep 28 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21875]: Connection closed by 134.122.46.149 port 47690 [preauth]
Sep 28 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session closed for user root
Sep 28 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Invalid user saeid from 181.188.172.6
Sep 28 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: input_userauth_request: invalid user saeid [preauth]
Sep 28 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Failed password for invalid user saeid from 181.188.172.6 port 33989 ssh2
Sep 28 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Received disconnect from 181.188.172.6 port 33989:11: Bye Bye [preauth]
Sep 28 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Disconnected from 181.188.172.6 port 33989 [preauth]
Sep 28 22:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: Invalid user palworld from 134.122.46.149
Sep 28 22:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: input_userauth_request: invalid user palworld [preauth]
Sep 28 22:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: Failed password for invalid user palworld from 134.122.46.149 port 46264 ssh2
Sep 28 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21926]: Connection closed by 134.122.46.149 port 46264 [preauth]
Sep 28 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Invalid user igor from 31.57.47.194
Sep 28 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: input_userauth_request: invalid user igor [preauth]
Sep 28 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Failed password for invalid user igor from 31.57.47.194 port 53766 ssh2
Sep 28 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Received disconnect from 31.57.47.194 port 53766:11: Bye Bye [preauth]
Sep 28 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Disconnected from 31.57.47.194 port 53766 [preauth]
Sep 28 22:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Invalid user Administrator from 134.122.46.149
Sep 28 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Failed password for invalid user Administrator from 134.122.46.149 port 38040 ssh2
Sep 28 22:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Connection closed by 134.122.46.149 port 38040 [preauth]
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21974]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21974]: pam_unix(cron:session): session closed for user root
Sep 28 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22052]: Successful su for rubyman by root
Sep 28 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22052]: + ??? root:rubyman
Sep 28 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310942 of user rubyman.
Sep 28 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22052]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310942.
Sep 28 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session closed for user root
Sep 28 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Failed password for root from 134.122.46.149 port 60098 ssh2
Sep 28 22:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Connection closed by 134.122.46.149 port 60098 [preauth]
Sep 28 22:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Invalid user ubuntu from 159.223.193.42
Sep 28 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Failed password for invalid user ubuntu from 159.223.193.42 port 34580 ssh2
Sep 28 22:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Received disconnect from 159.223.193.42 port 34580:11: Bye Bye [preauth]
Sep 28 22:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Disconnected from 159.223.193.42 port 34580 [preauth]
Sep 28 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Invalid user test from 122.54.18.220
Sep 28 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: input_userauth_request: invalid user test [preauth]
Sep 28 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Invalid user odoo from 134.122.46.149
Sep 28 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: input_userauth_request: invalid user odoo [preauth]
Sep 28 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Failed password for invalid user test from 122.54.18.220 port 63110 ssh2
Sep 28 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Failed password for invalid user odoo from 134.122.46.149 port 52530 ssh2
Sep 28 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Received disconnect from 122.54.18.220 port 63110:11: Bye Bye [preauth]
Sep 28 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Disconnected from 122.54.18.220 port 63110 [preauth]
Sep 28 22:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22302]: Connection closed by 134.122.46.149 port 52530 [preauth]
Sep 28 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Invalid user vbox from 134.122.46.149
Sep 28 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: input_userauth_request: invalid user vbox [preauth]
Sep 28 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Failed password for invalid user vbox from 134.122.46.149 port 42876 ssh2
Sep 28 22:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Connection closed by 134.122.46.149 port 42876 [preauth]
Sep 28 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session closed for user root
Sep 28 22:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: Invalid user vps from 134.122.46.149
Sep 28 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: input_userauth_request: invalid user vps [preauth]
Sep 28 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: Failed password for invalid user vps from 134.122.46.149 port 40498 ssh2
Sep 28 22:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: Connection closed by 134.122.46.149 port 40498 [preauth]
Sep 28 22:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Invalid user wpyan from 185.255.91.50
Sep 28 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: input_userauth_request: invalid user wpyan [preauth]
Sep 28 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Failed password for invalid user wpyan from 185.255.91.50 port 49644 ssh2
Sep 28 22:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Received disconnect from 185.255.91.50 port 49644:11: Bye Bye [preauth]
Sep 28 22:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22405]: Disconnected from 185.255.91.50 port 49644 [preauth]
Sep 28 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: Invalid user admin from 134.122.46.149
Sep 28 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: Failed password for invalid user admin from 134.122.46.149 port 41958 ssh2
Sep 28 22:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: Connection closed by 134.122.46.149 port 41958 [preauth]
Sep 28 22:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Failed password for root from 181.188.172.6 port 46498 ssh2
Sep 28 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Received disconnect from 181.188.172.6 port 46498:11: Bye Bye [preauth]
Sep 28 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Disconnected from 181.188.172.6 port 46498 [preauth]
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22451]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22514]: Successful su for rubyman by root
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22514]: + ??? root:rubyman
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310948 of user rubyman.
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22514]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310948.
Sep 28 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Invalid user dolphin from 134.122.46.149
Sep 28 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session closed for user root
Sep 28 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Failed password for invalid user dolphin from 134.122.46.149 port 59486 ssh2
Sep 28 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Connection closed by 134.122.46.149 port 59486 [preauth]
Sep 28 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Invalid user intell from 186.80.18.158
Sep 28 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: input_userauth_request: invalid user intell [preauth]
Sep 28 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Failed password for invalid user intell from 186.80.18.158 port 49356 ssh2
Sep 28 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Received disconnect from 186.80.18.158 port 49356:11: Bye Bye [preauth]
Sep 28 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Disconnected from 186.80.18.158 port 49356 [preauth]
Sep 28 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: Invalid user elasticsearch from 134.122.46.149
Sep 28 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 22:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: Failed password for invalid user elasticsearch from 134.122.46.149 port 52338 ssh2
Sep 28 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: Connection closed by 134.122.46.149 port 52338 [preauth]
Sep 28 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 40034 ssh2
Sep 28 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Invalid user django from 122.54.18.220
Sep 28 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: input_userauth_request: invalid user django [preauth]
Sep 28 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Connection closed by 134.122.46.149 port 40034 [preauth]
Sep 28 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Failed password for invalid user django from 122.54.18.220 port 63205 ssh2
Sep 28 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Received disconnect from 122.54.18.220 port 63205:11: Bye Bye [preauth]
Sep 28 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Disconnected from 122.54.18.220 port 63205 [preauth]
Sep 28 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session closed for user root
Sep 28 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Invalid user sol from 134.122.46.149
Sep 28 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: input_userauth_request: invalid user sol [preauth]
Sep 28 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Failed password for invalid user sol from 134.122.46.149 port 38368 ssh2
Sep 28 22:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Connection closed by 134.122.46.149 port 38368 [preauth]
Sep 28 22:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Failed password for root from 134.122.46.149 port 44906 ssh2
Sep 28 22:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Connection closed by 134.122.46.149 port 44906 [preauth]
Sep 28 22:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: Invalid user nagios from 134.122.46.149
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: input_userauth_request: invalid user nagios [preauth]
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23147]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: Successful su for rubyman by root
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: + ??? root:rubyman
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310950 of user rubyman.
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23242]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310950.
Sep 28 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: Failed password for invalid user nagios from 134.122.46.149 port 53946 ssh2
Sep 28 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: Connection closed by 134.122.46.149 port 53946 [preauth]
Sep 28 22:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user root
Sep 28 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Invalid user template from 31.57.47.194
Sep 28 22:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: input_userauth_request: invalid user template [preauth]
Sep 28 22:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Failed password for invalid user template from 31.57.47.194 port 47202 ssh2
Sep 28 22:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Received disconnect from 31.57.47.194 port 47202:11: Bye Bye [preauth]
Sep 28 22:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Disconnected from 31.57.47.194 port 47202 [preauth]
Sep 28 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Invalid user esadmin from 134.122.46.149
Sep 28 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: input_userauth_request: invalid user esadmin [preauth]
Sep 28 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Failed password for invalid user esadmin from 134.122.46.149 port 36012 ssh2
Sep 28 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Connection closed by 134.122.46.149 port 36012 [preauth]
Sep 28 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Invalid user user1 from 181.188.172.6
Sep 28 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: input_userauth_request: invalid user user1 [preauth]
Sep 28 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Failed password for invalid user user1 from 181.188.172.6 port 59016 ssh2
Sep 28 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Received disconnect from 181.188.172.6 port 59016:11: Bye Bye [preauth]
Sep 28 22:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Disconnected from 181.188.172.6 port 59016 [preauth]
Sep 28 22:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for root from 186.80.18.158 port 44518 ssh2
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42  user=root
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Received disconnect from 186.80.18.158 port 44518:11: Bye Bye [preauth]
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Disconnected from 186.80.18.158 port 44518 [preauth]
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: Invalid user amandabackup from 134.122.46.149
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: input_userauth_request: invalid user amandabackup [preauth]
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Failed password for root from 159.223.193.42 port 34060 ssh2
Sep 28 22:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Received disconnect from 159.223.193.42 port 34060:11: Bye Bye [preauth]
Sep 28 22:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Disconnected from 159.223.193.42 port 34060 [preauth]
Sep 28 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: Failed password for invalid user amandabackup from 134.122.46.149 port 36500 ssh2
Sep 28 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: Connection closed by 134.122.46.149 port 36500 [preauth]
Sep 28 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Invalid user steamcmd from 185.255.91.50
Sep 28 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: input_userauth_request: invalid user steamcmd [preauth]
Sep 28 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for invalid user steamcmd from 185.255.91.50 port 51770 ssh2
Sep 28 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Received disconnect from 185.255.91.50 port 51770:11: Bye Bye [preauth]
Sep 28 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Disconnected from 185.255.91.50 port 51770 [preauth]
Sep 28 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21980]: pam_unix(cron:session): session closed for user root
Sep 28 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: Invalid user vhpadmin from 59.19.182.197
Sep 28 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: input_userauth_request: invalid user vhpadmin [preauth]
Sep 28 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Invalid user Administrator from 134.122.46.149
Sep 28 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: Failed password for invalid user vhpadmin from 59.19.182.197 port 50882 ssh2
Sep 28 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: Received disconnect from 59.19.182.197 port 50882:11: Bye Bye [preauth]
Sep 28 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23779]: Disconnected from 59.19.182.197 port 50882 [preauth]
Sep 28 22:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Failed password for invalid user Administrator from 134.122.46.149 port 52178 ssh2
Sep 28 22:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Connection closed by 134.122.46.149 port 52178 [preauth]
Sep 28 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Invalid user sangoma from 122.54.18.220
Sep 28 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: input_userauth_request: invalid user sangoma [preauth]
Sep 28 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Failed password for invalid user sangoma from 122.54.18.220 port 36233 ssh2
Sep 28 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Received disconnect from 122.54.18.220 port 36233:11: Bye Bye [preauth]
Sep 28 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Disconnected from 122.54.18.220 port 36233 [preauth]
Sep 28 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Invalid user anonymous from 93.152.230.176
Sep 28 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: input_userauth_request: invalid user anonymous [preauth]
Sep 28 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 22:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: Failed password for root from 134.122.46.149 port 46844 ssh2
Sep 28 22:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23832]: Connection closed by 134.122.46.149 port 46844 [preauth]
Sep 28 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Failed password for invalid user anonymous from 93.152.230.176 port 30557 ssh2
Sep 28 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Received disconnect from 93.152.230.176 port 30557:11: Client disconnecting normally [preauth]
Sep 28 22:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Disconnected from 93.152.230.176 port 30557 [preauth]
Sep 28 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: Failed password for root from 134.122.46.149 port 35990 ssh2
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23874]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23873]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23875]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23877]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23877]: pam_unix(cron:session): session closed for user root
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23871]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: Connection closed by 134.122.46.149 port 35990 [preauth]
Sep 28 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23952]: Successful su for rubyman by root
Sep 28 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23952]: + ??? root:rubyman
Sep 28 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310957 of user rubyman.
Sep 28 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23952]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310957.
Sep 28 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23873]: pam_unix(cron:session): session closed for user root
Sep 28 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session closed for user root
Sep 28 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23872]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: Invalid user satisfactory from 134.122.46.149
Sep 28 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: Failed password for invalid user satisfactory from 134.122.46.149 port 37302 ssh2
Sep 28 22:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24224]: Connection closed by 134.122.46.149 port 37302 [preauth]
Sep 28 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Invalid user es from 134.122.46.149
Sep 28 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: input_userauth_request: invalid user es [preauth]
Sep 28 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Failed password for invalid user es from 134.122.46.149 port 39756 ssh2
Sep 28 22:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Connection closed by 134.122.46.149 port 39756 [preauth]
Sep 28 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: Invalid user adam from 186.80.18.158
Sep 28 22:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: input_userauth_request: invalid user adam [preauth]
Sep 28 22:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: Failed password for invalid user adam from 186.80.18.158 port 51802 ssh2
Sep 28 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: Received disconnect from 186.80.18.158 port 51802:11: Bye Bye [preauth]
Sep 28 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24296]: Disconnected from 186.80.18.158 port 51802 [preauth]
Sep 28 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
Sep 28 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: Invalid user elk from 134.122.46.149
Sep 28 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: input_userauth_request: invalid user elk [preauth]
Sep 28 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: Failed password for invalid user elk from 134.122.46.149 port 44184 ssh2
Sep 28 22:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24318]: Connection closed by 134.122.46.149 port 44184 [preauth]
Sep 28 22:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: Invalid user test from 185.255.91.50
Sep 28 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: input_userauth_request: invalid user test [preauth]
Sep 28 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Invalid user celka from 181.188.172.6
Sep 28 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: input_userauth_request: invalid user celka [preauth]
Sep 28 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: Failed password for invalid user test from 185.255.91.50 port 43064 ssh2
Sep 28 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: Received disconnect from 185.255.91.50 port 43064:11: Bye Bye [preauth]
Sep 28 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: Disconnected from 185.255.91.50 port 43064 [preauth]
Sep 28 22:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for invalid user celka from 181.188.172.6 port 43303 ssh2
Sep 28 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Received disconnect from 181.188.172.6 port 43303:11: Bye Bye [preauth]
Sep 28 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Disconnected from 181.188.172.6 port 43303 [preauth]
Sep 28 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Invalid user satisfactory from 134.122.46.149
Sep 28 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for invalid user satisfactory from 134.122.46.149 port 38060 ssh2
Sep 28 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Connection closed by 134.122.46.149 port 38060 [preauth]
Sep 28 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Failed password for root from 134.122.46.149 port 53380 ssh2
Sep 28 22:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Connection closed by 134.122.46.149 port 53380 [preauth]
Sep 28 22:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24425]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24502]: Successful su for rubyman by root
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24502]: + ??? root:rubyman
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310961 of user rubyman.
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24502]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310961.
Sep 28 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for root from 122.54.18.220 port 27731 ssh2
Sep 28 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Received disconnect from 122.54.18.220 port 27731:11: Bye Bye [preauth]
Sep 28 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Disconnected from 122.54.18.220 port 27731 [preauth]
Sep 28 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Failed password for root from 59.19.182.197 port 47518 ssh2
Sep 28 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Received disconnect from 59.19.182.197 port 47518:11: Bye Bye [preauth]
Sep 28 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Disconnected from 59.19.182.197 port 47518 [preauth]
Sep 28 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user root
Sep 28 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24426]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Invalid user elastic from 134.122.46.149
Sep 28 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: input_userauth_request: invalid user elastic [preauth]
Sep 28 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Failed password for invalid user elastic from 134.122.46.149 port 60852 ssh2
Sep 28 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Connection closed by 134.122.46.149 port 60852 [preauth]
Sep 28 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Failed password for root from 31.57.47.194 port 54246 ssh2
Sep 28 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Received disconnect from 31.57.47.194 port 54246:11: Bye Bye [preauth]
Sep 28 22:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Disconnected from 31.57.47.194 port 54246 [preauth]
Sep 28 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 57242 ssh2
Sep 28 22:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24758]: Connection closed by 134.122.46.149 port 57242 [preauth]
Sep 28 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: Invalid user app from 134.122.46.149
Sep 28 22:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: input_userauth_request: invalid user app [preauth]
Sep 28 22:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: Failed password for invalid user app from 134.122.46.149 port 36490 ssh2
Sep 28 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: Connection closed by 134.122.46.149 port 36490 [preauth]
Sep 28 22:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23147]: pam_unix(cron:session): session closed for user root
Sep 28 22:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Invalid user ubuntu22 from 186.80.18.158
Sep 28 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: input_userauth_request: invalid user ubuntu22 [preauth]
Sep 28 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Failed password for invalid user ubuntu22 from 186.80.18.158 port 59130 ssh2
Sep 28 22:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Received disconnect from 186.80.18.158 port 59130:11: Bye Bye [preauth]
Sep 28 22:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24837]: Disconnected from 186.80.18.158 port 59130 [preauth]
Sep 28 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: Invalid user uftp from 134.122.46.149
Sep 28 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: input_userauth_request: invalid user uftp [preauth]
Sep 28 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: Failed password for invalid user uftp from 134.122.46.149 port 33040 ssh2
Sep 28 22:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24847]: Connection closed by 134.122.46.149 port 33040 [preauth]
Sep 28 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Invalid user ubuntu from 185.255.91.50
Sep 28 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Failed password for invalid user ubuntu from 185.255.91.50 port 48170 ssh2
Sep 28 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Received disconnect from 185.255.91.50 port 48170:11: Bye Bye [preauth]
Sep 28 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Disconnected from 185.255.91.50 port 48170 [preauth]
Sep 28 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Invalid user node from 134.122.46.149
Sep 28 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: input_userauth_request: invalid user node [preauth]
Sep 28 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Failed password for invalid user node from 134.122.46.149 port 46136 ssh2
Sep 28 22:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: Connection closed by 134.122.46.149 port 46136 [preauth]
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24897]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24898]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24893]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24970]: Successful su for rubyman by root
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24970]: + ??? root:rubyman
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310964 of user rubyman.
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24970]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310964.
Sep 28 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session closed for user root
Sep 28 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Invalid user t from 181.188.172.6
Sep 28 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: input_userauth_request: invalid user t [preauth]
Sep 28 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Invalid user openvpn from 134.122.46.149
Sep 28 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24896]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Failed password for invalid user t from 181.188.172.6 port 55818 ssh2
Sep 28 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Received disconnect from 181.188.172.6 port 55818:11: Bye Bye [preauth]
Sep 28 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Disconnected from 181.188.172.6 port 55818 [preauth]
Sep 28 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Failed password for invalid user openvpn from 134.122.46.149 port 60108 ssh2
Sep 28 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Connection closed by 134.122.46.149 port 60108 [preauth]
Sep 28 22:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Invalid user storage from 122.54.18.220
Sep 28 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: input_userauth_request: invalid user storage [preauth]
Sep 28 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for invalid user storage from 122.54.18.220 port 23520 ssh2
Sep 28 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Received disconnect from 122.54.18.220 port 23520:11: Bye Bye [preauth]
Sep 28 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Disconnected from 122.54.18.220 port 23520 [preauth]
Sep 28 22:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: User ftp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: input_userauth_request: invalid user ftp [preauth]
Sep 28 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=ftp
Sep 28 22:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: Failed password for invalid user ftp from 134.122.46.149 port 42530 ssh2
Sep 28 22:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: Connection closed by 134.122.46.149 port 42530 [preauth]
Sep 28 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Invalid user admin from 134.122.46.149
Sep 28 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Failed password for invalid user admin from 134.122.46.149 port 40740 ssh2
Sep 28 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Connection closed by 134.122.46.149 port 40740 [preauth]
Sep 28 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Failed password for root from 59.19.182.197 port 44154 ssh2
Sep 28 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Received disconnect from 59.19.182.197 port 44154:11: Bye Bye [preauth]
Sep 28 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Disconnected from 59.19.182.197 port 44154 [preauth]
Sep 28 22:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23875]: pam_unix(cron:session): session closed for user root
Sep 28 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Invalid user deploy from 186.80.18.158
Sep 28 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: input_userauth_request: invalid user deploy [preauth]
Sep 28 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Invalid user tomcat from 134.122.46.149
Sep 28 22:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 22:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Failed password for invalid user deploy from 186.80.18.158 port 60078 ssh2
Sep 28 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Failed password for invalid user tomcat from 134.122.46.149 port 53202 ssh2
Sep 28 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Received disconnect from 186.80.18.158 port 60078:11: Bye Bye [preauth]
Sep 28 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Disconnected from 186.80.18.158 port 60078 [preauth]
Sep 28 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Connection closed by 134.122.46.149 port 53202 [preauth]
Sep 28 22:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: Invalid user ubuntu from 185.255.91.50
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Invalid user airflow from 134.122.46.149
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: input_userauth_request: invalid user airflow [preauth]
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: Failed password for invalid user ubuntu from 185.255.91.50 port 49782 ssh2
Sep 28 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Failed password for invalid user airflow from 134.122.46.149 port 55990 ssh2
Sep 28 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: Received disconnect from 185.255.91.50 port 49782:11: Bye Bye [preauth]
Sep 28 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: Disconnected from 185.255.91.50 port 49782 [preauth]
Sep 28 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Connection closed by 134.122.46.149 port 55990 [preauth]
Sep 28 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: Successful su for rubyman by root
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: + ??? root:rubyman
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310969 of user rubyman.
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310969.
Sep 28 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session closed for user root
Sep 28 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: Failed password for root from 31.57.47.194 port 44384 ssh2
Sep 28 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Invalid user solana from 134.122.46.149
Sep 28 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: input_userauth_request: invalid user solana [preauth]
Sep 28 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: Received disconnect from 31.57.47.194 port 44384:11: Bye Bye [preauth]
Sep 28 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: Disconnected from 31.57.47.194 port 44384 [preauth]
Sep 28 22:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Failed password for invalid user solana from 134.122.46.149 port 39904 ssh2
Sep 28 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Connection closed by 134.122.46.149 port 39904 [preauth]
Sep 28 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Sep 28 22:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Failed password for root from 134.122.46.149 port 48894 ssh2
Sep 28 22:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Connection closed by 134.122.46.149 port 48894 [preauth]
Sep 28 22:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Failed password for root from 138.68.58.124 port 44288 ssh2
Sep 28 22:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Connection closed by 138.68.58.124 port 44288 [preauth]
Sep 28 22:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: Failed password for root from 122.54.18.220 port 42227 ssh2
Sep 28 22:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: Received disconnect from 122.54.18.220 port 42227:11: Bye Bye [preauth]
Sep 28 22:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26051]: Disconnected from 122.54.18.220 port 42227 [preauth]
Sep 28 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Invalid user share from 181.188.172.6
Sep 28 22:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: input_userauth_request: invalid user share [preauth]
Sep 28 22:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Failed password for invalid user share from 181.188.172.6 port 40099 ssh2
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Received disconnect from 181.188.172.6 port 40099:11: Bye Bye [preauth]
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Disconnected from 181.188.172.6 port 40099 [preauth]
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Invalid user esroot from 134.122.46.149
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: input_userauth_request: invalid user esroot [preauth]
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for invalid user esroot from 134.122.46.149 port 42890 ssh2
Sep 28 22:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Connection closed by 134.122.46.149 port 42890 [preauth]
Sep 28 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session closed for user root
Sep 28 22:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: Failed password for root from 134.122.46.149 port 38264 ssh2
Sep 28 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26124]: Connection closed by 134.122.46.149 port 38264 [preauth]
Sep 28 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Invalid user xiaoming from 186.80.18.158
Sep 28 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: input_userauth_request: invalid user xiaoming [preauth]
Sep 28 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Failed password for invalid user xiaoming from 186.80.18.158 port 42742 ssh2
Sep 28 22:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Received disconnect from 186.80.18.158 port 42742:11: Bye Bye [preauth]
Sep 28 22:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Disconnected from 186.80.18.158 port 42742 [preauth]
Sep 28 22:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Invalid user git from 134.122.46.149
Sep 28 22:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: input_userauth_request: invalid user git [preauth]
Sep 28 22:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Failed password for invalid user git from 134.122.46.149 port 33702 ssh2
Sep 28 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Connection closed by 134.122.46.149 port 33702 [preauth]
Sep 28 22:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: Invalid user bad from 185.255.91.50
Sep 28 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: input_userauth_request: invalid user bad [preauth]
Sep 28 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: Failed password for invalid user bad from 185.255.91.50 port 53904 ssh2
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: Received disconnect from 185.255.91.50 port 53904:11: Bye Bye [preauth]
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26170]: Disconnected from 185.255.91.50 port 53904 [preauth]
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Invalid user mysqld from 59.19.182.197
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: input_userauth_request: invalid user mysqld [preauth]
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Failed password for invalid user mysqld from 59.19.182.197 port 40800 ssh2
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Received disconnect from 59.19.182.197 port 40800:11: Bye Bye [preauth]
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Disconnected from 59.19.182.197 port 40800 [preauth]
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: Successful su for rubyman by root
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: + ??? root:rubyman
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310973 of user rubyman.
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310973.
Sep 28 22:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: Invalid user steam from 134.122.46.149
Sep 28 22:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: input_userauth_request: invalid user steam [preauth]
Sep 28 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
Sep 28 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: Failed password for invalid user steam from 134.122.46.149 port 45582 ssh2
Sep 28 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26375]: Connection closed by 134.122.46.149 port 45582 [preauth]
Sep 28 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Invalid user www from 134.122.46.149
Sep 28 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: input_userauth_request: invalid user www [preauth]
Sep 28 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user www from 134.122.46.149 port 46622 ssh2
Sep 28 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Connection closed by 134.122.46.149 port 46622 [preauth]
Sep 28 22:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: User ftp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: input_userauth_request: invalid user ftp [preauth]
Sep 28 22:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=ftp
Sep 28 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: Failed password for invalid user ftp from 134.122.46.149 port 59340 ssh2
Sep 28 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: Connection closed by 134.122.46.149 port 59340 [preauth]
Sep 28 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for root from 122.54.18.220 port 11535 ssh2
Sep 28 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Received disconnect from 122.54.18.220 port 11535:11: Bye Bye [preauth]
Sep 28 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Disconnected from 122.54.18.220 port 11535 [preauth]
Sep 28 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24898]: pam_unix(cron:session): session closed for user root
Sep 28 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: Invalid user opc from 134.122.46.149
Sep 28 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: input_userauth_request: invalid user opc [preauth]
Sep 28 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: Failed password for invalid user opc from 134.122.46.149 port 45534 ssh2
Sep 28 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: Connection closed by 134.122.46.149 port 45534 [preauth]
Sep 28 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Invalid user 1 from 186.80.18.158
Sep 28 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: input_userauth_request: invalid user 1 [preauth]
Sep 28 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: Invalid user andrew from 181.188.172.6
Sep 28 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: input_userauth_request: invalid user andrew [preauth]
Sep 28 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Failed password for invalid user 1 from 186.80.18.158 port 34174 ssh2
Sep 28 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Received disconnect from 186.80.18.158 port 34174:11: Bye Bye [preauth]
Sep 28 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Disconnected from 186.80.18.158 port 34174 [preauth]
Sep 28 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: Failed password for invalid user andrew from 181.188.172.6 port 52613 ssh2
Sep 28 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: Received disconnect from 181.188.172.6 port 52613:11: Bye Bye [preauth]
Sep 28 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26744]: Disconnected from 181.188.172.6 port 52613 [preauth]
Sep 28 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: Invalid user wireguard from 134.122.46.149
Sep 28 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: input_userauth_request: invalid user wireguard [preauth]
Sep 28 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: Failed password for invalid user wireguard from 134.122.46.149 port 57798 ssh2
Sep 28 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: Connection closed by 134.122.46.149 port 57798 [preauth]
Sep 28 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Invalid user tom from 185.255.91.50
Sep 28 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: input_userauth_request: invalid user tom [preauth]
Sep 28 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Failed password for invalid user tom from 185.255.91.50 port 55754 ssh2
Sep 28 22:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Received disconnect from 185.255.91.50 port 55754:11: Bye Bye [preauth]
Sep 28 22:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Disconnected from 185.255.91.50 port 55754 [preauth]
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26805]: pam_unix(cron:session): session closed for user root
Sep 28 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: Invalid user php from 134.122.46.149
Sep 28 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: input_userauth_request: invalid user php [preauth]
Sep 28 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: Successful su for rubyman by root
Sep 28 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: + ??? root:rubyman
Sep 28 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310981 of user rubyman.
Sep 28 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310981.
Sep 28 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: Failed password for invalid user php from 134.122.46.149 port 50520 ssh2
Sep 28 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26790]: Connection closed by 134.122.46.149 port 50520 [preauth]
Sep 28 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session closed for user root
Sep 28 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session closed for user root
Sep 28 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Invalid user test from 31.57.47.194
Sep 28 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: input_userauth_request: invalid user test [preauth]
Sep 28 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Failed password for invalid user test from 31.57.47.194 port 58914 ssh2
Sep 28 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Received disconnect from 31.57.47.194 port 58914:11: Bye Bye [preauth]
Sep 28 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Disconnected from 31.57.47.194 port 58914 [preauth]
Sep 28 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: Failed password for root from 134.122.46.149 port 36044 ssh2
Sep 28 22:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: Connection closed by 134.122.46.149 port 36044 [preauth]
Sep 28 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Invalid user test from 134.122.46.149
Sep 28 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: input_userauth_request: invalid user test [preauth]
Sep 28 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Failed password for invalid user test from 134.122.46.149 port 45510 ssh2
Sep 28 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Connection closed by 134.122.46.149 port 45510 [preauth]
Sep 28 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Invalid user 1 from 59.19.182.197
Sep 28 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: input_userauth_request: invalid user 1 [preauth]
Sep 28 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Failed password for invalid user 1 from 59.19.182.197 port 37448 ssh2
Sep 28 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Received disconnect from 59.19.182.197 port 37448:11: Bye Bye [preauth]
Sep 28 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Disconnected from 59.19.182.197 port 37448 [preauth]
Sep 28 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
Sep 28 22:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Invalid user subsonic from 134.122.46.149
Sep 28 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: input_userauth_request: invalid user subsonic [preauth]
Sep 28 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Failed password for invalid user subsonic from 134.122.46.149 port 45310 ssh2
Sep 28 22:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Connection closed by 134.122.46.149 port 45310 [preauth]
Sep 28 22:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Failed password for root from 122.54.18.220 port 46091 ssh2
Sep 28 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Received disconnect from 122.54.18.220 port 46091:11: Bye Bye [preauth]
Sep 28 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Disconnected from 122.54.18.220 port 46091 [preauth]
Sep 28 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Invalid user huawei from 134.122.46.149
Sep 28 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Invalid user mcadmin from 186.80.18.158
Sep 28 22:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: input_userauth_request: invalid user mcadmin [preauth]
Sep 28 22:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Failed password for invalid user huawei from 134.122.46.149 port 57610 ssh2
Sep 28 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Connection closed by 134.122.46.149 port 57610 [preauth]
Sep 28 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Failed password for invalid user mcadmin from 186.80.18.158 port 56458 ssh2
Sep 28 22:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Received disconnect from 186.80.18.158 port 56458:11: Bye Bye [preauth]
Sep 28 22:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Disconnected from 186.80.18.158 port 56458 [preauth]
Sep 28 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27404]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27493]: Successful su for rubyman by root
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27493]: + ??? root:rubyman
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310982 of user rubyman.
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27493]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310982.
Sep 28 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Failed password for invalid user ubuntu from 134.122.46.149 port 35820 ssh2
Sep 28 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Connection closed by 134.122.46.149 port 35820 [preauth]
Sep 28 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Invalid user elemental from 185.255.91.50
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: input_userauth_request: invalid user elemental [preauth]
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Invalid user dev from 181.188.172.6
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: input_userauth_request: invalid user dev [preauth]
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23874]: pam_unix(cron:session): session closed for user root
Sep 28 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Failed password for invalid user elemental from 185.255.91.50 port 47026 ssh2
Sep 28 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Received disconnect from 185.255.91.50 port 47026:11: Bye Bye [preauth]
Sep 28 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Disconnected from 185.255.91.50 port 47026 [preauth]
Sep 28 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Failed password for invalid user dev from 181.188.172.6 port 36893 ssh2
Sep 28 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Received disconnect from 181.188.172.6 port 36893:11: Bye Bye [preauth]
Sep 28 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Disconnected from 181.188.172.6 port 36893 [preauth]
Sep 28 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27405]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Invalid user admin from 134.122.46.149
Sep 28 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Failed password for invalid user admin from 134.122.46.149 port 55082 ssh2
Sep 28 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Connection closed by 134.122.46.149 port 55082 [preauth]
Sep 28 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42  user=root
Sep 28 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: Failed password for root from 159.223.193.42 port 50048 ssh2
Sep 28 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: Received disconnect from 159.223.193.42 port 50048:11: Bye Bye [preauth]
Sep 28 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27898]: Disconnected from 159.223.193.42 port 50048 [preauth]
Sep 28 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Invalid user palworld from 134.122.46.149
Sep 28 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: input_userauth_request: invalid user palworld [preauth]
Sep 28 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Failed password for invalid user palworld from 134.122.46.149 port 47832 ssh2
Sep 28 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Connection closed by 134.122.46.149 port 47832 [preauth]
Sep 28 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session closed for user root
Sep 28 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Invalid user admin from 134.122.46.149
Sep 28 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Failed password for invalid user admin from 134.122.46.149 port 52734 ssh2
Sep 28 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Connection closed by 134.122.46.149 port 52734 [preauth]
Sep 28 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Invalid user centos from 134.122.46.149
Sep 28 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: input_userauth_request: invalid user centos [preauth]
Sep 28 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Failed password for invalid user centos from 134.122.46.149 port 52616 ssh2
Sep 28 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Connection closed by 134.122.46.149 port 52616 [preauth]
Sep 28 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Invalid user soma from 186.80.18.158
Sep 28 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: input_userauth_request: invalid user soma [preauth]
Sep 28 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28027]: Failed password for root from 122.54.18.220 port 52734 ssh2
Sep 28 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28027]: Received disconnect from 122.54.18.220 port 52734:11: Bye Bye [preauth]
Sep 28 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28027]: Disconnected from 122.54.18.220 port 52734 [preauth]
Sep 28 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Failed password for invalid user soma from 186.80.18.158 port 57310 ssh2
Sep 28 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Received disconnect from 186.80.18.158 port 57310:11: Bye Bye [preauth]
Sep 28 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Disconnected from 186.80.18.158 port 57310 [preauth]
Sep 28 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Invalid user redis from 134.122.46.149
Sep 28 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Failed password for invalid user redis from 134.122.46.149 port 60082 ssh2
Sep 28 22:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Connection closed by 134.122.46.149 port 60082 [preauth]
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28062]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Failed password for root from 59.19.182.197 port 34090 ssh2
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Received disconnect from 59.19.182.197 port 34090:11: Bye Bye [preauth]
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Disconnected from 59.19.182.197 port 34090 [preauth]
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28128]: Successful su for rubyman by root
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28128]: + ??? root:rubyman
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310987 of user rubyman.
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28128]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310987.
Sep 28 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session closed for user root
Sep 28 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28060]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: Failed password for root from 31.57.47.194 port 50248 ssh2
Sep 28 22:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: Received disconnect from 31.57.47.194 port 50248:11: Bye Bye [preauth]
Sep 28 22:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: Disconnected from 31.57.47.194 port 50248 [preauth]
Sep 28 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Invalid user www from 134.122.46.149
Sep 28 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: input_userauth_request: invalid user www [preauth]
Sep 28 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Invalid user vps from 185.255.91.50
Sep 28 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: input_userauth_request: invalid user vps [preauth]
Sep 28 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user www from 134.122.46.149 port 36014 ssh2
Sep 28 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Connection closed by 134.122.46.149 port 36014 [preauth]
Sep 28 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Failed password for invalid user vps from 185.255.91.50 port 47012 ssh2
Sep 28 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Received disconnect from 185.255.91.50 port 47012:11: Bye Bye [preauth]
Sep 28 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Disconnected from 185.255.91.50 port 47012 [preauth]
Sep 28 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Invalid user solana from 134.122.46.149
Sep 28 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: input_userauth_request: invalid user solana [preauth]
Sep 28 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Failed password for invalid user solana from 134.122.46.149 port 50174 ssh2
Sep 28 22:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Connection closed by 134.122.46.149 port 50174 [preauth]
Sep 28 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Invalid user comercial from 181.188.172.6
Sep 28 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: input_userauth_request: invalid user comercial [preauth]
Sep 28 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Failed password for invalid user comercial from 181.188.172.6 port 49407 ssh2
Sep 28 22:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Received disconnect from 181.188.172.6 port 49407:11: Bye Bye [preauth]
Sep 28 22:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Disconnected from 181.188.172.6 port 49407 [preauth]
Sep 28 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: Invalid user lighthouse from 134.122.46.149
Sep 28 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: Failed password for invalid user lighthouse from 134.122.46.149 port 52950 ssh2
Sep 28 22:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28434]: Connection closed by 134.122.46.149 port 52950 [preauth]
Sep 28 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session closed for user root
Sep 28 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Invalid user vps from 134.122.46.149
Sep 28 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: input_userauth_request: invalid user vps [preauth]
Sep 28 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Failed password for invalid user vps from 134.122.46.149 port 41156 ssh2
Sep 28 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Connection closed by 134.122.46.149 port 41156 [preauth]
Sep 28 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Invalid user deploy from 159.223.193.42
Sep 28 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: input_userauth_request: invalid user deploy [preauth]
Sep 28 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Invalid user git from 134.122.46.149
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: input_userauth_request: invalid user git [preauth]
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Failed password for invalid user deploy from 159.223.193.42 port 57564 ssh2
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Received disconnect from 159.223.193.42 port 57564:11: Bye Bye [preauth]
Sep 28 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Disconnected from 159.223.193.42 port 57564 [preauth]
Sep 28 22:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Invalid user jboss from 186.80.18.158
Sep 28 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: input_userauth_request: invalid user jboss [preauth]
Sep 28 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Failed password for invalid user git from 134.122.46.149 port 48992 ssh2
Sep 28 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Connection closed by 134.122.46.149 port 48992 [preauth]
Sep 28 22:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Failed password for invalid user jboss from 186.80.18.158 port 56702 ssh2
Sep 28 22:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Received disconnect from 186.80.18.158 port 56702:11: Bye Bye [preauth]
Sep 28 22:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Disconnected from 186.80.18.158 port 56702 [preauth]
Sep 28 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28649]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28729]: Successful su for rubyman by root
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28729]: + ??? root:rubyman
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310990 of user rubyman.
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28729]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310990.
Sep 28 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Invalid user t2 from 122.54.18.220
Sep 28 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: input_userauth_request: invalid user t2 [preauth]
Sep 28 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24897]: pam_unix(cron:session): session closed for user root
Sep 28 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Failed password for invalid user t2 from 122.54.18.220 port 31768 ssh2
Sep 28 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Received disconnect from 122.54.18.220 port 31768:11: Bye Bye [preauth]
Sep 28 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Disconnected from 122.54.18.220 port 31768 [preauth]
Sep 28 22:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: Invalid user huawei from 134.122.46.149
Sep 28 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28650]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: Failed password for invalid user huawei from 134.122.46.149 port 36574 ssh2
Sep 28 22:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29014]: Connection closed by 134.122.46.149 port 36574 [preauth]
Sep 28 22:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Failed password for root from 185.255.91.50 port 42492 ssh2
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Received disconnect from 185.255.91.50 port 42492:11: Bye Bye [preauth]
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29082]: Disconnected from 185.255.91.50 port 42492 [preauth]
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: Invalid user tom from 134.122.46.149
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: input_userauth_request: invalid user tom [preauth]
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: Failed password for invalid user tom from 134.122.46.149 port 43498 ssh2
Sep 28 22:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: Connection closed by 134.122.46.149 port 43498 [preauth]
Sep 28 22:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Invalid user steam from 134.122.46.149
Sep 28 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: input_userauth_request: invalid user steam [preauth]
Sep 28 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Failed password for invalid user steam from 134.122.46.149 port 36940 ssh2
Sep 28 22:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Connection closed by 134.122.46.149 port 36940 [preauth]
Sep 28 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: Invalid user basic from 59.19.182.197
Sep 28 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: input_userauth_request: invalid user basic [preauth]
Sep 28 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session closed for user root
Sep 28 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: Failed password for invalid user basic from 59.19.182.197 port 58956 ssh2
Sep 28 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: Received disconnect from 59.19.182.197 port 58956:11: Bye Bye [preauth]
Sep 28 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: Disconnected from 59.19.182.197 port 58956 [preauth]
Sep 28 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: User mysql from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: input_userauth_request: invalid user mysql [preauth]
Sep 28 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=mysql
Sep 28 22:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Failed password for invalid user mysql from 134.122.46.149 port 42604 ssh2
Sep 28 22:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Connection closed by 134.122.46.149 port 42604 [preauth]
Sep 28 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Invalid user monitor from 181.188.172.6
Sep 28 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: input_userauth_request: invalid user monitor [preauth]
Sep 28 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Failed password for invalid user monitor from 181.188.172.6 port 33687 ssh2
Sep 28 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Received disconnect from 181.188.172.6 port 33687:11: Bye Bye [preauth]
Sep 28 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Disconnected from 181.188.172.6 port 33687 [preauth]
Sep 28 22:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Invalid user php from 134.122.46.149
Sep 28 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: input_userauth_request: invalid user php [preauth]
Sep 28 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user storage from 31.57.47.194
Sep 28 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user storage [preauth]
Sep 28 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Failed password for invalid user php from 134.122.46.149 port 59390 ssh2
Sep 28 22:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Connection closed by 134.122.46.149 port 59390 [preauth]
Sep 28 22:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user storage from 31.57.47.194 port 59366 ssh2
Sep 28 22:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Received disconnect from 31.57.47.194 port 59366:11: Bye Bye [preauth]
Sep 28 22:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Disconnected from 31.57.47.194 port 59366 [preauth]
Sep 28 22:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Invalid user ming from 186.80.18.158
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: input_userauth_request: invalid user ming [preauth]
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: Successful su for rubyman by root
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: + ??? root:rubyman
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 310994 of user rubyman.
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 310994.
Sep 28 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Failed password for invalid user ming from 186.80.18.158 port 53796 ssh2
Sep 28 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Received disconnect from 186.80.18.158 port 53796:11: Bye Bye [preauth]
Sep 28 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Disconnected from 186.80.18.158 port 53796 [preauth]
Sep 28 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user root
Sep 28 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Invalid user huawei from 134.122.46.149
Sep 28 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Failed password for invalid user huawei from 134.122.46.149 port 56298 ssh2
Sep 28 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Connection closed by 134.122.46.149 port 56298 [preauth]
Sep 28 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: Invalid user kurosawa from 122.54.18.220
Sep 28 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: input_userauth_request: invalid user kurosawa [preauth]
Sep 28 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: Invalid user satisfactory from 134.122.46.149
Sep 28 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: Failed password for invalid user kurosawa from 122.54.18.220 port 26181 ssh2
Sep 28 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: Received disconnect from 122.54.18.220 port 26181:11: Bye Bye [preauth]
Sep 28 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29553]: Disconnected from 122.54.18.220 port 26181 [preauth]
Sep 28 22:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: Failed password for invalid user satisfactory from 134.122.46.149 port 36996 ssh2
Sep 28 22:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: Connection closed by 134.122.46.149 port 36996 [preauth]
Sep 28 22:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: Failed password for root from 185.255.91.50 port 42230 ssh2
Sep 28 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: Received disconnect from 185.255.91.50 port 42230:11: Bye Bye [preauth]
Sep 28 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: Disconnected from 185.255.91.50 port 42230 [preauth]
Sep 28 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: Failed password for root from 134.122.46.149 port 54650 ssh2
Sep 28 22:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: Connection closed by 134.122.46.149 port 54650 [preauth]
Sep 28 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session closed for user root
Sep 28 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Invalid user elsearch from 134.122.46.149
Sep 28 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Failed password for invalid user elsearch from 134.122.46.149 port 48606 ssh2
Sep 28 22:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Connection closed by 134.122.46.149 port 48606 [preauth]
Sep 28 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Invalid user hive from 134.122.46.149
Sep 28 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: input_userauth_request: invalid user hive [preauth]
Sep 28 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Failed password for invalid user hive from 134.122.46.149 port 47632 ssh2
Sep 28 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Connection closed by 134.122.46.149 port 47632 [preauth]
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session closed for user root
Sep 28 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29720]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29802]: Successful su for rubyman by root
Sep 28 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29802]: + ??? root:rubyman
Sep 28 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311000 of user rubyman.
Sep 28 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29802]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311000.
Sep 28 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Invalid user dolphin from 134.122.46.149
Sep 28 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Invalid user jboss from 59.19.182.197
Sep 28 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: input_userauth_request: invalid user jboss [preauth]
Sep 28 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for invalid user dolphin from 134.122.46.149 port 59418 ssh2
Sep 28 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Connection closed by 134.122.46.149 port 59418 [preauth]
Sep 28 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session closed for user root
Sep 28 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session closed for user root
Sep 28 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: Failed password for root from 186.80.18.158 port 43072 ssh2
Sep 28 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: Received disconnect from 186.80.18.158 port 43072:11: Bye Bye [preauth]
Sep 28 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29890]: Disconnected from 186.80.18.158 port 43072 [preauth]
Sep 28 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Failed password for invalid user jboss from 59.19.182.197 port 55598 ssh2
Sep 28 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Received disconnect from 59.19.182.197 port 55598:11: Bye Bye [preauth]
Sep 28 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29923]: Disconnected from 59.19.182.197 port 55598 [preauth]
Sep 28 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Failed password for root from 181.188.172.6 port 46202 ssh2
Sep 28 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Received disconnect from 181.188.172.6 port 46202:11: Bye Bye [preauth]
Sep 28 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Disconnected from 181.188.172.6 port 46202 [preauth]
Sep 28 22:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: Invalid user Administrator from 134.122.46.149
Sep 28 22:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 22:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: Failed password for invalid user Administrator from 134.122.46.149 port 55152 ssh2
Sep 28 22:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: Connection closed by 134.122.46.149 port 55152 [preauth]
Sep 28 22:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: Invalid user office from 122.54.18.220
Sep 28 22:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: input_userauth_request: invalid user office [preauth]
Sep 28 22:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Invalid user deposito from 185.255.91.50
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: input_userauth_request: invalid user deposito [preauth]
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Invalid user ranger from 134.122.46.149
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: input_userauth_request: invalid user ranger [preauth]
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: Failed password for invalid user office from 122.54.18.220 port 37914 ssh2
Sep 28 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: Received disconnect from 122.54.18.220 port 37914:11: Bye Bye [preauth]
Sep 28 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30124]: Disconnected from 122.54.18.220 port 37914 [preauth]
Sep 28 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Failed password for invalid user deposito from 185.255.91.50 port 40922 ssh2
Sep 28 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Received disconnect from 185.255.91.50 port 40922:11: Bye Bye [preauth]
Sep 28 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Disconnected from 185.255.91.50 port 40922 [preauth]
Sep 28 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Failed password for invalid user ranger from 134.122.46.149 port 42636 ssh2
Sep 28 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Connection closed by 134.122.46.149 port 42636 [preauth]
Sep 28 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28653]: pam_unix(cron:session): session closed for user root
Sep 28 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Invalid user web from 134.122.46.149
Sep 28 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: input_userauth_request: invalid user web [preauth]
Sep 28 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Failed password for invalid user web from 134.122.46.149 port 52778 ssh2
Sep 28 22:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Connection closed by 134.122.46.149 port 52778 [preauth]
Sep 28 22:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Failed password for root from 134.122.46.149 port 38348 ssh2
Sep 28 22:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Connection closed by 134.122.46.149 port 38348 [preauth]
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Invalid user sonar from 134.122.46.149
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: input_userauth_request: invalid user sonar [preauth]
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: Successful su for rubyman by root
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: + ??? root:rubyman
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311004 of user rubyman.
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30380]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311004.
Sep 28 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Failed password for invalid user sonar from 134.122.46.149 port 53212 ssh2
Sep 28 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Connection closed by 134.122.46.149 port 53212 [preauth]
Sep 28 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session closed for user root
Sep 28 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: Invalid user git from 186.80.18.158
Sep 28 22:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: input_userauth_request: invalid user git [preauth]
Sep 28 22:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: Failed password for invalid user git from 186.80.18.158 port 42526 ssh2
Sep 28 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: Received disconnect from 186.80.18.158 port 42526:11: Bye Bye [preauth]
Sep 28 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: Disconnected from 186.80.18.158 port 42526 [preauth]
Sep 28 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Invalid user user from 134.122.46.149
Sep 28 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: input_userauth_request: invalid user user [preauth]
Sep 28 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Invalid user kurosawa from 31.57.47.194
Sep 28 22:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: input_userauth_request: invalid user kurosawa [preauth]
Sep 28 22:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Failed password for invalid user user from 134.122.46.149 port 54970 ssh2
Sep 28 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Connection closed by 134.122.46.149 port 54970 [preauth]
Sep 28 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for invalid user kurosawa from 31.57.47.194 port 41012 ssh2
Sep 28 22:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Received disconnect from 31.57.47.194 port 41012:11: Bye Bye [preauth]
Sep 28 22:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Disconnected from 31.57.47.194 port 41012 [preauth]
Sep 28 22:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Invalid user redis from 134.122.46.149
Sep 28 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Invalid user apagar from 181.188.172.6
Sep 28 22:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: input_userauth_request: invalid user apagar [preauth]
Sep 28 22:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Failed password for invalid user redis from 134.122.46.149 port 33214 ssh2
Sep 28 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30749]: Connection closed by 134.122.46.149 port 33214 [preauth]
Sep 28 22:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for invalid user apagar from 181.188.172.6 port 58719 ssh2
Sep 28 22:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Received disconnect from 181.188.172.6 port 58719:11: Bye Bye [preauth]
Sep 28 22:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Disconnected from 181.188.172.6 port 58719 [preauth]
Sep 28 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session closed for user root
Sep 28 22:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Invalid user mcadmin from 59.19.182.197
Sep 28 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: input_userauth_request: invalid user mcadmin [preauth]
Sep 28 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for root from 185.255.91.50 port 46904 ssh2
Sep 28 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Received disconnect from 185.255.91.50 port 46904:11: Bye Bye [preauth]
Sep 28 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Disconnected from 185.255.91.50 port 46904 [preauth]
Sep 28 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Failed password for invalid user mcadmin from 59.19.182.197 port 52238 ssh2
Sep 28 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Received disconnect from 59.19.182.197 port 52238:11: Bye Bye [preauth]
Sep 28 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Disconnected from 59.19.182.197 port 52238 [preauth]
Sep 28 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Failed password for root from 134.122.46.149 port 56006 ssh2
Sep 28 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Connection closed by 134.122.46.149 port 56006 [preauth]
Sep 28 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: Invalid user erpuser from 122.54.18.220
Sep 28 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: input_userauth_request: invalid user erpuser [preauth]
Sep 28 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: Failed password for invalid user erpuser from 122.54.18.220 port 25923 ssh2
Sep 28 22:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: Received disconnect from 122.54.18.220 port 25923:11: Bye Bye [preauth]
Sep 28 22:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: Disconnected from 122.54.18.220 port 25923 [preauth]
Sep 28 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Invalid user admin from 134.122.46.149
Sep 28 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Failed password for invalid user admin from 134.122.46.149 port 37598 ssh2
Sep 28 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Connection closed by 134.122.46.149 port 37598 [preauth]
Sep 28 22:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Invalid user node from 134.122.46.149
Sep 28 22:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: input_userauth_request: invalid user node [preauth]
Sep 28 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: Successful su for rubyman by root
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: + ??? root:rubyman
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311009 of user rubyman.
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311009.
Sep 28 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Failed password for invalid user node from 134.122.46.149 port 34402 ssh2
Sep 28 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Connection closed by 134.122.46.149 port 34402 [preauth]
Sep 28 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 28 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session closed for user root
Sep 28 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Failed password for root from 93.152.230.176 port 9813 ssh2
Sep 28 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Received disconnect from 93.152.230.176 port 9813:11: Client disconnecting normally [preauth]
Sep 28 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Disconnected from 93.152.230.176 port 9813 [preauth]
Sep 28 22:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30878]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Invalid user zabbix from 134.122.46.149
Sep 28 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Failed password for invalid user zabbix from 134.122.46.149 port 46710 ssh2
Sep 28 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Connection closed by 134.122.46.149 port 46710 [preauth]
Sep 28 22:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Invalid user mtvps1 from 186.80.18.158
Sep 28 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: input_userauth_request: invalid user mtvps1 [preauth]
Sep 28 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for invalid user mtvps1 from 186.80.18.158 port 40474 ssh2
Sep 28 22:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Received disconnect from 186.80.18.158 port 40474:11: Bye Bye [preauth]
Sep 28 22:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Disconnected from 186.80.18.158 port 40474 [preauth]
Sep 28 22:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Invalid user vnc from 134.122.46.149
Sep 28 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: input_userauth_request: invalid user vnc [preauth]
Sep 28 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Failed password for invalid user vnc from 134.122.46.149 port 39940 ssh2
Sep 28 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Connection closed by 134.122.46.149 port 39940 [preauth]
Sep 28 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session closed for user root
Sep 28 22:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31262]: Failed password for root from 134.122.46.149 port 52612 ssh2
Sep 28 22:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31262]: Connection closed by 134.122.46.149 port 52612 [preauth]
Sep 28 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Invalid user registry from 134.122.46.149
Sep 28 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: input_userauth_request: invalid user registry [preauth]
Sep 28 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: Failed password for root from 185.255.91.50 port 53954 ssh2
Sep 28 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: Received disconnect from 185.255.91.50 port 53954:11: Bye Bye [preauth]
Sep 28 22:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31292]: Disconnected from 185.255.91.50 port 53954 [preauth]
Sep 28 22:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Failed password for invalid user registry from 134.122.46.149 port 47042 ssh2
Sep 28 22:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31307]: Connection closed by 134.122.46.149 port 47042 [preauth]
Sep 28 22:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: Failed password for root from 181.188.172.6 port 43002 ssh2
Sep 28 22:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: Received disconnect from 181.188.172.6 port 43002:11: Bye Bye [preauth]
Sep 28 22:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31318]: Disconnected from 181.188.172.6 port 43002 [preauth]
Sep 28 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: Invalid user ftpuser from 122.54.18.220
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Invalid user grafana from 134.122.46.149
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: input_userauth_request: invalid user grafana [preauth]
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42  user=root
Sep 28 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: Failed password for invalid user ftpuser from 122.54.18.220 port 32354 ssh2
Sep 28 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: Received disconnect from 122.54.18.220 port 32354:11: Bye Bye [preauth]
Sep 28 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31330]: Disconnected from 122.54.18.220 port 32354 [preauth]
Sep 28 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31343]: Failed password for root from 159.223.193.42 port 49980 ssh2
Sep 28 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31343]: Received disconnect from 159.223.193.42 port 49980:11: Bye Bye [preauth]
Sep 28 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31343]: Disconnected from 159.223.193.42 port 49980 [preauth]
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Failed password for invalid user grafana from 134.122.46.149 port 48412 ssh2
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Connection closed by 134.122.46.149 port 48412 [preauth]
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31349]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: Successful su for rubyman by root
Sep 28 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: + ??? root:rubyman
Sep 28 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311014 of user rubyman.
Sep 28 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311014.
Sep 28 22:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28062]: pam_unix(cron:session): session closed for user root
Sep 28 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Invalid user sangoma from 31.57.47.194
Sep 28 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: input_userauth_request: invalid user sangoma [preauth]
Sep 28 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Failed password for invalid user sangoma from 31.57.47.194 port 33324 ssh2
Sep 28 22:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Invalid user git from 59.19.182.197
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: input_userauth_request: invalid user git [preauth]
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Invalid user nft from 134.122.46.149
Sep 28 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: input_userauth_request: invalid user nft [preauth]
Sep 28 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Received disconnect from 31.57.47.194 port 33324:11: Bye Bye [preauth]
Sep 28 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31495]: Disconnected from 31.57.47.194 port 33324 [preauth]
Sep 28 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Failed password for invalid user git from 59.19.182.197 port 48884 ssh2
Sep 28 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Received disconnect from 59.19.182.197 port 48884:11: Bye Bye [preauth]
Sep 28 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Disconnected from 59.19.182.197 port 48884 [preauth]
Sep 28 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Failed password for invalid user nft from 134.122.46.149 port 49218 ssh2
Sep 28 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Connection closed by 134.122.46.149 port 49218 [preauth]
Sep 28 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Invalid user redis from 134.122.46.149
Sep 28 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Invalid user spider from 186.80.18.158
Sep 28 22:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: input_userauth_request: invalid user spider [preauth]
Sep 28 22:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Failed password for invalid user redis from 134.122.46.149 port 48310 ssh2
Sep 28 22:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31714]: Connection closed by 134.122.46.149 port 48310 [preauth]
Sep 28 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Failed password for invalid user spider from 186.80.18.158 port 49680 ssh2
Sep 28 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Received disconnect from 186.80.18.158 port 49680:11: Bye Bye [preauth]
Sep 28 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Disconnected from 186.80.18.158 port 49680 [preauth]
Sep 28 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user root
Sep 28 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Invalid user jenkins from 134.122.46.149
Sep 28 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: input_userauth_request: invalid user jenkins [preauth]
Sep 28 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Failed password for invalid user jenkins from 134.122.46.149 port 38272 ssh2
Sep 28 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31761]: Connection closed by 134.122.46.149 port 38272 [preauth]
Sep 28 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31810]: Failed password for root from 134.122.46.149 port 50330 ssh2
Sep 28 22:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31810]: Connection closed by 134.122.46.149 port 50330 [preauth]
Sep 28 22:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Invalid user jupyterhub from 185.255.91.50
Sep 28 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: input_userauth_request: invalid user jupyterhub [preauth]
Sep 28 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Invalid user rancher from 134.122.46.149
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: input_userauth_request: invalid user rancher [preauth]
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Failed password for invalid user jupyterhub from 185.255.91.50 port 54190 ssh2
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Received disconnect from 185.255.91.50 port 54190:11: Bye Bye [preauth]
Sep 28 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Disconnected from 185.255.91.50 port 54190 [preauth]
Sep 28 22:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Failed password for invalid user rancher from 134.122.46.149 port 53186 ssh2
Sep 28 22:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Connection closed by 134.122.46.149 port 53186 [preauth]
Sep 28 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: Successful su for rubyman by root
Sep 28 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: + ??? root:rubyman
Sep 28 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311016 of user rubyman.
Sep 28 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311016.
Sep 28 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28651]: pam_unix(cron:session): session closed for user root
Sep 28 22:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Invalid user tom from 134.122.46.149
Sep 28 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: input_userauth_request: invalid user tom [preauth]
Sep 28 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Failed password for invalid user tom from 134.122.46.149 port 49250 ssh2
Sep 28 22:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Connection closed by 134.122.46.149 port 49250 [preauth]
Sep 28 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: Failed password for root from 64.226.103.63 port 49810 ssh2
Sep 28 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: Connection closed by 64.226.103.63 port 49810 [preauth]
Sep 28 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31846]: Connection closed by 167.94.146.53 port 38650 [preauth]
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Invalid user admin from 64.226.103.63
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: Invalid user hengshi from 181.188.172.6
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: input_userauth_request: invalid user hengshi [preauth]
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Failed password for root from 122.54.18.220 port 13314 ssh2
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Received disconnect from 122.54.18.220 port 13314:11: Bye Bye [preauth]
Sep 28 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Disconnected from 122.54.18.220 port 13314 [preauth]
Sep 28 22:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: Failed password for invalid user hengshi from 181.188.172.6 port 55520 ssh2
Sep 28 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Failed password for invalid user admin from 64.226.103.63 port 49826 ssh2
Sep 28 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: Received disconnect from 181.188.172.6 port 55520:11: Bye Bye [preauth]
Sep 28 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32158]: Disconnected from 181.188.172.6 port 55520 [preauth]
Sep 28 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Connection closed by 64.226.103.63 port 49826 [preauth]
Sep 28 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: Invalid user steam from 134.122.46.149
Sep 28 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: input_userauth_request: invalid user steam [preauth]
Sep 28 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Failed password for root from 64.226.103.63 port 36294 ssh2
Sep 28 22:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Connection closed by 64.226.103.63 port 36294 [preauth]
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: Failed password for invalid user steam from 134.122.46.149 port 41938 ssh2
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32178]: Connection closed by 134.122.46.149 port 41938 [preauth]
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Invalid user es from 64.226.103.63
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: input_userauth_request: invalid user es [preauth]
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Failed password for invalid user es from 64.226.103.63 port 36306 ssh2
Sep 28 22:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Connection closed by 64.226.103.63 port 36306 [preauth]
Sep 28 22:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Failed password for root from 64.226.103.63 port 36322 ssh2
Sep 28 22:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Connection closed by 64.226.103.63 port 36322 [preauth]
Sep 28 22:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Invalid user oracle from 64.226.103.63
Sep 28 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: input_userauth_request: invalid user oracle [preauth]
Sep 28 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for invalid user oracle from 64.226.103.63 port 54836 ssh2
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Connection closed by 64.226.103.63 port 54836 [preauth]
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Invalid user postgres from 64.226.103.63
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Invalid user lighthouse from 134.122.46.149
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Failed password for invalid user postgres from 64.226.103.63 port 54842 ssh2
Sep 28 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30880]: pam_unix(cron:session): session closed for user root
Sep 28 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Connection closed by 64.226.103.63 port 54842 [preauth]
Sep 28 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Failed password for root from 186.80.18.158 port 57338 ssh2
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Received disconnect from 186.80.18.158 port 57338:11: Bye Bye [preauth]
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Disconnected from 186.80.18.158 port 57338 [preauth]
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Failed password for invalid user lighthouse from 134.122.46.149 port 52048 ssh2
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Connection closed by 134.122.46.149 port 52048 [preauth]
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Invalid user drupal from 64.226.103.63
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: input_userauth_request: invalid user drupal [preauth]
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for invalid user drupal from 64.226.103.63 port 54850 ssh2
Sep 28 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Connection closed by 64.226.103.63 port 54850 [preauth]
Sep 28 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: Invalid user ubuntu from 64.226.103.63
Sep 28 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: Invalid user admin from 159.223.193.42
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: Failed password for invalid user ubuntu from 64.226.103.63 port 54860 ssh2
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: Connection closed by 64.226.103.63 port 54860 [preauth]
Sep 28 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: Failed password for invalid user admin from 159.223.193.42 port 48202 ssh2
Sep 28 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: Received disconnect from 159.223.193.42 port 48202:11: Bye Bye [preauth]
Sep 28 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32271]: Disconnected from 159.223.193.42 port 48202 [preauth]
Sep 28 22:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: Failed password for root from 64.226.103.63 port 39502 ssh2
Sep 28 22:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: Connection closed by 64.226.103.63 port 39502 [preauth]
Sep 28 22:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Invalid user odoo from 64.226.103.63
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: input_userauth_request: invalid user odoo [preauth]
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: Invalid user guest from 134.122.46.149
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: input_userauth_request: invalid user guest [preauth]
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Failed password for invalid user odoo from 64.226.103.63 port 39508 ssh2
Sep 28 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: Failed password for invalid user guest from 134.122.46.149 port 37624 ssh2
Sep 28 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: Connection closed by 134.122.46.149 port 37624 [preauth]
Sep 28 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Connection closed by 64.226.103.63 port 39508 [preauth]
Sep 28 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: Invalid user ubuntu22 from 59.19.182.197
Sep 28 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: input_userauth_request: invalid user ubuntu22 [preauth]
Sep 28 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: Failed password for invalid user ubuntu22 from 59.19.182.197 port 45524 ssh2
Sep 28 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: Received disconnect from 59.19.182.197 port 45524:11: Bye Bye [preauth]
Sep 28 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: Disconnected from 59.19.182.197 port 45524 [preauth]
Sep 28 22:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Failed password for root from 64.226.103.63 port 39522 ssh2
Sep 28 22:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Connection closed by 64.226.103.63 port 39522 [preauth]
Sep 28 22:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Failed password for root from 64.226.103.63 port 47958 ssh2
Sep 28 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Connection closed by 64.226.103.63 port 47958 [preauth]
Sep 28 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Invalid user kali from 64.226.103.63
Sep 28 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: input_userauth_request: invalid user kali [preauth]
Sep 28 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Failed password for invalid user kali from 64.226.103.63 port 47962 ssh2
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Connection closed by 64.226.103.63 port 47962 [preauth]
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Invalid user huawei from 134.122.46.149
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Failed password for invalid user huawei from 134.122.46.149 port 38450 ssh2
Sep 28 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Connection closed by 134.122.46.149 port 38450 [preauth]
Sep 28 22:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Failed password for root from 64.226.103.63 port 47976 ssh2
Sep 28 22:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Connection closed by 64.226.103.63 port 47976 [preauth]
Sep 28 22:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Invalid user vyos from 64.226.103.63
Sep 28 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: input_userauth_request: invalid user vyos [preauth]
Sep 28 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Failed password for invalid user vyos from 64.226.103.63 port 42832 ssh2
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Connection closed by 64.226.103.63 port 42832 [preauth]
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
Sep 28 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Invalid user client from 185.255.91.50
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: input_userauth_request: invalid user client [preauth]
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: Successful su for rubyman by root
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: + ??? root:rubyman
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311024 of user rubyman.
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311024.
Sep 28 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Failed password for invalid user client from 185.255.91.50 port 60000 ssh2
Sep 28 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Received disconnect from 185.255.91.50 port 60000:11: Bye Bye [preauth]
Sep 28 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Disconnected from 185.255.91.50 port 60000 [preauth]
Sep 28 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Failed password for root from 64.226.103.63 port 42846 ssh2
Sep 28 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Connection closed by 64.226.103.63 port 42846 [preauth]
Sep 28 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session closed for user root
Sep 28 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session closed for user root
Sep 28 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Failed password for root from 64.226.103.63 port 42854 ssh2
Sep 28 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32534]: Connection closed by 64.226.103.63 port 42854 [preauth]
Sep 28 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Invalid user admin from 64.226.103.63
Sep 28 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Failed password for root from 134.122.46.149 port 46882 ssh2
Sep 28 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Connection closed by 134.122.46.149 port 46882 [preauth]
Sep 28 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Failed password for invalid user admin from 64.226.103.63 port 40556 ssh2
Sep 28 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Connection closed by 64.226.103.63 port 40556 [preauth]
Sep 28 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Invalid user testuser from 64.226.103.63
Sep 28 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: input_userauth_request: invalid user testuser [preauth]
Sep 28 22:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Failed password for invalid user testuser from 64.226.103.63 port 40558 ssh2
Sep 28 22:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Connection closed by 64.226.103.63 port 40558 [preauth]
Sep 28 22:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Invalid user postgres from 64.226.103.63
Sep 28 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: Invalid user grace from 31.57.47.194
Sep 28 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: input_userauth_request: invalid user grace [preauth]
Sep 28 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Failed password for invalid user postgres from 64.226.103.63 port 40572 ssh2
Sep 28 22:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Connection closed by 64.226.103.63 port 40572 [preauth]
Sep 28 22:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: Failed password for invalid user grace from 31.57.47.194 port 39182 ssh2
Sep 28 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: Received disconnect from 31.57.47.194 port 39182:11: Bye Bye [preauth]
Sep 28 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32687]: Disconnected from 31.57.47.194 port 39182 [preauth]
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: Failed password for root from 64.226.103.63 port 40586 ssh2
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: Connection closed by 64.226.103.63 port 40586 [preauth]
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Invalid user palworld from 134.122.46.149
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: input_userauth_request: invalid user palworld [preauth]
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Invalid user debian from 64.226.103.63
Sep 28 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: input_userauth_request: invalid user debian [preauth]
Sep 28 22:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Failed password for invalid user debian from 64.226.103.63 port 42752 ssh2
Sep 28 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Failed password for invalid user palworld from 134.122.46.149 port 49400 ssh2
Sep 28 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Connection closed by 134.122.46.149 port 49400 [preauth]
Sep 28 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Connection closed by 64.226.103.63 port 42752 [preauth]
Sep 28 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Invalid user test from 64.226.103.63
Sep 28 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: input_userauth_request: invalid user test [preauth]
Sep 28 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Failed password for invalid user test from 64.226.103.63 port 42756 ssh2
Sep 28 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Connection closed by 64.226.103.63 port 42756 [preauth]
Sep 28 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Invalid user user from 64.226.103.63
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: input_userauth_request: invalid user user [preauth]
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Invalid user grace from 122.54.18.220
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: input_userauth_request: invalid user grace [preauth]
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Failed password for invalid user user from 64.226.103.63 port 42772 ssh2
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Connection closed by 64.226.103.63 port 42772 [preauth]
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Failed password for invalid user grace from 122.54.18.220 port 13448 ssh2
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Received disconnect from 122.54.18.220 port 13448:11: Bye Bye [preauth]
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Disconnected from 122.54.18.220 port 13448 [preauth]
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: Invalid user deployer from 64.226.103.63
Sep 28 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: input_userauth_request: invalid user deployer [preauth]
Sep 28 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: Invalid user palworld from 134.122.46.149
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: input_userauth_request: invalid user palworld [preauth]
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: Failed password for invalid user deployer from 64.226.103.63 port 57318 ssh2
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32756]: Connection closed by 64.226.103.63 port 57318 [preauth]
Sep 28 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: Invalid user postgres from 64.226.103.63
Sep 28 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: Failed password for invalid user palworld from 134.122.46.149 port 54282 ssh2
Sep 28 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: Connection closed by 134.122.46.149 port 54282 [preauth]
Sep 28 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: Failed password for invalid user postgres from 64.226.103.63 port 57320 ssh2
Sep 28 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32760]: Connection closed by 64.226.103.63 port 57320 [preauth]
Sep 28 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31349]: pam_unix(cron:session): session closed for user root
Sep 28 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: Failed password for root from 64.226.103.63 port 57324 ssh2
Sep 28 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[312]: Connection closed by 64.226.103.63 port 57324 [preauth]
Sep 28 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Invalid user devopsuser from 64.226.103.63
Sep 28 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: input_userauth_request: invalid user devopsuser [preauth]
Sep 28 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Failed password for root from 186.80.18.158 port 44924 ssh2
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Failed password for invalid user devopsuser from 64.226.103.63 port 57338 ssh2
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Received disconnect from 186.80.18.158 port 44924:11: Bye Bye [preauth]
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Disconnected from 186.80.18.158 port 44924 [preauth]
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Connection closed by 64.226.103.63 port 57338 [preauth]
Sep 28 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Invalid user li from 181.188.172.6
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: input_userauth_request: invalid user li [preauth]
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Invalid user kafka from 64.226.103.63
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: input_userauth_request: invalid user kafka [preauth]
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for invalid user li from 181.188.172.6 port 39808 ssh2
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Received disconnect from 181.188.172.6 port 39808:11: Bye Bye [preauth]
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Disconnected from 181.188.172.6 port 39808 [preauth]
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Failed password for invalid user kafka from 64.226.103.63 port 54524 ssh2
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Connection closed by 64.226.103.63 port 54524 [preauth]
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Invalid user vbox from 134.122.46.149
Sep 28 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: input_userauth_request: invalid user vbox [preauth]
Sep 28 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Invalid user testuser from 64.226.103.63
Sep 28 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: input_userauth_request: invalid user testuser [preauth]
Sep 28 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Failed password for invalid user vbox from 134.122.46.149 port 56852 ssh2
Sep 28 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Connection closed by 134.122.46.149 port 56852 [preauth]
Sep 28 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Failed password for invalid user testuser from 64.226.103.63 port 54536 ssh2
Sep 28 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Connection closed by 64.226.103.63 port 54536 [preauth]
Sep 28 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Invalid user pi from 64.226.103.63
Sep 28 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: input_userauth_request: invalid user pi [preauth]
Sep 28 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Failed password for invalid user pi from 64.226.103.63 port 54552 ssh2
Sep 28 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Connection closed by 64.226.103.63 port 54552 [preauth]
Sep 28 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Invalid user devops from 64.226.103.63
Sep 28 22:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: input_userauth_request: invalid user devops [preauth]
Sep 28 22:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Failed password for invalid user devops from 64.226.103.63 port 54830 ssh2
Sep 28 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Connection closed by 64.226.103.63 port 54830 [preauth]
Sep 28 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: Invalid user test from 134.122.46.149
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: input_userauth_request: invalid user test [preauth]
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Failed password for root from 64.226.103.63 port 54834 ssh2
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Connection closed by 64.226.103.63 port 54834 [preauth]
Sep 28 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: Failed password for invalid user test from 134.122.46.149 port 60658 ssh2
Sep 28 22:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[401]: Connection closed by 134.122.46.149 port 60658 [preauth]
Sep 28 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: Failed password for root from 64.226.103.63 port 54844 ssh2
Sep 28 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[406]: Connection closed by 64.226.103.63 port 54844 [preauth]
Sep 28 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Invalid user fa from 64.226.103.63
Sep 28 22:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: input_userauth_request: invalid user fa [preauth]
Sep 28 22:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Failed password for invalid user fa from 64.226.103.63 port 51334 ssh2
Sep 28 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[409]: Connection closed by 64.226.103.63 port 51334 [preauth]
Sep 28 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[428]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: Invalid user devopsadmin from 64.226.103.63
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: input_userauth_request: invalid user devopsadmin [preauth]
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: Successful su for rubyman by root
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: + ??? root:rubyman
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311027 of user rubyman.
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[511]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311027.
Sep 28 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: Failed password for invalid user devopsadmin from 64.226.103.63 port 51340 ssh2
Sep 28 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: Connection closed by 64.226.103.63 port 51340 [preauth]
Sep 28 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Invalid user sonar from 134.122.46.149
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Failed password for root from 64.226.103.63 port 51356 ssh2
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: input_userauth_request: invalid user sonar [preauth]
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Connection closed by 64.226.103.63 port 51356 [preauth]
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session closed for user root
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Invalid user dspace from 64.226.103.63
Sep 28 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: input_userauth_request: invalid user dspace [preauth]
Sep 28 22:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Failed password for invalid user sonar from 134.122.46.149 port 41702 ssh2
Sep 28 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[429]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[666]: Connection closed by 134.122.46.149 port 41702 [preauth]
Sep 28 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Failed password for invalid user dspace from 64.226.103.63 port 51370 ssh2
Sep 28 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Connection closed by 64.226.103.63 port 51370 [preauth]
Sep 28 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Failed password for root from 185.255.91.50 port 33720 ssh2
Sep 28 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Received disconnect from 185.255.91.50 port 33720:11: Bye Bye [preauth]
Sep 28 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Disconnected from 185.255.91.50 port 33720 [preauth]
Sep 28 22:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[711]: Failed password for root from 64.226.103.63 port 60720 ssh2
Sep 28 22:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[711]: Connection closed by 64.226.103.63 port 60720 [preauth]
Sep 28 22:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Invalid user ubuntu from 64.226.103.63
Sep 28 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Failed password for invalid user ubuntu from 64.226.103.63 port 60722 ssh2
Sep 28 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Connection closed by 64.226.103.63 port 60722 [preauth]
Sep 28 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Invalid user deploy from 64.226.103.63
Sep 28 22:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: input_userauth_request: invalid user deploy [preauth]
Sep 28 22:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: Invalid user website from 134.122.46.149
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: input_userauth_request: invalid user website [preauth]
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Invalid user ubuntu from 59.19.182.197
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Failed password for invalid user deploy from 64.226.103.63 port 60732 ssh2
Sep 28 22:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Connection closed by 64.226.103.63 port 60732 [preauth]
Sep 28 22:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: Invalid user moxa from 64.226.103.63
Sep 28 22:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: input_userauth_request: invalid user moxa [preauth]
Sep 28 22:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: Failed password for invalid user website from 134.122.46.149 port 50516 ssh2
Sep 28 22:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: Connection closed by 134.122.46.149 port 50516 [preauth]
Sep 28 22:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Failed password for invalid user ubuntu from 59.19.182.197 port 42162 ssh2
Sep 28 22:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Received disconnect from 59.19.182.197 port 42162:11: Bye Bye [preauth]
Sep 28 22:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Disconnected from 59.19.182.197 port 42162 [preauth]
Sep 28 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Invalid user git from 159.223.193.42
Sep 28 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: input_userauth_request: invalid user git [preauth]
Sep 28 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: Failed password for invalid user moxa from 64.226.103.63 port 36390 ssh2
Sep 28 22:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[758]: Connection closed by 64.226.103.63 port 36390 [preauth]
Sep 28 22:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Invalid user steam from 64.226.103.63
Sep 28 22:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: input_userauth_request: invalid user steam [preauth]
Sep 28 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Failed password for invalid user git from 159.223.193.42 port 36106 ssh2
Sep 28 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Received disconnect from 159.223.193.42 port 36106:11: Bye Bye [preauth]
Sep 28 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Disconnected from 159.223.193.42 port 36106 [preauth]
Sep 28 22:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Failed password for invalid user steam from 64.226.103.63 port 36398 ssh2
Sep 28 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Connection closed by 64.226.103.63 port 36398 [preauth]
Sep 28 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Invalid user ansible from 64.226.103.63
Sep 28 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: input_userauth_request: invalid user ansible [preauth]
Sep 28 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Failed password for invalid user ansible from 64.226.103.63 port 36404 ssh2
Sep 28 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Connection closed by 64.226.103.63 port 36404 [preauth]
Sep 28 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: User bin from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: input_userauth_request: invalid user bin [preauth]
Sep 28 22:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=bin
Sep 28 22:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Failed password for root from 64.226.103.63 port 48166 ssh2
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Failed password for invalid user bin from 134.122.46.149 port 48442 ssh2
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Connection closed by 64.226.103.63 port 48166 [preauth]
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Connection closed by 134.122.46.149 port 48442 [preauth]
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: Invalid user ftpuser from 64.226.103.63
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: Failed password for invalid user ftpuser from 64.226.103.63 port 48172 ssh2
Sep 28 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[823]: Connection closed by 64.226.103.63 port 48172 [preauth]
Sep 28 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session closed for user root
Sep 28 22:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
Sep 28 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Failed password for root from 64.226.103.63 port 48184 ssh2
Sep 28 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Connection closed by 64.226.103.63 port 48184 [preauth]
Sep 28 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Failed password for root from 122.54.18.220 port 19720 ssh2
Sep 28 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Received disconnect from 122.54.18.220 port 19720:11: Bye Bye [preauth]
Sep 28 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Disconnected from 122.54.18.220 port 19720 [preauth]
Sep 28 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: Failed password for root from 64.226.103.63 port 47538 ssh2
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: Connection closed by 64.226.103.63 port 47538 [preauth]
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Invalid user alex from 186.80.18.158
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: input_userauth_request: invalid user alex [preauth]
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63  user=root
Sep 28 22:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Failed password for invalid user alex from 186.80.18.158 port 57840 ssh2
Sep 28 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Received disconnect from 186.80.18.158 port 57840:11: Bye Bye [preauth]
Sep 28 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Disconnected from 186.80.18.158 port 57840 [preauth]
Sep 28 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Failed password for root from 64.226.103.63 port 47544 ssh2
Sep 28 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Failed password for root from 134.122.46.149 port 59686 ssh2
Sep 28 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[911]: Connection closed by 64.226.103.63 port 47544 [preauth]
Sep 28 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Connection closed by 134.122.46.149 port 59686 [preauth]
Sep 28 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Invalid user ubnt from 64.226.103.63
Sep 28 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: input_userauth_request: invalid user ubnt [preauth]
Sep 28 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Failed password for invalid user ubnt from 64.226.103.63 port 47550 ssh2
Sep 28 22:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Connection closed by 64.226.103.63 port 47550 [preauth]
Sep 28 22:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Invalid user deploy from 64.226.103.63
Sep 28 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: input_userauth_request: invalid user deploy [preauth]
Sep 28 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.103.63
Sep 28 22:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Failed password for invalid user deploy from 64.226.103.63 port 47560 ssh2
Sep 28 22:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Connection closed by 64.226.103.63 port 47560 [preauth]
Sep 28 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Invalid user jumpserver from 134.122.46.149
Sep 28 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: input_userauth_request: invalid user jumpserver [preauth]
Sep 28 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Failed password for invalid user jumpserver from 134.122.46.149 port 38290 ssh2
Sep 28 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Connection closed by 134.122.46.149 port 38290 [preauth]
Sep 28 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Invalid user yby from 181.188.172.6
Sep 28 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: input_userauth_request: invalid user yby [preauth]
Sep 28 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1034]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1105]: Successful su for rubyman by root
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1105]: + ??? root:rubyman
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311030 of user rubyman.
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1105]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311030.
Sep 28 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Failed password for invalid user yby from 181.188.172.6 port 52319 ssh2
Sep 28 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Received disconnect from 181.188.172.6 port 52319:11: Bye Bye [preauth]
Sep 28 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Disconnected from 181.188.172.6 port 52319 [preauth]
Sep 28 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session closed for user root
Sep 28 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for root from 134.122.46.149 port 58342 ssh2
Sep 28 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Connection closed by 134.122.46.149 port 58342 [preauth]
Sep 28 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Invalid user ftpuser from 185.255.91.50
Sep 28 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for invalid user ftpuser from 185.255.91.50 port 33852 ssh2
Sep 28 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Received disconnect from 185.255.91.50 port 33852:11: Bye Bye [preauth]
Sep 28 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Disconnected from 185.255.91.50 port 33852 [preauth]
Sep 28 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Invalid user redis from 134.122.46.149
Sep 28 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Invalid user sara from 31.57.47.194
Sep 28 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: input_userauth_request: invalid user sara [preauth]
Sep 28 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Failed password for invalid user redis from 134.122.46.149 port 33108 ssh2
Sep 28 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Connection closed by 134.122.46.149 port 33108 [preauth]
Sep 28 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Failed password for invalid user sara from 31.57.47.194 port 60884 ssh2
Sep 28 22:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Received disconnect from 31.57.47.194 port 60884:11: Bye Bye [preauth]
Sep 28 22:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1358]: Disconnected from 31.57.47.194 port 60884 [preauth]
Sep 28 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Invalid user steam from 134.122.46.149
Sep 28 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: input_userauth_request: invalid user steam [preauth]
Sep 28 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Failed password for invalid user steam from 134.122.46.149 port 57900 ssh2
Sep 28 22:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Connection closed by 134.122.46.149 port 57900 [preauth]
Sep 28 22:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user root
Sep 28 22:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Invalid user solana from 134.122.46.149
Sep 28 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: input_userauth_request: invalid user solana [preauth]
Sep 28 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Failed password for invalid user solana from 134.122.46.149 port 60782 ssh2
Sep 28 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Connection closed by 134.122.46.149 port 60782 [preauth]
Sep 28 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Invalid user admin from 186.80.18.158
Sep 28 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Failed password for invalid user admin from 186.80.18.158 port 59908 ssh2
Sep 28 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Received disconnect from 186.80.18.158 port 59908:11: Bye Bye [preauth]
Sep 28 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Disconnected from 186.80.18.158 port 59908 [preauth]
Sep 28 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Invalid user mithun from 122.54.18.220
Sep 28 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: input_userauth_request: invalid user mithun [preauth]
Sep 28 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Invalid user test from 59.19.182.197
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: input_userauth_request: invalid user test [preauth]
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Failed password for invalid user mithun from 122.54.18.220 port 46982 ssh2
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Received disconnect from 122.54.18.220 port 46982:11: Bye Bye [preauth]
Sep 28 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Disconnected from 122.54.18.220 port 46982 [preauth]
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Failed password for invalid user test from 59.19.182.197 port 38804 ssh2
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Received disconnect from 59.19.182.197 port 38804:11: Bye Bye [preauth]
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Disconnected from 59.19.182.197 port 38804 [preauth]
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Invalid user ec2-user from 134.122.46.149
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Failed password for invalid user ec2-user from 134.122.46.149 port 46318 ssh2
Sep 28 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Connection closed by 134.122.46.149 port 46318 [preauth]
Sep 28 22:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Invalid user mysqld from 159.223.193.42
Sep 28 22:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: input_userauth_request: invalid user mysqld [preauth]
Sep 28 22:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1534]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1531]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1597]: Successful su for rubyman by root
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1597]: + ??? root:rubyman
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Failed password for invalid user mysqld from 159.223.193.42 port 53840 ssh2
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311034 of user rubyman.
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Received disconnect from 159.223.193.42 port 53840:11: Bye Bye [preauth]
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Disconnected from 159.223.193.42 port 53840 [preauth]
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1597]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311034.
Sep 28 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: Failed password for root from 134.122.46.149 port 59534 ssh2
Sep 28 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1638]: Connection closed by 134.122.46.149 port 59534 [preauth]
Sep 28 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30879]: pam_unix(cron:session): session closed for user root
Sep 28 22:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1532]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Invalid user vintagestory from 185.255.91.50
Sep 28 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: input_userauth_request: invalid user vintagestory [preauth]
Sep 28 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Invalid user arkserver from 134.122.46.149
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Failed password for invalid user vintagestory from 185.255.91.50 port 43110 ssh2
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Received disconnect from 185.255.91.50 port 43110:11: Bye Bye [preauth]
Sep 28 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Disconnected from 185.255.91.50 port 43110 [preauth]
Sep 28 22:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for invalid user arkserver from 134.122.46.149 port 40086 ssh2
Sep 28 22:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Connection closed by 134.122.46.149 port 40086 [preauth]
Sep 28 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Invalid user app from 181.188.172.6
Sep 28 22:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: input_userauth_request: invalid user app [preauth]
Sep 28 22:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Failed password for invalid user app from 181.188.172.6 port 36597 ssh2
Sep 28 22:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Received disconnect from 181.188.172.6 port 36597:11: Bye Bye [preauth]
Sep 28 22:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Disconnected from 181.188.172.6 port 36597 [preauth]
Sep 28 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Failed password for root from 134.122.46.149 port 57054 ssh2
Sep 28 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Connection closed by 134.122.46.149 port 57054 [preauth]
Sep 28 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[431]: pam_unix(cron:session): session closed for user root
Sep 28 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Invalid user webadmin from 134.122.46.149
Sep 28 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Failed password for invalid user webadmin from 134.122.46.149 port 57934 ssh2
Sep 28 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Connection closed by 134.122.46.149 port 57934 [preauth]
Sep 28 22:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Failed password for root from 186.80.18.158 port 41426 ssh2
Sep 28 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Received disconnect from 186.80.18.158 port 41426:11: Bye Bye [preauth]
Sep 28 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Disconnected from 186.80.18.158 port 41426 [preauth]
Sep 28 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Invalid user apache from 134.122.46.149
Sep 28 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: input_userauth_request: invalid user apache [preauth]
Sep 28 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Failed password for invalid user apache from 134.122.46.149 port 38824 ssh2
Sep 28 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Connection closed by 134.122.46.149 port 38824 [preauth]
Sep 28 22:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Invalid user igor from 122.54.18.220
Sep 28 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: input_userauth_request: invalid user igor [preauth]
Sep 28 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Failed password for invalid user igor from 122.54.18.220 port 26249 ssh2
Sep 28 22:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Received disconnect from 122.54.18.220 port 26249:11: Bye Bye [preauth]
Sep 28 22:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Disconnected from 122.54.18.220 port 26249 [preauth]
Sep 28 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Invalid user elastic from 134.122.46.149
Sep 28 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: input_userauth_request: invalid user elastic [preauth]
Sep 28 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2004]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2152]: Successful su for rubyman by root
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2152]: + ??? root:rubyman
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311041 of user rubyman.
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2152]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311041.
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Failed password for invalid user elastic from 134.122.46.149 port 59812 ssh2
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2002]: pam_unix(cron:session): session closed for user root
Sep 28 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Connection closed by 134.122.46.149 port 59812 [preauth]
Sep 28 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session closed for user root
Sep 28 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2005]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: Invalid user cyberpanel from 134.122.46.149
Sep 28 22:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 22:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: Failed password for invalid user cyberpanel from 134.122.46.149 port 33028 ssh2
Sep 28 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: Connection closed by 134.122.46.149 port 33028 [preauth]
Sep 28 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: Invalid user monitor from 185.255.91.50
Sep 28 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: input_userauth_request: invalid user monitor [preauth]
Sep 28 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: Failed password for invalid user monitor from 185.255.91.50 port 39210 ssh2
Sep 28 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: Received disconnect from 185.255.91.50 port 39210:11: Bye Bye [preauth]
Sep 28 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2384]: Disconnected from 185.255.91.50 port 39210 [preauth]
Sep 28 22:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Invalid user odoo from 134.122.46.149
Sep 28 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: input_userauth_request: invalid user odoo [preauth]
Sep 28 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: Failed password for root from 59.19.182.197 port 35444 ssh2
Sep 28 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: Received disconnect from 59.19.182.197 port 35444:11: Bye Bye [preauth]
Sep 28 22:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: Disconnected from 59.19.182.197 port 35444 [preauth]
Sep 28 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Failed password for root from 31.57.47.194 port 44570 ssh2
Sep 28 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Received disconnect from 31.57.47.194 port 44570:11: Bye Bye [preauth]
Sep 28 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Disconnected from 31.57.47.194 port 44570 [preauth]
Sep 28 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for invalid user odoo from 134.122.46.149 port 39466 ssh2
Sep 28 22:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Connection closed by 134.122.46.149 port 39466 [preauth]
Sep 28 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1039]: pam_unix(cron:session): session closed for user root
Sep 28 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Invalid user master from 134.122.46.149
Sep 28 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: input_userauth_request: invalid user master [preauth]
Sep 28 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for invalid user master from 134.122.46.149 port 45160 ssh2
Sep 28 22:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Connection closed by 134.122.46.149 port 45160 [preauth]
Sep 28 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Failed password for root from 181.188.172.6 port 49113 ssh2
Sep 28 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Received disconnect from 181.188.172.6 port 49113:11: Bye Bye [preauth]
Sep 28 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Disconnected from 181.188.172.6 port 49113 [preauth]
Sep 28 22:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for root from 134.122.46.149 port 47728 ssh2
Sep 28 22:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Connection closed by 134.122.46.149 port 47728 [preauth]
Sep 28 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Failed password for root from 186.80.18.158 port 42500 ssh2
Sep 28 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Received disconnect from 186.80.18.158 port 42500:11: Bye Bye [preauth]
Sep 28 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Disconnected from 186.80.18.158 port 42500 [preauth]
Sep 28 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Invalid user php from 134.122.46.149
Sep 28 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: input_userauth_request: invalid user php [preauth]
Sep 28 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Failed password for invalid user php from 134.122.46.149 port 60964 ssh2
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session closed for user root
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2565]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Connection closed by 134.122.46.149 port 60964 [preauth]
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: Successful su for rubyman by root
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: + ??? root:rubyman
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311044 of user rubyman.
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2639]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311044.
Sep 28 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session closed for user root
Sep 28 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session closed for user root
Sep 28 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Invalid user andrey from 122.54.18.220
Sep 28 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: input_userauth_request: invalid user andrey [preauth]
Sep 28 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for invalid user andrey from 122.54.18.220 port 24070 ssh2
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Received disconnect from 122.54.18.220 port 24070:11: Bye Bye [preauth]
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Disconnected from 122.54.18.220 port 24070 [preauth]
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Invalid user latitude from 134.122.46.149
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: input_userauth_request: invalid user latitude [preauth]
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Failed password for invalid user latitude from 134.122.46.149 port 48920 ssh2
Sep 28 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Connection closed by 134.122.46.149 port 48920 [preauth]
Sep 28 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Invalid user vbox from 134.122.46.149
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: input_userauth_request: invalid user vbox [preauth]
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Invalid user desenvolvimento from 185.255.91.50
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: input_userauth_request: invalid user desenvolvimento [preauth]
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Failed password for invalid user vbox from 134.122.46.149 port 52086 ssh2
Sep 28 22:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Connection closed by 134.122.46.149 port 52086 [preauth]
Sep 28 22:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Failed password for invalid user desenvolvimento from 185.255.91.50 port 50172 ssh2
Sep 28 22:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Received disconnect from 185.255.91.50 port 50172:11: Bye Bye [preauth]
Sep 28 22:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Disconnected from 185.255.91.50 port 50172 [preauth]
Sep 28 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1534]: pam_unix(cron:session): session closed for user root
Sep 28 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Invalid user vagrant from 134.122.46.149
Sep 28 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Failed password for invalid user vagrant from 134.122.46.149 port 36244 ssh2
Sep 28 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Connection closed by 134.122.46.149 port 36244 [preauth]
Sep 28 22:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Invalid user solana from 134.122.46.149
Sep 28 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: input_userauth_request: invalid user solana [preauth]
Sep 28 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for invalid user solana from 134.122.46.149 port 41640 ssh2
Sep 28 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Connection closed by 134.122.46.149 port 41640 [preauth]
Sep 28 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Invalid user user1 from 134.122.46.149
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: input_userauth_request: invalid user user1 [preauth]
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Invalid user mysqld from 186.80.18.158
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: input_userauth_request: invalid user mysqld [preauth]
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Invalid user deploy from 59.19.182.197
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: input_userauth_request: invalid user deploy [preauth]
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Failed password for invalid user user1 from 134.122.46.149 port 43124 ssh2
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Connection closed by 134.122.46.149 port 43124 [preauth]
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Failed password for invalid user mysqld from 186.80.18.158 port 44922 ssh2
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Received disconnect from 186.80.18.158 port 44922:11: Bye Bye [preauth]
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Disconnected from 186.80.18.158 port 44922 [preauth]
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Failed password for invalid user deploy from 59.19.182.197 port 60322 ssh2
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Received disconnect from 59.19.182.197 port 60322:11: Bye Bye [preauth]
Sep 28 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Disconnected from 59.19.182.197 port 60322 [preauth]
Sep 28 22:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Invalid user test1 from 181.188.172.6
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: input_userauth_request: invalid user test1 [preauth]
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: Successful su for rubyman by root
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: + ??? root:rubyman
Sep 28 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311049 of user rubyman.
Sep 28 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311049.
Sep 28 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Failed password for invalid user test1 from 181.188.172.6 port 33391 ssh2
Sep 28 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Received disconnect from 181.188.172.6 port 33391:11: Bye Bye [preauth]
Sep 28 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Disconnected from 181.188.172.6 port 33391 [preauth]
Sep 28 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user root
Sep 28 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for root from 134.122.46.149 port 48340 ssh2
Sep 28 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Connection closed by 134.122.46.149 port 48340 [preauth]
Sep 28 22:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Invalid user master from 122.54.18.220
Sep 28 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: input_userauth_request: invalid user master [preauth]
Sep 28 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Failed password for root from 31.57.47.194 port 55306 ssh2
Sep 28 22:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Received disconnect from 31.57.47.194 port 55306:11: Bye Bye [preauth]
Sep 28 22:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Disconnected from 31.57.47.194 port 55306 [preauth]
Sep 28 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Failed password for invalid user master from 122.54.18.220 port 51649 ssh2
Sep 28 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Received disconnect from 122.54.18.220 port 51649:11: Bye Bye [preauth]
Sep 28 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Disconnected from 122.54.18.220 port 51649 [preauth]
Sep 28 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Failed password for root from 134.122.46.149 port 46308 ssh2
Sep 28 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3351]: Connection closed by 134.122.46.149 port 46308 [preauth]
Sep 28 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42  user=root
Sep 28 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Failed password for root from 159.223.193.42 port 55268 ssh2
Sep 28 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Received disconnect from 159.223.193.42 port 55268:11: Bye Bye [preauth]
Sep 28 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Disconnected from 159.223.193.42 port 55268 [preauth]
Sep 28 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Invalid user ftpuser from 185.255.91.50
Sep 28 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Failed password for invalid user ftpuser from 185.255.91.50 port 41662 ssh2
Sep 28 22:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Received disconnect from 185.255.91.50 port 41662:11: Bye Bye [preauth]
Sep 28 22:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Disconnected from 185.255.91.50 port 41662 [preauth]
Sep 28 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Failed password for root from 134.122.46.149 port 35080 ssh2
Sep 28 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Connection closed by 134.122.46.149 port 35080 [preauth]
Sep 28 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session closed for user root
Sep 28 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Invalid user sftp from 134.122.46.149
Sep 28 22:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: input_userauth_request: invalid user sftp [preauth]
Sep 28 22:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Failed password for invalid user sftp from 134.122.46.149 port 51326 ssh2
Sep 28 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3443]: Connection closed by 134.122.46.149 port 51326 [preauth]
Sep 28 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Invalid user cyberpanel from 134.122.46.149
Sep 28 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 22:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Failed password for invalid user cyberpanel from 134.122.46.149 port 40928 ssh2
Sep 28 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Connection closed by 134.122.46.149 port 40928 [preauth]
Sep 28 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Invalid user xuhao from 186.80.18.158
Sep 28 22:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: input_userauth_request: invalid user xuhao [preauth]
Sep 28 22:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3559]: Successful su for rubyman by root
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3559]: + ??? root:rubyman
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311055 of user rubyman.
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3559]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311055.
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Failed password for invalid user xuhao from 186.80.18.158 port 56988 ssh2
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Received disconnect from 186.80.18.158 port 56988:11: Bye Bye [preauth]
Sep 28 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Disconnected from 186.80.18.158 port 56988 [preauth]
Sep 28 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[430]: pam_unix(cron:session): session closed for user root
Sep 28 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Invalid user data from 134.122.46.149
Sep 28 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: input_userauth_request: invalid user data [preauth]
Sep 28 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Failed password for invalid user data from 134.122.46.149 port 60618 ssh2
Sep 28 22:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Connection closed by 134.122.46.149 port 60618 [preauth]
Sep 28 22:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Failed password for invalid user ubuntu from 134.122.46.149 port 37800 ssh2
Sep 28 22:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3795]: Connection closed by 134.122.46.149 port 37800 [preauth]
Sep 28 22:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Invalid user postgres from 181.188.172.6
Sep 28 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Failed password for invalid user postgres from 181.188.172.6 port 45907 ssh2
Sep 28 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Received disconnect from 181.188.172.6 port 45907:11: Bye Bye [preauth]
Sep 28 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Disconnected from 181.188.172.6 port 45907 [preauth]
Sep 28 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Invalid user template from 122.54.18.220
Sep 28 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: input_userauth_request: invalid user template [preauth]
Sep 28 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Invalid user sysadmin from 185.255.91.50
Sep 28 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user template from 122.54.18.220 port 10054 ssh2
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Invalid user soma from 59.19.182.197
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: input_userauth_request: invalid user soma [preauth]
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Received disconnect from 122.54.18.220 port 10054:11: Bye Bye [preauth]
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Disconnected from 122.54.18.220 port 10054 [preauth]
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Invalid user sol from 134.122.46.149
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: input_userauth_request: invalid user sol [preauth]
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Failed password for invalid user sysadmin from 185.255.91.50 port 37108 ssh2
Sep 28 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Received disconnect from 185.255.91.50 port 37108:11: Bye Bye [preauth]
Sep 28 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Disconnected from 185.255.91.50 port 37108 [preauth]
Sep 28 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Failed password for invalid user soma from 59.19.182.197 port 56962 ssh2
Sep 28 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Received disconnect from 59.19.182.197 port 56962:11: Bye Bye [preauth]
Sep 28 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Disconnected from 59.19.182.197 port 56962 [preauth]
Sep 28 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Failed password for invalid user sol from 134.122.46.149 port 41748 ssh2
Sep 28 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Connection closed by 134.122.46.149 port 41748 [preauth]
Sep 28 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session closed for user root
Sep 28 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Failed password for root from 134.122.46.149 port 46356 ssh2
Sep 28 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Connection closed by 134.122.46.149 port 46356 [preauth]
Sep 28 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Failed password for invalid user ubuntu from 134.122.46.149 port 53114 ssh2
Sep 28 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Connection closed by 134.122.46.149 port 53114 [preauth]
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3946]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Invalid user vhpadmin from 159.223.193.42
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: input_userauth_request: invalid user vhpadmin [preauth]
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4015]: Successful su for rubyman by root
Sep 28 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4015]: + ??? root:rubyman
Sep 28 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311059 of user rubyman.
Sep 28 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4015]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311059.
Sep 28 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Invalid user shashank from 186.80.18.158
Sep 28 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: input_userauth_request: invalid user shashank [preauth]
Sep 28 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Failed password for invalid user vhpadmin from 159.223.193.42 port 51746 ssh2
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Received disconnect from 159.223.193.42 port 51746:11: Bye Bye [preauth]
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Disconnected from 159.223.193.42 port 51746 [preauth]
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Invalid user huawei from 134.122.46.149
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Failed password for invalid user shashank from 186.80.18.158 port 53324 ssh2
Sep 28 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1037]: pam_unix(cron:session): session closed for user root
Sep 28 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Received disconnect from 186.80.18.158 port 53324:11: Bye Bye [preauth]
Sep 28 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Disconnected from 186.80.18.158 port 53324 [preauth]
Sep 28 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Failed password for invalid user huawei from 134.122.46.149 port 48058 ssh2
Sep 28 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Connection closed by 134.122.46.149 port 48058 [preauth]
Sep 28 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3947]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: Invalid user erpuser from 31.57.47.194
Sep 28 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: input_userauth_request: invalid user erpuser [preauth]
Sep 28 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: Failed password for invalid user erpuser from 31.57.47.194 port 59096 ssh2
Sep 28 22:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: Received disconnect from 31.57.47.194 port 59096:11: Bye Bye [preauth]
Sep 28 22:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4233]: Disconnected from 31.57.47.194 port 59096 [preauth]
Sep 28 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for root from 134.122.46.149 port 54492 ssh2
Sep 28 22:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Connection closed by 134.122.46.149 port 54492 [preauth]
Sep 28 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Invalid user ranger from 134.122.46.149
Sep 28 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: input_userauth_request: invalid user ranger [preauth]
Sep 28 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Failed password for invalid user ranger from 134.122.46.149 port 45838 ssh2
Sep 28 22:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Connection closed by 134.122.46.149 port 45838 [preauth]
Sep 28 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Failed password for root from 185.255.91.50 port 42066 ssh2
Sep 28 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Received disconnect from 185.255.91.50 port 42066:11: Bye Bye [preauth]
Sep 28 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4307]: Disconnected from 185.255.91.50 port 42066 [preauth]
Sep 28 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session closed for user root
Sep 28 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: Invalid user sara from 122.54.18.220
Sep 28 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: input_userauth_request: invalid user sara [preauth]
Sep 28 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: Failed password for invalid user sara from 122.54.18.220 port 32912 ssh2
Sep 28 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: Received disconnect from 122.54.18.220 port 32912:11: Bye Bye [preauth]
Sep 28 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4335]: Disconnected from 122.54.18.220 port 32912 [preauth]
Sep 28 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: Invalid user dovecot from 134.122.46.149
Sep 28 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: input_userauth_request: invalid user dovecot [preauth]
Sep 28 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: Failed password for invalid user dovecot from 134.122.46.149 port 59900 ssh2
Sep 28 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4351]: Connection closed by 134.122.46.149 port 59900 [preauth]
Sep 28 22:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Failed password for root from 181.188.172.6 port 58422 ssh2
Sep 28 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Received disconnect from 181.188.172.6 port 58422:11: Bye Bye [preauth]
Sep 28 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Disconnected from 181.188.172.6 port 58422 [preauth]
Sep 28 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: Invalid user oracle from 134.122.46.149
Sep 28 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: input_userauth_request: invalid user oracle [preauth]
Sep 28 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: Failed password for invalid user oracle from 134.122.46.149 port 33486 ssh2
Sep 28 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4386]: Connection closed by 134.122.46.149 port 33486 [preauth]
Sep 28 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4415]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4413]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Invalid user xuhao from 59.19.182.197
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: input_userauth_request: invalid user xuhao [preauth]
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: Successful su for rubyman by root
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: + ??? root:rubyman
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311061 of user rubyman.
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311061.
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Invalid user solr from 134.122.46.149
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: input_userauth_request: invalid user solr [preauth]
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Failed password for invalid user xuhao from 59.19.182.197 port 53600 ssh2
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Invalid user admin from 139.19.117.131
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Received disconnect from 59.19.182.197 port 53600:11: Bye Bye [preauth]
Sep 28 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Disconnected from 59.19.182.197 port 53600 [preauth]
Sep 28 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1533]: pam_unix(cron:session): session closed for user root
Sep 28 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Failed password for invalid user solr from 134.122.46.149 port 43878 ssh2
Sep 28 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Connection closed by 134.122.46.149 port 43878 [preauth]
Sep 28 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Invalid user ubuntu from 186.80.18.158
Sep 28 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4414]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Failed password for invalid user ubuntu from 186.80.18.158 port 46162 ssh2
Sep 28 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Received disconnect from 186.80.18.158 port 46162:11: Bye Bye [preauth]
Sep 28 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Disconnected from 186.80.18.158 port 46162 [preauth]
Sep 28 22:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Connection closed by 139.19.117.131 port 59580 [preauth]
Sep 28 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Invalid user uftp from 134.122.46.149
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: input_userauth_request: invalid user uftp [preauth]
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Invalid user guest from 93.152.230.176
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: input_userauth_request: invalid user guest [preauth]
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Failed password for invalid user uftp from 134.122.46.149 port 36072 ssh2
Sep 28 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Connection closed by 134.122.46.149 port 36072 [preauth]
Sep 28 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Failed password for invalid user guest from 93.152.230.176 port 1852 ssh2
Sep 28 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Received disconnect from 93.152.230.176 port 1852:11: Client disconnecting normally [preauth]
Sep 28 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Disconnected from 93.152.230.176 port 1852 [preauth]
Sep 28 22:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Invalid user admin from 80.94.95.112
Sep 28 22:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for invalid user admin from 80.94.95.112 port 44140 ssh2
Sep 28 22:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for invalid user admin from 80.94.95.112 port 44140 ssh2
Sep 28 22:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4764]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4764]: input_userauth_request: invalid user www-data [preauth]
Sep 28 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 22:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for invalid user admin from 80.94.95.112 port 44140 ssh2
Sep 28 22:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for invalid user admin from 80.94.95.112 port 44140 ssh2
Sep 28 22:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4764]: Failed password for invalid user www-data from 134.122.46.149 port 48498 ssh2
Sep 28 22:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4764]: Connection closed by 134.122.46.149 port 48498 [preauth]
Sep 28 22:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for invalid user admin from 80.94.95.112 port 44140 ssh2
Sep 28 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Received disconnect from 80.94.95.112 port 44140:11: Bye [preauth]
Sep 28 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Disconnected from 80.94.95.112 port 44140 [preauth]
Sep 28 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 28 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 22:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3499]: pam_unix(cron:session): session closed for user root
Sep 28 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Failed password for root from 185.255.91.50 port 34828 ssh2
Sep 28 22:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Received disconnect from 185.255.91.50 port 34828:11: Bye Bye [preauth]
Sep 28 22:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Disconnected from 185.255.91.50 port 34828 [preauth]
Sep 28 22:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: Failed password for root from 134.122.46.149 port 60516 ssh2
Sep 28 22:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: Connection closed by 134.122.46.149 port 60516 [preauth]
Sep 28 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: Invalid user dasusr1 from 159.223.193.42
Sep 28 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: input_userauth_request: invalid user dasusr1 [preauth]
Sep 28 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: Failed password for invalid user dasusr1 from 159.223.193.42 port 48290 ssh2
Sep 28 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: Received disconnect from 159.223.193.42 port 48290:11: Bye Bye [preauth]
Sep 28 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4816]: Disconnected from 159.223.193.42 port 48290 [preauth]
Sep 28 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Invalid user pedrito from 122.54.18.220
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: input_userauth_request: invalid user pedrito [preauth]
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: Invalid user samba from 134.122.46.149
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: input_userauth_request: invalid user samba [preauth]
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Failed password for invalid user pedrito from 122.54.18.220 port 29580 ssh2
Sep 28 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Received disconnect from 122.54.18.220 port 29580:11: Bye Bye [preauth]
Sep 28 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Disconnected from 122.54.18.220 port 29580 [preauth]
Sep 28 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: Failed password for invalid user samba from 134.122.46.149 port 47680 ssh2
Sep 28 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4849]: Connection closed by 134.122.46.149 port 47680 [preauth]
Sep 28 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Invalid user samba from 134.122.46.149
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: input_userauth_request: invalid user samba [preauth]
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4881]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4878]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4879]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4880]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4881]: pam_unix(cron:session): session closed for user root
Sep 28 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4950]: Successful su for rubyman by root
Sep 28 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4950]: + ??? root:rubyman
Sep 28 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311065 of user rubyman.
Sep 28 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4950]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311065.
Sep 28 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Failed password for invalid user samba from 134.122.46.149 port 41240 ssh2
Sep 28 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Connection closed by 134.122.46.149 port 41240 [preauth]
Sep 28 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4878]: pam_unix(cron:session): session closed for user root
Sep 28 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session closed for user root
Sep 28 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: Invalid user debian from 181.188.172.6
Sep 28 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: input_userauth_request: invalid user debian [preauth]
Sep 28 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4877]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: Failed password for invalid user debian from 181.188.172.6 port 42703 ssh2
Sep 28 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: Received disconnect from 181.188.172.6 port 42703:11: Bye Bye [preauth]
Sep 28 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5163]: Disconnected from 181.188.172.6 port 42703 [preauth]
Sep 28 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Failed password for invalid user ubuntu from 134.122.46.149 port 60356 ssh2
Sep 28 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5203]: Connection closed by 134.122.46.149 port 60356 [preauth]
Sep 28 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Failed password for root from 31.57.47.194 port 60322 ssh2
Sep 28 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Received disconnect from 31.57.47.194 port 60322:11: Bye Bye [preauth]
Sep 28 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Disconnected from 31.57.47.194 port 60322 [preauth]
Sep 28 22:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Failed password for root from 186.80.18.158 port 35132 ssh2
Sep 28 22:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Received disconnect from 186.80.18.158 port 35132:11: Bye Bye [preauth]
Sep 28 22:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Disconnected from 186.80.18.158 port 35132 [preauth]
Sep 28 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: Invalid user ftpuser from 134.122.46.149
Sep 28 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: Failed password for invalid user ftpuser from 134.122.46.149 port 53498 ssh2
Sep 28 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5250]: Connection closed by 134.122.46.149 port 53498 [preauth]
Sep 28 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3949]: pam_unix(cron:session): session closed for user root
Sep 28 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Invalid user sonar from 134.122.46.149
Sep 28 22:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: input_userauth_request: invalid user sonar [preauth]
Sep 28 22:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Failed password for root from 59.19.182.197 port 50242 ssh2
Sep 28 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Received disconnect from 59.19.182.197 port 50242:11: Bye Bye [preauth]
Sep 28 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Disconnected from 59.19.182.197 port 50242 [preauth]
Sep 28 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Failed password for invalid user sonar from 134.122.46.149 port 33922 ssh2
Sep 28 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Connection closed by 134.122.46.149 port 33922 [preauth]
Sep 28 22:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Invalid user raul from 185.255.91.50
Sep 28 22:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: input_userauth_request: invalid user raul [preauth]
Sep 28 22:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Invalid user huawei from 134.122.46.149
Sep 28 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Failed password for invalid user raul from 185.255.91.50 port 35864 ssh2
Sep 28 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Received disconnect from 185.255.91.50 port 35864:11: Bye Bye [preauth]
Sep 28 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5436]: Disconnected from 185.255.91.50 port 35864 [preauth]
Sep 28 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Failed password for invalid user huawei from 134.122.46.149 port 54516 ssh2
Sep 28 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5438]: Connection closed by 134.122.46.149 port 54516 [preauth]
Sep 28 22:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Invalid user ftpuser from 134.122.46.149
Sep 28 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Failed password for invalid user ftpuser from 134.122.46.149 port 44046 ssh2
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5464]: Connection closed by 134.122.46.149 port 44046 [preauth]
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5472]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5468]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: Successful su for rubyman by root
Sep 28 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: + ??? root:rubyman
Sep 28 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311072 of user rubyman.
Sep 28 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311072.
Sep 28 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session closed for user root
Sep 28 22:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5469]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Invalid user sol from 134.122.46.149
Sep 28 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: input_userauth_request: invalid user sol [preauth]
Sep 28 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Failed password for invalid user sol from 134.122.46.149 port 43894 ssh2
Sep 28 22:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Connection closed by 134.122.46.149 port 43894 [preauth]
Sep 28 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Invalid user demo from 134.122.46.149
Sep 28 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: input_userauth_request: invalid user demo [preauth]
Sep 28 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Failed password for invalid user demo from 134.122.46.149 port 52858 ssh2
Sep 28 22:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Connection closed by 134.122.46.149 port 52858 [preauth]
Sep 28 22:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Failed password for root from 186.80.18.158 port 32950 ssh2
Sep 28 22:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Received disconnect from 186.80.18.158 port 32950:11: Bye Bye [preauth]
Sep 28 22:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Disconnected from 186.80.18.158 port 32950 [preauth]
Sep 28 22:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6  user=root
Sep 28 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4416]: pam_unix(cron:session): session closed for user root
Sep 28 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: Invalid user mongodb from 134.122.46.149
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Failed password for root from 181.188.172.6 port 55223 ssh2
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Received disconnect from 181.188.172.6 port 55223:11: Bye Bye [preauth]
Sep 28 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Disconnected from 181.188.172.6 port 55223 [preauth]
Sep 28 22:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: Failed password for invalid user mongodb from 134.122.46.149 port 32822 ssh2
Sep 28 22:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5858]: Connection closed by 134.122.46.149 port 32822 [preauth]
Sep 28 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Invalid user wordpress from 134.122.46.149
Sep 28 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Failed password for invalid user wordpress from 134.122.46.149 port 38438 ssh2
Sep 28 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Connection closed by 134.122.46.149 port 38438 [preauth]
Sep 28 22:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Invalid user noroot from 185.255.91.50
Sep 28 22:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: input_userauth_request: invalid user noroot [preauth]
Sep 28 22:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Invalid user ds from 134.122.46.149
Sep 28 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: input_userauth_request: invalid user ds [preauth]
Sep 28 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for invalid user noroot from 185.255.91.50 port 39324 ssh2
Sep 28 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Received disconnect from 185.255.91.50 port 39324:11: Bye Bye [preauth]
Sep 28 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Disconnected from 185.255.91.50 port 39324 [preauth]
Sep 28 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Failed password for invalid user ds from 134.122.46.149 port 48030 ssh2
Sep 28 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Connection closed by 134.122.46.149 port 48030 [preauth]
Sep 28 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6007]: Successful su for rubyman by root
Sep 28 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6007]: + ??? root:rubyman
Sep 28 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311077 of user rubyman.
Sep 28 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6007]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311077.
Sep 28 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session closed for user root
Sep 28 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5943]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Invalid user solana from 134.122.46.149
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: input_userauth_request: invalid user solana [preauth]
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Failed password for root from 31.57.47.194 port 41892 ssh2
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Received disconnect from 31.57.47.194 port 41892:11: Bye Bye [preauth]
Sep 28 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Disconnected from 31.57.47.194 port 41892 [preauth]
Sep 28 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Invalid user spider from 59.19.182.197
Sep 28 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: input_userauth_request: invalid user spider [preauth]
Sep 28 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Failed password for invalid user solana from 134.122.46.149 port 38668 ssh2
Sep 28 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Connection closed by 134.122.46.149 port 38668 [preauth]
Sep 28 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user spider from 59.19.182.197 port 46878 ssh2
Sep 28 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Received disconnect from 59.19.182.197 port 46878:11: Bye Bye [preauth]
Sep 28 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Disconnected from 59.19.182.197 port 46878 [preauth]
Sep 28 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Invalid user nurupo from 134.122.46.149
Sep 28 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: input_userauth_request: invalid user nurupo [preauth]
Sep 28 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Failed password for invalid user nurupo from 134.122.46.149 port 48444 ssh2
Sep 28 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Connection closed by 134.122.46.149 port 48444 [preauth]
Sep 28 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Invalid user hadoop from 134.122.46.149
Sep 28 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Invalid user kit from 186.80.18.158
Sep 28 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: input_userauth_request: invalid user kit [preauth]
Sep 28 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for invalid user hadoop from 134.122.46.149 port 60588 ssh2
Sep 28 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Connection closed by 134.122.46.149 port 60588 [preauth]
Sep 28 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4880]: pam_unix(cron:session): session closed for user root
Sep 28 22:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Failed password for invalid user kit from 186.80.18.158 port 34744 ssh2
Sep 28 22:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Received disconnect from 186.80.18.158 port 34744:11: Bye Bye [preauth]
Sep 28 22:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Disconnected from 186.80.18.158 port 34744 [preauth]
Sep 28 22:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Invalid user oracle from 134.122.46.149
Sep 28 22:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: input_userauth_request: invalid user oracle [preauth]
Sep 28 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for invalid user oracle from 134.122.46.149 port 58056 ssh2
Sep 28 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Connection closed by 134.122.46.149 port 58056 [preauth]
Sep 28 22:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: Invalid user ericadmin from 190.103.202.7
Sep 28 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: input_userauth_request: invalid user ericadmin [preauth]
Sep 28 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: Failed password for invalid user ericadmin from 190.103.202.7 port 47938 ssh2
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6365]: Connection closed by 190.103.202.7 port 47938 [preauth]
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Invalid user nurupo from 134.122.46.149
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: input_userauth_request: invalid user nurupo [preauth]
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab1@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Failed password for invalid user nurupo from 134.122.46.149 port 57378 ssh2
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Connection closed by 134.122.46.149 port 57378 [preauth]
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Invalid user xxt from 181.188.172.6
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: input_userauth_request: invalid user xxt [preauth]
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Failed password for invalid user xxt from 181.188.172.6 port 39515 ssh2
Sep 28 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Received disconnect from 181.188.172.6 port 39515:11: Bye Bye [preauth]
Sep 28 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Disconnected from 181.188.172.6 port 39515 [preauth]
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab1 rhost=::ffff:45.142.193.185
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: Successful su for rubyman by root
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: + ??? root:rubyman
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311079 of user rubyman.
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311079.
Sep 28 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Invalid user pm from 185.255.91.50
Sep 28 22:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: input_userauth_request: invalid user pm [preauth]
Sep 28 22:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Failed password for invalid user pm from 185.255.91.50 port 51922 ssh2
Sep 28 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Received disconnect from 185.255.91.50 port 51922:11: Bye Bye [preauth]
Sep 28 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Disconnected from 185.255.91.50 port 51922 [preauth]
Sep 28 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session closed for user root
Sep 28 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: User ftp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: input_userauth_request: invalid user ftp [preauth]
Sep 28 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=ftp
Sep 28 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Failed password for invalid user ftp from 134.122.46.149 port 44950 ssh2
Sep 28 22:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Connection closed by 134.122.46.149 port 44950 [preauth]
Sep 28 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: User uucp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: input_userauth_request: invalid user uucp [preauth]
Sep 28 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=uucp
Sep 28 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for invalid user uucp from 134.122.46.149 port 52734 ssh2
Sep 28 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Connection closed by 134.122.46.149 port 52734 [preauth]
Sep 28 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Invalid user admin from 134.122.46.149
Sep 28 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Failed password for invalid user admin from 134.122.46.149 port 45806 ssh2
Sep 28 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Connection closed by 134.122.46.149 port 45806 [preauth]
Sep 28 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5472]: pam_unix(cron:session): session closed for user root
Sep 28 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Invalid user basic from 186.80.18.158
Sep 28 22:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: input_userauth_request: invalid user basic [preauth]
Sep 28 22:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Failed password for invalid user basic from 186.80.18.158 port 40076 ssh2
Sep 28 22:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Received disconnect from 186.80.18.158 port 40076:11: Bye Bye [preauth]
Sep 28 22:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Disconnected from 186.80.18.158 port 40076 [preauth]
Sep 28 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Invalid user admin from 59.19.182.197
Sep 28 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Invalid user openvpn from 134.122.46.149
Sep 28 22:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 22:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Failed password for invalid user admin from 59.19.182.197 port 43514 ssh2
Sep 28 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Received disconnect from 59.19.182.197 port 43514:11: Bye Bye [preauth]
Sep 28 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6906]: Disconnected from 59.19.182.197 port 43514 [preauth]
Sep 28 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Failed password for invalid user openvpn from 134.122.46.149 port 42212 ssh2
Sep 28 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6908]: Connection closed by 134.122.46.149 port 42212 [preauth]
Sep 28 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Invalid user user1 from 134.122.46.149
Sep 28 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: input_userauth_request: invalid user user1 [preauth]
Sep 28 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Failed password for invalid user user1 from 134.122.46.149 port 38350 ssh2
Sep 28 22:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Connection closed by 134.122.46.149 port 38350 [preauth]
Sep 28 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6965]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6963]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7032]: Successful su for rubyman by root
Sep 28 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7032]: + ??? root:rubyman
Sep 28 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311085 of user rubyman.
Sep 28 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7032]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311085.
Sep 28 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3948]: pam_unix(cron:session): session closed for user root
Sep 28 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Invalid user fil from 134.122.46.149
Sep 28 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: input_userauth_request: invalid user fil [preauth]
Sep 28 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Invalid user moodle from 185.255.91.50
Sep 28 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: input_userauth_request: invalid user moodle [preauth]
Sep 28 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Failed password for invalid user fil from 134.122.46.149 port 44760 ssh2
Sep 28 22:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Connection closed by 134.122.46.149 port 44760 [preauth]
Sep 28 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6964]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for invalid user moodle from 185.255.91.50 port 60830 ssh2
Sep 28 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Received disconnect from 185.255.91.50 port 60830:11: Bye Bye [preauth]
Sep 28 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Disconnected from 185.255.91.50 port 60830 [preauth]
Sep 28 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Invalid user postgres from 31.57.47.194
Sep 28 22:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: input_userauth_request: invalid user postgres [preauth]
Sep 28 22:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Failed password for invalid user postgres from 31.57.47.194 port 35408 ssh2
Sep 28 22:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Received disconnect from 31.57.47.194 port 35408:11: Bye Bye [preauth]
Sep 28 22:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Disconnected from 31.57.47.194 port 35408 [preauth]
Sep 28 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Invalid user samba from 134.122.46.149
Sep 28 22:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: input_userauth_request: invalid user samba [preauth]
Sep 28 22:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Failed password for invalid user samba from 134.122.46.149 port 55132 ssh2
Sep 28 22:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Connection closed by 134.122.46.149 port 55132 [preauth]
Sep 28 22:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Invalid user esuser from 181.188.172.6
Sep 28 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: input_userauth_request: invalid user esuser [preauth]
Sep 28 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Failed password for invalid user esuser from 181.188.172.6 port 52031 ssh2
Sep 28 22:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Received disconnect from 181.188.172.6 port 52031:11: Bye Bye [preauth]
Sep 28 22:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Disconnected from 181.188.172.6 port 52031 [preauth]
Sep 28 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Invalid user nvidia from 134.122.46.149
Sep 28 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user nvidia from 134.122.46.149 port 35266 ssh2
Sep 28 22:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Connection closed by 134.122.46.149 port 35266 [preauth]
Sep 28 22:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session closed for user root
Sep 28 22:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Invalid user jack from 134.122.46.149
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: input_userauth_request: invalid user jack [preauth]
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Invalid user shashank from 159.223.193.42
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: input_userauth_request: invalid user shashank [preauth]
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: Invalid user vhpadmin from 186.80.18.158
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: input_userauth_request: invalid user vhpadmin [preauth]
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for invalid user jack from 134.122.46.149 port 34190 ssh2
Sep 28 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Connection closed by 134.122.46.149 port 34190 [preauth]
Sep 28 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Failed password for invalid user shashank from 159.223.193.42 port 49776 ssh2
Sep 28 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Received disconnect from 159.223.193.42 port 49776:11: Bye Bye [preauth]
Sep 28 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Disconnected from 159.223.193.42 port 49776 [preauth]
Sep 28 22:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: Failed password for invalid user vhpadmin from 186.80.18.158 port 44924 ssh2
Sep 28 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: Received disconnect from 186.80.18.158 port 44924:11: Bye Bye [preauth]
Sep 28 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7463]: Disconnected from 186.80.18.158 port 44924 [preauth]
Sep 28 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: Invalid user rsync from 134.122.46.149
Sep 28 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: input_userauth_request: invalid user rsync [preauth]
Sep 28 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: Failed password for invalid user rsync from 134.122.46.149 port 56474 ssh2
Sep 28 22:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: Connection closed by 134.122.46.149 port 56474 [preauth]
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7525]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7525]: pam_unix(cron:session): session closed for user root
Sep 28 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7519]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7596]: Successful su for rubyman by root
Sep 28 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7596]: + ??? root:rubyman
Sep 28 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311090 of user rubyman.
Sep 28 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7596]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311090.
Sep 28 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: Invalid user app from 134.122.46.149
Sep 28 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: input_userauth_request: invalid user app [preauth]
Sep 28 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7521]: pam_unix(cron:session): session closed for user root
Sep 28 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4415]: pam_unix(cron:session): session closed for user root
Sep 28 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: Failed password for invalid user app from 134.122.46.149 port 39592 ssh2
Sep 28 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: Connection closed by 134.122.46.149 port 39592 [preauth]
Sep 28 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7520]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Failed password for root from 185.255.91.50 port 38498 ssh2
Sep 28 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Received disconnect from 185.255.91.50 port 38498:11: Bye Bye [preauth]
Sep 28 22:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Disconnected from 185.255.91.50 port 38498 [preauth]
Sep 28 22:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7858]: Failed password for root from 59.19.182.197 port 40154 ssh2
Sep 28 22:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7858]: Received disconnect from 59.19.182.197 port 40154:11: Bye Bye [preauth]
Sep 28 22:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7858]: Disconnected from 59.19.182.197 port 40154 [preauth]
Sep 28 22:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Failed password for root from 134.122.46.149 port 54920 ssh2
Sep 28 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Connection closed by 134.122.46.149 port 54920 [preauth]
Sep 28 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: Invalid user ark from 134.122.46.149
Sep 28 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: input_userauth_request: invalid user ark [preauth]
Sep 28 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: Failed password for invalid user ark from 134.122.46.149 port 37368 ssh2
Sep 28 22:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7928]: Connection closed by 134.122.46.149 port 37368 [preauth]
Sep 28 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user root
Sep 28 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Invalid user caddy from 134.122.46.149
Sep 28 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: input_userauth_request: invalid user caddy [preauth]
Sep 28 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Failed password for invalid user caddy from 134.122.46.149 port 57190 ssh2
Sep 28 22:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Connection closed by 134.122.46.149 port 57190 [preauth]
Sep 28 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: Invalid user test from 181.188.172.6
Sep 28 22:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: input_userauth_request: invalid user test [preauth]
Sep 28 22:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.172.6
Sep 28 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: Invalid user dasusr1 from 186.80.18.158
Sep 28 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: input_userauth_request: invalid user dasusr1 [preauth]
Sep 28 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: Failed password for invalid user test from 181.188.172.6 port 36317 ssh2
Sep 28 22:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: Received disconnect from 181.188.172.6 port 36317:11: Bye Bye [preauth]
Sep 28 22:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7977]: Disconnected from 181.188.172.6 port 36317 [preauth]
Sep 28 22:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: Failed password for invalid user dasusr1 from 186.80.18.158 port 51458 ssh2
Sep 28 22:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: Received disconnect from 186.80.18.158 port 51458:11: Bye Bye [preauth]
Sep 28 22:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7979]: Disconnected from 186.80.18.158 port 51458 [preauth]
Sep 28 22:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Invalid user gmod from 134.122.46.149
Sep 28 22:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: input_userauth_request: invalid user gmod [preauth]
Sep 28 22:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Failed password for invalid user gmod from 134.122.46.149 port 60888 ssh2
Sep 28 22:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8028]: Connection closed by 134.122.46.149 port 60888 [preauth]
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Invalid user es from 134.122.46.149
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: input_userauth_request: invalid user es [preauth]
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: Successful su for rubyman by root
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: + ??? root:rubyman
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311095 of user rubyman.
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8152]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311095.
Sep 28 22:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for invalid user es from 134.122.46.149 port 39676 ssh2
Sep 28 22:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 134.122.46.149 port 39676 [preauth]
Sep 28 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4879]: pam_unix(cron:session): session closed for user root
Sep 28 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Invalid user orange from 31.57.47.194
Sep 28 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: input_userauth_request: invalid user orange [preauth]
Sep 28 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Failed password for invalid user orange from 31.57.47.194 port 39680 ssh2
Sep 28 22:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Received disconnect from 31.57.47.194 port 39680:11: Bye Bye [preauth]
Sep 28 22:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Disconnected from 31.57.47.194 port 39680 [preauth]
Sep 28 22:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Invalid user bbx from 185.255.91.50
Sep 28 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: input_userauth_request: invalid user bbx [preauth]
Sep 28 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for root from 134.122.46.149 port 37718 ssh2
Sep 28 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 134.122.46.149 port 37718 [preauth]
Sep 28 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Failed password for invalid user bbx from 185.255.91.50 port 35538 ssh2
Sep 28 22:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Received disconnect from 185.255.91.50 port 35538:11: Bye Bye [preauth]
Sep 28 22:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Disconnected from 185.255.91.50 port 35538 [preauth]
Sep 28 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8423]: Failed password for root from 134.122.46.149 port 46328 ssh2
Sep 28 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8423]: Connection closed by 134.122.46.149 port 46328 [preauth]
Sep 28 22:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6967]: pam_unix(cron:session): session closed for user root
Sep 28 22:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: Failed password for root from 134.122.46.149 port 56090 ssh2
Sep 28 22:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: Connection closed by 134.122.46.149 port 56090 [preauth]
Sep 28 22:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Invalid user shashank from 59.19.182.197
Sep 28 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: input_userauth_request: invalid user shashank [preauth]
Sep 28 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Failed password for invalid user shashank from 59.19.182.197 port 36794 ssh2
Sep 28 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Received disconnect from 59.19.182.197 port 36794:11: Bye Bye [preauth]
Sep 28 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Disconnected from 59.19.182.197 port 36794 [preauth]
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Invalid user dst from 134.122.46.149
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: input_userauth_request: invalid user dst [preauth]
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Failed password for root from 186.80.18.158 port 33616 ssh2
Sep 28 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Received disconnect from 186.80.18.158 port 33616:11: Bye Bye [preauth]
Sep 28 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Disconnected from 186.80.18.158 port 33616 [preauth]
Sep 28 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Failed password for invalid user dst from 134.122.46.149 port 55412 ssh2
Sep 28 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Connection closed by 134.122.46.149 port 55412 [preauth]
Sep 28 22:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Invalid user esuser from 134.122.46.149
Sep 28 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: input_userauth_request: invalid user esuser [preauth]
Sep 28 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Failed password for invalid user esuser from 134.122.46.149 port 48934 ssh2
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Connection closed by 134.122.46.149 port 48934 [preauth]
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: Successful su for rubyman by root
Sep 28 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: + ??? root:rubyman
Sep 28 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311098 of user rubyman.
Sep 28 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311098.
Sep 28 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5470]: pam_unix(cron:session): session closed for user root
Sep 28 22:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Invalid user huawei from 134.122.46.149
Sep 28 22:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Failed password for invalid user huawei from 134.122.46.149 port 44210 ssh2
Sep 28 22:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Connection closed by 134.122.46.149 port 44210 [preauth]
Sep 28 22:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Failed password for root from 185.255.91.50 port 55434 ssh2
Sep 28 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Received disconnect from 185.255.91.50 port 55434:11: Bye Bye [preauth]
Sep 28 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Disconnected from 185.255.91.50 port 55434 [preauth]
Sep 28 22:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: Failed password for root from 134.122.46.149 port 36808 ssh2
Sep 28 22:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9001]: Connection closed by 134.122.46.149 port 36808 [preauth]
Sep 28 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Invalid user gerbera from 134.122.46.149
Sep 28 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: input_userauth_request: invalid user gerbera [preauth]
Sep 28 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7524]: pam_unix(cron:session): session closed for user root
Sep 28 22:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Failed password for invalid user gerbera from 134.122.46.149 port 51456 ssh2
Sep 28 22:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Connection closed by 134.122.46.149 port 51456 [preauth]
Sep 28 22:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Invalid user phpmyadmin from 134.122.46.149
Sep 28 22:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: input_userauth_request: invalid user phpmyadmin [preauth]
Sep 28 22:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Failed password for invalid user phpmyadmin from 134.122.46.149 port 55952 ssh2
Sep 28 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Connection closed by 134.122.46.149 port 55952 [preauth]
Sep 28 22:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158  user=root
Sep 28 22:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: Failed password for root from 186.80.18.158 port 41278 ssh2
Sep 28 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: Received disconnect from 186.80.18.158 port 41278:11: Bye Bye [preauth]
Sep 28 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9114]: Disconnected from 186.80.18.158 port 41278 [preauth]
Sep 28 22:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Failed password for root from 134.122.46.149 port 55508 ssh2
Sep 28 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9116]: Connection closed by 134.122.46.149 port 55508 [preauth]
Sep 28 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9128]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9297]: Successful su for rubyman by root
Sep 28 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9297]: + ??? root:rubyman
Sep 28 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311103 of user rubyman.
Sep 28 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9297]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311103.
Sep 28 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session closed for user root
Sep 28 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Failed password for root from 31.57.47.194 port 53632 ssh2
Sep 28 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Received disconnect from 31.57.47.194 port 53632:11: Bye Bye [preauth]
Sep 28 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Disconnected from 31.57.47.194 port 53632 [preauth]
Sep 28 22:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 22:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab15@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 28 22:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Failed password for root from 134.122.46.149 port 35192 ssh2
Sep 28 22:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Connection closed by 134.122.46.149 port 35192 [preauth]
Sep 28 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab15 rhost=::ffff:45.142.193.185
Sep 28 22:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Invalid user mtvps1 from 59.19.182.197
Sep 28 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: input_userauth_request: invalid user mtvps1 [preauth]
Sep 28 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Invalid user kubernetes from 134.122.46.149
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: input_userauth_request: invalid user kubernetes [preauth]
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Failed password for invalid user mtvps1 from 59.19.182.197 port 33438 ssh2
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Received disconnect from 59.19.182.197 port 33438:11: Bye Bye [preauth]
Sep 28 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9563]: Disconnected from 59.19.182.197 port 33438 [preauth]
Sep 28 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Failed password for invalid user kubernetes from 134.122.46.149 port 56892 ssh2
Sep 28 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Connection closed by 134.122.46.149 port 56892 [preauth]
Sep 28 22:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Sep 28 22:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Failed password for root from 185.255.91.50 port 58578 ssh2
Sep 28 22:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Received disconnect from 185.255.91.50 port 58578:11: Bye Bye [preauth]
Sep 28 22:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Disconnected from 185.255.91.50 port 58578 [preauth]
Sep 28 22:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Invalid user steam from 134.122.46.149
Sep 28 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: input_userauth_request: invalid user steam [preauth]
Sep 28 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session closed for user root
Sep 28 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: Invalid user pippo from 164.68.105.9
Sep 28 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: input_userauth_request: invalid user pippo [preauth]
Sep 28 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Failed password for invalid user steam from 134.122.46.149 port 36178 ssh2
Sep 28 22:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Connection closed by 134.122.46.149 port 36178 [preauth]
Sep 28 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: Failed password for invalid user pippo from 164.68.105.9 port 37890 ssh2
Sep 28 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9638]: Connection closed by 164.68.105.9 port 37890 [preauth]
Sep 28 22:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Invalid user huawei from 134.122.46.149
Sep 28 22:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Failed password for invalid user huawei from 134.122.46.149 port 45264 ssh2
Sep 28 22:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Connection closed by 134.122.46.149 port 45264 [preauth]
Sep 28 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Invalid user test from 186.80.18.158
Sep 28 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: input_userauth_request: invalid user test [preauth]
Sep 28 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.80.18.158
Sep 28 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: Failed password for root from 134.122.46.149 port 32962 ssh2
Sep 28 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9810]: Connection closed by 134.122.46.149 port 32962 [preauth]
Sep 28 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user test from 186.80.18.158 port 37690 ssh2
Sep 28 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Received disconnect from 186.80.18.158 port 37690:11: Bye Bye [preauth]
Sep 28 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Disconnected from 186.80.18.158 port 37690 [preauth]
Sep 28 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: Successful su for rubyman by root
Sep 28 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: + ??? root:rubyman
Sep 28 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311105 of user rubyman.
Sep 28 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311105.
Sep 28 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6407]: pam_unix(cron:session): session closed for user root
Sep 28 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Invalid user redis from 134.122.46.149
Sep 28 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Failed password for invalid user redis from 134.122.46.149 port 39538 ssh2
Sep 28 22:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Connection closed by 134.122.46.149 port 39538 [preauth]
Sep 28 22:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Invalid user phpmyadmin from 134.122.46.149
Sep 28 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: input_userauth_request: invalid user phpmyadmin [preauth]
Sep 28 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user phpmyadmin from 134.122.46.149 port 32982 ssh2
Sep 28 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Connection closed by 134.122.46.149 port 32982 [preauth]
Sep 28 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Invalid user dan from 185.255.91.50
Sep 28 22:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: input_userauth_request: invalid user dan [preauth]
Sep 28 22:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: Invalid user oracle from 134.122.46.149
Sep 28 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: input_userauth_request: invalid user oracle [preauth]
Sep 28 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Failed password for invalid user dan from 185.255.91.50 port 53682 ssh2
Sep 28 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Received disconnect from 185.255.91.50 port 53682:11: Bye Bye [preauth]
Sep 28 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Disconnected from 185.255.91.50 port 53682 [preauth]
Sep 28 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: Failed password for invalid user oracle from 134.122.46.149 port 49816 ssh2
Sep 28 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10197]: Connection closed by 134.122.46.149 port 49816 [preauth]
Sep 28 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user root
Sep 28 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: Invalid user redis from 134.122.46.149
Sep 28 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: input_userauth_request: invalid user redis [preauth]
Sep 28 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: Failed password for invalid user redis from 134.122.46.149 port 52990 ssh2
Sep 28 22:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: Connection closed by 134.122.46.149 port 52990 [preauth]
Sep 28 22:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Invalid user xiaoming from 59.19.182.197
Sep 28 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: input_userauth_request: invalid user xiaoming [preauth]
Sep 28 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Failed password for invalid user xiaoming from 59.19.182.197 port 58314 ssh2
Sep 28 22:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Received disconnect from 59.19.182.197 port 58314:11: Bye Bye [preauth]
Sep 28 22:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Disconnected from 59.19.182.197 port 58314 [preauth]
Sep 28 22:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: Invalid user azureuser from 134.122.46.149
Sep 28 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: input_userauth_request: invalid user azureuser [preauth]
Sep 28 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Invalid user master from 31.57.47.194
Sep 28 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: input_userauth_request: invalid user master [preauth]
Sep 28 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: Failed password for invalid user azureuser from 134.122.46.149 port 37828 ssh2
Sep 28 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: Connection closed by 134.122.46.149 port 37828 [preauth]
Sep 28 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Failed password for invalid user master from 31.57.47.194 port 51868 ssh2
Sep 28 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Received disconnect from 31.57.47.194 port 51868:11: Bye Bye [preauth]
Sep 28 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Disconnected from 31.57.47.194 port 51868 [preauth]
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10312]: pam_unix(cron:session): session closed for user root
Sep 28 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10304]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10390]: Successful su for rubyman by root
Sep 28 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10390]: + ??? root:rubyman
Sep 28 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311111 of user rubyman.
Sep 28 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10390]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311111.
Sep 28 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session closed for user root
Sep 28 22:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6965]: pam_unix(cron:session): session closed for user root
Sep 28 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Failed password for root from 134.122.46.149 port 54632 ssh2
Sep 28 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Connection closed by 134.122.46.149 port 54632 [preauth]
Sep 28 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Invalid user admin from 134.122.46.149
Sep 28 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: input_userauth_request: invalid user admin [preauth]
Sep 28 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Failed password for invalid user admin from 134.122.46.149 port 42228 ssh2
Sep 28 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Connection closed by 134.122.46.149 port 42228 [preauth]
Sep 28 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Invalid user wordpress from 134.122.46.149
Sep 28 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Failed password for invalid user wordpress from 134.122.46.149 port 59884 ssh2
Sep 28 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Connection closed by 134.122.46.149 port 59884 [preauth]
Sep 28 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Invalid user host from 185.255.91.50
Sep 28 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: input_userauth_request: invalid user host [preauth]
Sep 28 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Sep 28 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9132]: pam_unix(cron:session): session closed for user root
Sep 28 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Failed password for invalid user host from 185.255.91.50 port 42462 ssh2
Sep 28 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Received disconnect from 185.255.91.50 port 42462:11: Bye Bye [preauth]
Sep 28 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Disconnected from 185.255.91.50 port 42462 [preauth]
Sep 28 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: Invalid user testuser from 134.122.46.149
Sep 28 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: input_userauth_request: invalid user testuser [preauth]
Sep 28 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: Failed password for invalid user testuser from 134.122.46.149 port 33020 ssh2
Sep 28 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10748]: Connection closed by 134.122.46.149 port 33020 [preauth]
Sep 28 22:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: Invalid user huawei from 134.122.46.149
Sep 28 22:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: input_userauth_request: invalid user huawei [preauth]
Sep 28 22:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: Failed password for invalid user huawei from 134.122.46.149 port 39790 ssh2
Sep 28 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10781]: Connection closed by 134.122.46.149 port 39790 [preauth]
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10877]: Successful su for rubyman by root
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10877]: + ??? root:rubyman
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311115 of user rubyman.
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10877]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311115.
Sep 28 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Invalid user sysadmin from 134.122.46.149
Sep 28 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: input_userauth_request: invalid user sysadmin [preauth]
Sep 28 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7523]: pam_unix(cron:session): session closed for user root
Sep 28 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Failed password for invalid user sysadmin from 134.122.46.149 port 49320 ssh2
Sep 28 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Connection closed by 134.122.46.149 port 49320 [preauth]
Sep 28 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Invalid user ubuntu from 134.122.46.149
Sep 28 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Failed password for invalid user ubuntu from 134.122.46.149 port 37600 ssh2
Sep 28 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11109]: Connection closed by 134.122.46.149 port 37600 [preauth]
Sep 28 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Invalid user xiaoming from 159.223.193.42
Sep 28 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: input_userauth_request: invalid user xiaoming [preauth]
Sep 28 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Failed password for invalid user xiaoming from 159.223.193.42 port 56180 ssh2
Sep 28 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Received disconnect from 159.223.193.42 port 56180:11: Bye Bye [preauth]
Sep 28 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Disconnected from 159.223.193.42 port 56180 [preauth]
Sep 28 22:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11124]: Failed password for root from 59.19.182.197 port 54948 ssh2
Sep 28 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11124]: Received disconnect from 59.19.182.197 port 54948:11: Bye Bye [preauth]
Sep 28 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11124]: Disconnected from 59.19.182.197 port 54948 [preauth]
Sep 28 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 28 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Failed password for root from 134.122.46.149 port 35580 ssh2
Sep 28 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Connection closed by 134.122.46.149 port 35580 [preauth]
Sep 28 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: Failed password for root from 93.152.230.176 port 25734 ssh2
Sep 28 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: Received disconnect from 93.152.230.176 port 25734:11: Client disconnecting normally [preauth]
Sep 28 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: Disconnected from 93.152.230.176 port 25734 [preauth]
Sep 28 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9832]: pam_unix(cron:session): session closed for user root
Sep 28 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 35284 ssh2
Sep 28 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Connection closed by 134.122.46.149 port 35284 [preauth]
Sep 28 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Invalid user gitlab from 134.122.46.149
Sep 28 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Failed password for invalid user gitlab from 134.122.46.149 port 43626 ssh2
Sep 28 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Connection closed by 134.122.46.149 port 43626 [preauth]
Sep 28 22:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11250]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: Successful su for rubyman by root
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: + ??? root:rubyman
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311119 of user rubyman.
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311119.
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Failed password for root from 31.57.47.194 port 44112 ssh2
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Received disconnect from 31.57.47.194 port 44112:11: Bye Bye [preauth]
Sep 28 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11242]: Disconnected from 31.57.47.194 port 44112 [preauth]
Sep 28 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: User mysql from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: input_userauth_request: invalid user mysql [preauth]
Sep 28 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=mysql
Sep 28 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session closed for user root
Sep 28 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Failed password for invalid user mysql from 134.122.46.149 port 47420 ssh2
Sep 28 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Connection closed by 134.122.46.149 port 47420 [preauth]
Sep 28 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Invalid user user from 134.122.46.149
Sep 28 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: input_userauth_request: invalid user user [preauth]
Sep 28 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Failed password for invalid user user from 134.122.46.149 port 46552 ssh2
Sep 28 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Connection closed by 134.122.46.149 port 46552 [preauth]
Sep 28 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: Failed password for root from 134.122.46.149 port 45130 ssh2
Sep 28 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11576]: Connection closed by 134.122.46.149 port 45130 [preauth]
Sep 28 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user root
Sep 28 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Invalid user developer from 134.122.46.149
Sep 28 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: input_userauth_request: invalid user developer [preauth]
Sep 28 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Failed password for invalid user developer from 134.122.46.149 port 54148 ssh2
Sep 28 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11639]: Connection closed by 134.122.46.149 port 54148 [preauth]
Sep 28 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Invalid user latitude from 134.122.46.149
Sep 28 22:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: input_userauth_request: invalid user latitude [preauth]
Sep 28 22:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for invalid user latitude from 134.122.46.149 port 41672 ssh2
Sep 28 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Connection closed by 134.122.46.149 port 41672 [preauth]
Sep 28 22:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Invalid user xuhao from 159.223.193.42
Sep 28 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: input_userauth_request: invalid user xuhao [preauth]
Sep 28 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Failed password for root from 59.19.182.197 port 51580 ssh2
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Received disconnect from 59.19.182.197 port 51580:11: Bye Bye [preauth]
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Disconnected from 59.19.182.197 port 51580 [preauth]
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Invalid user node from 134.122.46.149
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: input_userauth_request: invalid user node [preauth]
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Failed password for invalid user xuhao from 159.223.193.42 port 46594 ssh2
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Received disconnect from 159.223.193.42 port 46594:11: Bye Bye [preauth]
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Disconnected from 159.223.193.42 port 46594 [preauth]
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11794]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11795]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11870]: Successful su for rubyman by root
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11870]: + ??? root:rubyman
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311123 of user rubyman.
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11870]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311123.
Sep 28 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for invalid user node from 134.122.46.149 port 51192 ssh2
Sep 28 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Connection closed by 134.122.46.149 port 51192 [preauth]
Sep 28 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session closed for user root
Sep 28 22:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Invalid user apache from 134.122.46.149
Sep 28 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: input_userauth_request: invalid user apache [preauth]
Sep 28 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Failed password for invalid user apache from 134.122.46.149 port 60510 ssh2
Sep 28 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Connection closed by 134.122.46.149 port 60510 [preauth]
Sep 28 22:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Failed password for root from 134.122.46.149 port 50698 ssh2
Sep 28 22:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Connection closed by 134.122.46.149 port 50698 [preauth]
Sep 28 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session closed for user root
Sep 28 22:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: Invalid user dev from 134.122.46.149
Sep 28 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: input_userauth_request: invalid user dev [preauth]
Sep 28 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: Failed password for invalid user dev from 134.122.46.149 port 38936 ssh2
Sep 28 22:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: Connection closed by 134.122.46.149 port 38936 [preauth]
Sep 28 22:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Failed password for root from 134.122.46.149 port 46278 ssh2
Sep 28 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Connection closed by 134.122.46.149 port 46278 [preauth]
Sep 28 22:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Invalid user dstserver from 134.122.46.149
Sep 28 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: input_userauth_request: invalid user dstserver [preauth]
Sep 28 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Failed password for invalid user dstserver from 134.122.46.149 port 48776 ssh2
Sep 28 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: Failed password for root from 31.57.47.194 port 43366 ssh2
Sep 28 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: Received disconnect from 31.57.47.194 port 43366:11: Bye Bye [preauth]
Sep 28 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12233]: Disconnected from 31.57.47.194 port 43366 [preauth]
Sep 28 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Connection closed by 134.122.46.149 port 48776 [preauth]
Sep 28 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user p13x
Sep 28 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12304]: Successful su for rubyman by root
Sep 28 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12304]: + ??? root:rubyman
Sep 28 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311128 of user rubyman.
Sep 28 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12304]: pam_unix(su:session): session closed for user rubyman
Sep 28 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311128.
Sep 28 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9131]: pam_unix(cron:session): session closed for user root
Sep 28 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user samftp
Sep 28 22:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: Invalid user ts from 134.122.46.149
Sep 28 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: input_userauth_request: invalid user ts [preauth]
Sep 28 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: Failed password for invalid user ts from 134.122.46.149 port 60468 ssh2
Sep 28 22:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: Connection closed by 134.122.46.149 port 60468 [preauth]
Sep 28 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 28 22:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Failed password for root from 46.101.170.54 port 53232 ssh2
Sep 28 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Connection closed by 46.101.170.54 port 53232 [preauth]
Sep 28 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: User sys from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: input_userauth_request: invalid user sys [preauth]
Sep 28 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=sys
Sep 28 22:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Failed password for invalid user sys from 134.122.46.149 port 33496 ssh2
Sep 28 22:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Connection closed by 134.122.46.149 port 33496 [preauth]
Sep 28 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Invalid user oscar from 134.122.46.149
Sep 28 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: input_userauth_request: invalid user oscar [preauth]
Sep 28 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user root
Sep 28 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Invalid user alex from 59.19.182.197
Sep 28 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: input_userauth_request: invalid user alex [preauth]
Sep 28 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 22:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Failed password for invalid user oscar from 134.122.46.149 port 42680 ssh2
Sep 28 22:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Connection closed by 134.122.46.149 port 42680 [preauth]
Sep 28 22:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Failed password for invalid user alex from 59.19.182.197 port 48226 ssh2
Sep 28 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Received disconnect from 59.19.182.197 port 48226:11: Bye Bye [preauth]
Sep 28 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Disconnected from 59.19.182.197 port 48226 [preauth]
Sep 28 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42  user=root
Sep 28 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Failed password for root from 159.223.193.42 port 46742 ssh2
Sep 28 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Received disconnect from 159.223.193.42 port 46742:11: Bye Bye [preauth]
Sep 28 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Disconnected from 159.223.193.42 port 46742 [preauth]
Sep 28 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Invalid user Administrator from 134.122.46.149
Sep 28 22:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 22:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 22:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Failed password for invalid user Administrator from 134.122.46.149 port 38090 ssh2
Sep 28 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Connection closed by 134.122.46.149 port 38090 [preauth]
Sep 28 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 28 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Failed password for root from 190.103.202.7 port 45388 ssh2
Sep 28 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Connection closed by 190.103.202.7 port 45388 [preauth]
Sep 28 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 22:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for root from 134.122.46.149 port 57916 ssh2
Sep 28 22:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 134.122.46.149 port 57916 [preauth]
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12702]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12703]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12704]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12707]: pam_unix(cron:session): session closed for user root
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12702]: pam_unix(cron:session): session closed for user root
Sep 28 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12810]: Successful su for rubyman by root
Sep 28 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12810]: + ??? root:rubyman
Sep 28 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311137 of user rubyman.
Sep 28 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12810]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311137.
Sep 28 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session closed for user root
Sep 28 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12703]: pam_unix(cron:session): session closed for user root
Sep 28 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Invalid user solana from 134.122.46.149
Sep 28 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: input_userauth_request: invalid user solana [preauth]
Sep 28 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Failed password for invalid user solana from 134.122.46.149 port 43340 ssh2
Sep 28 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Connection closed by 134.122.46.149 port 43340 [preauth]
Sep 28 23:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Invalid user steam from 134.122.46.149
Sep 28 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for invalid user steam from 134.122.46.149 port 37834 ssh2
Sep 28 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 134.122.46.149 port 37834 [preauth]
Sep 28 23:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: User ftp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: input_userauth_request: invalid user ftp [preauth]
Sep 28 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=ftp
Sep 28 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11795]: pam_unix(cron:session): session closed for user root
Sep 28 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Failed password for invalid user ftp from 134.122.46.149 port 49672 ssh2
Sep 28 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Connection closed by 134.122.46.149 port 49672 [preauth]
Sep 28 23:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Invalid user openvpn from 134.122.46.149
Sep 28 23:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 23:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Failed password for invalid user openvpn from 134.122.46.149 port 36878 ssh2
Sep 28 23:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Connection closed by 134.122.46.149 port 36878 [preauth]
Sep 28 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Invalid user uftp from 134.122.46.149
Sep 28 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: input_userauth_request: invalid user uftp [preauth]
Sep 28 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Failed password for invalid user uftp from 134.122.46.149 port 54386 ssh2
Sep 28 23:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Connection closed by 134.122.46.149 port 54386 [preauth]
Sep 28 23:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Invalid user andrey from 31.57.47.194
Sep 28 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: input_userauth_request: invalid user andrey [preauth]
Sep 28 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 23:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Failed password for invalid user andrey from 31.57.47.194 port 37820 ssh2
Sep 28 23:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Received disconnect from 31.57.47.194 port 37820:11: Bye Bye [preauth]
Sep 28 23:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Disconnected from 31.57.47.194 port 37820 [preauth]
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13269]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: Successful su for rubyman by root
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: + ??? root:rubyman
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311141 of user rubyman.
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311141.
Sep 28 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: User uucp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: input_userauth_request: invalid user uucp [preauth]
Sep 28 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=uucp
Sep 28 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user root
Sep 28 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Invalid user kit from 59.19.182.197
Sep 28 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: input_userauth_request: invalid user kit [preauth]
Sep 28 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13270]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: Failed password for invalid user uucp from 134.122.46.149 port 42690 ssh2
Sep 28 23:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13520]: Connection closed by 134.122.46.149 port 42690 [preauth]
Sep 28 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Failed password for invalid user kit from 59.19.182.197 port 44872 ssh2
Sep 28 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Received disconnect from 59.19.182.197 port 44872:11: Bye Bye [preauth]
Sep 28 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Disconnected from 59.19.182.197 port 44872 [preauth]
Sep 28 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Invalid user user from 62.60.131.157
Sep 28 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: input_userauth_request: invalid user user [preauth]
Sep 28 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Invalid user app from 134.122.46.149
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: input_userauth_request: invalid user app [preauth]
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user user from 62.60.131.157 port 27060 ssh2
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Invalid user basic from 159.223.193.42
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: input_userauth_request: invalid user basic [preauth]
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Failed password for invalid user app from 134.122.46.149 port 51796 ssh2
Sep 28 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13589]: Connection closed by 134.122.46.149 port 51796 [preauth]
Sep 28 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user user from 62.60.131.157 port 27060 ssh2
Sep 28 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Failed password for invalid user basic from 159.223.193.42 port 50444 ssh2
Sep 28 23:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Received disconnect from 159.223.193.42 port 50444:11: Bye Bye [preauth]
Sep 28 23:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Disconnected from 159.223.193.42 port 50444 [preauth]
Sep 28 23:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user user from 62.60.131.157 port 27060 ssh2
Sep 28 23:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user user from 62.60.131.157 port 27060 ssh2
Sep 28 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user user from 62.60.131.157 port 27060 ssh2
Sep 28 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Received disconnect from 62.60.131.157 port 27060:11: Bye [preauth]
Sep 28 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Disconnected from 62.60.131.157 port 27060 [preauth]
Sep 28 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 28 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 28 23:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Invalid user oracle from 134.122.46.149
Sep 28 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: input_userauth_request: invalid user oracle [preauth]
Sep 28 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Failed password for invalid user oracle from 134.122.46.149 port 39286 ssh2
Sep 28 23:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Connection closed by 134.122.46.149 port 39286 [preauth]
Sep 28 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12241]: pam_unix(cron:session): session closed for user root
Sep 28 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Invalid user hadoop from 134.122.46.149
Sep 28 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Failed password for invalid user hadoop from 134.122.46.149 port 56624 ssh2
Sep 28 23:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Connection closed by 134.122.46.149 port 56624 [preauth]
Sep 28 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Invalid user factorio from 134.122.46.149
Sep 28 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: input_userauth_request: invalid user factorio [preauth]
Sep 28 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Failed password for invalid user factorio from 134.122.46.149 port 59086 ssh2
Sep 28 23:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Connection closed by 134.122.46.149 port 59086 [preauth]
Sep 28 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: Successful su for rubyman by root
Sep 28 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: + ??? root:rubyman
Sep 28 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311145 of user rubyman.
Sep 28 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311145.
Sep 28 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session closed for user root
Sep 28 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Invalid user solana from 134.122.46.149
Sep 28 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: input_userauth_request: invalid user solana [preauth]
Sep 28 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Failed password for invalid user solana from 134.122.46.149 port 39938 ssh2
Sep 28 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Connection closed by 134.122.46.149 port 39938 [preauth]
Sep 28 23:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: Invalid user huawei from 134.122.46.149
Sep 28 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: Failed password for invalid user huawei from 134.122.46.149 port 45274 ssh2
Sep 28 23:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: Connection closed by 134.122.46.149 port 45274 [preauth]
Sep 28 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Invalid user hadoop from 134.122.46.149
Sep 28 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Failed password for invalid user hadoop from 134.122.46.149 port 43166 ssh2
Sep 28 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Connection closed by 134.122.46.149 port 43166 [preauth]
Sep 28 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session closed for user root
Sep 28 23:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: Invalid user dasusr1 from 59.19.182.197
Sep 28 23:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: input_userauth_request: invalid user dasusr1 [preauth]
Sep 28 23:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 23:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: Failed password for invalid user dasusr1 from 59.19.182.197 port 41512 ssh2
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: Received disconnect from 59.19.182.197 port 41512:11: Bye Bye [preauth]
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14188]: Disconnected from 59.19.182.197 port 41512 [preauth]
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Invalid user test from 134.122.46.149
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: input_userauth_request: invalid user test [preauth]
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Failed password for invalid user test from 134.122.46.149 port 48470 ssh2
Sep 28 23:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Connection closed by 134.122.46.149 port 48470 [preauth]
Sep 28 23:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: Invalid user chain from 134.122.46.149
Sep 28 23:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: input_userauth_request: invalid user chain [preauth]
Sep 28 23:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: Failed password for invalid user chain from 134.122.46.149 port 44006 ssh2
Sep 28 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: Connection closed by 134.122.46.149 port 44006 [preauth]
Sep 28 23:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Failed password for root from 31.57.47.194 port 50024 ssh2
Sep 28 23:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Received disconnect from 31.57.47.194 port 50024:11: Bye Bye [preauth]
Sep 28 23:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Disconnected from 31.57.47.194 port 50024 [preauth]
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14261]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: Successful su for rubyman by root
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: + ??? root:rubyman
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311146 of user rubyman.
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311146.
Sep 28 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42  user=root
Sep 28 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: Invalid user huawei from 134.122.46.149
Sep 28 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: Failed password for root from 159.223.193.42 port 45322 ssh2
Sep 28 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: Received disconnect from 159.223.193.42 port 45322:11: Bye Bye [preauth]
Sep 28 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: Disconnected from 159.223.193.42 port 45322 [preauth]
Sep 28 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user root
Sep 28 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: Failed password for invalid user huawei from 134.122.46.149 port 34654 ssh2
Sep 28 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: Connection closed by 134.122.46.149 port 34654 [preauth]
Sep 28 23:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14262]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Invalid user oracle from 134.122.46.149
Sep 28 23:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: input_userauth_request: invalid user oracle [preauth]
Sep 28 23:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Failed password for invalid user oracle from 134.122.46.149 port 36888 ssh2
Sep 28 23:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Connection closed by 134.122.46.149 port 36888 [preauth]
Sep 28 23:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Invalid user admin from 134.122.46.149
Sep 28 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user admin from 134.122.46.149 port 53588 ssh2
Sep 28 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Connection closed by 134.122.46.149 port 53588 [preauth]
Sep 28 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session closed for user root
Sep 28 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Invalid user test from 134.122.46.149
Sep 28 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: input_userauth_request: invalid user test [preauth]
Sep 28 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Failed password for invalid user test from 134.122.46.149 port 46048 ssh2
Sep 28 23:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Connection closed by 134.122.46.149 port 46048 [preauth]
Sep 28 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Invalid user master from 134.122.46.149
Sep 28 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: input_userauth_request: invalid user master [preauth]
Sep 28 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Failed password for invalid user master from 134.122.46.149 port 39680 ssh2
Sep 28 23:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Connection closed by 134.122.46.149 port 39680 [preauth]
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Invalid user guest from 134.122.46.149
Sep 28 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: input_userauth_request: invalid user guest [preauth]
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: Successful su for rubyman by root
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: + ??? root:rubyman
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311151 of user rubyman.
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311151.
Sep 28 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Failed password for invalid user guest from 134.122.46.149 port 41196 ssh2
Sep 28 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14715]: Connection closed by 134.122.46.149 port 41196 [preauth]
Sep 28 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11794]: pam_unix(cron:session): session closed for user root
Sep 28 23:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Invalid user intell from 59.19.182.197
Sep 28 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: input_userauth_request: invalid user intell [preauth]
Sep 28 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for invalid user intell from 59.19.182.197 port 38146 ssh2
Sep 28 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Received disconnect from 59.19.182.197 port 38146:11: Bye Bye [preauth]
Sep 28 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Disconnected from 59.19.182.197 port 38146 [preauth]
Sep 28 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Invalid user test from 134.122.46.149
Sep 28 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: input_userauth_request: invalid user test [preauth]
Sep 28 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Failed password for invalid user test from 134.122.46.149 port 43272 ssh2
Sep 28 23:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14960]: Connection closed by 134.122.46.149 port 43272 [preauth]
Sep 28 23:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Invalid user weblogic from 134.122.46.149
Sep 28 23:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: input_userauth_request: invalid user weblogic [preauth]
Sep 28 23:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for invalid user weblogic from 134.122.46.149 port 57308 ssh2
Sep 28 23:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Connection closed by 134.122.46.149 port 57308 [preauth]
Sep 28 23:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session closed for user root
Sep 28 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Invalid user digi from 134.122.46.149
Sep 28 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: input_userauth_request: invalid user digi [preauth]
Sep 28 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Failed password for invalid user digi from 134.122.46.149 port 54316 ssh2
Sep 28 23:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Connection closed by 134.122.46.149 port 54316 [preauth]
Sep 28 23:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: Invalid user oracle from 134.122.46.149
Sep 28 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: input_userauth_request: invalid user oracle [preauth]
Sep 28 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: Failed password for invalid user oracle from 134.122.46.149 port 43614 ssh2
Sep 28 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: Connection closed by 134.122.46.149 port 43614 [preauth]
Sep 28 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Invalid user office from 31.57.47.194
Sep 28 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: input_userauth_request: invalid user office [preauth]
Sep 28 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 23:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Failed password for invalid user office from 31.57.47.194 port 52544 ssh2
Sep 28 23:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Received disconnect from 31.57.47.194 port 52544:11: Bye Bye [preauth]
Sep 28 23:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15095]: Disconnected from 31.57.47.194 port 52544 [preauth]
Sep 28 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Invalid user website from 134.122.46.149
Sep 28 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: input_userauth_request: invalid user website [preauth]
Sep 28 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user root
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15121]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: Successful su for rubyman by root
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: + ??? root:rubyman
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311158 of user rubyman.
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311158.
Sep 28 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Failed password for invalid user website from 134.122.46.149 port 42090 ssh2
Sep 28 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Connection closed by 134.122.46.149 port 42090 [preauth]
Sep 28 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15123]: pam_unix(cron:session): session closed for user root
Sep 28 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session closed for user root
Sep 28 23:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15122]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Invalid user sftp from 134.122.46.149
Sep 28 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: input_userauth_request: invalid user sftp [preauth]
Sep 28 23:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for invalid user sftp from 134.122.46.149 port 37002 ssh2
Sep 28 23:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 134.122.46.149 port 37002 [preauth]
Sep 28 23:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Failed password for root from 134.122.46.149 port 56106 ssh2
Sep 28 23:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Connection closed by 134.122.46.149 port 56106 [preauth]
Sep 28 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14264]: pam_unix(cron:session): session closed for user root
Sep 28 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: Failed password for root from 134.122.46.149 port 37740 ssh2
Sep 28 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15511]: Connection closed by 134.122.46.149 port 37740 [preauth]
Sep 28 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: Invalid user ming from 59.19.182.197
Sep 28 23:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: input_userauth_request: invalid user ming [preauth]
Sep 28 23:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: Failed password for invalid user ming from 59.19.182.197 port 34776 ssh2
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Invalid user hadoop from 134.122.46.149
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: Received disconnect from 59.19.182.197 port 34776:11: Bye Bye [preauth]
Sep 28 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15546]: Disconnected from 59.19.182.197 port 34776 [preauth]
Sep 28 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Invalid user user1 from 79.13.33.136
Sep 28 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: input_userauth_request: invalid user user1 [preauth]
Sep 28 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Failed password for invalid user hadoop from 134.122.46.149 port 52748 ssh2
Sep 28 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Connection closed by 134.122.46.149 port 52748 [preauth]
Sep 28 23:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Failed password for invalid user user1 from 79.13.33.136 port 43308 ssh2
Sep 28 23:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Received disconnect from 79.13.33.136 port 43308:11: Bye Bye [preauth]
Sep 28 23:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Disconnected from 79.13.33.136 port 43308 [preauth]
Sep 28 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Invalid user awsgui from 134.122.46.149
Sep 28 23:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: input_userauth_request: invalid user awsgui [preauth]
Sep 28 23:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Failed password for invalid user awsgui from 134.122.46.149 port 43546 ssh2
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Connection closed by 134.122.46.149 port 43546 [preauth]
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15664]: Successful su for rubyman by root
Sep 28 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15664]: + ??? root:rubyman
Sep 28 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311162 of user rubyman.
Sep 28 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15664]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311162.
Sep 28 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12704]: pam_unix(cron:session): session closed for user root
Sep 28 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Failed password for root from 190.108.60.101 port 34184 ssh2
Sep 28 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Received disconnect from 190.108.60.101 port 34184:11: Bye Bye [preauth]
Sep 28 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15846]: Disconnected from 190.108.60.101 port 34184 [preauth]
Sep 28 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Invalid user huawei from 134.122.46.149
Sep 28 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Failed password for invalid user huawei from 134.122.46.149 port 38004 ssh2
Sep 28 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Connection closed by 134.122.46.149 port 38004 [preauth]
Sep 28 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Invalid user mtvps1 from 159.223.193.42
Sep 28 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: input_userauth_request: invalid user mtvps1 [preauth]
Sep 28 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Failed password for invalid user mtvps1 from 159.223.193.42 port 51718 ssh2
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Received disconnect from 159.223.193.42 port 51718:11: Bye Bye [preauth]
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Disconnected from 159.223.193.42 port 51718 [preauth]
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Invalid user dst from 134.122.46.149
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: input_userauth_request: invalid user dst [preauth]
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Failed password for invalid user dst from 134.122.46.149 port 33764 ssh2
Sep 28 23:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Connection closed by 134.122.46.149 port 33764 [preauth]
Sep 28 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session closed for user root
Sep 28 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Invalid user dolphin from 134.122.46.149
Sep 28 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for invalid user dolphin from 134.122.46.149 port 57794 ssh2
Sep 28 23:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 134.122.46.149 port 57794 [preauth]
Sep 28 23:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194  user=root
Sep 28 23:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Failed password for root from 31.57.47.194 port 57764 ssh2
Sep 28 23:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Received disconnect from 31.57.47.194 port 57764:11: Bye Bye [preauth]
Sep 28 23:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Disconnected from 31.57.47.194 port 57764 [preauth]
Sep 28 23:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Failed password for root from 134.122.46.149 port 44430 ssh2
Sep 28 23:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Connection closed by 134.122.46.149 port 44430 [preauth]
Sep 28 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Invalid user rsync from 134.122.46.149
Sep 28 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: input_userauth_request: invalid user rsync [preauth]
Sep 28 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Failed password for invalid user rsync from 134.122.46.149 port 42140 ssh2
Sep 28 23:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Connection closed by 134.122.46.149 port 42140 [preauth]
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16097]: Successful su for rubyman by root
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16097]: + ??? root:rubyman
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311166 of user rubyman.
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16097]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311166.
Sep 28 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session closed for user root
Sep 28 23:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Invalid user Administrator from 134.122.46.149
Sep 28 23:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: input_userauth_request: invalid user Administrator [preauth]
Sep 28 23:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Failed password for invalid user Administrator from 134.122.46.149 port 43750 ssh2
Sep 28 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Connection closed by 134.122.46.149 port 43750 [preauth]
Sep 28 23:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Invalid user adam from 59.19.182.197
Sep 28 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: input_userauth_request: invalid user adam [preauth]
Sep 28 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197
Sep 28 23:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Failed password for invalid user adam from 59.19.182.197 port 59644 ssh2
Sep 28 23:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Received disconnect from 59.19.182.197 port 59644:11: Bye Bye [preauth]
Sep 28 23:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Disconnected from 59.19.182.197 port 59644 [preauth]
Sep 28 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: Failed password for root from 134.122.46.149 port 46324 ssh2
Sep 28 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16346]: Connection closed by 134.122.46.149 port 46324 [preauth]
Sep 28 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Invalid user admin from 107.174.26.130
Sep 28 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Failed password for invalid user admin from 107.174.26.130 port 41194 ssh2
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Received disconnect from 107.174.26.130 port 41194:11: Bye Bye [preauth]
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Disconnected from 107.174.26.130 port 41194 [preauth]
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Invalid user ftpuser from 134.122.46.149
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: input_userauth_request: invalid user ftpuser [preauth]
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Failed password for invalid user ftpuser from 134.122.46.149 port 51778 ssh2
Sep 28 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Connection closed by 134.122.46.149 port 51778 [preauth]
Sep 28 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session closed for user root
Sep 28 23:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Invalid user logstash from 134.122.46.149
Sep 28 23:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: input_userauth_request: invalid user logstash [preauth]
Sep 28 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Failed password for invalid user logstash from 134.122.46.149 port 57686 ssh2
Sep 28 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Connection closed by 134.122.46.149 port 57686 [preauth]
Sep 28 23:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Invalid user redis from 134.122.46.149
Sep 28 23:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: input_userauth_request: invalid user redis [preauth]
Sep 28 23:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Failed password for invalid user redis from 134.122.46.149 port 58262 ssh2
Sep 28 23:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Connection closed by 134.122.46.149 port 58262 [preauth]
Sep 28 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: Invalid user jboss from 159.223.193.42
Sep 28 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: input_userauth_request: invalid user jboss [preauth]
Sep 28 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: Failed password for invalid user jboss from 159.223.193.42 port 37932 ssh2
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: Received disconnect from 159.223.193.42 port 37932:11: Bye Bye [preauth]
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16478]: Disconnected from 159.223.193.42 port 37932 [preauth]
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: Successful su for rubyman by root
Sep 28 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: + ??? root:rubyman
Sep 28 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311168 of user rubyman.
Sep 28 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311168.
Sep 28 23:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session closed for user root
Sep 28 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Invalid user deploy from 134.122.46.149
Sep 28 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: input_userauth_request: invalid user deploy [preauth]
Sep 28 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Failed password for invalid user deploy from 134.122.46.149 port 33778 ssh2
Sep 28 23:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Connection closed by 134.122.46.149 port 33778 [preauth]
Sep 28 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Failed password for root from 134.122.46.149 port 60310 ssh2
Sep 28 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Connection closed by 134.122.46.149 port 60310 [preauth]
Sep 28 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Invalid user docker from 134.122.46.149
Sep 28 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: input_userauth_request: invalid user docker [preauth]
Sep 28 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Failed password for invalid user docker from 134.122.46.149 port 44182 ssh2
Sep 28 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Connection closed by 134.122.46.149 port 44182 [preauth]
Sep 28 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15593]: pam_unix(cron:session): session closed for user root
Sep 28 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Invalid user pedrito from 31.57.47.194
Sep 28 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: input_userauth_request: invalid user pedrito [preauth]
Sep 28 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Failed password for invalid user pedrito from 31.57.47.194 port 56720 ssh2
Sep 28 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Received disconnect from 31.57.47.194 port 56720:11: Bye Bye [preauth]
Sep 28 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16847]: Disconnected from 31.57.47.194 port 56720 [preauth]
Sep 28 23:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: Invalid user pi from 93.152.230.176
Sep 28 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: input_userauth_request: invalid user pi [preauth]
Sep 28 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 28 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: Failed password for invalid user pi from 93.152.230.176 port 34354 ssh2
Sep 28 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Invalid user esuser from 134.122.46.149
Sep 28 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: input_userauth_request: invalid user esuser [preauth]
Sep 28 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: Received disconnect from 93.152.230.176 port 34354:11: Client disconnecting normally [preauth]
Sep 28 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16880]: Disconnected from 93.152.230.176 port 34354 [preauth]
Sep 28 23:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Failed password for invalid user esuser from 134.122.46.149 port 41406 ssh2
Sep 28 23:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Connection closed by 134.122.46.149 port 41406 [preauth]
Sep 28 23:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 23:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Failed password for root from 59.19.182.197 port 56294 ssh2
Sep 28 23:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Received disconnect from 59.19.182.197 port 56294:11: Bye Bye [preauth]
Sep 28 23:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Disconnected from 59.19.182.197 port 56294 [preauth]
Sep 28 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: Invalid user zabbix from 134.122.46.149
Sep 28 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: input_userauth_request: invalid user zabbix [preauth]
Sep 28 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.195.43.11
Sep 28 23:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: Failed password for invalid user zabbix from 134.122.46.149 port 58920 ssh2
Sep 28 23:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: Connection closed by 134.122.46.149 port 58920 [preauth]
Sep 28 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16955]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: Successful su for rubyman by root
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: + ??? root:rubyman
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311173 of user rubyman.
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17112]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311173.
Sep 28 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16950]: pam_unix(cron:session): session closed for user root
Sep 28 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14263]: pam_unix(cron:session): session closed for user root
Sep 28 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Invalid user user from 134.122.46.149
Sep 28 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: input_userauth_request: invalid user user [preauth]
Sep 28 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Failed password for invalid user user from 134.122.46.149 port 35274 ssh2
Sep 28 23:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Connection closed by 134.122.46.149 port 35274 [preauth]
Sep 28 23:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16956]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Invalid user test from 101.126.30.240
Sep 28 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: input_userauth_request: invalid user test [preauth]
Sep 28 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.30.240
Sep 28 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Failed password for root from 134.122.46.149 port 48970 ssh2
Sep 28 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Connection closed by 134.122.46.149 port 48970 [preauth]
Sep 28 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Failed password for invalid user test from 101.126.30.240 port 55056 ssh2
Sep 28 23:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Invalid user hadoop from 134.122.46.149
Sep 28 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Failed password for root from 79.13.33.136 port 38522 ssh2
Sep 28 23:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Received disconnect from 79.13.33.136 port 38522:11: Bye Bye [preauth]
Sep 28 23:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17416]: Disconnected from 79.13.33.136 port 38522 [preauth]
Sep 28 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Failed password for invalid user hadoop from 134.122.46.149 port 39040 ssh2
Sep 28 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Connection closed by 134.122.46.149 port 39040 [preauth]
Sep 28 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16039]: pam_unix(cron:session): session closed for user root
Sep 28 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Invalid user sol from 134.122.46.149
Sep 28 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: input_userauth_request: invalid user sol [preauth]
Sep 28 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Failed password for invalid user sol from 134.122.46.149 port 37106 ssh2
Sep 28 23:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Connection closed by 134.122.46.149 port 37106 [preauth]
Sep 28 23:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Invalid user nginx from 134.122.46.149
Sep 28 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: input_userauth_request: invalid user nginx [preauth]
Sep 28 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Failed password for invalid user nginx from 134.122.46.149 port 34644 ssh2
Sep 28 23:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Connection closed by 134.122.46.149 port 34644 [preauth]
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17517]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17519]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17518]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17516]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17519]: pam_unix(cron:session): session closed for user root
Sep 28 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17591]: Successful su for rubyman by root
Sep 28 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17591]: + ??? root:rubyman
Sep 28 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311180 of user rubyman.
Sep 28 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17591]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311180.
Sep 28 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Invalid user solana from 134.122.46.149
Sep 28 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: input_userauth_request: invalid user solana [preauth]
Sep 28 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user root
Sep 28 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17516]: pam_unix(cron:session): session closed for user root
Sep 28 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for invalid user solana from 134.122.46.149 port 42062 ssh2
Sep 28 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Connection closed by 134.122.46.149 port 42062 [preauth]
Sep 28 23:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Invalid user elsearch from 134.122.46.149
Sep 28 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: input_userauth_request: invalid user elsearch [preauth]
Sep 28 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Invalid user django from 31.57.47.194
Sep 28 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: input_userauth_request: invalid user django [preauth]
Sep 28 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Failed password for invalid user elsearch from 134.122.46.149 port 39358 ssh2
Sep 28 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Connection closed by 134.122.46.149 port 39358 [preauth]
Sep 28 23:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Failed password for invalid user django from 31.57.47.194 port 36114 ssh2
Sep 28 23:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Received disconnect from 31.57.47.194 port 36114:11: Bye Bye [preauth]
Sep 28 23:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Disconnected from 31.57.47.194 port 36114 [preauth]
Sep 28 23:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.19.182.197  user=root
Sep 28 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for root from 59.19.182.197 port 52932 ssh2
Sep 28 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Received disconnect from 59.19.182.197 port 52932:11: Bye Bye [preauth]
Sep 28 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Disconnected from 59.19.182.197 port 52932 [preauth]
Sep 28 23:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Failed password for root from 134.122.46.149 port 46990 ssh2
Sep 28 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Connection closed by 134.122.46.149 port 46990 [preauth]
Sep 28 23:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session closed for user root
Sep 28 23:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Invalid user jj from 107.174.26.130
Sep 28 23:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: input_userauth_request: invalid user jj [preauth]
Sep 28 23:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Failed password for invalid user jj from 107.174.26.130 port 60924 ssh2
Sep 28 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Received disconnect from 107.174.26.130 port 60924:11: Bye Bye [preauth]
Sep 28 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Disconnected from 107.174.26.130 port 60924 [preauth]
Sep 28 23:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: Invalid user test_user from 190.108.60.101
Sep 28 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: input_userauth_request: invalid user test_user [preauth]
Sep 28 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Invalid user vps from 134.122.46.149
Sep 28 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: input_userauth_request: invalid user vps [preauth]
Sep 28 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: Failed password for invalid user test_user from 190.108.60.101 port 39748 ssh2
Sep 28 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: Received disconnect from 190.108.60.101 port 39748:11: Bye Bye [preauth]
Sep 28 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18055]: Disconnected from 190.108.60.101 port 39748 [preauth]
Sep 28 23:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for invalid user vps from 134.122.46.149 port 41378 ssh2
Sep 28 23:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Connection closed by 134.122.46.149 port 41378 [preauth]
Sep 28 23:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Invalid user nathan from 79.13.33.136
Sep 28 23:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: input_userauth_request: invalid user nathan [preauth]
Sep 28 23:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Failed password for invalid user nathan from 79.13.33.136 port 33610 ssh2
Sep 28 23:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Received disconnect from 79.13.33.136 port 33610:11: Bye Bye [preauth]
Sep 28 23:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Disconnected from 79.13.33.136 port 33610 [preauth]
Sep 28 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Invalid user amanda from 134.122.46.149
Sep 28 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: input_userauth_request: invalid user amanda [preauth]
Sep 28 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Failed password for invalid user amanda from 134.122.46.149 port 43636 ssh2
Sep 28 23:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Connection closed by 134.122.46.149 port 43636 [preauth]
Sep 28 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: Successful su for rubyman by root
Sep 28 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: + ??? root:rubyman
Sep 28 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311185 of user rubyman.
Sep 28 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311185.
Sep 28 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Invalid user developer from 134.122.46.149
Sep 28 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: input_userauth_request: invalid user developer [preauth]
Sep 28 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15124]: pam_unix(cron:session): session closed for user root
Sep 28 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Failed password for invalid user developer from 134.122.46.149 port 60116 ssh2
Sep 28 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Connection closed by 134.122.46.149 port 60116 [preauth]
Sep 28 23:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Invalid user virtualbox from 134.122.46.149
Sep 28 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: input_userauth_request: invalid user virtualbox [preauth]
Sep 28 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Failed password for invalid user virtualbox from 134.122.46.149 port 57854 ssh2
Sep 28 23:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Connection closed by 134.122.46.149 port 57854 [preauth]
Sep 28 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Invalid user kit from 159.223.193.42
Sep 28 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: input_userauth_request: invalid user kit [preauth]
Sep 28 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 23:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Failed password for invalid user kit from 159.223.193.42 port 52658 ssh2
Sep 28 23:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Received disconnect from 159.223.193.42 port 52658:11: Bye Bye [preauth]
Sep 28 23:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Disconnected from 159.223.193.42 port 52658 [preauth]
Sep 28 23:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Invalid user dolphin from 134.122.46.149
Sep 28 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: input_userauth_request: invalid user dolphin [preauth]
Sep 28 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Failed password for invalid user dolphin from 134.122.46.149 port 58338 ssh2
Sep 28 23:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Connection closed by 134.122.46.149 port 58338 [preauth]
Sep 28 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16958]: pam_unix(cron:session): session closed for user root
Sep 28 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: Invalid user samba from 134.122.46.149
Sep 28 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: input_userauth_request: invalid user samba [preauth]
Sep 28 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Invalid user ads1 from 107.174.26.130
Sep 28 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: input_userauth_request: invalid user ads1 [preauth]
Sep 28 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: Failed password for invalid user samba from 134.122.46.149 port 56484 ssh2
Sep 28 23:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18778]: Connection closed by 134.122.46.149 port 56484 [preauth]
Sep 28 23:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for invalid user ads1 from 107.174.26.130 port 57938 ssh2
Sep 28 23:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Received disconnect from 107.174.26.130 port 57938:11: Bye Bye [preauth]
Sep 28 23:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Disconnected from 107.174.26.130 port 57938 [preauth]
Sep 28 23:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Connection closed by 172.236.228.198 port 21290 [preauth]
Sep 28 23:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Connection closed by 172.236.228.198 port 21298 [preauth]
Sep 28 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: fatal: Unable to negotiate with 172.236.228.198 port 21300: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Sep 28 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Invalid user lighthouse from 134.122.46.149
Sep 28 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Failed password for invalid user lighthouse from 134.122.46.149 port 37936 ssh2
Sep 28 23:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Connection closed by 134.122.46.149 port 37936 [preauth]
Sep 28 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18937]: Successful su for rubyman by root
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18937]: + ??? root:rubyman
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311189 of user rubyman.
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18937]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311189.
Sep 28 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Failed password for root from 134.122.46.149 port 60642 ssh2
Sep 28 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Connection closed by 134.122.46.149 port 60642 [preauth]
Sep 28 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Invalid user bit from 79.13.33.136
Sep 28 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: input_userauth_request: invalid user bit [preauth]
Sep 28 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15592]: pam_unix(cron:session): session closed for user root
Sep 28 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Failed password for invalid user bit from 79.13.33.136 port 56928 ssh2
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Invalid user admin from 190.108.60.101
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Received disconnect from 79.13.33.136 port 56928:11: Bye Bye [preauth]
Sep 28 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Disconnected from 79.13.33.136 port 56928 [preauth]
Sep 28 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Failed password for invalid user admin from 190.108.60.101 port 37756 ssh2
Sep 28 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Received disconnect from 190.108.60.101 port 37756:11: Bye Bye [preauth]
Sep 28 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19133]: Disconnected from 190.108.60.101 port 37756 [preauth]
Sep 28 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Invalid user mithun from 31.57.47.194
Sep 28 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: input_userauth_request: invalid user mithun [preauth]
Sep 28 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.57.47.194
Sep 28 23:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: Invalid user huawei from 134.122.46.149
Sep 28 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Failed password for invalid user mithun from 31.57.47.194 port 52718 ssh2
Sep 28 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Received disconnect from 31.57.47.194 port 52718:11: Bye Bye [preauth]
Sep 28 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Disconnected from 31.57.47.194 port 52718 [preauth]
Sep 28 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: Failed password for invalid user huawei from 134.122.46.149 port 44956 ssh2
Sep 28 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: Connection closed by 134.122.46.149 port 44956 [preauth]
Sep 28 23:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: Failed password for root from 134.122.46.149 port 39024 ssh2
Sep 28 23:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19226]: Connection closed by 134.122.46.149 port 39024 [preauth]
Sep 28 23:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17518]: pam_unix(cron:session): session closed for user root
Sep 28 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Invalid user sftp from 134.122.46.149
Sep 28 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: input_userauth_request: invalid user sftp [preauth]
Sep 28 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Failed password for invalid user sftp from 134.122.46.149 port 41634 ssh2
Sep 28 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Connection closed by 134.122.46.149 port 41634 [preauth]
Sep 28 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Failed password for root from 107.174.26.130 port 54942 ssh2
Sep 28 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Received disconnect from 107.174.26.130 port 54942:11: Bye Bye [preauth]
Sep 28 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Disconnected from 107.174.26.130 port 54942 [preauth]
Sep 28 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Invalid user latitude from 134.122.46.149
Sep 28 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: input_userauth_request: invalid user latitude [preauth]
Sep 28 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Failed password for invalid user latitude from 134.122.46.149 port 55168 ssh2
Sep 28 23:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Connection closed by 134.122.46.149 port 55168 [preauth]
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Invalid user spider from 159.223.193.42
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: input_userauth_request: invalid user spider [preauth]
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.193.42
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: Successful su for rubyman by root
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: + ??? root:rubyman
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311191 of user rubyman.
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311191.
Sep 28 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Invalid user odoo from 134.122.46.149
Sep 28 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: input_userauth_request: invalid user odoo [preauth]
Sep 28 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Failed password for invalid user spider from 159.223.193.42 port 34382 ssh2
Sep 28 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Received disconnect from 159.223.193.42 port 34382:11: Bye Bye [preauth]
Sep 28 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Disconnected from 159.223.193.42 port 34382 [preauth]
Sep 28 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Failed password for invalid user odoo from 134.122.46.149 port 56946 ssh2
Sep 28 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Connection closed by 134.122.46.149 port 56946 [preauth]
Sep 28 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16038]: pam_unix(cron:session): session closed for user root
Sep 28 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Invalid user admin from 78.128.112.74
Sep 28 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 28 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Failed password for invalid user admin from 78.128.112.74 port 52110 ssh2
Sep 28 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Connection closed by 78.128.112.74 port 52110 [preauth]
Sep 28 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: Invalid user test from 134.122.46.149
Sep 28 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: input_userauth_request: invalid user test [preauth]
Sep 28 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: Failed password for invalid user test from 134.122.46.149 port 55230 ssh2
Sep 28 23:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: Connection closed by 134.122.46.149 port 55230 [preauth]
Sep 28 23:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Failed password for root from 79.13.33.136 port 52016 ssh2
Sep 28 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Received disconnect from 79.13.33.136 port 52016:11: Bye Bye [preauth]
Sep 28 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Disconnected from 79.13.33.136 port 52016 [preauth]
Sep 28 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: User bin from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: input_userauth_request: invalid user bin [preauth]
Sep 28 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=bin
Sep 28 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Failed password for invalid user bin from 134.122.46.149 port 57334 ssh2
Sep 28 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user root
Sep 28 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Connection closed by 134.122.46.149 port 57334 [preauth]
Sep 28 23:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Failed password for root from 190.108.60.101 port 35732 ssh2
Sep 28 23:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Received disconnect from 190.108.60.101 port 35732:11: Bye Bye [preauth]
Sep 28 23:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Disconnected from 190.108.60.101 port 35732 [preauth]
Sep 28 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Invalid user test from 107.174.26.130
Sep 28 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: input_userauth_request: invalid user test [preauth]
Sep 28 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Failed password for invalid user test from 107.174.26.130 port 51932 ssh2
Sep 28 23:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Received disconnect from 107.174.26.130 port 51932:11: Bye Bye [preauth]
Sep 28 23:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Disconnected from 107.174.26.130 port 51932 [preauth]
Sep 28 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Invalid user rclone from 134.122.46.149
Sep 28 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: input_userauth_request: invalid user rclone [preauth]
Sep 28 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Failed password for invalid user rclone from 134.122.46.149 port 56100 ssh2
Sep 28 23:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Connection closed by 134.122.46.149 port 56100 [preauth]
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20276]: Successful su for rubyman by root
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20276]: + ??? root:rubyman
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311196 of user rubyman.
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20276]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311196.
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Invalid user pal from 134.122.46.149
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: input_userauth_request: invalid user pal [preauth]
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Failed password for invalid user pal from 134.122.46.149 port 33704 ssh2
Sep 28 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Connection closed by 134.122.46.149 port 33704 [preauth]
Sep 28 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session closed for user root
Sep 28 23:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: Invalid user tes from 20.163.71.109
Sep 28 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: input_userauth_request: invalid user tes [preauth]
Sep 28 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 28 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Invalid user vagrant from 134.122.46.149
Sep 28 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: Failed password for invalid user tes from 20.163.71.109 port 56656 ssh2
Sep 28 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20533]: Connection closed by 20.163.71.109 port 56656 [preauth]
Sep 28 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Failed password for invalid user vagrant from 134.122.46.149 port 58962 ssh2
Sep 28 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Connection closed by 134.122.46.149 port 58962 [preauth]
Sep 28 23:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Invalid user test_user from 107.174.26.130
Sep 28 23:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: input_userauth_request: invalid user test_user [preauth]
Sep 28 23:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for root from 79.13.33.136 port 47096 ssh2
Sep 28 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Received disconnect from 79.13.33.136 port 47096:11: Bye Bye [preauth]
Sep 28 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Disconnected from 79.13.33.136 port 47096 [preauth]
Sep 28 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for invalid user test_user from 107.174.26.130 port 48920 ssh2
Sep 28 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session closed for user root
Sep 28 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Received disconnect from 107.174.26.130 port 48920:11: Bye Bye [preauth]
Sep 28 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Disconnected from 107.174.26.130 port 48920 [preauth]
Sep 28 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Invalid user gitlab from 134.122.46.149
Sep 28 23:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 23:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user gitlab from 134.122.46.149 port 53152 ssh2
Sep 28 23:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Connection closed by 134.122.46.149 port 53152 [preauth]
Sep 28 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Failed password for root from 134.122.46.149 port 52248 ssh2
Sep 28 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Connection closed by 134.122.46.149 port 52248 [preauth]
Sep 28 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Failed password for root from 190.108.60.101 port 33646 ssh2
Sep 28 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Received disconnect from 190.108.60.101 port 33646:11: Bye Bye [preauth]
Sep 28 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Disconnected from 190.108.60.101 port 33646 [preauth]
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user root
Sep 28 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20752]: Successful su for rubyman by root
Sep 28 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20752]: + ??? root:rubyman
Sep 28 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311201 of user rubyman.
Sep 28 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20752]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311201.
Sep 28 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session closed for user root
Sep 28 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16957]: pam_unix(cron:session): session closed for user root
Sep 28 23:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Invalid user nagios from 134.122.46.149
Sep 28 23:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: input_userauth_request: invalid user nagios [preauth]
Sep 28 23:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Failed password for invalid user nagios from 134.122.46.149 port 59124 ssh2
Sep 28 23:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Connection closed by 134.122.46.149 port 59124 [preauth]
Sep 28 23:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Invalid user yarn from 134.122.46.149
Sep 28 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: input_userauth_request: invalid user yarn [preauth]
Sep 28 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Failed password for root from 107.174.26.130 port 45904 ssh2
Sep 28 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Received disconnect from 107.174.26.130 port 45904:11: Bye Bye [preauth]
Sep 28 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Disconnected from 107.174.26.130 port 45904 [preauth]
Sep 28 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Failed password for invalid user yarn from 134.122.46.149 port 39280 ssh2
Sep 28 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Connection closed by 134.122.46.149 port 39280 [preauth]
Sep 28 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session closed for user root
Sep 28 23:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Invalid user cpc from 79.13.33.136
Sep 28 23:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: input_userauth_request: invalid user cpc [preauth]
Sep 28 23:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Failed password for invalid user cpc from 79.13.33.136 port 42178 ssh2
Sep 28 23:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Received disconnect from 79.13.33.136 port 42178:11: Bye Bye [preauth]
Sep 28 23:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Disconnected from 79.13.33.136 port 42178 [preauth]
Sep 28 23:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Invalid user mapr from 134.122.46.149
Sep 28 23:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: input_userauth_request: invalid user mapr [preauth]
Sep 28 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Failed password for invalid user mapr from 134.122.46.149 port 53892 ssh2
Sep 28 23:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Connection closed by 134.122.46.149 port 53892 [preauth]
Sep 28 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21167]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21165]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: Successful su for rubyman by root
Sep 28 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: + ??? root:rubyman
Sep 28 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311206 of user rubyman.
Sep 28 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311206.
Sep 28 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Failed password for root from 134.122.46.149 port 37364 ssh2
Sep 28 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21162]: Connection closed by 134.122.46.149 port 37364 [preauth]
Sep 28 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17517]: pam_unix(cron:session): session closed for user root
Sep 28 23:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: Invalid user ark from 134.122.46.149
Sep 28 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: input_userauth_request: invalid user ark [preauth]
Sep 28 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Invalid user mysftp from 190.108.60.101
Sep 28 23:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: input_userauth_request: invalid user mysftp [preauth]
Sep 28 23:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: Failed password for invalid user ark from 134.122.46.149 port 56172 ssh2
Sep 28 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21469]: Connection closed by 134.122.46.149 port 56172 [preauth]
Sep 28 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user mysftp from 190.108.60.101 port 59850 ssh2
Sep 28 23:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Received disconnect from 190.108.60.101 port 59850:11: Bye Bye [preauth]
Sep 28 23:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Disconnected from 190.108.60.101 port 59850 [preauth]
Sep 28 23:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Invalid user meta from 107.174.26.130
Sep 28 23:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: input_userauth_request: invalid user meta [preauth]
Sep 28 23:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Failed password for invalid user meta from 107.174.26.130 port 42894 ssh2
Sep 28 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Received disconnect from 107.174.26.130 port 42894:11: Bye Bye [preauth]
Sep 28 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Disconnected from 107.174.26.130 port 42894 [preauth]
Sep 28 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20188]: pam_unix(cron:session): session closed for user root
Sep 28 23:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Invalid user esuser from 134.122.46.149
Sep 28 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: input_userauth_request: invalid user esuser [preauth]
Sep 28 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Failed password for invalid user esuser from 134.122.46.149 port 48936 ssh2
Sep 28 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Connection closed by 134.122.46.149 port 48936 [preauth]
Sep 28 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: Invalid user wordpress from 134.122.46.149
Sep 28 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: Failed password for invalid user wordpress from 134.122.46.149 port 38686 ssh2
Sep 28 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21584]: Connection closed by 134.122.46.149 port 38686 [preauth]
Sep 28 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Invalid user azuracast from 79.13.33.136
Sep 28 23:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: input_userauth_request: invalid user azuracast [preauth]
Sep 28 23:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Failed password for invalid user azuracast from 79.13.33.136 port 37262 ssh2
Sep 28 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Received disconnect from 79.13.33.136 port 37262:11: Bye Bye [preauth]
Sep 28 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Disconnected from 79.13.33.136 port 37262 [preauth]
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session closed for user root
Sep 28 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21678]: Successful su for rubyman by root
Sep 28 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21678]: + ??? root:rubyman
Sep 28 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311211 of user rubyman.
Sep 28 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21678]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311211.
Sep 28 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Invalid user ethnode from 134.122.46.149
Sep 28 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: input_userauth_request: invalid user ethnode [preauth]
Sep 28 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
Sep 28 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Failed password for invalid user ethnode from 134.122.46.149 port 45020 ssh2
Sep 28 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Connection closed by 134.122.46.149 port 45020 [preauth]
Sep 28 23:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Invalid user lea from 107.174.26.130
Sep 28 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: input_userauth_request: invalid user lea [preauth]
Sep 28 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Failed password for invalid user lea from 107.174.26.130 port 39886 ssh2
Sep 28 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Received disconnect from 107.174.26.130 port 39886:11: Bye Bye [preauth]
Sep 28 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Disconnected from 107.174.26.130 port 39886 [preauth]
Sep 28 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Failed password for invalid user ubuntu from 134.122.46.149 port 41286 ssh2
Sep 28 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Connection closed by 134.122.46.149 port 41286 [preauth]
Sep 28 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
Sep 28 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Failed password for root from 134.122.46.149 port 60110 ssh2
Sep 28 23:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Connection closed by 134.122.46.149 port 60110 [preauth]
Sep 28 23:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Invalid user hoster from 190.108.60.101
Sep 28 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: input_userauth_request: invalid user hoster [preauth]
Sep 28 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Failed password for invalid user hoster from 190.108.60.101 port 57854 ssh2
Sep 28 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Received disconnect from 190.108.60.101 port 57854:11: Bye Bye [preauth]
Sep 28 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Disconnected from 190.108.60.101 port 57854 [preauth]
Sep 28 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Failed password for root from 134.122.46.149 port 56870 ssh2
Sep 28 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22054]: Connection closed by 134.122.46.149 port 56870 [preauth]
Sep 28 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22066]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22138]: Successful su for rubyman by root
Sep 28 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22138]: + ??? root:rubyman
Sep 28 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311215 of user rubyman.
Sep 28 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22138]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311215.
Sep 28 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
Sep 28 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22067]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Invalid user titu from 79.13.33.136
Sep 28 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: input_userauth_request: invalid user titu [preauth]
Sep 28 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Failed password for invalid user titu from 79.13.33.136 port 60576 ssh2
Sep 28 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Received disconnect from 79.13.33.136 port 60576:11: Bye Bye [preauth]
Sep 28 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Disconnected from 79.13.33.136 port 60576 [preauth]
Sep 28 23:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Invalid user minecraft from 134.122.46.149
Sep 28 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: input_userauth_request: invalid user minecraft [preauth]
Sep 28 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Failed password for invalid user minecraft from 134.122.46.149 port 41412 ssh2
Sep 28 23:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Connection closed by 134.122.46.149 port 41412 [preauth]
Sep 28 23:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Invalid user rescue from 107.174.26.130
Sep 28 23:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: input_userauth_request: invalid user rescue [preauth]
Sep 28 23:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Failed password for invalid user rescue from 107.174.26.130 port 36882 ssh2
Sep 28 23:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Received disconnect from 107.174.26.130 port 36882:11: Bye Bye [preauth]
Sep 28 23:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Disconnected from 107.174.26.130 port 36882 [preauth]
Sep 28 23:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: Invalid user elastic from 134.122.46.149
Sep 28 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: input_userauth_request: invalid user elastic [preauth]
Sep 28 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: Failed password for invalid user elastic from 134.122.46.149 port 45720 ssh2
Sep 28 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22417]: Connection closed by 134.122.46.149 port 45720 [preauth]
Sep 28 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session closed for user root
Sep 28 23:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: Failed password for root from 134.122.46.149 port 57516 ssh2
Sep 28 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22477]: Connection closed by 134.122.46.149 port 57516 [preauth]
Sep 28 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: Successful su for rubyman by root
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: + ??? root:rubyman
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311219 of user rubyman.
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311219.
Sep 28 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: Failed password for root from 134.122.46.149 port 56942 ssh2
Sep 28 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22519]: Connection closed by 134.122.46.149 port 56942 [preauth]
Sep 28 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user root
Sep 28 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Invalid user librenms from 190.108.60.101
Sep 28 23:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: input_userauth_request: invalid user librenms [preauth]
Sep 28 23:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Failed password for invalid user librenms from 190.108.60.101 port 55836 ssh2
Sep 28 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Received disconnect from 190.108.60.101 port 55836:11: Bye Bye [preauth]
Sep 28 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Disconnected from 190.108.60.101 port 55836 [preauth]
Sep 28 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Invalid user webuser from 134.122.46.149
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: input_userauth_request: invalid user webuser [preauth]
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Failed password for root from 107.174.26.130 port 33864 ssh2
Sep 28 23:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Failed password for invalid user webuser from 134.122.46.149 port 39438 ssh2
Sep 28 23:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Received disconnect from 107.174.26.130 port 33864:11: Bye Bye [preauth]
Sep 28 23:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Disconnected from 107.174.26.130 port 33864 [preauth]
Sep 28 23:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Connection closed by 134.122.46.149 port 39438 [preauth]
Sep 28 23:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Failed password for root from 79.13.33.136 port 55658 ssh2
Sep 28 23:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Received disconnect from 79.13.33.136 port 55658:11: Bye Bye [preauth]
Sep 28 23:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Disconnected from 79.13.33.136 port 55658 [preauth]
Sep 28 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Invalid user dovecot from 134.122.46.149
Sep 28 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: input_userauth_request: invalid user dovecot [preauth]
Sep 28 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session closed for user root
Sep 28 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Failed password for invalid user dovecot from 134.122.46.149 port 59942 ssh2
Sep 28 23:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Connection closed by 134.122.46.149 port 59942 [preauth]
Sep 28 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Invalid user webuser from 134.122.46.149
Sep 28 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: input_userauth_request: invalid user webuser [preauth]
Sep 28 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Failed password for invalid user webuser from 134.122.46.149 port 38024 ssh2
Sep 28 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Connection closed by 134.122.46.149 port 38024 [preauth]
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23251]: pam_unix(cron:session): session closed for user root
Sep 28 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: Successful su for rubyman by root
Sep 28 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: + ??? root:rubyman
Sep 28 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311224 of user rubyman.
Sep 28 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311224.
Sep 28 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session closed for user root
Sep 28 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session closed for user root
Sep 28 23:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: Invalid user gitlab-psql from 134.122.46.149
Sep 28 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: input_userauth_request: invalid user gitlab-psql [preauth]
Sep 28 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: Failed password for invalid user gitlab-psql from 134.122.46.149 port 46660 ssh2
Sep 28 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23786]: Connection closed by 134.122.46.149 port 46660 [preauth]
Sep 28 23:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Failed password for root from 107.174.26.130 port 59104 ssh2
Sep 28 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Received disconnect from 107.174.26.130 port 59104:11: Bye Bye [preauth]
Sep 28 23:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Disconnected from 107.174.26.130 port 59104 [preauth]
Sep 28 23:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: Invalid user steam from 134.122.46.149
Sep 28 23:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: Failed password for invalid user steam from 134.122.46.149 port 55570 ssh2
Sep 28 23:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: Connection closed by 134.122.46.149 port 55570 [preauth]
Sep 28 23:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: Invalid user install from 79.13.33.136
Sep 28 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: input_userauth_request: invalid user install [preauth]
Sep 28 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: Failed password for invalid user install from 79.13.33.136 port 50740 ssh2
Sep 28 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session closed for user root
Sep 28 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: Received disconnect from 79.13.33.136 port 50740:11: Bye Bye [preauth]
Sep 28 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23858]: Disconnected from 79.13.33.136 port 50740 [preauth]
Sep 28 23:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Invalid user lea from 190.108.60.101
Sep 28 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: input_userauth_request: invalid user lea [preauth]
Sep 28 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Failed password for invalid user lea from 190.108.60.101 port 53790 ssh2
Sep 28 23:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Received disconnect from 190.108.60.101 port 53790:11: Bye Bye [preauth]
Sep 28 23:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Disconnected from 190.108.60.101 port 53790 [preauth]
Sep 28 23:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Invalid user sol from 134.122.46.149
Sep 28 23:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: input_userauth_request: invalid user sol [preauth]
Sep 28 23:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Failed password for invalid user sol from 134.122.46.149 port 58542 ssh2
Sep 28 23:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Connection closed by 134.122.46.149 port 58542 [preauth]
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: Successful su for rubyman by root
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: + ??? root:rubyman
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311228 of user rubyman.
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24054]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311228.
Sep 28 23:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23965]: Failed password for root from 134.122.46.149 port 48368 ssh2
Sep 28 23:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23965]: Connection closed by 134.122.46.149 port 48368 [preauth]
Sep 28 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session closed for user root
Sep 28 23:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: Failed password for root from 107.174.26.130 port 56102 ssh2
Sep 28 23:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: Received disconnect from 107.174.26.130 port 56102:11: Bye Bye [preauth]
Sep 28 23:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: Disconnected from 107.174.26.130 port 56102 [preauth]
Sep 28 23:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Invalid user nginx from 134.122.46.149
Sep 28 23:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: input_userauth_request: invalid user nginx [preauth]
Sep 28 23:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Failed password for invalid user nginx from 134.122.46.149 port 55110 ssh2
Sep 28 23:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Connection closed by 134.122.46.149 port 55110 [preauth]
Sep 28 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session closed for user root
Sep 28 23:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Invalid user gmodserver from 134.122.46.149
Sep 28 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: input_userauth_request: invalid user gmodserver [preauth]
Sep 28 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Failed password for invalid user gmodserver from 134.122.46.149 port 56146 ssh2
Sep 28 23:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: Connection closed by 134.122.46.149 port 56146 [preauth]
Sep 28 23:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: Failed password for root from 79.13.33.136 port 45824 ssh2
Sep 28 23:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: Received disconnect from 79.13.33.136 port 45824:11: Bye Bye [preauth]
Sep 28 23:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: Disconnected from 79.13.33.136 port 45824 [preauth]
Sep 28 23:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Invalid user nagios from 134.122.46.149
Sep 28 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: input_userauth_request: invalid user nagios [preauth]
Sep 28 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Failed password for invalid user nagios from 134.122.46.149 port 46226 ssh2
Sep 28 23:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Connection closed by 134.122.46.149 port 46226 [preauth]
Sep 28 23:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24489]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24565]: Successful su for rubyman by root
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24565]: + ??? root:rubyman
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311232 of user rubyman.
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24565]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311232.
Sep 28 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Failed password for root from 190.108.60.101 port 51734 ssh2
Sep 28 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Received disconnect from 190.108.60.101 port 51734:11: Bye Bye [preauth]
Sep 28 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Disconnected from 190.108.60.101 port 51734 [preauth]
Sep 28 23:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21167]: pam_unix(cron:session): session closed for user root
Sep 28 23:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24490]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Invalid user www from 134.122.46.149
Sep 28 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: input_userauth_request: invalid user www [preauth]
Sep 28 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Failed password for invalid user www from 134.122.46.149 port 43298 ssh2
Sep 28 23:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Connection closed by 134.122.46.149 port 43298 [preauth]
Sep 28 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: Invalid user admin from 107.174.26.130
Sep 28 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: Failed password for invalid user admin from 107.174.26.130 port 53162 ssh2
Sep 28 23:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: Received disconnect from 107.174.26.130 port 53162:11: Bye Bye [preauth]
Sep 28 23:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24797]: Disconnected from 107.174.26.130 port 53162 [preauth]
Sep 28 23:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: Failed password for root from 134.122.46.149 port 42728 ssh2
Sep 28 23:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: Connection closed by 134.122.46.149 port 42728 [preauth]
Sep 28 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session closed for user root
Sep 28 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Invalid user admin from 134.122.46.149
Sep 28 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Failed password for invalid user admin from 134.122.46.149 port 38302 ssh2
Sep 28 23:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24941]: Connection closed by 134.122.46.149 port 38302 [preauth]
Sep 28 23:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25024]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: Successful su for rubyman by root
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: + ??? root:rubyman
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311236 of user rubyman.
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25086]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311236.
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Invalid user demo from 134.122.46.149
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: input_userauth_request: invalid user demo [preauth]
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Invalid user user from 79.13.33.136
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: input_userauth_request: invalid user user [preauth]
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Failed password for invalid user demo from 134.122.46.149 port 40522 ssh2
Sep 28 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Failed password for invalid user user from 79.13.33.136 port 40912 ssh2
Sep 28 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Connection closed by 134.122.46.149 port 40522 [preauth]
Sep 28 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Received disconnect from 79.13.33.136 port 40912:11: Bye Bye [preauth]
Sep 28 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Disconnected from 79.13.33.136 port 40912 [preauth]
Sep 28 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session closed for user root
Sep 28 23:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25022]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Invalid user sol from 134.122.46.149
Sep 28 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: input_userauth_request: invalid user sol [preauth]
Sep 28 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Failed password for invalid user sol from 134.122.46.149 port 54048 ssh2
Sep 28 23:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Connection closed by 134.122.46.149 port 54048 [preauth]
Sep 28 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Invalid user proxyuser from 190.108.60.101
Sep 28 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: input_userauth_request: invalid user proxyuser [preauth]
Sep 28 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for invalid user proxyuser from 190.108.60.101 port 49710 ssh2
Sep 28 23:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Received disconnect from 190.108.60.101 port 49710:11: Bye Bye [preauth]
Sep 28 23:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Disconnected from 190.108.60.101 port 49710 [preauth]
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Invalid user opc from 107.174.26.130
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: input_userauth_request: invalid user opc [preauth]
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session closed for user root
Sep 28 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Failed password for invalid user opc from 107.174.26.130 port 50188 ssh2
Sep 28 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Received disconnect from 107.174.26.130 port 50188:11: Bye Bye [preauth]
Sep 28 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Disconnected from 107.174.26.130 port 50188 [preauth]
Sep 28 23:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Invalid user mapr from 134.122.46.149
Sep 28 23:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: input_userauth_request: invalid user mapr [preauth]
Sep 28 23:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Failed password for invalid user mapr from 134.122.46.149 port 56122 ssh2
Sep 28 23:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Connection closed by 134.122.46.149 port 56122 [preauth]
Sep 28 23:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: Connection closed by 174.129.77.246 port 39350 [preauth]
Sep 28 23:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: Failed password for root from 134.122.46.149 port 39902 ssh2
Sep 28 23:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: Connection closed by 134.122.46.149 port 39902 [preauth]
Sep 28 23:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius17@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 28 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26035]: Successful su for rubyman by root
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26035]: + ??? root:rubyman
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311242 of user rubyman.
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26035]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311242.
Sep 28 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius17 rhost=::ffff:45.142.193.185
Sep 28 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22068]: pam_unix(cron:session): session closed for user root
Sep 28 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Invalid user yarn from 134.122.46.149
Sep 28 23:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: input_userauth_request: invalid user yarn [preauth]
Sep 28 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25948]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Failed password for invalid user yarn from 134.122.46.149 port 49664 ssh2
Sep 28 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Connection closed by 134.122.46.149 port 49664 [preauth]
Sep 28 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Failed password for root from 79.13.33.136 port 35996 ssh2
Sep 28 23:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Received disconnect from 79.13.33.136 port 35996:11: Bye Bye [preauth]
Sep 28 23:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Disconnected from 79.13.33.136 port 35996 [preauth]
Sep 28 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Failed password for root from 134.122.46.149 port 39664 ssh2
Sep 28 23:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Connection closed by 134.122.46.149 port 39664 [preauth]
Sep 28 23:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session closed for user root
Sep 28 23:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Invalid user rancher from 134.122.46.149
Sep 28 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: input_userauth_request: invalid user rancher [preauth]
Sep 28 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Invalid user librenms from 107.174.26.130
Sep 28 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: input_userauth_request: invalid user librenms [preauth]
Sep 28 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Failed password for invalid user rancher from 134.122.46.149 port 48028 ssh2
Sep 28 23:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Connection closed by 134.122.46.149 port 48028 [preauth]
Sep 28 23:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Failed password for invalid user librenms from 107.174.26.130 port 47190 ssh2
Sep 28 23:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Received disconnect from 107.174.26.130 port 47190:11: Bye Bye [preauth]
Sep 28 23:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Disconnected from 107.174.26.130 port 47190 [preauth]
Sep 28 23:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Invalid user elasticsearch from 134.122.46.149
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Failed password for invalid user elasticsearch from 134.122.46.149 port 60998 ssh2
Sep 28 23:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Connection closed by 134.122.46.149 port 60998 [preauth]
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Failed password for root from 190.108.60.101 port 47744 ssh2
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Received disconnect from 190.108.60.101 port 47744:11: Bye Bye [preauth]
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Disconnected from 190.108.60.101 port 47744 [preauth]
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user root
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26736]: Successful su for rubyman by root
Sep 28 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26736]: + ??? root:rubyman
Sep 28 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311248 of user rubyman.
Sep 28 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26736]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311248.
Sep 28 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session closed for user root
Sep 28 23:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session closed for user root
Sep 28 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Invalid user admin from 134.122.46.149
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Failed password for invalid user admin from 134.122.46.149 port 46132 ssh2
Sep 28 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Connection closed by 134.122.46.149 port 46132 [preauth]
Sep 28 23:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25024]: pam_unix(cron:session): session closed for user root
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Invalid user gmod from 134.122.46.149
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: input_userauth_request: invalid user gmod [preauth]
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Invalid user ubuntu from 79.13.33.136
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Failed password for invalid user ubuntu from 79.13.33.136 port 59316 ssh2
Sep 28 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Failed password for invalid user gmod from 134.122.46.149 port 50178 ssh2
Sep 28 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: Connection closed by 134.122.46.149 port 50178 [preauth]
Sep 28 23:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Received disconnect from 79.13.33.136 port 59316:11: Bye Bye [preauth]
Sep 28 23:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27208]: Disconnected from 79.13.33.136 port 59316 [preauth]
Sep 28 23:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: Invalid user proxyuser from 107.174.26.130
Sep 28 23:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: input_userauth_request: invalid user proxyuser [preauth]
Sep 28 23:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: Failed password for invalid user proxyuser from 107.174.26.130 port 44188 ssh2
Sep 28 23:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: Received disconnect from 107.174.26.130 port 44188:11: Bye Bye [preauth]
Sep 28 23:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27303]: Disconnected from 107.174.26.130 port 44188 [preauth]
Sep 28 23:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Failed password for root from 134.122.46.149 port 58294 ssh2
Sep 28 23:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Connection closed by 134.122.46.149 port 58294 [preauth]
Sep 28 23:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27364]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: Successful su for rubyman by root
Sep 28 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: + ??? root:rubyman
Sep 28 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311251 of user rubyman.
Sep 28 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27446]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311251.
Sep 28 23:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session closed for user root
Sep 28 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Invalid user steam from 134.122.46.149
Sep 28 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Failed password for invalid user steam from 134.122.46.149 port 57084 ssh2
Sep 28 23:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Connection closed by 134.122.46.149 port 57084 [preauth]
Sep 28 23:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Invalid user wang from 134.122.46.149
Sep 28 23:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: input_userauth_request: invalid user wang [preauth]
Sep 28 23:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:58.242.157.43
Sep 28 23:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Failed password for invalid user wang from 134.122.46.149 port 56410 ssh2
Sep 28 23:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Connection closed by 134.122.46.149 port 56410 [preauth]
Sep 28 23:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Failed password for root from 190.108.60.101 port 45756 ssh2
Sep 28 23:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Received disconnect from 190.108.60.101 port 45756:11: Bye Bye [preauth]
Sep 28 23:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Disconnected from 190.108.60.101 port 45756 [preauth]
Sep 28 23:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session closed for user root
Sep 28 23:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Invalid user gitlab-psql from 134.122.46.149
Sep 28 23:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: input_userauth_request: invalid user gitlab-psql [preauth]
Sep 28 23:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Failed password for invalid user gitlab-psql from 134.122.46.149 port 39806 ssh2
Sep 28 23:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Connection closed by 134.122.46.149 port 39806 [preauth]
Sep 28 23:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Invalid user fabien from 107.174.26.130
Sep 28 23:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: input_userauth_request: invalid user fabien [preauth]
Sep 28 23:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Failed password for invalid user fabien from 107.174.26.130 port 41198 ssh2
Sep 28 23:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Received disconnect from 107.174.26.130 port 41198:11: Bye Bye [preauth]
Sep 28 23:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Disconnected from 107.174.26.130 port 41198 [preauth]
Sep 28 23:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28074]: Failed password for root from 79.13.33.136 port 54398 ssh2
Sep 28 23:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28074]: Received disconnect from 79.13.33.136 port 54398:11: Bye Bye [preauth]
Sep 28 23:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28074]: Disconnected from 79.13.33.136 port 54398 [preauth]
Sep 28 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Failed password for root from 134.122.46.149 port 41480 ssh2
Sep 28 23:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Connection closed by 134.122.46.149 port 41480 [preauth]
Sep 28 23:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28210]: Successful su for rubyman by root
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28210]: + ??? root:rubyman
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311255 of user rubyman.
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28210]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311255.
Sep 28 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session closed for user root
Sep 28 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.137.255.140  user=root
Sep 28 23:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28285]: Failed password for root from 23.137.255.140 port 54298 ssh2
Sep 28 23:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28285]: Received disconnect from 23.137.255.140 port 54298:11: Bye Bye [preauth]
Sep 28 23:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28285]: Disconnected from 23.137.255.140 port 54298 [preauth]
Sep 28 23:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: Invalid user deploy from 134.122.46.149
Sep 28 23:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: input_userauth_request: invalid user deploy [preauth]
Sep 28 23:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: Failed password for invalid user deploy from 134.122.46.149 port 54228 ssh2
Sep 28 23:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: Connection closed by 134.122.46.149 port 54228 [preauth]
Sep 28 23:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: input_userauth_request: invalid user www-data [preauth]
Sep 28 23:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 23:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: Failed password for invalid user www-data from 134.122.46.149 port 58830 ssh2
Sep 28 23:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: Connection closed by 134.122.46.149 port 58830 [preauth]
Sep 28 23:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: Invalid user lighthouse from 134.122.46.149
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: Failed password for invalid user lighthouse from 134.122.46.149 port 52398 ssh2
Sep 28 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: Connection closed by 134.122.46.149 port 52398 [preauth]
Sep 28 23:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user root
Sep 28 23:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: Invalid user zookeeper from 134.122.46.149
Sep 28 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: input_userauth_request: invalid user zookeeper [preauth]
Sep 28 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: Failed password for invalid user zookeeper from 134.122.46.149 port 55662 ssh2
Sep 28 23:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: Connection closed by 134.122.46.149 port 55662 [preauth]
Sep 28 23:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Did not receive identification string from 196.251.69.141
Sep 28 23:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Invalid user fabien from 190.108.60.101
Sep 28 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: input_userauth_request: invalid user fabien [preauth]
Sep 28 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Invalid user n from 107.174.26.130
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: input_userauth_request: invalid user n [preauth]
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Failed password for invalid user fabien from 190.108.60.101 port 43734 ssh2
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Received disconnect from 190.108.60.101 port 43734:11: Bye Bye [preauth]
Sep 28 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Disconnected from 190.108.60.101 port 43734 [preauth]
Sep 28 23:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Failed password for invalid user n from 107.174.26.130 port 38194 ssh2
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Received disconnect from 107.174.26.130 port 38194:11: Bye Bye [preauth]
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28815]: Disconnected from 107.174.26.130 port 38194 [preauth]
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: Invalid user gf from 79.13.33.136
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: input_userauth_request: invalid user gf [preauth]
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: Failed password for invalid user gf from 79.13.33.136 port 49480 ssh2
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Invalid user cyberpanel from 134.122.46.149
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: Received disconnect from 79.13.33.136 port 49480:11: Bye Bye [preauth]
Sep 28 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28817]: Disconnected from 79.13.33.136 port 49480 [preauth]
Sep 28 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29001]: Successful su for rubyman by root
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29001]: + ??? root:rubyman
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311261 of user rubyman.
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29001]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311261.
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Failed password for invalid user cyberpanel from 134.122.46.149 port 51220 ssh2
Sep 28 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Connection closed by 134.122.46.149 port 51220 [preauth]
Sep 28 23:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session closed for user root
Sep 28 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Invalid user user from 134.122.46.149
Sep 28 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: input_userauth_request: invalid user user [preauth]
Sep 28 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Failed password for invalid user user from 134.122.46.149 port 49044 ssh2
Sep 28 23:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Connection closed by 134.122.46.149 port 49044 [preauth]
Sep 28 23:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Failed password for root from 134.122.46.149 port 54362 ssh2
Sep 28 23:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: Connection closed by 134.122.46.149 port 54362 [preauth]
Sep 28 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session closed for user root
Sep 28 23:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Failed password for root from 134.122.46.149 port 40340 ssh2
Sep 28 23:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Connection closed by 134.122.46.149 port 40340 [preauth]
Sep 28 23:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Invalid user ec2-user from 134.122.46.149
Sep 28 23:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: input_userauth_request: invalid user ec2-user [preauth]
Sep 28 23:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Failed password for invalid user ec2-user from 134.122.46.149 port 46696 ssh2
Sep 28 23:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29499]: Connection closed by 134.122.46.149 port 46696 [preauth]
Sep 28 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: Invalid user saeed from 107.174.26.130
Sep 28 23:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: input_userauth_request: invalid user saeed [preauth]
Sep 28 23:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: Successful su for rubyman by root
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: + ??? root:rubyman
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311262 of user rubyman.
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311262.
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: Failed password for invalid user saeed from 107.174.26.130 port 35192 ssh2
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: Received disconnect from 107.174.26.130 port 35192:11: Bye Bye [preauth]
Sep 28 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29536]: Disconnected from 107.174.26.130 port 35192 [preauth]
Sep 28 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session closed for user root
Sep 28 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: Failed password for root from 134.122.46.149 port 47346 ssh2
Sep 28 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: Connection closed by 134.122.46.149 port 47346 [preauth]
Sep 28 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29829]: Failed password for root from 79.13.33.136 port 44558 ssh2
Sep 28 23:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29829]: Received disconnect from 79.13.33.136 port 44558:11: Bye Bye [preauth]
Sep 28 23:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29829]: Disconnected from 79.13.33.136 port 44558 [preauth]
Sep 28 23:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Invalid user ampache from 134.122.46.149
Sep 28 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: input_userauth_request: invalid user ampache [preauth]
Sep 28 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Failed password for invalid user ampache from 134.122.46.149 port 38626 ssh2
Sep 28 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29904]: Connection closed by 134.122.46.149 port 38626 [preauth]
Sep 28 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Invalid user meta from 190.108.60.101
Sep 28 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: input_userauth_request: invalid user meta [preauth]
Sep 28 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Failed password for invalid user meta from 190.108.60.101 port 41740 ssh2
Sep 28 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Received disconnect from 190.108.60.101 port 41740:11: Bye Bye [preauth]
Sep 28 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Disconnected from 190.108.60.101 port 41740 [preauth]
Sep 28 23:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: Failed password for root from 196.251.69.141 port 37858 ssh2
Sep 28 23:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29937]: Connection closed by 196.251.69.141 port 37858 [preauth]
Sep 28 23:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Failed password for root from 134.122.46.149 port 40444 ssh2
Sep 28 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Connection closed by 134.122.46.149 port 40444 [preauth]
Sep 28 23:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session closed for user root
Sep 28 23:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Invalid user logstash from 134.122.46.149
Sep 28 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: input_userauth_request: invalid user logstash [preauth]
Sep 28 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Failed password for invalid user logstash from 134.122.46.149 port 45404 ssh2
Sep 28 23:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Connection closed by 134.122.46.149 port 45404 [preauth]
Sep 28 23:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Invalid user php from 134.122.46.149
Sep 28 23:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: input_userauth_request: invalid user php [preauth]
Sep 28 23:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Failed password for invalid user php from 134.122.46.149 port 33880 ssh2
Sep 28 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30138]: Connection closed by 134.122.46.149 port 33880 [preauth]
Sep 28 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30172]: pam_unix(cron:session): session closed for user root
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: Successful su for rubyman by root
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: + ??? root:rubyman
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311270 of user rubyman.
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30257]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311270.
Sep 28 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session closed for user root
Sep 28 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session closed for user root
Sep 28 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: Failed password for root from 107.174.26.130 port 60416 ssh2
Sep 28 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: Received disconnect from 107.174.26.130 port 60416:11: Bye Bye [preauth]
Sep 28 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: Disconnected from 107.174.26.130 port 60416 [preauth]
Sep 28 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Invalid user redis from 134.122.46.149
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: input_userauth_request: invalid user redis [preauth]
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Failed password for invalid user redis from 134.122.46.149 port 51672 ssh2
Sep 28 23:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Connection closed by 134.122.46.149 port 51672 [preauth]
Sep 28 23:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:58.242.157.43
Sep 28 23:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Failed password for root from 79.13.33.136 port 39642 ssh2
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Invalid user elasticsearch from 134.122.46.149
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Received disconnect from 79.13.33.136 port 39642:11: Bye Bye [preauth]
Sep 28 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Disconnected from 79.13.33.136 port 39642 [preauth]
Sep 28 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Failed password for invalid user elasticsearch from 134.122.46.149 port 37012 ssh2
Sep 28 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Connection closed by 134.122.46.149 port 37012 [preauth]
Sep 28 23:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session closed for user root
Sep 28 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Invalid user php from 134.122.46.149
Sep 28 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: input_userauth_request: invalid user php [preauth]
Sep 28 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Failed password for invalid user php from 134.122.46.149 port 45778 ssh2
Sep 28 23:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Connection closed by 134.122.46.149 port 45778 [preauth]
Sep 28 23:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Invalid user n from 190.108.60.101
Sep 28 23:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: input_userauth_request: invalid user n [preauth]
Sep 28 23:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Invalid user webshell from 134.122.46.149
Sep 28 23:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: input_userauth_request: invalid user webshell [preauth]
Sep 28 23:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user n from 190.108.60.101 port 39736 ssh2
Sep 28 23:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Received disconnect from 190.108.60.101 port 39736:11: Bye Bye [preauth]
Sep 28 23:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Disconnected from 190.108.60.101 port 39736 [preauth]
Sep 28 23:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Failed password for invalid user webshell from 134.122.46.149 port 47960 ssh2
Sep 28 23:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30858]: Connection closed by 134.122.46.149 port 47960 [preauth]
Sep 28 23:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Failed password for root from 196.251.69.141 port 44162 ssh2
Sep 28 23:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Connection closed by 196.251.69.141 port 44162 [preauth]
Sep 28 23:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30911]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30993]: Successful su for rubyman by root
Sep 28 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30993]: + ??? root:rubyman
Sep 28 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311273 of user rubyman.
Sep 28 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30993]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311273.
Sep 28 23:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30908]: Failed password for root from 134.122.46.149 port 59618 ssh2
Sep 28 23:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30908]: Connection closed by 134.122.46.149 port 59618 [preauth]
Sep 28 23:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30912]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user root
Sep 28 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Invalid user apt from 107.174.26.130
Sep 28 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: input_userauth_request: invalid user apt [preauth]
Sep 28 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Failed password for invalid user apt from 107.174.26.130 port 57412 ssh2
Sep 28 23:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Received disconnect from 107.174.26.130 port 57412:11: Bye Bye [preauth]
Sep 28 23:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Disconnected from 107.174.26.130 port 57412 [preauth]
Sep 28 23:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Failed password for root from 134.122.46.149 port 50150 ssh2
Sep 28 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Connection closed by 134.122.46.149 port 50150 [preauth]
Sep 28 23:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31316]: Failed password for root from 134.122.46.149 port 48136 ssh2
Sep 28 23:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31316]: Connection closed by 134.122.46.149 port 48136 [preauth]
Sep 28 23:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session closed for user root
Sep 28 23:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: Failed password for root from 79.13.33.136 port 34726 ssh2
Sep 28 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: Received disconnect from 79.13.33.136 port 34726:11: Bye Bye [preauth]
Sep 28 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31352]: Disconnected from 79.13.33.136 port 34726 [preauth]
Sep 28 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Invalid user ds from 134.122.46.149
Sep 28 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: input_userauth_request: invalid user ds [preauth]
Sep 28 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Failed password for invalid user ds from 134.122.46.149 port 58630 ssh2
Sep 28 23:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Connection closed by 134.122.46.149 port 58630 [preauth]
Sep 28 23:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: Invalid user web from 134.122.46.149
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: input_userauth_request: invalid user web [preauth]
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: Failed password for invalid user web from 134.122.46.149 port 38454 ssh2
Sep 28 23:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31472]: Connection closed by 134.122.46.149 port 38454 [preauth]
Sep 28 23:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31527]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31616]: Successful su for rubyman by root
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31616]: + ??? root:rubyman
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311278 of user rubyman.
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31616]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311278.
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: Invalid user oscar from 134.122.46.149
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: input_userauth_request: invalid user oscar [preauth]
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: Failed password for invalid user oscar from 134.122.46.149 port 38418 ssh2
Sep 28 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31638]: Connection closed by 134.122.46.149 port 38418 [preauth]
Sep 28 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27364]: pam_unix(cron:session): session closed for user root
Sep 28 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31528]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Invalid user admin from 190.108.60.101
Sep 28 23:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Failed password for invalid user admin from 190.108.60.101 port 37684 ssh2
Sep 28 23:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Received disconnect from 190.108.60.101 port 37684:11: Bye Bye [preauth]
Sep 28 23:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Disconnected from 190.108.60.101 port 37684 [preauth]
Sep 28 23:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: Failed password for root from 107.174.26.130 port 54416 ssh2
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: Received disconnect from 107.174.26.130 port 54416:11: Bye Bye [preauth]
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: Disconnected from 107.174.26.130 port 54416 [preauth]
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Invalid user caddy from 134.122.46.149
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: input_userauth_request: invalid user caddy [preauth]
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Failed password for invalid user caddy from 134.122.46.149 port 52316 ssh2
Sep 28 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Connection closed by 134.122.46.149 port 52316 [preauth]
Sep 28 23:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: User sys from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: input_userauth_request: invalid user sys [preauth]
Sep 28 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=sys
Sep 28 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Failed password for invalid user sys from 134.122.46.149 port 45436 ssh2
Sep 28 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Connection closed by 134.122.46.149 port 45436 [preauth]
Sep 28 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Failed password for root from 196.251.69.141 port 39638 ssh2
Sep 28 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31937]: Connection closed by 196.251.69.141 port 39638 [preauth]
Sep 28 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30171]: pam_unix(cron:session): session closed for user root
Sep 28 23:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32015]: Failed password for root from 134.122.46.149 port 51866 ssh2
Sep 28 23:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32015]: Connection closed by 134.122.46.149 port 51866 [preauth]
Sep 28 23:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user finance from 79.13.33.136
Sep 28 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user finance [preauth]
Sep 28 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user finance from 79.13.33.136 port 58040 ssh2
Sep 28 23:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Received disconnect from 79.13.33.136 port 58040:11: Bye Bye [preauth]
Sep 28 23:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Disconnected from 79.13.33.136 port 58040 [preauth]
Sep 28 23:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: Failed password for root from 134.122.46.149 port 45416 ssh2
Sep 28 23:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: Connection closed by 134.122.46.149 port 45416 [preauth]
Sep 28 23:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32113]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: Successful su for rubyman by root
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: + ??? root:rubyman
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311280 of user rubyman.
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32185]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311280.
Sep 28 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session closed for user root
Sep 28 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Failed password for invalid user ubuntu from 134.122.46.149 port 49460 ssh2
Sep 28 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Connection closed by 134.122.46.149 port 49460 [preauth]
Sep 28 23:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Failed password for root from 107.174.26.130 port 51416 ssh2
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Received disconnect from 107.174.26.130 port 51416:11: Bye Bye [preauth]
Sep 28 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Disconnected from 107.174.26.130 port 51416 [preauth]
Sep 28 23:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Failed password for invalid user ubuntu from 134.122.46.149 port 36104 ssh2
Sep 28 23:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Connection closed by 134.122.46.149 port 36104 [preauth]
Sep 28 23:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Invalid user satisfactory from 134.122.46.149
Sep 28 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Failed password for invalid user satisfactory from 134.122.46.149 port 38944 ssh2
Sep 28 23:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Connection closed by 134.122.46.149 port 38944 [preauth]
Sep 28 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30915]: pam_unix(cron:session): session closed for user root
Sep 28 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Failed password for root from 190.108.60.101 port 35640 ssh2
Sep 28 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Received disconnect from 190.108.60.101 port 35640:11: Bye Bye [preauth]
Sep 28 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Disconnected from 190.108.60.101 port 35640 [preauth]
Sep 28 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Invalid user vagrant from 134.122.46.149
Sep 28 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Failed password for invalid user vagrant from 134.122.46.149 port 60238 ssh2
Sep 28 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Connection closed by 134.122.46.149 port 60238 [preauth]
Sep 28 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Invalid user redis from 134.122.46.149
Sep 28 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: input_userauth_request: invalid user redis [preauth]
Sep 28 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Failed password for invalid user redis from 134.122.46.149 port 50612 ssh2
Sep 28 23:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32640]: Connection closed by 134.122.46.149 port 50612 [preauth]
Sep 28 23:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: Successful su for rubyman by root
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: + ??? root:rubyman
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311285 of user rubyman.
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311285.
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Failed password for root from 196.251.69.141 port 59654 ssh2
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Connection closed by 196.251.69.141 port 59654 [preauth]
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Invalid user denis from 79.13.33.136
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: input_userauth_request: invalid user denis [preauth]
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Invalid user terraria from 134.122.46.149
Sep 28 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: input_userauth_request: invalid user terraria [preauth]
Sep 28 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Failed password for invalid user denis from 79.13.33.136 port 53126 ssh2
Sep 28 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Received disconnect from 79.13.33.136 port 53126:11: Bye Bye [preauth]
Sep 28 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32710]: Disconnected from 79.13.33.136 port 53126 [preauth]
Sep 28 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Failed password for invalid user terraria from 134.122.46.149 port 48348 ssh2
Sep 28 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Connection closed by 134.122.46.149 port 48348 [preauth]
Sep 28 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session closed for user root
Sep 28 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:58.242.157.43
Sep 28 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: Failed password for invalid user ubuntu from 134.122.46.149 port 42736 ssh2
Sep 28 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: Connection closed by 134.122.46.149 port 42736 [preauth]
Sep 28 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Invalid user ads1 from 107.174.26.130
Sep 28 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: input_userauth_request: invalid user ads1 [preauth]
Sep 28 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Failed password for invalid user ads1 from 107.174.26.130 port 48402 ssh2
Sep 28 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Received disconnect from 107.174.26.130 port 48402:11: Bye Bye [preauth]
Sep 28 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[571]: Disconnected from 107.174.26.130 port 48402 [preauth]
Sep 28 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Failed password for root from 134.122.46.149 port 53126 ssh2
Sep 28 23:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Connection closed by 134.122.46.149 port 53126 [preauth]
Sep 28 23:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31532]: pam_unix(cron:session): session closed for user root
Sep 28 23:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: Invalid user nexus from 134.122.46.149
Sep 28 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: input_userauth_request: invalid user nexus [preauth]
Sep 28 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: Failed password for invalid user nexus from 134.122.46.149 port 48804 ssh2
Sep 28 23:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[676]: Connection closed by 134.122.46.149 port 48804 [preauth]
Sep 28 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Invalid user wordpress from 134.122.46.149
Sep 28 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Failed password for invalid user wordpress from 134.122.46.149 port 60186 ssh2
Sep 28 23:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Connection closed by 134.122.46.149 port 60186 [preauth]
Sep 28 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Invalid user registry from 134.122.46.149
Sep 28 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: input_userauth_request: invalid user registry [preauth]
Sep 28 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[798]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[797]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session closed for user root
Sep 28 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[918]: Successful su for rubyman by root
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[918]: + ??? root:rubyman
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311291 of user rubyman.
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[918]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311291.
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Failed password for invalid user registry from 134.122.46.149 port 43262 ssh2
Sep 28 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Connection closed by 134.122.46.149 port 43262 [preauth]
Sep 28 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Failed password for root from 190.108.60.101 port 33618 ssh2
Sep 28 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Received disconnect from 190.108.60.101 port 33618:11: Bye Bye [preauth]
Sep 28 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Disconnected from 190.108.60.101 port 33618 [preauth]
Sep 28 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[796]: pam_unix(cron:session): session closed for user root
Sep 28 23:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session closed for user root
Sep 28 23:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Failed password for root from 196.251.69.141 port 49286 ssh2
Sep 28 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Connection closed by 196.251.69.141 port 49286 [preauth]
Sep 28 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Invalid user steam from 134.122.46.149
Sep 28 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Failed password for invalid user steam from 134.122.46.149 port 36876 ssh2
Sep 28 23:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1224]: Connection closed by 134.122.46.149 port 36876 [preauth]
Sep 28 23:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Failed password for root from 79.13.33.136 port 48208 ssh2
Sep 28 23:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Received disconnect from 79.13.33.136 port 48208:11: Bye Bye [preauth]
Sep 28 23:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Disconnected from 79.13.33.136 port 48208 [preauth]
Sep 28 23:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: Invalid user titu from 107.174.26.130
Sep 28 23:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: input_userauth_request: invalid user titu [preauth]
Sep 28 23:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Invalid user guest from 134.122.46.149
Sep 28 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: input_userauth_request: invalid user guest [preauth]
Sep 28 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: Failed password for invalid user titu from 107.174.26.130 port 45402 ssh2
Sep 28 23:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: Received disconnect from 107.174.26.130 port 45402:11: Bye Bye [preauth]
Sep 28 23:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1291]: Disconnected from 107.174.26.130 port 45402 [preauth]
Sep 28 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Failed password for invalid user guest from 134.122.46.149 port 41090 ssh2
Sep 28 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Connection closed by 134.122.46.149 port 41090 [preauth]
Sep 28 23:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32113]: pam_unix(cron:session): session closed for user root
Sep 28 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Invalid user omsagent from 134.122.46.149
Sep 28 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: input_userauth_request: invalid user omsagent [preauth]
Sep 28 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Failed password for invalid user omsagent from 134.122.46.149 port 36844 ssh2
Sep 28 23:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: Connection closed by 134.122.46.149 port 36844 [preauth]
Sep 28 23:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Invalid user postgres from 134.122.46.149
Sep 28 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: input_userauth_request: invalid user postgres [preauth]
Sep 28 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Failed password for invalid user postgres from 134.122.46.149 port 57562 ssh2
Sep 28 23:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Connection closed by 134.122.46.149 port 57562 [preauth]
Sep 28 23:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: Invalid user vagrant from 134.122.46.149
Sep 28 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: input_userauth_request: invalid user vagrant [preauth]
Sep 28 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: Failed password for invalid user vagrant from 134.122.46.149 port 53686 ssh2
Sep 28 23:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: Connection closed by 134.122.46.149 port 53686 [preauth]
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1528]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: Successful su for rubyman by root
Sep 28 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: + ??? root:rubyman
Sep 28 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311295 of user rubyman.
Sep 28 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311295.
Sep 28 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session closed for user root
Sep 28 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1529]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Failed password for root from 196.251.69.141 port 37298 ssh2
Sep 28 23:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Connection closed by 196.251.69.141 port 37298 [preauth]
Sep 28 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Invalid user demo from 134.122.46.149
Sep 28 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: input_userauth_request: invalid user demo [preauth]
Sep 28 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Failed password for invalid user demo from 134.122.46.149 port 37800 ssh2
Sep 28 23:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Connection closed by 134.122.46.149 port 37800 [preauth]
Sep 28 23:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Invalid user steam from 134.122.46.149
Sep 28 23:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Failed password for invalid user steam from 134.122.46.149 port 45456 ssh2
Sep 28 23:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1899]: Connection closed by 134.122.46.149 port 45456 [preauth]
Sep 28 23:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: Invalid user billing from 79.13.33.136
Sep 28 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: input_userauth_request: invalid user billing [preauth]
Sep 28 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: Failed password for invalid user billing from 79.13.33.136 port 43288 ssh2
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: Received disconnect from 79.13.33.136 port 43288:11: Bye Bye [preauth]
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1936]: Disconnected from 79.13.33.136 port 43288 [preauth]
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Invalid user asuarez from 107.174.26.130
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: input_userauth_request: invalid user asuarez [preauth]
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Invalid user sd from 190.108.60.101
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: input_userauth_request: invalid user sd [preauth]
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Failed password for invalid user asuarez from 107.174.26.130 port 42392 ssh2
Sep 28 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Received disconnect from 107.174.26.130 port 42392:11: Bye Bye [preauth]
Sep 28 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Disconnected from 107.174.26.130 port 42392 [preauth]
Sep 28 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Failed password for invalid user sd from 190.108.60.101 port 59856 ssh2
Sep 28 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Received disconnect from 190.108.60.101 port 59856:11: Bye Bye [preauth]
Sep 28 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Disconnected from 190.108.60.101 port 59856 [preauth]
Sep 28 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Invalid user terraria from 134.122.46.149
Sep 28 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: input_userauth_request: invalid user terraria [preauth]
Sep 28 23:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32689]: pam_unix(cron:session): session closed for user root
Sep 28 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Failed password for invalid user terraria from 134.122.46.149 port 51740 ssh2
Sep 28 23:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Connection closed by 134.122.46.149 port 51740 [preauth]
Sep 28 23:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Invalid user testuser from 134.122.46.149
Sep 28 23:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: input_userauth_request: invalid user testuser [preauth]
Sep 28 23:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Failed password for invalid user testuser from 134.122.46.149 port 52858 ssh2
Sep 28 23:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Connection closed by 134.122.46.149 port 52858 [preauth]
Sep 28 23:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: Invalid user palworld from 134.122.46.149
Sep 28 23:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: input_userauth_request: invalid user palworld [preauth]
Sep 28 23:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: Failed password for invalid user palworld from 134.122.46.149 port 57932 ssh2
Sep 28 23:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2090]: Connection closed by 134.122.46.149 port 57932 [preauth]
Sep 28 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2113]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: Successful su for rubyman by root
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: + ??? root:rubyman
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311299 of user rubyman.
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2182]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311299.
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30914]: pam_unix(cron:session): session closed for user root
Sep 28 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2114]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Invalid user docker from 134.122.46.149
Sep 28 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: input_userauth_request: invalid user docker [preauth]
Sep 28 23:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Failed password for invalid user docker from 134.122.46.149 port 33988 ssh2
Sep 28 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: Connection closed by 134.122.46.149 port 33988 [preauth]
Sep 28 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Failed password for root from 196.251.69.141 port 52652 ssh2
Sep 28 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Connection closed by 196.251.69.141 port 52652 [preauth]
Sep 28 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: Invalid user huawei from 134.122.46.149
Sep 28 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: Failed password for invalid user huawei from 134.122.46.149 port 44158 ssh2
Sep 28 23:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2456]: Connection closed by 134.122.46.149 port 44158 [preauth]
Sep 28 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Invalid user samba from 134.122.46.149
Sep 28 23:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: input_userauth_request: invalid user samba [preauth]
Sep 28 23:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Failed password for invalid user samba from 134.122.46.149 port 47400 ssh2
Sep 28 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Connection closed by 134.122.46.149 port 47400 [preauth]
Sep 28 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[798]: pam_unix(cron:session): session closed for user root
Sep 28 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Failed password for invalid user ubuntu from 134.122.46.149 port 34718 ssh2
Sep 28 23:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2594]: Connection closed by 134.122.46.149 port 34718 [preauth]
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Failed password for root from 107.174.26.130 port 39400 ssh2
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Received disconnect from 107.174.26.130 port 39400:11: Bye Bye [preauth]
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2611]: Disconnected from 107.174.26.130 port 39400 [preauth]
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: Failed password for root from 79.13.33.136 port 38376 ssh2
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: Received disconnect from 79.13.33.136 port 38376:11: Bye Bye [preauth]
Sep 28 23:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2613]: Disconnected from 79.13.33.136 port 38376 [preauth]
Sep 28 23:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Invalid user arkserver from 134.122.46.149
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: input_userauth_request: invalid user arkserver [preauth]
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Failed password for invalid user arkserver from 134.122.46.149 port 40902 ssh2
Sep 28 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Connection closed by 134.122.46.149 port 40902 [preauth]
Sep 28 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: Invalid user asuarez from 190.108.60.101
Sep 28 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: input_userauth_request: invalid user asuarez [preauth]
Sep 28 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: Failed password for invalid user asuarez from 190.108.60.101 port 57862 ssh2
Sep 28 23:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: Received disconnect from 190.108.60.101 port 57862:11: Bye Bye [preauth]
Sep 28 23:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2655]: Disconnected from 190.108.60.101 port 57862 [preauth]
Sep 28 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2676]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2674]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: Successful su for rubyman by root
Sep 28 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: + ??? root:rubyman
Sep 28 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311303 of user rubyman.
Sep 28 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311303.
Sep 28 23:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31531]: pam_unix(cron:session): session closed for user root
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2675]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Failed password for invalid user ubuntu from 134.122.46.149 port 41110 ssh2
Sep 28 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Connection closed by 134.122.46.149 port 41110 [preauth]
Sep 28 23:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:58.242.157.43
Sep 28 23:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: Failed password for root from 196.251.69.141 port 38840 ssh2
Sep 28 23:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: Connection closed by 196.251.69.141 port 38840 [preauth]
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: Invalid user hadoop from 134.122.46.149
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: Failed password for invalid user hadoop from 134.122.46.149 port 36644 ssh2
Sep 28 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3006]: Connection closed by 134.122.46.149 port 36644 [preauth]
Sep 28 23:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Invalid user sftpuser from 134.122.46.149
Sep 28 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: input_userauth_request: invalid user sftpuser [preauth]
Sep 28 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user sftpuser from 134.122.46.149 port 47194 ssh2
Sep 28 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Connection closed by 134.122.46.149 port 47194 [preauth]
Sep 28 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1532]: pam_unix(cron:session): session closed for user root
Sep 28 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Invalid user fil from 134.122.46.149
Sep 28 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: input_userauth_request: invalid user fil [preauth]
Sep 28 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Failed password for invalid user fil from 134.122.46.149 port 52062 ssh2
Sep 28 23:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Connection closed by 134.122.46.149 port 52062 [preauth]
Sep 28 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Failed password for root from 107.174.26.130 port 36386 ssh2
Sep 28 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Received disconnect from 107.174.26.130 port 36386:11: Bye Bye [preauth]
Sep 28 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Disconnected from 107.174.26.130 port 36386 [preauth]
Sep 28 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Invalid user oscar from 134.122.46.149
Sep 28 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: input_userauth_request: invalid user oscar [preauth]
Sep 28 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Failed password for invalid user oscar from 134.122.46.149 port 59326 ssh2
Sep 28 23:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Connection closed by 134.122.46.149 port 59326 [preauth]
Sep 28 23:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3390]: Successful su for rubyman by root
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3390]: + ??? root:rubyman
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311308 of user rubyman.
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3390]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311308.
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Invalid user mariusz from 79.13.33.136
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: input_userauth_request: invalid user mariusz [preauth]
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session closed for user root
Sep 28 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user mariusz from 79.13.33.136 port 33462 ssh2
Sep 28 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Received disconnect from 79.13.33.136 port 33462:11: Bye Bye [preauth]
Sep 28 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Disconnected from 79.13.33.136 port 33462 [preauth]
Sep 28 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session closed for user root
Sep 28 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Failed password for root from 134.122.46.149 port 39746 ssh2
Sep 28 23:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Connection closed by 134.122.46.149 port 39746 [preauth]
Sep 28 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141  user=root
Sep 28 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Failed password for root from 196.251.69.141 port 52232 ssh2
Sep 28 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Connection closed by 196.251.69.141 port 52232 [preauth]
Sep 28 23:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Failed password for root from 134.122.46.149 port 51964 ssh2
Sep 28 23:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Connection closed by 134.122.46.149 port 51964 [preauth]
Sep 28 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Invalid user rescue from 190.108.60.101
Sep 28 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: input_userauth_request: invalid user rescue [preauth]
Sep 28 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Failed password for invalid user rescue from 190.108.60.101 port 55868 ssh2
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Received disconnect from 190.108.60.101 port 55868:11: Bye Bye [preauth]
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Disconnected from 190.108.60.101 port 55868 [preauth]
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Invalid user ethnode from 134.122.46.149
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: input_userauth_request: invalid user ethnode [preauth]
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Failed password for invalid user ethnode from 134.122.46.149 port 56666 ssh2
Sep 28 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Connection closed by 134.122.46.149 port 56666 [preauth]
Sep 28 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2116]: pam_unix(cron:session): session closed for user root
Sep 28 23:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3777]: Failed password for root from 134.122.46.149 port 56548 ssh2
Sep 28 23:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3777]: Connection closed by 134.122.46.149 port 56548 [preauth]
Sep 28 23:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: Invalid user elasticsearch from 134.122.46.149
Sep 28 23:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 28 23:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: Failed password for invalid user elasticsearch from 134.122.46.149 port 42534 ssh2
Sep 28 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3837]: Connection closed by 134.122.46.149 port 42534 [preauth]
Sep 28 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Invalid user hoster from 107.174.26.130
Sep 28 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: input_userauth_request: invalid user hoster [preauth]
Sep 28 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Failed password for invalid user hoster from 107.174.26.130 port 33376 ssh2
Sep 28 23:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Received disconnect from 107.174.26.130 port 33376:11: Bye Bye [preauth]
Sep 28 23:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Disconnected from 107.174.26.130 port 33376 [preauth]
Sep 28 23:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3886]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3885]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3884]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3883]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3886]: pam_unix(cron:session): session closed for user root
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3877]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3951]: Successful su for rubyman by root
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3951]: + ??? root:rubyman
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3951]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311313 of user rubyman.
Sep 28 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311313.
Sep 28 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3883]: pam_unix(cron:session): session closed for user root
Sep 28 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: Invalid user webadmin from 134.122.46.149
Sep 28 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: input_userauth_request: invalid user webadmin [preauth]
Sep 28 23:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32688]: pam_unix(cron:session): session closed for user root
Sep 28 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: Failed password for invalid user webadmin from 134.122.46.149 port 47780 ssh2
Sep 28 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: Connection closed by 134.122.46.149 port 47780 [preauth]
Sep 28 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3879]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Invalid user embedded from 79.13.33.136
Sep 28 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: input_userauth_request: invalid user embedded [preauth]
Sep 28 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Invalid user web from 134.122.46.149
Sep 28 23:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: input_userauth_request: invalid user web [preauth]
Sep 28 23:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Invalid user admin from 196.251.69.141
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Failed password for invalid user embedded from 79.13.33.136 port 56778 ssh2
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Received disconnect from 79.13.33.136 port 56778:11: Bye Bye [preauth]
Sep 28 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Disconnected from 79.13.33.136 port 56778 [preauth]
Sep 28 23:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Failed password for invalid user web from 134.122.46.149 port 45976 ssh2
Sep 28 23:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Connection closed by 134.122.46.149 port 45976 [preauth]
Sep 28 23:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Failed password for invalid user admin from 196.251.69.141 port 37338 ssh2
Sep 28 23:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4259]: Connection closed by 196.251.69.141 port 37338 [preauth]
Sep 28 23:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: Invalid user admin from 134.122.46.149
Sep 28 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: Failed password for invalid user admin from 134.122.46.149 port 52372 ssh2
Sep 28 23:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4317]: Connection closed by 134.122.46.149 port 52372 [preauth]
Sep 28 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2677]: pam_unix(cron:session): session closed for user root
Sep 28 23:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Invalid user lighthouse from 134.122.46.149
Sep 28 23:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: input_userauth_request: invalid user lighthouse [preauth]
Sep 28 23:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Failed password for invalid user lighthouse from 134.122.46.149 port 53394 ssh2
Sep 28 23:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Connection closed by 134.122.46.149 port 53394 [preauth]
Sep 28 23:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: Failed password for root from 134.122.46.149 port 60886 ssh2
Sep 28 23:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4438]: Connection closed by 134.122.46.149 port 60886 [preauth]
Sep 28 23:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: Invalid user titu from 190.108.60.101
Sep 28 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: input_userauth_request: invalid user titu [preauth]
Sep 28 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: Failed password for invalid user titu from 190.108.60.101 port 53872 ssh2
Sep 28 23:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: Received disconnect from 190.108.60.101 port 53872:11: Bye Bye [preauth]
Sep 28 23:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4457]: Disconnected from 190.108.60.101 port 53872 [preauth]
Sep 28 23:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Invalid user sd from 107.174.26.130
Sep 28 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: input_userauth_request: invalid user sd [preauth]
Sep 28 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Failed password for invalid user sd from 107.174.26.130 port 58598 ssh2
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Received disconnect from 107.174.26.130 port 58598:11: Bye Bye [preauth]
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Disconnected from 107.174.26.130 port 58598 [preauth]
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4483]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4553]: Successful su for rubyman by root
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4553]: + ??? root:rubyman
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311318 of user rubyman.
Sep 28 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4553]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311318.
Sep 28 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: Failed password for root from 134.122.46.149 port 34246 ssh2
Sep 28 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4616]: Connection closed by 134.122.46.149 port 34246 [preauth]
Sep 28 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[797]: pam_unix(cron:session): session closed for user root
Sep 28 23:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: Failed password for root from 134.122.46.149 port 59626 ssh2
Sep 28 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4822]: Connection closed by 134.122.46.149 port 59626 [preauth]
Sep 28 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: Invalid user admin from 196.251.69.141
Sep 28 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: Failed password for invalid user admin from 196.251.69.141 port 49414 ssh2
Sep 28 23:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4838]: Connection closed by 196.251.69.141 port 49414 [preauth]
Sep 28 23:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Invalid user kodi from 134.122.46.149
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: input_userauth_request: invalid user kodi [preauth]
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Invalid user remote from 79.13.33.136
Sep 28 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: input_userauth_request: invalid user remote [preauth]
Sep 28 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Failed password for invalid user kodi from 134.122.46.149 port 54752 ssh2
Sep 28 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Connection closed by 134.122.46.149 port 54752 [preauth]
Sep 28 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Failed password for invalid user remote from 79.13.33.136 port 51860 ssh2
Sep 28 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Received disconnect from 79.13.33.136 port 51860:11: Bye Bye [preauth]
Sep 28 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4873]: Disconnected from 79.13.33.136 port 51860 [preauth]
Sep 28 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3223]: pam_unix(cron:session): session closed for user root
Sep 28 23:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Invalid user steam from 134.122.46.149
Sep 28 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Failed password for invalid user steam from 134.122.46.149 port 49908 ssh2
Sep 28 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4957]: Connection closed by 134.122.46.149 port 49908 [preauth]
Sep 28 23:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: Failed password for invalid user ubuntu from 134.122.46.149 port 43750 ssh2
Sep 28 23:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5015]: Connection closed by 134.122.46.149 port 43750 [preauth]
Sep 28 23:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: Invalid user apache from 134.122.46.149
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: input_userauth_request: invalid user apache [preauth]
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Invalid user mysftp from 107.174.26.130
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: input_userauth_request: invalid user mysftp [preauth]
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: Successful su for rubyman by root
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: + ??? root:rubyman
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311321 of user rubyman.
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5143]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311321.
Sep 28 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: Failed password for invalid user apache from 134.122.46.149 port 41828 ssh2
Sep 28 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: Connection closed by 134.122.46.149 port 41828 [preauth]
Sep 28 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Failed password for invalid user mysftp from 107.174.26.130 port 55588 ssh2
Sep 28 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Received disconnect from 107.174.26.130 port 55588:11: Bye Bye [preauth]
Sep 28 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Disconnected from 107.174.26.130 port 55588 [preauth]
Sep 28 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1531]: pam_unix(cron:session): session closed for user root
Sep 28 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Sep 28 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:58.242.157.43  user=root
Sep 28 23:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Invalid user node from 134.122.46.149
Sep 28 23:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: input_userauth_request: invalid user node [preauth]
Sep 28 23:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user node from 134.122.46.149 port 37794 ssh2
Sep 28 23:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Connection closed by 134.122.46.149 port 37794 [preauth]
Sep 28 23:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Invalid user test from 190.108.60.101
Sep 28 23:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: input_userauth_request: invalid user test [preauth]
Sep 28 23:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Failed password for invalid user test from 190.108.60.101 port 51840 ssh2
Sep 28 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Received disconnect from 190.108.60.101 port 51840:11: Bye Bye [preauth]
Sep 28 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Disconnected from 190.108.60.101 port 51840 [preauth]
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Invalid user NBIUser from 134.122.46.149
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: input_userauth_request: invalid user NBIUser [preauth]
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Failed password for invalid user NBIUser from 134.122.46.149 port 43586 ssh2
Sep 28 23:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 134.122.46.149 port 43586 [preauth]
Sep 28 23:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Invalid user admin from 196.251.69.141
Sep 28 23:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Failed password for invalid user admin from 196.251.69.141 port 59626 ssh2
Sep 28 23:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Connection closed by 196.251.69.141 port 59626 [preauth]
Sep 28 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3885]: pam_unix(cron:session): session closed for user root
Sep 28 23:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Failed password for root from 134.122.46.149 port 33268 ssh2
Sep 28 23:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Connection closed by 134.122.46.149 port 33268 [preauth]
Sep 28 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Invalid user server from 79.13.33.136
Sep 28 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: input_userauth_request: invalid user server [preauth]
Sep 28 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Failed password for invalid user server from 79.13.33.136 port 46942 ssh2
Sep 28 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Received disconnect from 79.13.33.136 port 46942:11: Bye Bye [preauth]
Sep 28 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Disconnected from 79.13.33.136 port 46942 [preauth]
Sep 28 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Invalid user tom from 134.122.46.149
Sep 28 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: input_userauth_request: invalid user tom [preauth]
Sep 28 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Failed password for invalid user tom from 134.122.46.149 port 49998 ssh2
Sep 28 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Connection closed by 134.122.46.149 port 49998 [preauth]
Sep 28 23:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Invalid user tomcat from 134.122.46.149
Sep 28 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: input_userauth_request: invalid user tomcat [preauth]
Sep 28 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Failed password for invalid user tomcat from 134.122.46.149 port 44118 ssh2
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5710]: Connection closed by 134.122.46.149 port 44118 [preauth]
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5719]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5796]: Successful su for rubyman by root
Sep 28 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5796]: + ??? root:rubyman
Sep 28 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311326 of user rubyman.
Sep 28 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5796]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311326.
Sep 28 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2115]: pam_unix(cron:session): session closed for user root
Sep 28 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5720]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Invalid user node from 134.122.46.149
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: input_userauth_request: invalid user node [preauth]
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Failed password for invalid user node from 134.122.46.149 port 55580 ssh2
Sep 28 23:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Connection closed by 134.122.46.149 port 55580 [preauth]
Sep 28 23:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for root from 107.174.26.130 port 52582 ssh2
Sep 28 23:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Received disconnect from 107.174.26.130 port 52582:11: Bye Bye [preauth]
Sep 28 23:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Disconnected from 107.174.26.130 port 52582 [preauth]
Sep 28 23:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Invalid user admin from 139.19.117.131
Sep 28 23:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Failed password for root from 134.122.46.149 port 45846 ssh2
Sep 28 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6095]: Connection closed by 134.122.46.149 port 45846 [preauth]
Sep 28 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Connection closed by 139.19.117.131 port 57058 [preauth]
Sep 28 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session closed for user root
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Invalid user centos from 134.122.46.149
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: input_userauth_request: invalid user centos [preauth]
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Failed password for invalid user centos from 134.122.46.149 port 43846 ssh2
Sep 28 23:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Connection closed by 134.122.46.149 port 43846 [preauth]
Sep 28 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Invalid user esuser from 134.122.46.149
Sep 28 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: input_userauth_request: invalid user esuser [preauth]
Sep 28 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Failed password for invalid user esuser from 134.122.46.149 port 48484 ssh2
Sep 28 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Connection closed by 134.122.46.149 port 48484 [preauth]
Sep 28 23:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Invalid user apt from 190.108.60.101
Sep 28 23:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: input_userauth_request: invalid user apt [preauth]
Sep 28 23:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Failed password for invalid user apt from 190.108.60.101 port 49852 ssh2
Sep 28 23:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Received disconnect from 190.108.60.101 port 49852:11: Bye Bye [preauth]
Sep 28 23:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Disconnected from 190.108.60.101 port 49852 [preauth]
Sep 28 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Invalid user centos from 134.122.46.149
Sep 28 23:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: input_userauth_request: invalid user centos [preauth]
Sep 28 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Failed password for root from 79.13.33.136 port 42028 ssh2
Sep 28 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Received disconnect from 79.13.33.136 port 42028:11: Bye Bye [preauth]
Sep 28 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Disconnected from 79.13.33.136 port 42028 [preauth]
Sep 28 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Invalid user admin from 196.251.69.141
Sep 28 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Failed password for invalid user centos from 134.122.46.149 port 45320 ssh2
Sep 28 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Connection closed by 134.122.46.149 port 45320 [preauth]
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: Successful su for rubyman by root
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: + ??? root:rubyman
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311329 of user rubyman.
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311329.
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Failed password for invalid user admin from 196.251.69.141 port 39724 ssh2
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Connection closed by 196.251.69.141 port 39724 [preauth]
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2676]: pam_unix(cron:session): session closed for user root
Sep 28 23:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Invalid user zookeeper from 134.122.46.149
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: input_userauth_request: invalid user zookeeper [preauth]
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Failed password for invalid user zookeeper from 134.122.46.149 port 53484 ssh2
Sep 28 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Connection closed by 134.122.46.149 port 53484 [preauth]
Sep 28 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: User john from 107.174.26.130 not allowed because not listed in AllowUsers
Sep 28 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: input_userauth_request: invalid user john [preauth]
Sep 28 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=john
Sep 28 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: Failed password for invalid user john from 107.174.26.130 port 49566 ssh2
Sep 28 23:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: Received disconnect from 107.174.26.130 port 49566:11: Bye Bye [preauth]
Sep 28 23:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: Disconnected from 107.174.26.130 port 49566 [preauth]
Sep 28 23:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: Failed password for root from 134.122.46.149 port 51064 ssh2
Sep 28 23:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: Connection closed by 134.122.46.149 port 51064 [preauth]
Sep 28 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Invalid user centos from 134.122.46.149
Sep 28 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: input_userauth_request: invalid user centos [preauth]
Sep 28 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session closed for user root
Sep 28 23:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Failed password for invalid user centos from 134.122.46.149 port 35054 ssh2
Sep 28 23:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6822]: Connection closed by 134.122.46.149 port 35054 [preauth]
Sep 28 23:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Failed password for root from 134.122.46.149 port 43136 ssh2
Sep 28 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Connection closed by 134.122.46.149 port 43136 [preauth]
Sep 28 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Invalid user gbase from 134.122.46.149
Sep 28 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: input_userauth_request: invalid user gbase [preauth]
Sep 28 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Failed password for invalid user gbase from 134.122.46.149 port 56980 ssh2
Sep 28 23:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Connection closed by 134.122.46.149 port 56980 [preauth]
Sep 28 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: Invalid user admin from 196.251.69.141
Sep 28 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6980]: pam_unix(cron:session): session closed for user root
Sep 28 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6975]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: Failed password for invalid user admin from 196.251.69.141 port 43840 ssh2
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7062]: Successful su for rubyman by root
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7062]: + ??? root:rubyman
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311335 of user rubyman.
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7062]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311335.
Sep 28 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6965]: Connection closed by 196.251.69.141 port 43840 [preauth]
Sep 28 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session closed for user root
Sep 28 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3222]: pam_unix(cron:session): session closed for user root
Sep 28 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Invalid user vpsuser from 79.13.33.136
Sep 28 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: input_userauth_request: invalid user vpsuser [preauth]
Sep 28 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Failed password for invalid user vpsuser from 79.13.33.136 port 37110 ssh2
Sep 28 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Received disconnect from 79.13.33.136 port 37110:11: Bye Bye [preauth]
Sep 28 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Disconnected from 79.13.33.136 port 37110 [preauth]
Sep 28 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6976]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Failed password for invalid user ubuntu from 134.122.46.149 port 55006 ssh2
Sep 28 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Connection closed by 134.122.46.149 port 55006 [preauth]
Sep 28 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Invalid user jj from 190.108.60.101
Sep 28 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: input_userauth_request: invalid user jj [preauth]
Sep 28 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Failed password for invalid user jj from 190.108.60.101 port 47800 ssh2
Sep 28 23:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Received disconnect from 190.108.60.101 port 47800:11: Bye Bye [preauth]
Sep 28 23:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Disconnected from 190.108.60.101 port 47800 [preauth]
Sep 28 23:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.26.130  user=root
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Invalid user git from 134.122.46.149
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: input_userauth_request: invalid user git [preauth]
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Failed password for root from 107.174.26.130 port 46566 ssh2
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Received disconnect from 107.174.26.130 port 46566:11: Bye Bye [preauth]
Sep 28 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Disconnected from 107.174.26.130 port 46566 [preauth]
Sep 28 23:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Failed password for invalid user git from 134.122.46.149 port 46322 ssh2
Sep 28 23:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Connection closed by 134.122.46.149 port 46322 [preauth]
Sep 28 23:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7518]: Failed password for root from 134.122.46.149 port 39564 ssh2
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: Invalid user testtest from 46.101.170.54
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: input_userauth_request: invalid user testtest [preauth]
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7518]: Connection closed by 134.122.46.149 port 39564 [preauth]
Sep 28 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session closed for user root
Sep 28 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: Failed password for invalid user testtest from 46.101.170.54 port 35692 ssh2
Sep 28 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7530]: Connection closed by 46.101.170.54 port 35692 [preauth]
Sep 28 23:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: Invalid user virtualbox from 134.122.46.149
Sep 28 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: input_userauth_request: invalid user virtualbox [preauth]
Sep 28 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: Failed password for invalid user virtualbox from 134.122.46.149 port 60374 ssh2
Sep 28 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7608]: Connection closed by 134.122.46.149 port 60374 [preauth]
Sep 28 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: Invalid user admin from 196.251.69.141
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: Invalid user worker from 134.122.46.149
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: input_userauth_request: invalid user worker [preauth]
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: Failed password for invalid user worker from 134.122.46.149 port 50366 ssh2
Sep 28 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: Connection closed by 134.122.46.149 port 50366 [preauth]
Sep 28 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: Failed password for invalid user admin from 196.251.69.141 port 38522 ssh2
Sep 28 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: Connection closed by 196.251.69.141 port 38522 [preauth]
Sep 28 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7690]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7683]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: Successful su for rubyman by root
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: + ??? root:rubyman
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311340 of user rubyman.
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7767]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311340.
Sep 28 23:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3884]: pam_unix(cron:session): session closed for user root
Sep 28 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:58.242.157.43
Sep 28 23:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7684]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: Failed password for root from 134.122.46.149 port 56172 ssh2
Sep 28 23:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: Connection closed by 134.122.46.149 port 56172 [preauth]
Sep 28 23:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136  user=root
Sep 28 23:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Failed password for root from 79.13.33.136 port 60422 ssh2
Sep 28 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Received disconnect from 79.13.33.136 port 60422:11: Bye Bye [preauth]
Sep 28 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Disconnected from 79.13.33.136 port 60422 [preauth]
Sep 28 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Invalid user cassandra from 134.122.46.149
Sep 28 23:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: input_userauth_request: invalid user cassandra [preauth]
Sep 28 23:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Failed password for invalid user cassandra from 134.122.46.149 port 60860 ssh2
Sep 28 23:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Connection closed by 134.122.46.149 port 60860 [preauth]
Sep 28 23:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Invalid user www from 134.122.46.149
Sep 28 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: input_userauth_request: invalid user www [preauth]
Sep 28 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Failed password for invalid user www from 134.122.46.149 port 56552 ssh2
Sep 28 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Connection closed by 134.122.46.149 port 56552 [preauth]
Sep 28 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session closed for user root
Sep 28 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: User john from 190.108.60.101 not allowed because not listed in AllowUsers
Sep 28 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: input_userauth_request: invalid user john [preauth]
Sep 28 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=john
Sep 28 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Failed password for invalid user john from 190.108.60.101 port 45760 ssh2
Sep 28 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Received disconnect from 190.108.60.101 port 45760:11: Bye Bye [preauth]
Sep 28 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Disconnected from 190.108.60.101 port 45760 [preauth]
Sep 28 23:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Invalid user jack from 134.122.46.149
Sep 28 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: input_userauth_request: invalid user jack [preauth]
Sep 28 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Failed password for invalid user jack from 134.122.46.149 port 40160 ssh2
Sep 28 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Connection closed by 134.122.46.149 port 40160 [preauth]
Sep 28 23:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Invalid user admin from 196.251.69.141
Sep 28 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Failed password for invalid user admin from 196.251.69.141 port 59476 ssh2
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Connection closed by 196.251.69.141 port 59476 [preauth]
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: Invalid user wordpress from 134.122.46.149
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: input_userauth_request: invalid user wordpress [preauth]
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: Failed password for invalid user wordpress from 134.122.46.149 port 45954 ssh2
Sep 28 23:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8304]: Connection closed by 134.122.46.149 port 45954 [preauth]
Sep 28 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8333]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8416]: Successful su for rubyman by root
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8416]: + ??? root:rubyman
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311344 of user rubyman.
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8416]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311344.
Sep 28 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session closed for user root
Sep 28 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: User sys from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: input_userauth_request: invalid user sys [preauth]
Sep 28 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=sys
Sep 28 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Failed password for invalid user sys from 134.122.46.149 port 35590 ssh2
Sep 28 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Connection closed by 134.122.46.149 port 35590 [preauth]
Sep 28 23:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Invalid user jupyter from 134.122.46.149
Sep 28 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: input_userauth_request: invalid user jupyter [preauth]
Sep 28 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Failed password for invalid user jupyter from 134.122.46.149 port 58162 ssh2
Sep 28 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Connection closed by 134.122.46.149 port 58162 [preauth]
Sep 28 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Invalid user developer from 79.13.33.136
Sep 28 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: input_userauth_request: invalid user developer [preauth]
Sep 28 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Invalid user git from 134.122.46.149
Sep 28 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: input_userauth_request: invalid user git [preauth]
Sep 28 23:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for invalid user developer from 79.13.33.136 port 55504 ssh2
Sep 28 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Received disconnect from 79.13.33.136 port 55504:11: Bye Bye [preauth]
Sep 28 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Disconnected from 79.13.33.136 port 55504 [preauth]
Sep 28 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Failed password for invalid user git from 134.122.46.149 port 37166 ssh2
Sep 28 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Connection closed by 134.122.46.149 port 37166 [preauth]
Sep 28 23:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session closed for user root
Sep 28 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Invalid user steam from 134.122.46.149
Sep 28 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user steam from 134.122.46.149 port 54848 ssh2
Sep 28 23:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Connection closed by 134.122.46.149 port 54848 [preauth]
Sep 28 23:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Invalid user admin from 196.251.69.141
Sep 28 23:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Failed password for invalid user admin from 196.251.69.141 port 51398 ssh2
Sep 28 23:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Connection closed by 196.251.69.141 port 51398 [preauth]
Sep 28 23:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Invalid user grafana from 134.122.46.149
Sep 28 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: input_userauth_request: invalid user grafana [preauth]
Sep 28 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Failed password for invalid user grafana from 134.122.46.149 port 53412 ssh2
Sep 28 23:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8997]: Connection closed by 134.122.46.149 port 53412 [preauth]
Sep 28 23:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9036]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9109]: Successful su for rubyman by root
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9109]: + ??? root:rubyman
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311349 of user rubyman.
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9109]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311349.
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Failed password for root from 190.108.60.101 port 43704 ssh2
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Received disconnect from 190.108.60.101 port 43704:11: Bye Bye [preauth]
Sep 28 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Disconnected from 190.108.60.101 port 43704 [preauth]
Sep 28 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: Invalid user huawei from 134.122.46.149
Sep 28 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session closed for user root
Sep 28 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: Failed password for invalid user huawei from 134.122.46.149 port 48276 ssh2
Sep 28 23:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: Connection closed by 134.122.46.149 port 48276 [preauth]
Sep 28 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: Invalid user plex from 134.122.46.149
Sep 28 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: input_userauth_request: invalid user plex [preauth]
Sep 28 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: Failed password for invalid user plex from 134.122.46.149 port 36238 ssh2
Sep 28 23:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9481]: Connection closed by 134.122.46.149 port 36238 [preauth]
Sep 28 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Failed password for root from 134.122.46.149 port 36358 ssh2
Sep 28 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Connection closed by 134.122.46.149 port 36358 [preauth]
Sep 28 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7690]: pam_unix(cron:session): session closed for user root
Sep 28 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Invalid user admin from 196.251.69.141
Sep 28 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: input_userauth_request: invalid user admin [preauth]
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Invalid user grid from 79.13.33.136
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: input_userauth_request: invalid user grid [preauth]
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Failed password for root from 134.122.46.149 port 42656 ssh2
Sep 28 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Connection closed by 134.122.46.149 port 42656 [preauth]
Sep 28 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Failed password for invalid user admin from 196.251.69.141 port 41850 ssh2
Sep 28 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Connection closed by 196.251.69.141 port 41850 [preauth]
Sep 28 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Failed password for invalid user grid from 79.13.33.136 port 50588 ssh2
Sep 28 23:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Received disconnect from 79.13.33.136 port 50588:11: Bye Bye [preauth]
Sep 28 23:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Disconnected from 79.13.33.136 port 50588 [preauth]
Sep 28 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: User uucp from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: input_userauth_request: invalid user uucp [preauth]
Sep 28 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=uucp
Sep 28 23:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Failed password for invalid user uucp from 134.122.46.149 port 38216 ssh2
Sep 28 23:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Connection closed by 134.122.46.149 port 38216 [preauth]
Sep 28 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9895]: Successful su for rubyman by root
Sep 28 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9895]: + ??? root:rubyman
Sep 28 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311354 of user rubyman.
Sep 28 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9895]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311354.
Sep 28 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session closed for user root
Sep 28 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Failed password for root from 134.122.46.149 port 37082 ssh2
Sep 28 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Connection closed by 134.122.46.149 port 37082 [preauth]
Sep 28 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 36102 ssh2
Sep 28 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Connection closed by 134.122.46.149 port 36102 [preauth]
Sep 28 23:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Invalid user ads1 from 190.108.60.101
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: input_userauth_request: invalid user ads1 [preauth]
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: Invalid user www from 134.122.46.149
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: input_userauth_request: invalid user www [preauth]
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Failed password for invalid user ads1 from 190.108.60.101 port 41666 ssh2
Sep 28 23:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: Failed password for invalid user www from 134.122.46.149 port 33572 ssh2
Sep 28 23:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Received disconnect from 190.108.60.101 port 41666:11: Bye Bye [preauth]
Sep 28 23:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Disconnected from 190.108.60.101 port 41666 [preauth]
Sep 28 23:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10223]: Connection closed by 134.122.46.149 port 33572 [preauth]
Sep 28 23:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8333]: pam_unix(cron:session): session closed for user root
Sep 28 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Invalid user test from 196.251.69.141
Sep 28 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: input_userauth_request: invalid user test [preauth]
Sep 28 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Invalid user amandabackup from 134.122.46.149
Sep 28 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: input_userauth_request: invalid user amandabackup [preauth]
Sep 28 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Failed password for invalid user test from 196.251.69.141 port 60282 ssh2
Sep 28 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Connection closed by 196.251.69.141 port 60282 [preauth]
Sep 28 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Failed password for invalid user amandabackup from 134.122.46.149 port 42406 ssh2
Sep 28 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Connection closed by 134.122.46.149 port 42406 [preauth]
Sep 28 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 23:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 44390 ssh2
Sep 28 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Connection closed by 134.122.46.149 port 44390 [preauth]
Sep 28 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user root
Sep 28 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Invalid user blog from 79.13.33.136
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: input_userauth_request: invalid user blog [preauth]
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.13.33.136
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10500]: Successful su for rubyman by root
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10500]: + ??? root:rubyman
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311355 of user rubyman.
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10500]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311355.
Sep 28 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: Failed password for root from 134.122.46.149 port 59452 ssh2
Sep 28 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10414]: Connection closed by 134.122.46.149 port 59452 [preauth]
Sep 28 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:58.242.157.43
Sep 28 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Failed password for invalid user blog from 79.13.33.136 port 45674 ssh2
Sep 28 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Received disconnect from 79.13.33.136 port 45674:11: Bye Bye [preauth]
Sep 28 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Disconnected from 79.13.33.136 port 45674 [preauth]
Sep 28 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session closed for user root
Sep 28 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session closed for user root
Sep 28 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10418]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Failed password for root from 134.122.46.149 port 49552 ssh2
Sep 28 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Connection closed by 134.122.46.149 port 49552 [preauth]
Sep 28 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: Invalid user sol from 134.122.46.149
Sep 28 23:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: input_userauth_request: invalid user sol [preauth]
Sep 28 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: Failed password for invalid user sol from 134.122.46.149 port 46756 ssh2
Sep 28 23:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10817]: Connection closed by 134.122.46.149 port 46756 [preauth]
Sep 28 23:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: Invalid user test from 196.251.69.141
Sep 28 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: input_userauth_request: invalid user test [preauth]
Sep 28 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: Failed password for invalid user test from 196.251.69.141 port 50422 ssh2
Sep 28 23:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10849]: Connection closed by 196.251.69.141 port 50422 [preauth]
Sep 28 23:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session closed for user root
Sep 28 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Invalid user factorio from 134.122.46.149
Sep 28 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: input_userauth_request: invalid user factorio [preauth]
Sep 28 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for invalid user factorio from 134.122.46.149 port 33092 ssh2
Sep 28 23:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Connection closed by 134.122.46.149 port 33092 [preauth]
Sep 28 23:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Invalid user factorio from 134.122.46.149
Sep 28 23:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: input_userauth_request: invalid user factorio [preauth]
Sep 28 23:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for invalid user factorio from 134.122.46.149 port 38590 ssh2
Sep 28 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Connection closed by 134.122.46.149 port 38590 [preauth]
Sep 28 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: Failed password for root from 190.108.60.101 port 39648 ssh2
Sep 28 23:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: Received disconnect from 190.108.60.101 port 39648:11: Bye Bye [preauth]
Sep 28 23:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10979]: Disconnected from 190.108.60.101 port 39648 [preauth]
Sep 28 23:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Invalid user sol from 134.122.46.149
Sep 28 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: input_userauth_request: invalid user sol [preauth]
Sep 28 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Failed password for invalid user sol from 134.122.46.149 port 42034 ssh2
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11030]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Connection closed by 134.122.46.149 port 42034 [preauth]
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: Successful su for rubyman by root
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: + ??? root:rubyman
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311361 of user rubyman.
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311361.
Sep 28 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.30.240  user=root
Sep 28 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Failed password for root from 101.126.30.240 port 34266 ssh2
Sep 28 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Received disconnect from 101.126.30.240 port 34266:11: Bye Bye [preauth]
Sep 28 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Disconnected from 101.126.30.240 port 34266 [preauth]
Sep 28 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session closed for user root
Sep 28 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Invalid user opc from 134.122.46.149
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: input_userauth_request: invalid user opc [preauth]
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Failed password for invalid user opc from 134.122.46.149 port 49670 ssh2
Sep 28 23:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Connection closed by 134.122.46.149 port 49670 [preauth]
Sep 28 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Invalid user docker from 134.122.46.149
Sep 28 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: input_userauth_request: invalid user docker [preauth]
Sep 28 23:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Invalid user test from 196.251.69.141
Sep 28 23:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: input_userauth_request: invalid user test [preauth]
Sep 28 23:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Failed password for invalid user docker from 134.122.46.149 port 59066 ssh2
Sep 28 23:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Connection closed by 134.122.46.149 port 59066 [preauth]
Sep 28 23:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Failed password for invalid user test from 196.251.69.141 port 39450 ssh2
Sep 28 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Connection closed by 196.251.69.141 port 39450 [preauth]
Sep 28 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9826]: pam_unix(cron:session): session closed for user root
Sep 28 23:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Failed password for invalid user ubuntu from 134.122.46.149 port 52720 ssh2
Sep 28 23:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11447]: Connection closed by 134.122.46.149 port 52720 [preauth]
Sep 28 23:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: input_userauth_request: invalid user www-data [preauth]
Sep 28 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: Failed password for invalid user www-data from 134.122.46.149 port 55858 ssh2
Sep 28 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11511]: Connection closed by 134.122.46.149 port 55858 [preauth]
Sep 28 23:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: Invalid user oracle from 134.122.46.149
Sep 28 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: input_userauth_request: invalid user oracle [preauth]
Sep 28 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: Failed password for invalid user oracle from 134.122.46.149 port 38606 ssh2
Sep 28 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11549]: Connection closed by 134.122.46.149 port 38606 [preauth]
Sep 28 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: Successful su for rubyman by root
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: + ??? root:rubyman
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311366 of user rubyman.
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311366.
Sep 28 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session closed for user root
Sep 28 23:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Invalid user rclone from 134.122.46.149
Sep 28 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: input_userauth_request: invalid user rclone [preauth]
Sep 28 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for invalid user rclone from 134.122.46.149 port 51402 ssh2
Sep 28 23:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 134.122.46.149 port 51402 [preauth]
Sep 28 23:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Invalid user test from 196.251.69.141
Sep 28 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: input_userauth_request: invalid user test [preauth]
Sep 28 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for invalid user test from 196.251.69.141 port 55588 ssh2
Sep 28 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Connection closed by 196.251.69.141 port 55588 [preauth]
Sep 28 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Invalid user saeed from 190.108.60.101
Sep 28 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: input_userauth_request: invalid user saeed [preauth]
Sep 28 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Invalid user dolphinscheduler from 134.122.46.149
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Failed password for invalid user saeed from 190.108.60.101 port 37628 ssh2
Sep 28 23:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Received disconnect from 190.108.60.101 port 37628:11: Bye Bye [preauth]
Sep 28 23:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11999]: Disconnected from 190.108.60.101 port 37628 [preauth]
Sep 28 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 49880 ssh2
Sep 28 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Connection closed by 134.122.46.149 port 49880 [preauth]
Sep 28 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Invalid user testuser from 134.122.46.149
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: input_userauth_request: invalid user testuser [preauth]
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Failed password for invalid user testuser from 134.122.46.149 port 40338 ssh2
Sep 28 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Connection closed by 134.122.46.149 port 40338 [preauth]
Sep 28 23:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user root
Sep 28 23:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Invalid user es from 134.122.46.149
Sep 28 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: input_userauth_request: invalid user es [preauth]
Sep 28 23:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Failed password for invalid user es from 134.122.46.149 port 59772 ssh2
Sep 28 23:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Connection closed by 134.122.46.149 port 59772 [preauth]
Sep 28 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Invalid user satisfactory from 134.122.46.149
Sep 28 23:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: input_userauth_request: invalid user satisfactory [preauth]
Sep 28 23:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Failed password for invalid user satisfactory from 134.122.46.149 port 59172 ssh2
Sep 28 23:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Connection closed by 134.122.46.149 port 59172 [preauth]
Sep 28 23:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12288]: Successful su for rubyman by root
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12288]: + ??? root:rubyman
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311371 of user rubyman.
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12288]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311371.
Sep 28 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session closed for user root
Sep 28 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Invalid user goeth from 134.122.46.149
Sep 28 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: input_userauth_request: invalid user goeth [preauth]
Sep 28 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12218]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Invalid user test from 196.251.69.141
Sep 28 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: input_userauth_request: invalid user test [preauth]
Sep 28 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Failed password for invalid user goeth from 134.122.46.149 port 43352 ssh2
Sep 28 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12491]: Connection closed by 134.122.46.149 port 43352 [preauth]
Sep 28 23:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Failed password for invalid user test from 196.251.69.141 port 42632 ssh2
Sep 28 23:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12495]: Connection closed by 196.251.69.141 port 42632 [preauth]
Sep 28 23:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Invalid user dev from 134.122.46.149
Sep 28 23:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: input_userauth_request: invalid user dev [preauth]
Sep 28 23:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Failed password for invalid user dev from 134.122.46.149 port 49770 ssh2
Sep 28 23:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Connection closed by 134.122.46.149 port 49770 [preauth]
Sep 28 23:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: Invalid user steam from 134.122.46.149
Sep 28 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: input_userauth_request: invalid user steam [preauth]
Sep 28 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: Failed password for invalid user steam from 134.122.46.149 port 44126 ssh2
Sep 28 23:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: Connection closed by 134.122.46.149 port 44126 [preauth]
Sep 28 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11030]: pam_unix(cron:session): session closed for user root
Sep 28 23:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: Invalid user huawei from 134.122.46.149
Sep 28 23:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: input_userauth_request: invalid user huawei [preauth]
Sep 28 23:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: Failed password for invalid user huawei from 134.122.46.149 port 58886 ssh2
Sep 28 23:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12697]: Connection closed by 134.122.46.149 port 58886 [preauth]
Sep 28 23:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: Invalid user ads1 from 190.108.60.101
Sep 28 23:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: input_userauth_request: invalid user ads1 [preauth]
Sep 28 23:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: Failed password for invalid user ads1 from 190.108.60.101 port 35618 ssh2
Sep 28 23:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: Received disconnect from 190.108.60.101 port 35618:11: Bye Bye [preauth]
Sep 28 23:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: Disconnected from 190.108.60.101 port 35618 [preauth]
Sep 28 23:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Invalid user elk from 134.122.46.149
Sep 28 23:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: input_userauth_request: invalid user elk [preauth]
Sep 28 23:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Failed password for invalid user elk from 134.122.46.149 port 47148 ssh2
Sep 28 23:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12758]: Connection closed by 134.122.46.149 port 47148 [preauth]
Sep 28 23:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: Successful su for rubyman by root
Sep 28 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: + ??? root:rubyman
Sep 28 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311374 of user rubyman.
Sep 28 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311374.
Sep 28 23:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:58.242.157.43
Sep 28 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Invalid user flussonic from 134.122.46.149
Sep 28 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: input_userauth_request: invalid user flussonic [preauth]
Sep 28 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session closed for user root
Sep 28 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Invalid user test from 196.251.69.141
Sep 28 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: input_userauth_request: invalid user test [preauth]
Sep 28 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Failed password for invalid user flussonic from 134.122.46.149 port 36808 ssh2
Sep 28 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Connection closed by 134.122.46.149 port 36808 [preauth]
Sep 28 23:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Failed password for invalid user test from 196.251.69.141 port 57380 ssh2
Sep 28 23:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Connection closed by 196.251.69.141 port 57380 [preauth]
Sep 28 23:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: Invalid user mongodb from 134.122.46.149
Sep 28 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: input_userauth_request: invalid user mongodb [preauth]
Sep 28 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: Failed password for invalid user mongodb from 134.122.46.149 port 37352 ssh2
Sep 28 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13140]: Connection closed by 134.122.46.149 port 37352 [preauth]
Sep 28 23:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Invalid user emby from 134.122.46.149
Sep 28 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: input_userauth_request: invalid user emby [preauth]
Sep 28 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Failed password for invalid user emby from 134.122.46.149 port 38310 ssh2
Sep 28 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Connection closed by 134.122.46.149 port 38310 [preauth]
Sep 28 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user root
Sep 28 23:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: Invalid user jack from 134.122.46.149
Sep 28 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: input_userauth_request: invalid user jack [preauth]
Sep 28 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: Failed password for invalid user jack from 134.122.46.149 port 59552 ssh2
Sep 28 23:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13263]: Connection closed by 134.122.46.149 port 59552 [preauth]
Sep 28 23:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Invalid user ozankoyuk from 134.122.46.149
Sep 28 23:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: input_userauth_request: invalid user ozankoyuk [preauth]
Sep 28 23:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Failed password for invalid user ozankoyuk from 134.122.46.149 port 54294 ssh2
Sep 28 23:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Connection closed by 134.122.46.149 port 54294 [preauth]
Sep 28 23:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: Invalid user test from 196.251.69.141
Sep 28 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: input_userauth_request: invalid user test [preauth]
Sep 28 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: Failed password for invalid user test from 196.251.69.141 port 42922 ssh2
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: Connection closed by 196.251.69.141 port 42922 [preauth]
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13376]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13377]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session closed for user root
Sep 28 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13455]: Successful su for rubyman by root
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13455]: + ??? root:rubyman
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311380 of user rubyman.
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13455]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311380.
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Invalid user airflow from 134.122.46.149
Sep 28 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: input_userauth_request: invalid user airflow [preauth]
Sep 28 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13375]: pam_unix(cron:session): session closed for user root
Sep 28 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Failed password for invalid user airflow from 134.122.46.149 port 53462 ssh2
Sep 28 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Connection closed by 134.122.46.149 port 53462 [preauth]
Sep 28 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9825]: pam_unix(cron:session): session closed for user root
Sep 28 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13691]: Failed password for root from 190.108.60.101 port 33614 ssh2
Sep 28 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13691]: Received disconnect from 190.108.60.101 port 33614:11: Bye Bye [preauth]
Sep 28 23:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13691]: Disconnected from 190.108.60.101 port 33614 [preauth]
Sep 28 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Failed password for root from 134.122.46.149 port 45656 ssh2
Sep 28 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13710]: Connection closed by 134.122.46.149 port 45656 [preauth]
Sep 28 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: Invalid user hikvision from 134.122.46.149
Sep 28 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: input_userauth_request: invalid user hikvision [preauth]
Sep 28 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: Failed password for invalid user hikvision from 134.122.46.149 port 48044 ssh2
Sep 28 23:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: Connection closed by 134.122.46.149 port 48044 [preauth]
Sep 28 23:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12223]: pam_unix(cron:session): session closed for user root
Sep 28 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Invalid user cassandra from 134.122.46.149
Sep 28 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: input_userauth_request: invalid user cassandra [preauth]
Sep 28 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Failed password for invalid user cassandra from 134.122.46.149 port 38056 ssh2
Sep 28 23:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Connection closed by 134.122.46.149 port 38056 [preauth]
Sep 28 23:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Invalid user nvidia from 134.122.46.149
Sep 28 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: input_userauth_request: invalid user nvidia [preauth]
Sep 28 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Failed password for invalid user nvidia from 134.122.46.149 port 52206 ssh2
Sep 28 23:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Connection closed by 134.122.46.149 port 52206 [preauth]
Sep 28 23:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Invalid user test from 196.251.69.141
Sep 28 23:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: input_userauth_request: invalid user test [preauth]
Sep 28 23:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Failed password for invalid user test from 196.251.69.141 port 55882 ssh2
Sep 28 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Connection closed by 196.251.69.141 port 55882 [preauth]
Sep 28 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13959]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: Successful su for rubyman by root
Sep 28 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: + ??? root:rubyman
Sep 28 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311384 of user rubyman.
Sep 28 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14032]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311384.
Sep 28 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Failed password for root from 134.122.46.149 port 50518 ssh2
Sep 28 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Connection closed by 134.122.46.149 port 50518 [preauth]
Sep 28 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session closed for user root
Sep 28 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Invalid user demo from 134.122.46.149
Sep 28 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: input_userauth_request: invalid user demo [preauth]
Sep 28 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Failed password for invalid user demo from 134.122.46.149 port 40550 ssh2
Sep 28 23:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14345]: Connection closed by 134.122.46.149 port 40550 [preauth]
Sep 28 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Invalid user jellyfin from 134.122.46.149
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: input_userauth_request: invalid user jellyfin [preauth]
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user jellyfin from 134.122.46.149 port 55656 ssh2
Sep 28 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Connection closed by 134.122.46.149 port 55656 [preauth]
Sep 28 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: Invalid user plex from 134.122.46.149
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: input_userauth_request: invalid user plex [preauth]
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: Failed password for invalid user plex from 134.122.46.149 port 45394 ssh2
Sep 28 23:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: Connection closed by 134.122.46.149 port 45394 [preauth]
Sep 28 23:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101  user=root
Sep 28 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Failed password for root from 190.108.60.101 port 59868 ssh2
Sep 28 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Received disconnect from 190.108.60.101 port 59868:11: Bye Bye [preauth]
Sep 28 23:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Disconnected from 190.108.60.101 port 59868 [preauth]
Sep 28 23:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Invalid user test from 196.251.69.141
Sep 28 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: input_userauth_request: invalid user test [preauth]
Sep 28 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Failed password for invalid user test from 196.251.69.141 port 40450 ssh2
Sep 28 23:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Connection closed by 196.251.69.141 port 40450 [preauth]
Sep 28 23:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Failed password for root from 134.122.46.149 port 36310 ssh2
Sep 28 23:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Connection closed by 134.122.46.149 port 36310 [preauth]
Sep 28 23:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Invalid user es from 134.122.46.149
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: input_userauth_request: invalid user es [preauth]
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14586]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: Successful su for rubyman by root
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: + ??? root:rubyman
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311390 of user rubyman.
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14650]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311390.
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Failed password for invalid user es from 134.122.46.149 port 51090 ssh2
Sep 28 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Connection closed by 134.122.46.149 port 51090 [preauth]
Sep 28 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11026]: pam_unix(cron:session): session closed for user root
Sep 28 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14587]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: Invalid user nexus from 134.122.46.149
Sep 28 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: input_userauth_request: invalid user nexus [preauth]
Sep 28 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: Failed password for invalid user nexus from 134.122.46.149 port 50424 ssh2
Sep 28 23:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14870]: Connection closed by 134.122.46.149 port 50424 [preauth]
Sep 28 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Invalid user es from 134.122.46.149
Sep 28 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: input_userauth_request: invalid user es [preauth]
Sep 28 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Failed password for invalid user es from 134.122.46.149 port 50316 ssh2
Sep 28 23:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Connection closed by 134.122.46.149 port 50316 [preauth]
Sep 28 23:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13377]: pam_unix(cron:session): session closed for user root
Sep 28 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 28 23:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Failed password for root from 134.122.46.149 port 59912 ssh2
Sep 28 23:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Connection closed by 134.122.46.149 port 59912 [preauth]
Sep 28 23:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: Invalid user user from 196.251.69.141
Sep 28 23:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: input_userauth_request: invalid user user [preauth]
Sep 28 23:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: Failed password for invalid user user from 196.251.69.141 port 52536 ssh2
Sep 28 23:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: Connection closed by 196.251.69.141 port 52536 [preauth]
Sep 28 23:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Invalid user johnliao from 164.68.105.9
Sep 28 23:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: input_userauth_request: invalid user johnliao [preauth]
Sep 28 23:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 28 23:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Failed password for invalid user johnliao from 164.68.105.9 port 45338 ssh2
Sep 28 23:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Connection closed by 164.68.105.9 port 45338 [preauth]
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: Invalid user leo1 from 134.122.46.149
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: input_userauth_request: invalid user leo1 [preauth]
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: Failed password for invalid user leo1 from 134.122.46.149 port 49662 ssh2
Sep 28 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15066]: Connection closed by 134.122.46.149 port 49662 [preauth]
Sep 28 23:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Invalid user hadoop from 134.122.46.149
Sep 28 23:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: input_userauth_request: invalid user hadoop [preauth]
Sep 28 23:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Failed password for invalid user hadoop from 134.122.46.149 port 49786 ssh2
Sep 28 23:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15117]: Connection closed by 134.122.46.149 port 49786 [preauth]
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: Successful su for rubyman by root
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: + ??? root:rubyman
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311392 of user rubyman.
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311392.
Sep 28 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session closed for user root
Sep 28 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 28 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:58.242.157.43
Sep 28 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Invalid user opc from 190.108.60.101
Sep 28 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: input_userauth_request: invalid user opc [preauth]
Sep 28 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.60.101
Sep 28 23:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Failed password for invalid user opc from 190.108.60.101 port 57816 ssh2
Sep 28 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Received disconnect from 190.108.60.101 port 57816:11: Bye Bye [preauth]
Sep 28 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Disconnected from 190.108.60.101 port 57816 [preauth]
Sep 28 23:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Invalid user centos from 134.122.46.149
Sep 28 23:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: input_userauth_request: invalid user centos [preauth]
Sep 28 23:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Failed password for invalid user centos from 134.122.46.149 port 50318 ssh2
Sep 28 23:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Connection closed by 134.122.46.149 port 50318 [preauth]
Sep 28 23:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: Invalid user gitlab from 134.122.46.149
Sep 28 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: input_userauth_request: invalid user gitlab [preauth]
Sep 28 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: Failed password for invalid user gitlab from 134.122.46.149 port 46936 ssh2
Sep 28 23:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: Connection closed by 134.122.46.149 port 46936 [preauth]
Sep 28 23:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Invalid user user from 196.251.69.141
Sep 28 23:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: input_userauth_request: invalid user user [preauth]
Sep 28 23:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Failed password for invalid user user from 196.251.69.141 port 36316 ssh2
Sep 28 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Connection closed by 196.251.69.141 port 36316 [preauth]
Sep 28 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: User www-data from 134.122.46.149 not allowed because not listed in AllowUsers
Sep 28 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: input_userauth_request: invalid user www-data [preauth]
Sep 28 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=www-data
Sep 28 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user root
Sep 28 23:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Failed password for invalid user www-data from 134.122.46.149 port 41498 ssh2
Sep 28 23:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Connection closed by 134.122.46.149 port 41498 [preauth]
Sep 28 23:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp]
Sep 28 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: Invalid user jupyter from 134.122.46.149
Sep 28 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: input_userauth_request: invalid user jupyter [preauth]
Sep 28 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: Failed password for invalid user jupyter from 134.122.46.149 port 46462 ssh2
Sep 28 23:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: Connection closed by 134.122.46.149 port 46462 [preauth]
Sep 28 23:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp]
Sep 28 23:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Invalid user terraria from 134.122.46.149
Sep 28 23:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: input_userauth_request: invalid user terraria [preauth]
Sep 28 23:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Failed password for invalid user terraria from 134.122.46.149 port 50288 ssh2
Sep 28 23:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Connection closed by 134.122.46.149 port 50288 [preauth]
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15674]: pam_unix(cron:session): session closed for user p13x
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: Successful su for rubyman by root
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: + ??? root:rubyman
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311397 of user rubyman.
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: pam_unix(su:session): session closed for user rubyman
Sep 28 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311397.
Sep 28 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session closed for user root
Sep 28 23:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session closed for user samftp
Sep 28 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Invalid user ds from 134.122.46.149
Sep 28 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: input_userauth_request: invalid user ds [preauth]
Sep 28 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Failed password for invalid user ds from 134.122.46.149 port 36700 ssh2
Sep 28 23:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Connection closed by 134.122.46.149 port 36700 [preauth]
Sep 28 23:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp]
Sep 28 23:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Invalid user ubuntu from 134.122.46.149
Sep 28 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: input_userauth_request: invalid user ubuntu [preauth]
Sep 28 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Invalid user user from 196.251.69.141
Sep 28 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: input_userauth_request: invalid user user [preauth]
Sep 28 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Failed password for invalid user ubuntu from 134.122.46.149 port 43848 ssh2
Sep 28 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 28 23:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Connection closed by 134.122.46.149 port 43848 [preauth]
Sep 28 23:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Failed password for invalid user user from 196.251.69.141 port 47670 ssh2
Sep 28 23:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Connection closed by 196.251.69.141 port 47670 [preauth]
Sep 28 23:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Invalid user postgres from 134.122.46.149
Sep 28 23:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: input_userauth_request: invalid user postgres [preauth]
Sep 28 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session closed for user root
Sep 28 23:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for invalid user postgres from 134.122.46.149 port 37514 ssh2
Sep 28 23:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Connection closed by 134.122.46.149 port 37514 [preauth]
Sep 28 23:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp]
Sep 28 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Invalid user openvpn from 134.122.46.149
Sep 28 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: input_userauth_request: invalid user openvpn [preauth]
Sep 28 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Failed password for invalid user openvpn from 134.122.46.149 port 48626 ssh2
Sep 28 23:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Connection closed by 134.122.46.149 port 48626 [preauth]
Sep 28 23:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 28 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Invalid user jack from 134.122.46.149
Sep 28 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: input_userauth_request: invalid user jack [preauth]
Sep 28 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): check pass; user unknown
Sep 28 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 28 23:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 28 23:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Failed password for invalid user jack from 134.122.46.149 port 59440 ssh2
Sep 28 23:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Connection closed by 134.122.46.149 port 59440 [preauth]
Sep 29 00:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16230]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session closed for user root
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session closed for user root
Sep 29 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16343]: Successful su for rubyman by root
Sep 29 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16343]: + ??? root:rubyman
Sep 29 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311400 of user rubyman.
Sep 29 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16343]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311400.
Sep 29 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16228]: pam_unix(cron:session): session closed for user root
Sep 29 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
Sep 29 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Invalid user app from 134.122.46.149
Sep 29 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: input_userauth_request: invalid user app [preauth]
Sep 29 00:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Failed password for invalid user app from 134.122.46.149 port 49826 ssh2
Sep 29 00:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Connection closed by 134.122.46.149 port 49826 [preauth]
Sep 29 00:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Invalid user user from 196.251.69.141
Sep 29 00:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: input_userauth_request: invalid user user [preauth]
Sep 29 00:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.141
Sep 29 00:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Failed password for invalid user user from 196.251.69.141 port 58876 ssh2
Sep 29 00:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Connection closed by 196.251.69.141 port 58876 [preauth]
Sep 29 00:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Invalid user ubuntu from 134.122.46.149
Sep 29 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Failed password for invalid user ubuntu from 134.122.46.149 port 41664 ssh2
Sep 29 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Connection closed by 134.122.46.149 port 41664 [preauth]
Sep 29 00:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Invalid user vps from 134.122.46.149
Sep 29 00:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: input_userauth_request: invalid user vps [preauth]
Sep 29 00:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user vps from 134.122.46.149 port 35902 ssh2
Sep 29 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Connection closed by 134.122.46.149 port 35902 [preauth]
Sep 29 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user root
Sep 29 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 29 00:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Failed password for root from 134.122.46.149 port 38604 ssh2
Sep 29 00:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Connection closed by 134.122.46.149 port 38604 [preauth]
Sep 29 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: Invalid user plex from 134.122.46.149
Sep 29 00:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: input_userauth_request: invalid user plex [preauth]
Sep 29 00:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: Failed password for invalid user plex from 134.122.46.149 port 55736 ssh2
Sep 29 00:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: Connection closed by 134.122.46.149 port 55736 [preauth]
Sep 29 00:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session closed for user root
Sep 29 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16978]: Successful su for rubyman by root
Sep 29 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16978]: + ??? root:rubyman
Sep 29 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311409 of user rubyman.
Sep 29 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16978]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311409.
Sep 29 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13376]: pam_unix(cron:session): session closed for user root
Sep 29 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Invalid user nginx from 134.122.46.149
Sep 29 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: input_userauth_request: invalid user nginx [preauth]
Sep 29 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for invalid user nginx from 134.122.46.149 port 55158 ssh2
Sep 29 00:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Connection closed by 134.122.46.149 port 55158 [preauth]
Sep 29 00:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Invalid user dolphinscheduler from 134.122.46.149
Sep 29 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Failed password for invalid user dolphinscheduler from 134.122.46.149 port 44360 ssh2
Sep 29 00:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Connection closed by 134.122.46.149 port 44360 [preauth]
Sep 29 00:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Invalid user bot from 134.122.46.149
Sep 29 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: input_userauth_request: invalid user bot [preauth]
Sep 29 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Failed password for invalid user bot from 134.122.46.149 port 41654 ssh2
Sep 29 00:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Connection closed by 134.122.46.149 port 41654 [preauth]
Sep 29 00:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session closed for user root
Sep 29 00:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Invalid user nagios from 134.122.46.149
Sep 29 00:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: input_userauth_request: invalid user nagios [preauth]
Sep 29 00:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Failed password for invalid user nagios from 134.122.46.149 port 39990 ssh2
Sep 29 00:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Connection closed by 134.122.46.149 port 39990 [preauth]
Sep 29 00:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Invalid user palworld from 134.122.46.149
Sep 29 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: input_userauth_request: invalid user palworld [preauth]
Sep 29 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user palworld from 134.122.46.149 port 47798 ssh2
Sep 29 00:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Connection closed by 134.122.46.149 port 47798 [preauth]
Sep 29 00:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:58.242.157.43  user=ftp
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17472]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: Successful su for rubyman by root
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: + ??? root:rubyman
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311413 of user rubyman.
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311413.
Sep 29 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user root
Sep 29 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Invalid user ranger from 134.122.46.149
Sep 29 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: input_userauth_request: invalid user ranger [preauth]
Sep 29 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Failed password for invalid user ranger from 134.122.46.149 port 43368 ssh2
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17471]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Connection closed by 134.122.46.149 port 43368 [preauth]
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Invalid user user from 62.60.131.157
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: input_userauth_request: invalid user user [preauth]
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 00:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user user from 62.60.131.157 port 43400 ssh2
Sep 29 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user user from 62.60.131.157 port 43400 ssh2
Sep 29 00:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user user from 62.60.131.157 port 43400 ssh2
Sep 29 00:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user user from 62.60.131.157 port 43400 ssh2
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Invalid user test from 134.122.46.149
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: input_userauth_request: invalid user test [preauth]
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user user from 62.60.131.157 port 43400 ssh2
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Failed password for invalid user test from 134.122.46.149 port 42874 ssh2
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Connection closed by 134.122.46.149 port 42874 [preauth]
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Received disconnect from 62.60.131.157 port 43400:11: Bye [preauth]
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Disconnected from 62.60.131.157 port 43400 [preauth]
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 00:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Invalid user cyberpanel from 134.122.46.149
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: input_userauth_request: invalid user cyberpanel [preauth]
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Failed password for invalid user cyberpanel from 134.122.46.149 port 52566 ssh2
Sep 29 00:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17965]: Connection closed by 134.122.46.149 port 52566 [preauth]
Sep 29 00:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16230]: pam_unix(cron:session): session closed for user root
Sep 29 00:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: Invalid user wireguard from 134.122.46.149
Sep 29 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: input_userauth_request: invalid user wireguard [preauth]
Sep 29 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: Failed password for invalid user wireguard from 134.122.46.149 port 46660 ssh2
Sep 29 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: Connection closed by 134.122.46.149 port 46660 [preauth]
Sep 29 00:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Invalid user test from 134.122.46.149
Sep 29 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: input_userauth_request: invalid user test [preauth]
Sep 29 00:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for invalid user test from 134.122.46.149 port 47180 ssh2
Sep 29 00:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Connection closed by 134.122.46.149 port 47180 [preauth]
Sep 29 00:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18435]: Successful su for rubyman by root
Sep 29 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18435]: + ??? root:rubyman
Sep 29 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311416 of user rubyman.
Sep 29 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18435]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311416.
Sep 29 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 29 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session closed for user root
Sep 29 00:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: Failed password for root from 134.122.46.149 port 34366 ssh2
Sep 29 00:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: Connection closed by 134.122.46.149 port 34366 [preauth]
Sep 29 00:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Invalid user steam from 134.122.46.149
Sep 29 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: input_userauth_request: invalid user steam [preauth]
Sep 29 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Failed password for invalid user steam from 134.122.46.149 port 36454 ssh2
Sep 29 00:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Connection closed by 134.122.46.149 port 36454 [preauth]
Sep 29 00:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Invalid user phpmyadmin from 134.122.46.149
Sep 29 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: input_userauth_request: invalid user phpmyadmin [preauth]
Sep 29 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Failed password for invalid user phpmyadmin from 134.122.46.149 port 48890 ssh2
Sep 29 00:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18793]: Connection closed by 134.122.46.149 port 48890 [preauth]
Sep 29 00:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16905]: pam_unix(cron:session): session closed for user root
Sep 29 00:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Invalid user admin from 134.122.46.149
Sep 29 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: input_userauth_request: invalid user admin [preauth]
Sep 29 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Failed password for invalid user admin from 134.122.46.149 port 55978 ssh2
Sep 29 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Connection closed by 134.122.46.149 port 55978 [preauth]
Sep 29 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149  user=root
Sep 29 00:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Failed password for root from 134.122.46.149 port 42158 ssh2
Sep 29 00:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Connection closed by 134.122.46.149 port 42158 [preauth]
Sep 29 00:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18975]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: Successful su for rubyman by root
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: + ??? root:rubyman
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311419 of user rubyman.
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19055]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311419.
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: Invalid user solana from 134.122.46.149
Sep 29 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: input_userauth_request: invalid user solana [preauth]
Sep 29 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.46.149
Sep 29 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user root
Sep 29 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: Failed password for invalid user solana from 134.122.46.149 port 52350 ssh2
Sep 29 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19145]: Connection closed by 134.122.46.149 port 52350 [preauth]
Sep 29 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18976]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17475]: pam_unix(cron:session): session closed for user root
Sep 29 00:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session closed for user root
Sep 29 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19984]: Successful su for rubyman by root
Sep 29 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19984]: + ??? root:rubyman
Sep 29 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311426 of user rubyman.
Sep 29 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19984]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311426.
Sep 29 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session closed for user root
Sep 29 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session closed for user root
Sep 29 00:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user root
Sep 29 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:58.242.157.43
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: Successful su for rubyman by root
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: + ??? root:rubyman
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311429 of user rubyman.
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311429.
Sep 29 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16229]: pam_unix(cron:session): session closed for user root
Sep 29 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20539]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session closed for user root
Sep 29 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: Successful su for rubyman by root
Sep 29 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: + ??? root:rubyman
Sep 29 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311435 of user rubyman.
Sep 29 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21172]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311435.
Sep 29 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session closed for user root
Sep 29 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user root
Sep 29 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21706]: Successful su for rubyman by root
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21706]: + ??? root:rubyman
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311437 of user rubyman.
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21706]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311437.
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17472]: pam_unix(cron:session): session closed for user root
Sep 29 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session closed for user root
Sep 29 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22185]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22351]: Successful su for rubyman by root
Sep 29 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22351]: + ??? root:rubyman
Sep 29 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311442 of user rubyman.
Sep 29 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22351]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311442.
Sep 29 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22182]: pam_unix(cron:session): session closed for user root
Sep 29 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session closed for user root
Sep 29 00:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22186]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session closed for user root
Sep 29 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23045]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23047]: pam_unix(cron:session): session closed for user root
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23042]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: Successful su for rubyman by root
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: + ??? root:rubyman
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311448 of user rubyman.
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311448.
Sep 29 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23044]: pam_unix(cron:session): session closed for user root
Sep 29 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session closed for user root
Sep 29 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23043]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:58.242.157.43
Sep 29 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21637]: pam_unix(cron:session): session closed for user root
Sep 29 00:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23920]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: Successful su for rubyman by root
Sep 29 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: + ??? root:rubyman
Sep 29 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311453 of user rubyman.
Sep 29 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311453.
Sep 29 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session closed for user root
Sep 29 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23919]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session closed for user root
Sep 29 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24620]: Successful su for rubyman by root
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24620]: + ??? root:rubyman
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311457 of user rubyman.
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24620]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311457.
Sep 29 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session closed for user root
Sep 29 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24545]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23046]: pam_unix(cron:session): session closed for user root
Sep 29 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: Successful su for rubyman by root
Sep 29 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: + ??? root:rubyman
Sep 29 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311461 of user rubyman.
Sep 29 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311461.
Sep 29 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user root
Sep 29 00:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session closed for user root
Sep 29 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26082]: Successful su for rubyman by root
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26082]: + ??? root:rubyman
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311464 of user rubyman.
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26082]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311464.
Sep 29 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:58.242.157.43
Sep 29 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session closed for user root
Sep 29 00:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session closed for user root
Sep 29 00:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26681]: pam_unix(cron:session): session closed for user root
Sep 29 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26776]: Successful su for rubyman by root
Sep 29 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26776]: + ??? root:rubyman
Sep 29 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311468 of user rubyman.
Sep 29 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26776]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311468.
Sep 29 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user root
Sep 29 00:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session closed for user root
Sep 29 00:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session closed for user root
Sep 29 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27485]: Successful su for rubyman by root
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27485]: + ??? root:rubyman
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311475 of user rubyman.
Sep 29 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27485]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311475.
Sep 29 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23045]: pam_unix(cron:session): session closed for user root
Sep 29 00:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session closed for user root
Sep 29 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28134]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28134]: pam_unix(cron:session): session closed for user root
Sep 29 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: Successful su for rubyman by root
Sep 29 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: + ??? root:rubyman
Sep 29 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311478 of user rubyman.
Sep 29 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28211]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311478.
Sep 29 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23920]: pam_unix(cron:session): session closed for user root
Sep 29 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user root
Sep 29 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28822]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: Successful su for rubyman by root
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: + ??? root:rubyman
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311485 of user rubyman.
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28906]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311485.
Sep 29 00:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24546]: pam_unix(cron:session): session closed for user root
Sep 29 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 00:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:58.242.157.43
Sep 29 00:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 4 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session closed for user root
Sep 29 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29509]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29507]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29576]: Successful su for rubyman by root
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29576]: + ??? root:rubyman
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311489 of user rubyman.
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29576]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311489.
Sep 29 00:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session closed for user root
Sep 29 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29508]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 7 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session closed for user root
Sep 29 00:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30111]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30111]: pam_unix(cron:session): session closed for user root
Sep 29 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30196]: Successful su for rubyman by root
Sep 29 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30196]: + ??? root:rubyman
Sep 29 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311495 of user rubyman.
Sep 29 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30196]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311495.
Sep 29 00:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user root
Sep 29 00:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session closed for user root
Sep 29 00:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 5 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session closed for user root
Sep 29 00:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 4 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Invalid user zimbra from 14.103.249.172
Sep 29 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: input_userauth_request: invalid user zimbra [preauth]
Sep 29 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.249.172
Sep 29 00:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Failed password for invalid user zimbra from 14.103.249.172 port 34080 ssh2
Sep 29 00:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30908]: Successful su for rubyman by root
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30908]: + ??? root:rubyman
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311497 of user rubyman.
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30908]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311497.
Sep 29 00:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session closed for user root
Sep 29 00:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 5 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29510]: pam_unix(cron:session): session closed for user root
Sep 29 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data]
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31398]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31510]: Successful su for rubyman by root
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31510]: + ??? root:rubyman
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311502 of user rubyman.
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31510]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311502.
Sep 29 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session closed for user root
Sep 29 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31399]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:58.242.157.43  user=www-data
Sep 29 00:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30110]: pam_unix(cron:session): session closed for user root
Sep 29 00:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31894]: Did not receive identification string from 47.101.156.72
Sep 29 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31974]: Successful su for rubyman by root
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31974]: + ??? root:rubyman
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311505 of user rubyman.
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31974]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311505.
Sep 29 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session closed for user root
Sep 29 00:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user root
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: Successful su for rubyman by root
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: + ??? root:rubyman
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311511 of user rubyman.
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311511.
Sep 29 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28822]: pam_unix(cron:session): session closed for user root
Sep 29 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31401]: pam_unix(cron:session): session closed for user root
Sep 29 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user root
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: Successful su for rubyman by root
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: + ??? root:rubyman
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311516 of user rubyman.
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311516.
Sep 29 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29509]: pam_unix(cron:session): session closed for user root
Sep 29 00:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session closed for user root
Sep 29 00:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[313]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session closed for user root
Sep 29 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: Successful su for rubyman by root
Sep 29 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: + ??? root:rubyman
Sep 29 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311519 of user rubyman.
Sep 29 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311519.
Sep 29 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30109]: pam_unix(cron:session): session closed for user root
Sep 29 00:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user root
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1333]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1410]: Successful su for rubyman by root
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1410]: + ??? root:rubyman
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311524 of user rubyman.
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1410]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311524.
Sep 29 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user root
Sep 29 00:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1335]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user root
Sep 29 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1809]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1874]: Successful su for rubyman by root
Sep 29 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1874]: + ??? root:rubyman
Sep 29 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311529 of user rubyman.
Sep 29 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1874]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311529.
Sep 29 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31400]: pam_unix(cron:session): session closed for user root
Sep 29 00:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1811]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[796]: pam_unix(cron:session): session closed for user root
Sep 29 00:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: Invalid user info from 138.68.58.124
Sep 29 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: input_userauth_request: invalid user info [preauth]
Sep 29 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 00:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: Failed password for invalid user info from 138.68.58.124 port 55642 ssh2
Sep 29 00:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: Connection closed by 138.68.58.124 port 55642 [preauth]
Sep 29 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2253]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2315]: Successful su for rubyman by root
Sep 29 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2315]: + ??? root:rubyman
Sep 29 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311532 of user rubyman.
Sep 29 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2315]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311532.
Sep 29 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31907]: pam_unix(cron:session): session closed for user root
Sep 29 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session closed for user root
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2686]: pam_unix(cron:session): session closed for user root
Sep 29 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2680]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2756]: Successful su for rubyman by root
Sep 29 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2756]: + ??? root:rubyman
Sep 29 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311539 of user rubyman.
Sep 29 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2756]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311539.
Sep 29 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session closed for user root
Sep 29 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2682]: pam_unix(cron:session): session closed for user root
Sep 29 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2681]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Invalid user ara from 164.68.105.9
Sep 29 00:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: input_userauth_request: invalid user ara [preauth]
Sep 29 00:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 00:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 00:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Failed password for invalid user ara from 164.68.105.9 port 43356 ssh2
Sep 29 00:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Connection closed by 164.68.105.9 port 43356 [preauth]
Sep 29 00:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session closed for user root
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3136]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3206]: Successful su for rubyman by root
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3206]: + ??? root:rubyman
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311541 of user rubyman.
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3206]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311541.
Sep 29 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user root
Sep 29 00:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2257]: pam_unix(cron:session): session closed for user root
Sep 29 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3567]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: Successful su for rubyman by root
Sep 29 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: + ??? root:rubyman
Sep 29 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311546 of user rubyman.
Sep 29 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311546.
Sep 29 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session closed for user root
Sep 29 00:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3569]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2684]: pam_unix(cron:session): session closed for user root
Sep 29 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: Successful su for rubyman by root
Sep 29 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: + ??? root:rubyman
Sep 29 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311550 of user rubyman.
Sep 29 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4066]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311550.
Sep 29 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session closed for user root
Sep 29 00:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user root
Sep 29 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4440]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4501]: Successful su for rubyman by root
Sep 29 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4501]: + ??? root:rubyman
Sep 29 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311554 of user rubyman.
Sep 29 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4501]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311554.
Sep 29 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session closed for user root
Sep 29 00:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3571]: pam_unix(cron:session): session closed for user root
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4877]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4877]: pam_unix(cron:session): session closed for user root
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4947]: Successful su for rubyman by root
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4947]: + ??? root:rubyman
Sep 29 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311562 of user rubyman.
Sep 29 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4947]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311562.
Sep 29 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session closed for user root
Sep 29 00:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session closed for user root
Sep 29 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user root
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5444]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: Successful su for rubyman by root
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: + ??? root:rubyman
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311563 of user rubyman.
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311563.
Sep 29 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2683]: pam_unix(cron:session): session closed for user root
Sep 29 00:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session closed for user root
Sep 29 00:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Sep 29 00:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Failed password for root from 138.68.58.124 port 54974 ssh2
Sep 29 00:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Connection closed by 138.68.58.124 port 54974 [preauth]
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5900]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5967]: Successful su for rubyman by root
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5967]: + ??? root:rubyman
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311569 of user rubyman.
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5967]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311569.
Sep 29 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session closed for user root
Sep 29 00:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session closed for user root
Sep 29 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6326]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6325]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: Successful su for rubyman by root
Sep 29 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: + ??? root:rubyman
Sep 29 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311572 of user rubyman.
Sep 29 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311572.
Sep 29 00:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3570]: pam_unix(cron:session): session closed for user root
Sep 29 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6324]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session closed for user root
Sep 29 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7011]: Successful su for rubyman by root
Sep 29 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7011]: + ??? root:rubyman
Sep 29 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311575 of user rubyman.
Sep 29 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7011]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311575.
Sep 29 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user root
Sep 29 00:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user root
Sep 29 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session closed for user root
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7499]: pam_unix(cron:session): session closed for user root
Sep 29 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7572]: Successful su for rubyman by root
Sep 29 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7572]: + ??? root:rubyman
Sep 29 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311582 of user rubyman.
Sep 29 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7572]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311582.
Sep 29 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session closed for user root
Sep 29 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session closed for user root
Sep 29 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6326]: pam_unix(cron:session): session closed for user root
Sep 29 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7994]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: Successful su for rubyman by root
Sep 29 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: + ??? root:rubyman
Sep 29 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311587 of user rubyman.
Sep 29 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8082]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311587.
Sep 29 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session closed for user root
Sep 29 00:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7996]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user root
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: Successful su for rubyman by root
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: + ??? root:rubyman
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311592 of user rubyman.
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8558]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311592.
Sep 29 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session closed for user root
Sep 29 00:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8490]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7498]: pam_unix(cron:session): session closed for user root
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: Successful su for rubyman by root
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: + ??? root:rubyman
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311595 of user rubyman.
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311595.
Sep 29 00:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5900]: pam_unix(cron:session): session closed for user root
Sep 29 00:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session closed for user root
Sep 29 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9591]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: Successful su for rubyman by root
Sep 29 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: + ??? root:rubyman
Sep 29 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311600 of user rubyman.
Sep 29 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311600.
Sep 29 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6325]: pam_unix(cron:session): session closed for user root
Sep 29 00:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session closed for user root
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session closed for user root
Sep 29 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: Successful su for rubyman by root
Sep 29 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: + ??? root:rubyman
Sep 29 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311603 of user rubyman.
Sep 29 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311603.
Sep 29 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session closed for user root
Sep 29 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session closed for user root
Sep 29 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session closed for user root
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: Successful su for rubyman by root
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: + ??? root:rubyman
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311608 of user rubyman.
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10723]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311608.
Sep 29 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session closed for user root
Sep 29 00:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9591]: pam_unix(cron:session): session closed for user root
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11084]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11143]: Successful su for rubyman by root
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11143]: + ??? root:rubyman
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311612 of user rubyman.
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11143]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311612.
Sep 29 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session closed for user root
Sep 29 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session closed for user root
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: Successful su for rubyman by root
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: + ??? root:rubyman
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311616 of user rubyman.
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311616.
Sep 29 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session closed for user root
Sep 29 00:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user root
Sep 29 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12087]: Successful su for rubyman by root
Sep 29 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12087]: + ??? root:rubyman
Sep 29 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311621 of user rubyman.
Sep 29 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12087]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311621.
Sep 29 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9050]: pam_unix(cron:session): session closed for user root
Sep 29 00:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11084]: pam_unix(cron:session): session closed for user root
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session closed for user root
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12457]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12532]: Successful su for rubyman by root
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12532]: + ??? root:rubyman
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311624 of user rubyman.
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12532]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311624.
Sep 29 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session closed for user root
Sep 29 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session closed for user root
Sep 29 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12460]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user root
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: Successful su for rubyman by root
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: + ??? root:rubyman
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311630 of user rubyman.
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13026]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311630.
Sep 29 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session closed for user root
Sep 29 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user root
Sep 29 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13463]: Successful su for rubyman by root
Sep 29 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13463]: + ??? root:rubyman
Sep 29 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311635 of user rubyman.
Sep 29 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13463]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311635.
Sep 29 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session closed for user root
Sep 29 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session closed for user root
Sep 29 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: Successful su for rubyman by root
Sep 29 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: + ??? root:rubyman
Sep 29 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311639 of user rubyman.
Sep 29 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311639.
Sep 29 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session closed for user root
Sep 29 00:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12949]: pam_unix(cron:session): session closed for user root
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14326]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14388]: Successful su for rubyman by root
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14388]: + ??? root:rubyman
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311642 of user rubyman.
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14388]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311642.
Sep 29 00:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session closed for user root
Sep 29 00:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14327]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session closed for user root
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session closed for user root
Sep 29 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14731]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14810]: Successful su for rubyman by root
Sep 29 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14810]: + ??? root:rubyman
Sep 29 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311650 of user rubyman.
Sep 29 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14810]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311650.
Sep 29 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user root
Sep 29 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session closed for user root
Sep 29 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14732]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session closed for user root
Sep 29 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15135]: Did not receive identification string from 162.144.236.216
Sep 29 00:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: Failed password for root from 162.144.236.216 port 38852 ssh2
Sep 29 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: Connection closed by 162.144.236.216 port 38852 [preauth]
Sep 29 00:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Failed password for root from 162.144.236.216 port 45088 ssh2
Sep 29 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Connection closed by 162.144.236.216 port 45088 [preauth]
Sep 29 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: Successful su for rubyman by root
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: + ??? root:rubyman
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311653 of user rubyman.
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15260]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311653.
Sep 29 00:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: Failed password for root from 162.144.236.216 port 52742 ssh2
Sep 29 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session closed for user root
Sep 29 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15178]: Connection closed by 162.144.236.216 port 52742 [preauth]
Sep 29 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15190]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Failed password for root from 162.144.236.216 port 58828 ssh2
Sep 29 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15455]: Connection closed by 162.144.236.216 port 58828 [preauth]
Sep 29 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Failed password for root from 162.144.236.216 port 39124 ssh2
Sep 29 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Connection closed by 162.144.236.216 port 39124 [preauth]
Sep 29 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14330]: pam_unix(cron:session): session closed for user root
Sep 29 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for root from 162.144.236.216 port 46102 ssh2
Sep 29 00:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Connection closed by 162.144.236.216 port 46102 [preauth]
Sep 29 00:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: Failed password for root from 162.144.236.216 port 53044 ssh2
Sep 29 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: Connection closed by 162.144.236.216 port 53044 [preauth]
Sep 29 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Failed password for root from 162.144.236.216 port 33726 ssh2
Sep 29 00:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Connection closed by 162.144.236.216 port 33726 [preauth]
Sep 29 00:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15639]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15635]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15620]: Failed password for root from 162.144.236.216 port 41654 ssh2
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15701]: Successful su for rubyman by root
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15701]: + ??? root:rubyman
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311657 of user rubyman.
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15701]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311657.
Sep 29 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15620]: Connection closed by 162.144.236.216 port 41654 [preauth]
Sep 29 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12948]: pam_unix(cron:session): session closed for user root
Sep 29 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15740]: Failed password for root from 162.144.236.216 port 46644 ssh2
Sep 29 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15636]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15740]: Connection closed by 162.144.236.216 port 46644 [preauth]
Sep 29 00:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Failed password for root from 162.144.236.216 port 52200 ssh2
Sep 29 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Connection closed by 162.144.236.216 port 52200 [preauth]
Sep 29 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Failed password for root from 162.144.236.216 port 57690 ssh2
Sep 29 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Connection closed by 162.144.236.216 port 57690 [preauth]
Sep 29 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Failed password for root from 162.144.236.216 port 34938 ssh2
Sep 29 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Connection closed by 162.144.236.216 port 34938 [preauth]
Sep 29 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session closed for user root
Sep 29 00:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Failed password for root from 162.144.236.216 port 40412 ssh2
Sep 29 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Connection closed by 162.144.236.216 port 40412 [preauth]
Sep 29 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Failed password for root from 162.144.236.216 port 47246 ssh2
Sep 29 00:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Connection closed by 162.144.236.216 port 47246 [preauth]
Sep 29 00:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Failed password for root from 162.144.236.216 port 55134 ssh2
Sep 29 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Connection closed by 162.144.236.216 port 55134 [preauth]
Sep 29 00:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: Successful su for rubyman by root
Sep 29 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: + ??? root:rubyman
Sep 29 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311661 of user rubyman.
Sep 29 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311661.
Sep 29 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session closed for user root
Sep 29 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Failed password for root from 162.144.236.216 port 33966 ssh2
Sep 29 00:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Connection closed by 162.144.236.216 port 33966 [preauth]
Sep 29 00:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Failed password for root from 162.144.236.216 port 41556 ssh2
Sep 29 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Connection closed by 162.144.236.216 port 41556 [preauth]
Sep 29 00:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Failed password for root from 162.144.236.216 port 47010 ssh2
Sep 29 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Connection closed by 162.144.236.216 port 47010 [preauth]
Sep 29 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Failed password for root from 162.144.236.216 port 52452 ssh2
Sep 29 00:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Connection closed by 162.144.236.216 port 52452 [preauth]
Sep 29 00:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user root
Sep 29 00:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: Failed password for root from 162.144.236.216 port 58744 ssh2
Sep 29 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: Connection closed by 162.144.236.216 port 58744 [preauth]
Sep 29 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Failed password for root from 162.144.236.216 port 38736 ssh2
Sep 29 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Connection closed by 162.144.236.216 port 38736 [preauth]
Sep 29 00:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: Failed password for root from 162.144.236.216 port 46762 ssh2
Sep 29 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: Connection closed by 162.144.236.216 port 46762 [preauth]
Sep 29 00:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user p13x
Sep 29 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: Successful su for rubyman by root
Sep 29 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: + ??? root:rubyman
Sep 29 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311665 of user rubyman.
Sep 29 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: pam_unix(su:session): session closed for user rubyman
Sep 29 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311665.
Sep 29 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session closed for user root
Sep 29 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Failed password for root from 162.144.236.216 port 53572 ssh2
Sep 29 00:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Connection closed by 162.144.236.216 port 53572 [preauth]
Sep 29 00:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user samftp
Sep 29 00:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Failed password for root from 162.144.236.216 port 59408 ssh2
Sep 29 00:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Connection closed by 162.144.236.216 port 59408 [preauth]
Sep 29 00:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for root from 162.144.236.216 port 37582 ssh2
Sep 29 00:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 162.144.236.216 port 37582 [preauth]
Sep 29 00:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: Failed password for root from 164.68.105.9 port 41004 ssh2
Sep 29 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: Connection closed by 164.68.105.9 port 41004 [preauth]
Sep 29 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Failed password for root from 162.144.236.216 port 42154 ssh2
Sep 29 00:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Connection closed by 162.144.236.216 port 42154 [preauth]
Sep 29 00:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15639]: pam_unix(cron:session): session closed for user root
Sep 29 00:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: Failed password for root from 162.144.236.216 port 47622 ssh2
Sep 29 00:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16878]: Connection closed by 162.144.236.216 port 47622 [preauth]
Sep 29 00:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Failed password for root from 162.144.236.216 port 54758 ssh2
Sep 29 00:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Connection closed by 162.144.236.216 port 54758 [preauth]
Sep 29 00:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 00:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 00:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Failed password for root from 162.144.236.216 port 35954 ssh2
Sep 29 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Connection closed by 162.144.236.216 port 35954 [preauth]
Sep 29 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session closed for user root
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16984]: pam_unix(cron:session): session closed for user root
Sep 29 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16982]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: Successful su for rubyman by root
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: + ??? root:rubyman
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311668 of user rubyman.
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311668.
Sep 29 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: Failed password for root from 162.144.236.216 port 42904 ssh2
Sep 29 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14328]: pam_unix(cron:session): session closed for user root
Sep 29 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session closed for user root
Sep 29 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: Connection closed by 162.144.236.216 port 42904 [preauth]
Sep 29 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16983]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Failed password for root from 162.144.236.216 port 48858 ssh2
Sep 29 01:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Connection closed by 162.144.236.216 port 48858 [preauth]
Sep 29 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Invalid user faxadmin from 190.103.202.7
Sep 29 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: input_userauth_request: invalid user faxadmin [preauth]
Sep 29 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Failed password for invalid user faxadmin from 190.103.202.7 port 50666 ssh2
Sep 29 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Connection closed by 190.103.202.7 port 50666 [preauth]
Sep 29 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Failed password for root from 162.144.236.216 port 55876 ssh2
Sep 29 01:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Connection closed by 162.144.236.216 port 55876 [preauth]
Sep 29 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Failed password for root from 162.144.236.216 port 35570 ssh2
Sep 29 01:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Connection closed by 162.144.236.216 port 35570 [preauth]
Sep 29 01:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session closed for user root
Sep 29 01:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Failed password for root from 162.144.236.216 port 43630 ssh2
Sep 29 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17475]: Connection closed by 162.144.236.216 port 43630 [preauth]
Sep 29 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: Failed password for root from 162.144.236.216 port 49676 ssh2
Sep 29 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: Connection closed by 162.144.236.216 port 49676 [preauth]
Sep 29 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: Failed password for root from 162.144.236.216 port 55622 ssh2
Sep 29 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17524]: Connection closed by 162.144.236.216 port 55622 [preauth]
Sep 29 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17627]: Successful su for rubyman by root
Sep 29 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17627]: + ??? root:rubyman
Sep 29 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311676 of user rubyman.
Sep 29 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17627]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311676.
Sep 29 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Failed password for root from 162.144.236.216 port 34060 ssh2
Sep 29 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session closed for user root
Sep 29 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Connection closed by 162.144.236.216 port 34060 [preauth]
Sep 29 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: Failed password for root from 162.144.236.216 port 41404 ssh2
Sep 29 01:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17930]: Connection closed by 162.144.236.216 port 41404 [preauth]
Sep 29 01:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: Failed password for root from 162.144.236.216 port 49938 ssh2
Sep 29 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17966]: Connection closed by 162.144.236.216 port 49938 [preauth]
Sep 29 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session closed for user root
Sep 29 01:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Failed password for root from 162.144.236.216 port 57842 ssh2
Sep 29 01:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Connection closed by 162.144.236.216 port 57842 [preauth]
Sep 29 01:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18057]: Failed password for root from 162.144.236.216 port 36232 ssh2
Sep 29 01:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18057]: Connection closed by 162.144.236.216 port 36232 [preauth]
Sep 29 01:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Failed password for root from 162.144.236.216 port 45318 ssh2
Sep 29 01:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Connection closed by 162.144.236.216 port 45318 [preauth]
Sep 29 01:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: Successful su for rubyman by root
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: + ??? root:rubyman
Sep 29 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311680 of user rubyman.
Sep 29 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311680.
Sep 29 01:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user root
Sep 29 01:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for root from 162.144.236.216 port 53480 ssh2
Sep 29 01:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Connection closed by 162.144.236.216 port 53480 [preauth]
Sep 29 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18622]: Failed password for root from 162.144.236.216 port 58994 ssh2
Sep 29 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18622]: Connection closed by 162.144.236.216 port 58994 [preauth]
Sep 29 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Failed password for root from 162.144.236.216 port 37518 ssh2
Sep 29 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Connection closed by 162.144.236.216 port 37518 [preauth]
Sep 29 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Failed password for root from 162.144.236.216 port 44366 ssh2
Sep 29 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Connection closed by 162.144.236.216 port 44366 [preauth]
Sep 29 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Received disconnect from 193.46.255.103 port 12264:11:  [preauth]
Sep 29 01:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Disconnected from 193.46.255.103 port 12264 [preauth]
Sep 29 01:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session closed for user root
Sep 29 01:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Failed password for root from 162.144.236.216 port 50016 ssh2
Sep 29 01:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18734]: Connection closed by 162.144.236.216 port 50016 [preauth]
Sep 29 01:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Failed password for root from 162.144.236.216 port 57112 ssh2
Sep 29 01:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Connection closed by 162.144.236.216 port 57112 [preauth]
Sep 29 01:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Invalid user user from 62.60.131.157
Sep 29 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: input_userauth_request: invalid user user [preauth]
Sep 29 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for invalid user user from 62.60.131.157 port 25190 ssh2
Sep 29 01:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for invalid user user from 62.60.131.157 port 25190 ssh2
Sep 29 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for invalid user user from 62.60.131.157 port 25190 ssh2
Sep 29 01:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Failed password for root from 162.144.236.216 port 34146 ssh2
Sep 29 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for invalid user user from 62.60.131.157 port 25190 ssh2
Sep 29 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18802]: Connection closed by 162.144.236.216 port 34146 [preauth]
Sep 29 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Failed password for invalid user user from 62.60.131.157 port 25190 ssh2
Sep 29 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Received disconnect from 62.60.131.157 port 25190:11: Bye [preauth]
Sep 29 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: Disconnected from 62.60.131.157 port 25190 [preauth]
Sep 29 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18800]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 01:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18845]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: Failed password for root from 162.144.236.216 port 41302 ssh2
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18923]: Successful su for rubyman by root
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18923]: + ??? root:rubyman
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311684 of user rubyman.
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18923]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311684.
Sep 29 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: Connection closed by 162.144.236.216 port 41302 [preauth]
Sep 29 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15637]: pam_unix(cron:session): session closed for user root
Sep 29 01:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18846]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for root from 162.144.236.216 port 47072 ssh2
Sep 29 01:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Connection closed by 162.144.236.216 port 47072 [preauth]
Sep 29 01:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: Failed password for root from 162.144.236.216 port 52780 ssh2
Sep 29 01:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: Connection closed by 162.144.236.216 port 52780 [preauth]
Sep 29 01:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Failed password for root from 162.144.236.216 port 60182 ssh2
Sep 29 01:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Connection closed by 162.144.236.216 port 60182 [preauth]
Sep 29 01:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session closed for user root
Sep 29 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: Failed password for root from 162.144.236.216 port 39600 ssh2
Sep 29 01:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: Connection closed by 162.144.236.216 port 39600 [preauth]
Sep 29 01:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Failed password for root from 162.144.236.216 port 45792 ssh2
Sep 29 01:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Connection closed by 162.144.236.216 port 45792 [preauth]
Sep 29 01:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Failed password for root from 162.144.236.216 port 52300 ssh2
Sep 29 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Connection closed by 162.144.236.216 port 52300 [preauth]
Sep 29 01:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19434]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19604]: Successful su for rubyman by root
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19604]: + ??? root:rubyman
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311687 of user rubyman.
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19604]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311687.
Sep 29 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Failed password for root from 162.144.236.216 port 59984 ssh2
Sep 29 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user root
Sep 29 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Connection closed by 162.144.236.216 port 59984 [preauth]
Sep 29 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19436]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: Failed password for root from 162.144.236.216 port 39178 ssh2
Sep 29 01:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: Connection closed by 162.144.236.216 port 39178 [preauth]
Sep 29 01:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Failed password for root from 162.144.236.216 port 44952 ssh2
Sep 29 01:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19974]: Connection closed by 162.144.236.216 port 44952 [preauth]
Sep 29 01:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Failed password for root from 162.144.236.216 port 52366 ssh2
Sep 29 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
Sep 29 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Connection closed by 162.144.236.216 port 52366 [preauth]
Sep 29 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Failed password for root from 162.144.236.216 port 32952 ssh2
Sep 29 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Connection closed by 162.144.236.216 port 32952 [preauth]
Sep 29 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Failed password for root from 162.144.236.216 port 40680 ssh2
Sep 29 01:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Connection closed by 162.144.236.216 port 40680 [preauth]
Sep 29 01:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20158]: pam_unix(cron:session): session closed for user root
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20254]: Successful su for rubyman by root
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20254]: + ??? root:rubyman
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311691 of user rubyman.
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20254]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311691.
Sep 29 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Failed password for root from 162.144.236.216 port 49586 ssh2
Sep 29 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Connection closed by 162.144.236.216 port 49586 [preauth]
Sep 29 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20155]: pam_unix(cron:session): session closed for user root
Sep 29 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16522]: pam_unix(cron:session): session closed for user root
Sep 29 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20154]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 162.144.236.216 port 56422 ssh2
Sep 29 01:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Connection closed by 162.144.236.216 port 56422 [preauth]
Sep 29 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Failed password for root from 162.144.236.216 port 34142 ssh2
Sep 29 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Connection closed by 162.144.236.216 port 34142 [preauth]
Sep 29 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Failed password for root from 162.144.236.216 port 41224 ssh2
Sep 29 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Connection closed by 162.144.236.216 port 41224 [preauth]
Sep 29 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session closed for user root
Sep 29 01:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for root from 162.144.236.216 port 47928 ssh2
Sep 29 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Connection closed by 162.144.236.216 port 47928 [preauth]
Sep 29 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: Failed password for root from 162.144.236.216 port 53752 ssh2
Sep 29 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: Connection closed by 162.144.236.216 port 53752 [preauth]
Sep 29 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Failed password for root from 162.144.236.216 port 34298 ssh2
Sep 29 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Connection closed by 162.144.236.216 port 34298 [preauth]
Sep 29 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20674]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20758]: Successful su for rubyman by root
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20758]: + ??? root:rubyman
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311697 of user rubyman.
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20758]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311697.
Sep 29 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20661]: Failed password for root from 162.144.236.216 port 40484 ssh2
Sep 29 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20661]: Connection closed by 162.144.236.216 port 40484 [preauth]
Sep 29 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16986]: pam_unix(cron:session): session closed for user root
Sep 29 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Failed password for root from 162.144.236.216 port 46460 ssh2
Sep 29 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Connection closed by 162.144.236.216 port 46460 [preauth]
Sep 29 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Failed password for root from 162.144.236.216 port 52804 ssh2
Sep 29 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Connection closed by 162.144.236.216 port 52804 [preauth]
Sep 29 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Failed password for root from 162.144.236.216 port 58890 ssh2
Sep 29 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Connection closed by 162.144.236.216 port 58890 [preauth]
Sep 29 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user root
Sep 29 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Failed password for root from 162.144.236.216 port 36754 ssh2
Sep 29 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Connection closed by 162.144.236.216 port 36754 [preauth]
Sep 29 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Failed password for root from 162.144.236.216 port 44374 ssh2
Sep 29 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Connection closed by 162.144.236.216 port 44374 [preauth]
Sep 29 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Failed password for root from 162.144.236.216 port 50298 ssh2
Sep 29 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Connection closed by 162.144.236.216 port 50298 [preauth]
Sep 29 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21210]: Successful su for rubyman by root
Sep 29 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21210]: + ??? root:rubyman
Sep 29 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311701 of user rubyman.
Sep 29 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21210]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311701.
Sep 29 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: Failed password for root from 162.144.236.216 port 58610 ssh2
Sep 29 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: Connection closed by 162.144.236.216 port 58610 [preauth]
Sep 29 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user root
Sep 29 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for root from 162.144.236.216 port 36580 ssh2
Sep 29 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Connection closed by 162.144.236.216 port 36580 [preauth]
Sep 29 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21428]: Failed password for root from 162.144.236.216 port 44010 ssh2
Sep 29 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21428]: Connection closed by 162.144.236.216 port 44010 [preauth]
Sep 29 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: Failed password for root from 162.144.236.216 port 50972 ssh2
Sep 29 01:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: Connection closed by 162.144.236.216 port 50972 [preauth]
Sep 29 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20157]: pam_unix(cron:session): session closed for user root
Sep 29 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Failed password for root from 162.144.236.216 port 56248 ssh2
Sep 29 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21484]: Connection closed by 162.144.236.216 port 56248 [preauth]
Sep 29 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: Failed password for root from 162.144.236.216 port 35594 ssh2
Sep 29 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: Connection closed by 162.144.236.216 port 35594 [preauth]
Sep 29 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: Failed password for root from 162.144.236.216 port 41670 ssh2
Sep 29 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21561]: Connection closed by 162.144.236.216 port 41670 [preauth]
Sep 29 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21653]: Successful su for rubyman by root
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21653]: + ??? root:rubyman
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311705 of user rubyman.
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21653]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311705.
Sep 29 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: Failed password for root from 162.144.236.216 port 49162 ssh2
Sep 29 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user root
Sep 29 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: Connection closed by 162.144.236.216 port 49162 [preauth]
Sep 29 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Failed password for root from 162.144.236.216 port 55896 ssh2
Sep 29 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Connection closed by 162.144.236.216 port 55896 [preauth]
Sep 29 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: Failed password for root from 162.144.236.216 port 33440 ssh2
Sep 29 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21884]: Connection closed by 162.144.236.216 port 33440 [preauth]
Sep 29 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Failed password for root from 162.144.236.216 port 39864 ssh2
Sep 29 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21913]: Connection closed by 162.144.236.216 port 39864 [preauth]
Sep 29 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session closed for user root
Sep 29 01:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: Failed password for root from 162.144.236.216 port 47988 ssh2
Sep 29 01:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: Connection closed by 162.144.236.216 port 47988 [preauth]
Sep 29 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Invalid user admin from 78.128.112.74
Sep 29 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: input_userauth_request: invalid user admin [preauth]
Sep 29 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Failed password for invalid user admin from 78.128.112.74 port 60312 ssh2
Sep 29 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Connection closed by 78.128.112.74 port 60312 [preauth]
Sep 29 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: Failed password for root from 162.144.236.216 port 52082 ssh2
Sep 29 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: Connection closed by 162.144.236.216 port 52082 [preauth]
Sep 29 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: Failed password for root from 162.144.236.216 port 57296 ssh2
Sep 29 01:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: Connection closed by 162.144.236.216 port 57296 [preauth]
Sep 29 01:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: Failed password for root from 162.144.236.216 port 34770 ssh2
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22048]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22210]: Successful su for rubyman by root
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22210]: + ??? root:rubyman
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311709 of user rubyman.
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22210]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311709.
Sep 29 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: Connection closed by 162.144.236.216 port 34770 [preauth]
Sep 29 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22046]: pam_unix(cron:session): session closed for user root
Sep 29 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session closed for user root
Sep 29 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22050]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: Failed password for root from 162.144.236.216 port 42154 ssh2
Sep 29 01:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: Connection closed by 162.144.236.216 port 42154 [preauth]
Sep 29 01:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22442]: Failed password for root from 162.144.236.216 port 48644 ssh2
Sep 29 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22442]: Connection closed by 162.144.236.216 port 48644 [preauth]
Sep 29 01:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22468]: Failed password for root from 162.144.236.216 port 55456 ssh2
Sep 29 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22468]: Connection closed by 162.144.236.216 port 55456 [preauth]
Sep 29 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Failed password for root from 162.144.236.216 port 59408 ssh2
Sep 29 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Connection closed by 162.144.236.216 port 59408 [preauth]
Sep 29 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session closed for user root
Sep 29 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for root from 162.144.236.216 port 36702 ssh2
Sep 29 01:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Connection closed by 162.144.236.216 port 36702 [preauth]
Sep 29 01:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Failed password for root from 162.144.236.216 port 43858 ssh2
Sep 29 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Connection closed by 162.144.236.216 port 43858 [preauth]
Sep 29 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Failed password for root from 162.144.236.216 port 50094 ssh2
Sep 29 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Connection closed by 162.144.236.216 port 50094 [preauth]
Sep 29 01:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22603]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session closed for user root
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22601]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22714]: Successful su for rubyman by root
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22714]: + ??? root:rubyman
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311715 of user rubyman.
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22714]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311715.
Sep 29 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Failed password for root from 162.144.236.216 port 56562 ssh2
Sep 29 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session closed for user root
Sep 29 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22603]: pam_unix(cron:session): session closed for user root
Sep 29 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Connection closed by 162.144.236.216 port 56562 [preauth]
Sep 29 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22602]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: Failed password for root from 162.144.236.216 port 35560 ssh2
Sep 29 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: Connection closed by 162.144.236.216 port 35560 [preauth]
Sep 29 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Failed password for root from 162.144.236.216 port 42968 ssh2
Sep 29 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Connection closed by 162.144.236.216 port 42968 [preauth]
Sep 29 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23234]: Failed password for root from 162.144.236.216 port 50394 ssh2
Sep 29 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23234]: Connection closed by 162.144.236.216 port 50394 [preauth]
Sep 29 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session closed for user root
Sep 29 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Failed password for root from 162.144.236.216 port 55748 ssh2
Sep 29 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Connection closed by 162.144.236.216 port 55748 [preauth]
Sep 29 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Failed password for root from 162.144.236.216 port 34840 ssh2
Sep 29 01:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23311]: Connection closed by 162.144.236.216 port 34840 [preauth]
Sep 29 01:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Failed password for root from 162.144.236.216 port 40482 ssh2
Sep 29 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Connection closed by 162.144.236.216 port 40482 [preauth]
Sep 29 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23384]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23379]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23459]: Successful su for rubyman by root
Sep 29 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23459]: + ??? root:rubyman
Sep 29 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311721 of user rubyman.
Sep 29 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23459]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311721.
Sep 29 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Failed password for root from 162.144.236.216 port 45806 ssh2
Sep 29 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Connection closed by 162.144.236.216 port 45806 [preauth]
Sep 29 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20156]: pam_unix(cron:session): session closed for user root
Sep 29 01:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23381]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Failed password for root from 162.144.236.216 port 53830 ssh2
Sep 29 01:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Connection closed by 162.144.236.216 port 53830 [preauth]
Sep 29 01:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Failed password for root from 162.144.236.216 port 60090 ssh2
Sep 29 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Connection closed by 162.144.236.216 port 60090 [preauth]
Sep 29 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Failed password for root from 162.144.236.216 port 37628 ssh2
Sep 29 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Connection closed by 162.144.236.216 port 37628 [preauth]
Sep 29 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Failed password for root from 162.144.236.216 port 44660 ssh2
Sep 29 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22052]: pam_unix(cron:session): session closed for user root
Sep 29 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Connection closed by 162.144.236.216 port 44660 [preauth]
Sep 29 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Failed password for root from 162.144.236.216 port 49700 ssh2
Sep 29 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Connection closed by 162.144.236.216 port 49700 [preauth]
Sep 29 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Failed password for root from 162.144.236.216 port 59098 ssh2
Sep 29 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Connection closed by 162.144.236.216 port 59098 [preauth]
Sep 29 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24084]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24080]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24165]: Successful su for rubyman by root
Sep 29 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24165]: + ??? root:rubyman
Sep 29 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311724 of user rubyman.
Sep 29 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24165]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311724.
Sep 29 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session closed for user root
Sep 29 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24082]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Failed password for root from 162.144.236.216 port 39834 ssh2
Sep 29 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Connection closed by 162.144.236.216 port 39834 [preauth]
Sep 29 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: Failed password for root from 162.144.236.216 port 47482 ssh2
Sep 29 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: Connection closed by 162.144.236.216 port 47482 [preauth]
Sep 29 01:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for root from 162.144.236.216 port 54202 ssh2
Sep 29 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Connection closed by 162.144.236.216 port 54202 [preauth]
Sep 29 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: Failed password for root from 162.144.236.216 port 34672 ssh2
Sep 29 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session closed for user root
Sep 29 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: Connection closed by 162.144.236.216 port 34672 [preauth]
Sep 29 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Failed password for root from 162.144.236.216 port 40342 ssh2
Sep 29 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Connection closed by 162.144.236.216 port 40342 [preauth]
Sep 29 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Failed password for root from 162.144.236.216 port 48282 ssh2
Sep 29 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Connection closed by 162.144.236.216 port 48282 [preauth]
Sep 29 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24580]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24645]: Successful su for rubyman by root
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24645]: + ??? root:rubyman
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311730 of user rubyman.
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24645]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311730.
Sep 29 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Failed password for root from 162.144.236.216 port 55312 ssh2
Sep 29 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Connection closed by 162.144.236.216 port 55312 [preauth]
Sep 29 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session closed for user root
Sep 29 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24581]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for root from 162.144.236.216 port 33084 ssh2
Sep 29 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 162.144.236.216 port 33084 [preauth]
Sep 29 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Failed password for root from 162.144.236.216 port 39662 ssh2
Sep 29 01:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Connection closed by 162.144.236.216 port 39662 [preauth]
Sep 29 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Failed password for root from 162.144.236.216 port 44738 ssh2
Sep 29 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Connection closed by 162.144.236.216 port 44738 [preauth]
Sep 29 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23384]: pam_unix(cron:session): session closed for user root
Sep 29 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: Failed password for root from 162.144.236.216 port 52226 ssh2
Sep 29 01:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: Connection closed by 162.144.236.216 port 52226 [preauth]
Sep 29 01:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Failed password for root from 162.144.236.216 port 59118 ssh2
Sep 29 01:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Connection closed by 162.144.236.216 port 59118 [preauth]
Sep 29 01:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Failed password for root from 162.144.236.216 port 39116 ssh2
Sep 29 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Connection closed by 162.144.236.216 port 39116 [preauth]
Sep 29 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: Successful su for rubyman by root
Sep 29 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: + ??? root:rubyman
Sep 29 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311733 of user rubyman.
Sep 29 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25106]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311733.
Sep 29 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21589]: pam_unix(cron:session): session closed for user root
Sep 29 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: Failed password for root from 162.144.236.216 port 47492 ssh2
Sep 29 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25024]: Connection closed by 162.144.236.216 port 47492 [preauth]
Sep 29 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: Failed password for root from 162.144.236.216 port 53544 ssh2
Sep 29 01:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: Connection closed by 162.144.236.216 port 53544 [preauth]
Sep 29 01:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Failed password for root from 162.144.236.216 port 33740 ssh2
Sep 29 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Connection closed by 162.144.236.216 port 33740 [preauth]
Sep 29 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: Failed password for root from 162.144.236.216 port 40082 ssh2
Sep 29 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: Connection closed by 162.144.236.216 port 40082 [preauth]
Sep 29 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24084]: pam_unix(cron:session): session closed for user root
Sep 29 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Failed password for root from 162.144.236.216 port 46398 ssh2
Sep 29 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Connection closed by 162.144.236.216 port 46398 [preauth]
Sep 29 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Failed password for root from 162.144.236.216 port 52846 ssh2
Sep 29 01:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Connection closed by 162.144.236.216 port 52846 [preauth]
Sep 29 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: Failed password for root from 162.144.236.216 port 60084 ssh2
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25708]: Connection closed by 162.144.236.216 port 60084 [preauth]
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25736]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25738]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25738]: pam_unix(cron:session): session closed for user root
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25731]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25913]: Successful su for rubyman by root
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25913]: + ??? root:rubyman
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311737 of user rubyman.
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25913]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311737.
Sep 29 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25733]: pam_unix(cron:session): session closed for user root
Sep 29 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22051]: pam_unix(cron:session): session closed for user root
Sep 29 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Failed password for root from 162.144.236.216 port 38874 ssh2
Sep 29 01:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25732]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Connection closed by 162.144.236.216 port 38874 [preauth]
Sep 29 01:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Failed password for root from 162.144.236.216 port 46332 ssh2
Sep 29 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Connection closed by 162.144.236.216 port 46332 [preauth]
Sep 29 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Failed password for root from 162.144.236.216 port 53198 ssh2
Sep 29 01:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Connection closed by 162.144.236.216 port 53198 [preauth]
Sep 29 01:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session closed for user root
Sep 29 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Failed password for root from 162.144.236.216 port 59782 ssh2
Sep 29 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Connection closed by 162.144.236.216 port 59782 [preauth]
Sep 29 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: Failed password for root from 162.144.236.216 port 39246 ssh2
Sep 29 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: Connection closed by 162.144.236.216 port 39246 [preauth]
Sep 29 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: Failed password for root from 162.144.236.216 port 44894 ssh2
Sep 29 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: Connection closed by 162.144.236.216 port 44894 [preauth]
Sep 29 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Failed password for root from 162.144.236.216 port 50610 ssh2
Sep 29 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Connection closed by 162.144.236.216 port 50610 [preauth]
Sep 29 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: Successful su for rubyman by root
Sep 29 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: + ??? root:rubyman
Sep 29 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311742 of user rubyman.
Sep 29 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311742.
Sep 29 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session closed for user root
Sep 29 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Failed password for root from 162.144.236.216 port 58034 ssh2
Sep 29 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Connection closed by 162.144.236.216 port 58034 [preauth]
Sep 29 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Failed password for root from 162.144.236.216 port 37652 ssh2
Sep 29 01:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Connection closed by 162.144.236.216 port 37652 [preauth]
Sep 29 01:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: Failed password for root from 162.144.236.216 port 44632 ssh2
Sep 29 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: Connection closed by 162.144.236.216 port 44632 [preauth]
Sep 29 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session closed for user root
Sep 29 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Failed password for root from 162.144.236.216 port 51048 ssh2
Sep 29 01:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Connection closed by 162.144.236.216 port 51048 [preauth]
Sep 29 01:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Failed password for root from 162.144.236.216 port 58458 ssh2
Sep 29 01:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Connection closed by 162.144.236.216 port 58458 [preauth]
Sep 29 01:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Failed password for root from 162.144.236.216 port 36738 ssh2
Sep 29 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26967]: Connection closed by 162.144.236.216 port 36738 [preauth]
Sep 29 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session closed for user root
Sep 29 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27031]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: Successful su for rubyman by root
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: + ??? root:rubyman
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311749 of user rubyman.
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311749.
Sep 29 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: Failed password for root from 162.144.236.216 port 42906 ssh2
Sep 29 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27018]: Connection closed by 162.144.236.216 port 42906 [preauth]
Sep 29 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23382]: pam_unix(cron:session): session closed for user root
Sep 29 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27032]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: Failed password for root from 162.144.236.216 port 50654 ssh2
Sep 29 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: Connection closed by 162.144.236.216 port 50654 [preauth]
Sep 29 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Failed password for root from 162.144.236.216 port 57074 ssh2
Sep 29 01:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Connection closed by 162.144.236.216 port 57074 [preauth]
Sep 29 01:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Failed password for root from 162.144.236.216 port 34188 ssh2
Sep 29 01:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Connection closed by 162.144.236.216 port 34188 [preauth]
Sep 29 01:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Failed password for root from 162.144.236.216 port 41354 ssh2
Sep 29 01:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25736]: pam_unix(cron:session): session closed for user root
Sep 29 01:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27409]: Connection closed by 162.144.236.216 port 41354 [preauth]
Sep 29 01:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Failed password for root from 162.144.236.216 port 48606 ssh2
Sep 29 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Connection closed by 162.144.236.216 port 48606 [preauth]
Sep 29 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: Failed password for root from 162.144.236.216 port 55078 ssh2
Sep 29 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: Connection closed by 162.144.236.216 port 55078 [preauth]
Sep 29 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: Failed password for root from 162.144.236.216 port 60822 ssh2
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27685]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: Connection closed by 162.144.236.216 port 60822 [preauth]
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: Successful su for rubyman by root
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: + ??? root:rubyman
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311751 of user rubyman.
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27759]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311751.
Sep 29 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24083]: pam_unix(cron:session): session closed for user root
Sep 29 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27684]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Failed password for root from 162.144.236.216 port 39728 ssh2
Sep 29 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Connection closed by 162.144.236.216 port 39728 [preauth]
Sep 29 01:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Failed password for root from 162.144.236.216 port 46160 ssh2
Sep 29 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Connection closed by 162.144.236.216 port 46160 [preauth]
Sep 29 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Failed password for root from 162.144.236.216 port 52790 ssh2
Sep 29 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Connection closed by 162.144.236.216 port 52790 [preauth]
Sep 29 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28047]: Failed password for root from 162.144.236.216 port 60242 ssh2
Sep 29 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28047]: Connection closed by 162.144.236.216 port 60242 [preauth]
Sep 29 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26361]: pam_unix(cron:session): session closed for user root
Sep 29 01:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Failed password for root from 162.144.236.216 port 36792 ssh2
Sep 29 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Connection closed by 162.144.236.216 port 36792 [preauth]
Sep 29 01:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Failed password for root from 162.144.236.216 port 46078 ssh2
Sep 29 01:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Connection closed by 162.144.236.216 port 46078 [preauth]
Sep 29 01:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: Successful su for rubyman by root
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: + ??? root:rubyman
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311755 of user rubyman.
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311755.
Sep 29 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28141]: Failed password for root from 162.144.236.216 port 53808 ssh2
Sep 29 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28141]: Connection closed by 162.144.236.216 port 53808 [preauth]
Sep 29 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24582]: pam_unix(cron:session): session closed for user root
Sep 29 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: Failed password for root from 162.144.236.216 port 33132 ssh2
Sep 29 01:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28307]: Connection closed by 162.144.236.216 port 33132 [preauth]
Sep 29 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Failed password for root from 162.144.236.216 port 40240 ssh2
Sep 29 01:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28461]: Connection closed by 162.144.236.216 port 40240 [preauth]
Sep 29 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: Failed password for root from 162.144.236.216 port 46250 ssh2
Sep 29 01:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: Connection closed by 162.144.236.216 port 46250 [preauth]
Sep 29 01:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session closed for user root
Sep 29 01:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Failed password for root from 162.144.236.216 port 51986 ssh2
Sep 29 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Connection closed by 162.144.236.216 port 51986 [preauth]
Sep 29 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28668]: Failed password for root from 162.144.236.216 port 58800 ssh2
Sep 29 01:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28668]: Connection closed by 162.144.236.216 port 58800 [preauth]
Sep 29 01:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: Failed password for root from 162.144.236.216 port 38502 ssh2
Sep 29 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: Connection closed by 162.144.236.216 port 38502 [preauth]
Sep 29 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for root from 162.144.236.216 port 44498 ssh2
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Connection closed by 162.144.236.216 port 44498 [preauth]
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session closed for user root
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28823]: Successful su for rubyman by root
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28823]: + ??? root:rubyman
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311760 of user rubyman.
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28823]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311760.
Sep 29 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session closed for user root
Sep 29 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25039]: pam_unix(cron:session): session closed for user root
Sep 29 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Failed password for root from 162.144.236.216 port 51478 ssh2
Sep 29 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Connection closed by 162.144.236.216 port 51478 [preauth]
Sep 29 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28748]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Failed password for root from 162.144.236.216 port 56048 ssh2
Sep 29 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Connection closed by 162.144.236.216 port 56048 [preauth]
Sep 29 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Failed password for root from 162.144.236.216 port 34744 ssh2
Sep 29 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Connection closed by 162.144.236.216 port 34744 [preauth]
Sep 29 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for root from 162.144.236.216 port 41274 ssh2
Sep 29 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Connection closed by 162.144.236.216 port 41274 [preauth]
Sep 29 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session closed for user root
Sep 29 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: Failed password for root from 162.144.236.216 port 47190 ssh2
Sep 29 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: Connection closed by 162.144.236.216 port 47190 [preauth]
Sep 29 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Failed password for root from 162.144.236.216 port 53162 ssh2
Sep 29 01:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Connection closed by 162.144.236.216 port 53162 [preauth]
Sep 29 01:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for root from 162.144.236.216 port 34726 ssh2
Sep 29 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Connection closed by 162.144.236.216 port 34726 [preauth]
Sep 29 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: Successful su for rubyman by root
Sep 29 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: + ??? root:rubyman
Sep 29 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311767 of user rubyman.
Sep 29 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29446]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311767.
Sep 29 01:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25734]: pam_unix(cron:session): session closed for user root
Sep 29 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29367]: Failed password for root from 162.144.236.216 port 41060 ssh2
Sep 29 01:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29367]: Connection closed by 162.144.236.216 port 41060 [preauth]
Sep 29 01:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29372]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for root from 162.144.236.216 port 47810 ssh2
Sep 29 01:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Connection closed by 162.144.236.216 port 47810 [preauth]
Sep 29 01:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Failed password for root from 162.144.236.216 port 54598 ssh2
Sep 29 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29701]: Connection closed by 162.144.236.216 port 54598 [preauth]
Sep 29 01:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Failed password for root from 162.144.236.216 port 60770 ssh2
Sep 29 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Connection closed by 162.144.236.216 port 60770 [preauth]
Sep 29 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28161]: pam_unix(cron:session): session closed for user root
Sep 29 01:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Failed password for root from 162.144.236.216 port 39012 ssh2
Sep 29 01:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Connection closed by 162.144.236.216 port 39012 [preauth]
Sep 29 01:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Failed password for root from 162.144.236.216 port 46864 ssh2
Sep 29 01:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: Connection closed by 162.144.236.216 port 46864 [preauth]
Sep 29 01:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for root from 162.144.236.216 port 53142 ssh2
Sep 29 01:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Connection closed by 162.144.236.216 port 53142 [preauth]
Sep 29 01:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29853]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: Successful su for rubyman by root
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: + ??? root:rubyman
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311769 of user rubyman.
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29935]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311769.
Sep 29 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Failed password for root from 162.144.236.216 port 60288 ssh2
Sep 29 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session closed for user root
Sep 29 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Connection closed by 162.144.236.216 port 60288 [preauth]
Sep 29 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Failed password for root from 162.144.236.216 port 37506 ssh2
Sep 29 01:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Connection closed by 162.144.236.216 port 37506 [preauth]
Sep 29 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for root from 162.144.236.216 port 43114 ssh2
Sep 29 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 162.144.236.216 port 43114 [preauth]
Sep 29 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: Failed password for root from 162.144.236.216 port 49660 ssh2
Sep 29 01:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30224]: Connection closed by 162.144.236.216 port 49660 [preauth]
Sep 29 01:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session closed for user root
Sep 29 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Failed password for root from 162.144.236.216 port 55848 ssh2
Sep 29 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Connection closed by 162.144.236.216 port 55848 [preauth]
Sep 29 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: Invalid user user2 from 190.103.202.7
Sep 29 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: input_userauth_request: invalid user user2 [preauth]
Sep 29 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 01:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Failed password for root from 162.144.236.216 port 34984 ssh2
Sep 29 01:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: Failed password for invalid user user2 from 190.103.202.7 port 35480 ssh2
Sep 29 01:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Connection closed by 162.144.236.216 port 34984 [preauth]
Sep 29 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30346]: Connection closed by 190.103.202.7 port 35480 [preauth]
Sep 29 01:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30357]: Failed password for root from 162.144.236.216 port 43576 ssh2
Sep 29 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30357]: Connection closed by 162.144.236.216 port 43576 [preauth]
Sep 29 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30474]: Successful su for rubyman by root
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30474]: + ??? root:rubyman
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311774 of user rubyman.
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30474]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311774.
Sep 29 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Failed password for root from 162.144.236.216 port 48872 ssh2
Sep 29 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Connection closed by 162.144.236.216 port 48872 [preauth]
Sep 29 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session closed for user root
Sep 29 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Failed password for root from 162.144.236.216 port 56486 ssh2
Sep 29 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Connection closed by 162.144.236.216 port 56486 [preauth]
Sep 29 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Failed password for root from 162.144.236.216 port 34698 ssh2
Sep 29 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Connection closed by 162.144.236.216 port 34698 [preauth]
Sep 29 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: Failed password for root from 162.144.236.216 port 41774 ssh2
Sep 29 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: Connection closed by 162.144.236.216 port 41774 [preauth]
Sep 29 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session closed for user root
Sep 29 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Failed password for root from 162.144.236.216 port 47556 ssh2
Sep 29 01:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Connection closed by 162.144.236.216 port 47556 [preauth]
Sep 29 01:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Failed password for root from 162.144.236.216 port 53918 ssh2
Sep 29 01:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Connection closed by 162.144.236.216 port 53918 [preauth]
Sep 29 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Failed password for root from 162.144.236.216 port 32878 ssh2
Sep 29 01:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Connection closed by 162.144.236.216 port 32878 [preauth]
Sep 29 01:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Failed password for root from 162.144.236.216 port 40654 ssh2
Sep 29 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30939]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Connection closed by 162.144.236.216 port 40654 [preauth]
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: Successful su for rubyman by root
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: + ??? root:rubyman
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311777 of user rubyman.
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311777.
Sep 29 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27685]: pam_unix(cron:session): session closed for user root
Sep 29 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: Failed password for root from 162.144.236.216 port 45290 ssh2
Sep 29 01:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31041]: Connection closed by 162.144.236.216 port 45290 [preauth]
Sep 29 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 29 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Failed password for root from 162.144.236.216 port 50504 ssh2
Sep 29 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Connection closed by 162.144.236.216 port 50504 [preauth]
Sep 29 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for root from 213.209.157.9 port 9714 ssh2
Sep 29 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Connection closed by 213.209.157.9 port 9714 [preauth]
Sep 29 01:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Failed password for root from 162.144.236.216 port 55962 ssh2
Sep 29 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Connection closed by 162.144.236.216 port 55962 [preauth]
Sep 29 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: Failed password for root from 162.144.236.216 port 34420 ssh2
Sep 29 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: Connection closed by 162.144.236.216 port 34420 [preauth]
Sep 29 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session closed for user root
Sep 29 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Failed password for root from 162.144.236.216 port 41010 ssh2
Sep 29 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Connection closed by 162.144.236.216 port 41010 [preauth]
Sep 29 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Failed password for root from 162.144.236.216 port 48224 ssh2
Sep 29 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31344]: Connection closed by 162.144.236.216 port 48224 [preauth]
Sep 29 01:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: Failed password for root from 162.144.236.216 port 55566 ssh2
Sep 29 01:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31378]: Connection closed by 162.144.236.216 port 55566 [preauth]
Sep 29 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31406]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31408]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31408]: pam_unix(cron:session): session closed for user root
Sep 29 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31402]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31523]: Successful su for rubyman by root
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31523]: + ??? root:rubyman
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311781 of user rubyman.
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31523]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311781.
Sep 29 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Failed password for root from 162.144.236.216 port 33230 ssh2
Sep 29 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Connection closed by 162.144.236.216 port 33230 [preauth]
Sep 29 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28160]: pam_unix(cron:session): session closed for user root
Sep 29 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31405]: pam_unix(cron:session): session closed for user root
Sep 29 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31404]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Failed password for root from 162.144.236.216 port 40018 ssh2
Sep 29 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Connection closed by 162.144.236.216 port 40018 [preauth]
Sep 29 01:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for root from 162.144.236.216 port 46968 ssh2
Sep 29 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Connection closed by 162.144.236.216 port 46968 [preauth]
Sep 29 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31805]: Failed password for root from 162.144.236.216 port 53138 ssh2
Sep 29 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31805]: Connection closed by 162.144.236.216 port 53138 [preauth]
Sep 29 01:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session closed for user root
Sep 29 01:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Failed password for root from 162.144.236.216 port 59428 ssh2
Sep 29 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Connection closed by 162.144.236.216 port 59428 [preauth]
Sep 29 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Failed password for root from 162.144.236.216 port 37666 ssh2
Sep 29 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Connection closed by 162.144.236.216 port 37666 [preauth]
Sep 29 01:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31908]: Failed password for root from 162.144.236.216 port 46414 ssh2
Sep 29 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31908]: Connection closed by 162.144.236.216 port 46414 [preauth]
Sep 29 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31938]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32014]: Successful su for rubyman by root
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32014]: + ??? root:rubyman
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311788 of user rubyman.
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32014]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311788.
Sep 29 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Failed password for root from 162.144.236.216 port 52966 ssh2
Sep 29 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Connection closed by 162.144.236.216 port 52966 [preauth]
Sep 29 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session closed for user root
Sep 29 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: Failed password for root from 162.144.236.216 port 59092 ssh2
Sep 29 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32197]: Connection closed by 162.144.236.216 port 59092 [preauth]
Sep 29 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Failed password for root from 162.144.236.216 port 37360 ssh2
Sep 29 01:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Connection closed by 162.144.236.216 port 37360 [preauth]
Sep 29 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: Failed password for root from 162.144.236.216 port 44070 ssh2
Sep 29 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: Connection closed by 162.144.236.216 port 44070 [preauth]
Sep 29 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Failed password for root from 162.144.236.216 port 48790 ssh2
Sep 29 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session closed for user root
Sep 29 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Connection closed by 162.144.236.216 port 48790 [preauth]
Sep 29 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for root from 162.144.236.216 port 54364 ssh2
Sep 29 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Connection closed by 162.144.236.216 port 54364 [preauth]
Sep 29 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32358]: Failed password for root from 162.144.236.216 port 60382 ssh2
Sep 29 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32358]: Connection closed by 162.144.236.216 port 60382 [preauth]
Sep 29 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Invalid user ts3server from 81.45.181.135
Sep 29 01:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: input_userauth_request: invalid user ts3server [preauth]
Sep 29 01:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Failed password for invalid user ts3server from 81.45.181.135 port 38490 ssh2
Sep 29 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Received disconnect from 81.45.181.135 port 38490:11: Bye Bye [preauth]
Sep 29 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32383]: Disconnected from 81.45.181.135 port 38490 [preauth]
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32397]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: Successful su for rubyman by root
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: + ??? root:rubyman
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311793 of user rubyman.
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311793.
Sep 29 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Failed password for root from 162.144.236.216 port 40474 ssh2
Sep 29 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Connection closed by 162.144.236.216 port 40474 [preauth]
Sep 29 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session closed for user root
Sep 29 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Failed password for root from 162.144.236.216 port 46646 ssh2
Sep 29 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Connection closed by 162.144.236.216 port 46646 [preauth]
Sep 29 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: Failed password for root from 162.144.236.216 port 54856 ssh2
Sep 29 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: Connection closed by 162.144.236.216 port 54856 [preauth]
Sep 29 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Failed password for root from 162.144.236.216 port 33412 ssh2
Sep 29 01:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Connection closed by 162.144.236.216 port 33412 [preauth]
Sep 29 01:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31407]: pam_unix(cron:session): session closed for user root
Sep 29 01:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Failed password for root from 162.144.236.216 port 40558 ssh2
Sep 29 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Connection closed by 162.144.236.216 port 40558 [preauth]
Sep 29 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Failed password for root from 162.144.236.216 port 47194 ssh2
Sep 29 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[322]: Connection closed by 162.144.236.216 port 47194 [preauth]
Sep 29 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[355]: Failed password for root from 162.144.236.216 port 54948 ssh2
Sep 29 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[355]: Connection closed by 162.144.236.216 port 54948 [preauth]
Sep 29 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[381]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[461]: Successful su for rubyman by root
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[461]: + ??? root:rubyman
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311796 of user rubyman.
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[461]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311796.
Sep 29 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user root
Sep 29 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[367]: Failed password for root from 162.144.236.216 port 33626 ssh2
Sep 29 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[367]: Connection closed by 162.144.236.216 port 33626 [preauth]
Sep 29 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: Failed password for root from 162.144.236.216 port 41394 ssh2
Sep 29 01:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: Connection closed by 162.144.236.216 port 41394 [preauth]
Sep 29 01:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for root from 162.144.236.216 port 47482 ssh2
Sep 29 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Connection closed by 162.144.236.216 port 47482 [preauth]
Sep 29 01:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Failed password for root from 162.144.236.216 port 53680 ssh2
Sep 29 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Connection closed by 162.144.236.216 port 53680 [preauth]
Sep 29 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session closed for user root
Sep 29 01:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Failed password for root from 162.144.236.216 port 59974 ssh2
Sep 29 01:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Connection closed by 162.144.236.216 port 59974 [preauth]
Sep 29 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for root from 162.144.236.216 port 37576 ssh2
Sep 29 01:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Connection closed by 162.144.236.216 port 37576 [preauth]
Sep 29 01:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Failed password for root from 162.144.236.216 port 45352 ssh2
Sep 29 01:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[824]: Connection closed by 162.144.236.216 port 45352 [preauth]
Sep 29 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Failed password for root from 162.144.236.216 port 49926 ssh2
Sep 29 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Connection closed by 162.144.236.216 port 49926 [preauth]
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: Successful su for rubyman by root
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: + ??? root:rubyman
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311799 of user rubyman.
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311799.
Sep 29 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session closed for user root
Sep 29 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[983]: Failed password for root from 162.144.236.216 port 54762 ssh2
Sep 29 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[983]: Connection closed by 162.144.236.216 port 54762 [preauth]
Sep 29 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for root from 162.144.236.216 port 33236 ssh2
Sep 29 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Connection closed by 162.144.236.216 port 33236 [preauth]
Sep 29 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Failed password for root from 162.144.236.216 port 39650 ssh2
Sep 29 01:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Connection closed by 162.144.236.216 port 39650 [preauth]
Sep 29 01:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Failed password for root from 162.144.236.216 port 45308 ssh2
Sep 29 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Connection closed by 162.144.236.216 port 45308 [preauth]
Sep 29 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session closed for user root
Sep 29 01:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Failed password for root from 162.144.236.216 port 50834 ssh2
Sep 29 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Connection closed by 162.144.236.216 port 50834 [preauth]
Sep 29 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: Failed password for root from 162.144.236.216 port 56596 ssh2
Sep 29 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: Connection closed by 162.144.236.216 port 56596 [preauth]
Sep 29 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for root from 162.144.236.216 port 33628 ssh2
Sep 29 01:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Connection closed by 162.144.236.216 port 33628 [preauth]
Sep 29 01:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for root from 162.144.236.216 port 40462 ssh2
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1414]: pam_unix(cron:session): session closed for user root
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1508]: Successful su for rubyman by root
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1508]: + ??? root:rubyman
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311806 of user rubyman.
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1508]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311806.
Sep 29 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Connection closed by 162.144.236.216 port 40462 [preauth]
Sep 29 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session closed for user root
Sep 29 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session closed for user root
Sep 29 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Failed password for root from 162.144.236.216 port 46426 ssh2
Sep 29 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Connection closed by 162.144.236.216 port 46426 [preauth]
Sep 29 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: Failed password for root from 162.144.236.216 port 51598 ssh2
Sep 29 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1752]: Connection closed by 162.144.236.216 port 51598 [preauth]
Sep 29 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Failed password for root from 162.144.236.216 port 58468 ssh2
Sep 29 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1786]: Connection closed by 162.144.236.216 port 58468 [preauth]
Sep 29 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Failed password for root from 162.144.236.216 port 35312 ssh2
Sep 29 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Connection closed by 162.144.236.216 port 35312 [preauth]
Sep 29 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session closed for user root
Sep 29 01:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Failed password for root from 162.144.236.216 port 40410 ssh2
Sep 29 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Connection closed by 162.144.236.216 port 40410 [preauth]
Sep 29 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Failed password for root from 162.144.236.216 port 46454 ssh2
Sep 29 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1867]: Connection closed by 162.144.236.216 port 46454 [preauth]
Sep 29 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1893]: Failed password for root from 162.144.236.216 port 53346 ssh2
Sep 29 01:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1893]: Connection closed by 162.144.236.216 port 53346 [preauth]
Sep 29 01:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Failed password for root from 81.45.181.135 port 37658 ssh2
Sep 29 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Received disconnect from 81.45.181.135 port 37658:11: Bye Bye [preauth]
Sep 29 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Disconnected from 81.45.181.135 port 37658 [preauth]
Sep 29 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1919]: Failed password for root from 162.144.236.216 port 58582 ssh2
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1919]: Connection closed by 162.144.236.216 port 58582 [preauth]
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1938]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1935]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: Successful su for rubyman by root
Sep 29 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: + ??? root:rubyman
Sep 29 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311811 of user rubyman.
Sep 29 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311811.
Sep 29 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Failed password for root from 162.144.236.216 port 35194 ssh2
Sep 29 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31406]: pam_unix(cron:session): session closed for user root
Sep 29 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1933]: Connection closed by 162.144.236.216 port 35194 [preauth]
Sep 29 01:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1936]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: Received disconnect from 91.224.92.32 port 49560:11:  [preauth]
Sep 29 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: Disconnected from 91.224.92.32 port 49560 [preauth]
Sep 29 01:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Failed password for root from 162.144.236.216 port 41490 ssh2
Sep 29 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Connection closed by 162.144.236.216 port 41490 [preauth]
Sep 29 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Failed password for root from 162.144.236.216 port 51096 ssh2
Sep 29 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Connection closed by 162.144.236.216 port 51096 [preauth]
Sep 29 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session closed for user root
Sep 29 01:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for root from 162.144.236.216 port 57014 ssh2
Sep 29 01:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 162.144.236.216 port 57014 [preauth]
Sep 29 01:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2321]: Failed password for root from 162.144.236.216 port 36066 ssh2
Sep 29 01:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2321]: Connection closed by 162.144.236.216 port 36066 [preauth]
Sep 29 01:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Failed password for root from 162.144.236.216 port 41926 ssh2
Sep 29 01:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Connection closed by 162.144.236.216 port 41926 [preauth]
Sep 29 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: Failed password for root from 81.45.181.135 port 32880 ssh2
Sep 29 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: Received disconnect from 81.45.181.135 port 32880:11: Bye Bye [preauth]
Sep 29 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2374]: Disconnected from 81.45.181.135 port 32880 [preauth]
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2390]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Failed password for root from 162.144.236.216 port 50902 ssh2
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2463]: Successful su for rubyman by root
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2463]: + ??? root:rubyman
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311815 of user rubyman.
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2463]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311815.
Sep 29 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Connection closed by 162.144.236.216 port 50902 [preauth]
Sep 29 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session closed for user root
Sep 29 01:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2388]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Failed password for root from 162.144.236.216 port 56876 ssh2
Sep 29 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Connection closed by 162.144.236.216 port 56876 [preauth]
Sep 29 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: Failed password for root from 162.144.236.216 port 35148 ssh2
Sep 29 01:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: Connection closed by 162.144.236.216 port 35148 [preauth]
Sep 29 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for root from 162.144.236.216 port 39990 ssh2
Sep 29 01:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Connection closed by 162.144.236.216 port 39990 [preauth]
Sep 29 01:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session closed for user root
Sep 29 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Failed password for root from 162.144.236.216 port 48812 ssh2
Sep 29 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Connection closed by 162.144.236.216 port 48812 [preauth]
Sep 29 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for root from 162.144.236.216 port 57088 ssh2
Sep 29 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Connection closed by 162.144.236.216 port 57088 [preauth]
Sep 29 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Failed password for root from 162.144.236.216 port 36362 ssh2
Sep 29 01:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Connection closed by 162.144.236.216 port 36362 [preauth]
Sep 29 01:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Invalid user asad from 81.45.181.135
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: input_userauth_request: invalid user asad [preauth]
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2838]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: Successful su for rubyman by root
Sep 29 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: + ??? root:rubyman
Sep 29 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311818 of user rubyman.
Sep 29 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311818.
Sep 29 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for invalid user asad from 81.45.181.135 port 56352 ssh2
Sep 29 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Received disconnect from 81.45.181.135 port 56352:11: Bye Bye [preauth]
Sep 29 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Disconnected from 81.45.181.135 port 56352 [preauth]
Sep 29 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: Failed password for root from 162.144.236.216 port 43292 ssh2
Sep 29 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: Connection closed by 162.144.236.216 port 43292 [preauth]
Sep 29 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32397]: pam_unix(cron:session): session closed for user root
Sep 29 01:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Failed password for root from 162.144.236.216 port 49810 ssh2
Sep 29 01:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Connection closed by 162.144.236.216 port 49810 [preauth]
Sep 29 01:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for root from 162.144.236.216 port 58194 ssh2
Sep 29 01:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Connection closed by 162.144.236.216 port 58194 [preauth]
Sep 29 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for root from 162.144.236.216 port 37890 ssh2
Sep 29 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Connection closed by 162.144.236.216 port 37890 [preauth]
Sep 29 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1940]: pam_unix(cron:session): session closed for user root
Sep 29 01:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Failed password for root from 162.144.236.216 port 43824 ssh2
Sep 29 01:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Connection closed by 162.144.236.216 port 43824 [preauth]
Sep 29 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: Failed password for root from 162.144.236.216 port 49998 ssh2
Sep 29 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: Connection closed by 162.144.236.216 port 49998 [preauth]
Sep 29 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Failed password for root from 162.144.236.216 port 58622 ssh2
Sep 29 01:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Connection closed by 162.144.236.216 port 58622 [preauth]
Sep 29 01:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Invalid user hm from 81.45.181.135
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: input_userauth_request: invalid user hm [preauth]
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3349]: Successful su for rubyman by root
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3349]: + ??? root:rubyman
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311821 of user rubyman.
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3349]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311821.
Sep 29 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Failed password for invalid user hm from 81.45.181.135 port 51578 ssh2
Sep 29 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Received disconnect from 81.45.181.135 port 51578:11: Bye Bye [preauth]
Sep 29 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Disconnected from 81.45.181.135 port 51578 [preauth]
Sep 29 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=avanazzz@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[381]: pam_unix(cron:session): session closed for user root
Sep 29 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 01:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=avanazzz rhost=::ffff:45.142.193.185
Sep 29 01:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Failed password for root from 162.144.236.216 port 37908 ssh2
Sep 29 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Connection closed by 162.144.236.216 port 37908 [preauth]
Sep 29 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Failed password for root from 162.144.236.216 port 45164 ssh2
Sep 29 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Connection closed by 162.144.236.216 port 45164 [preauth]
Sep 29 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Failed password for root from 162.144.236.216 port 51328 ssh2
Sep 29 01:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Connection closed by 162.144.236.216 port 51328 [preauth]
Sep 29 01:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Failed password for root from 162.144.236.216 port 57396 ssh2
Sep 29 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Connection closed by 162.144.236.216 port 57396 [preauth]
Sep 29 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2390]: pam_unix(cron:session): session closed for user root
Sep 29 01:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Failed password for root from 162.144.236.216 port 36730 ssh2
Sep 29 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Connection closed by 162.144.236.216 port 36730 [preauth]
Sep 29 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Invalid user chizhuowang from 20.163.71.109
Sep 29 01:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: input_userauth_request: invalid user chizhuowang [preauth]
Sep 29 01:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Failed password for invalid user chizhuowang from 20.163.71.109 port 36188 ssh2
Sep 29 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Connection closed by 20.163.71.109 port 36188 [preauth]
Sep 29 01:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Failed password for root from 162.144.236.216 port 44084 ssh2
Sep 29 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Connection closed by 162.144.236.216 port 44084 [preauth]
Sep 29 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Failed password for root from 162.144.236.216 port 51410 ssh2
Sep 29 01:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3705]: Connection closed by 162.144.236.216 port 51410 [preauth]
Sep 29 01:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Invalid user boss from 81.45.181.135
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: input_userauth_request: invalid user boss [preauth]
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session closed for user root
Sep 29 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: Successful su for rubyman by root
Sep 29 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: + ??? root:rubyman
Sep 29 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311827 of user rubyman.
Sep 29 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311827.
Sep 29 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Failed password for invalid user boss from 81.45.181.135 port 46804 ssh2
Sep 29 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Received disconnect from 81.45.181.135 port 46804:11: Bye Bye [preauth]
Sep 29 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Disconnected from 81.45.181.135 port 46804 [preauth]
Sep 29 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session closed for user root
Sep 29 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user root
Sep 29 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Failed password for root from 162.144.236.216 port 59180 ssh2
Sep 29 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Connection closed by 162.144.236.216 port 59180 [preauth]
Sep 29 01:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Failed password for root from 162.144.236.216 port 37168 ssh2
Sep 29 01:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Connection closed by 162.144.236.216 port 37168 [preauth]
Sep 29 01:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Failed password for root from 162.144.236.216 port 43198 ssh2
Sep 29 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4084]: Connection closed by 162.144.236.216 port 43198 [preauth]
Sep 29 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 29 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session closed for user root
Sep 29 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Failed password for root from 162.144.236.216 port 49986 ssh2
Sep 29 01:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Failed password for root from 46.101.170.54 port 37178 ssh2
Sep 29 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Connection closed by 46.101.170.54 port 37178 [preauth]
Sep 29 01:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Connection closed by 162.144.236.216 port 49986 [preauth]
Sep 29 01:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Failed password for root from 162.144.236.216 port 59268 ssh2
Sep 29 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Connection closed by 162.144.236.216 port 59268 [preauth]
Sep 29 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for root from 162.144.236.216 port 38074 ssh2
Sep 29 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Connection closed by 162.144.236.216 port 38074 [preauth]
Sep 29 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Failed password for root from 162.144.236.216 port 44816 ssh2
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: Invalid user test from 81.45.181.135
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: input_userauth_request: invalid user test [preauth]
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Connection closed by 162.144.236.216 port 44816 [preauth]
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4243]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4317]: Successful su for rubyman by root
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4317]: + ??? root:rubyman
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311831 of user rubyman.
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4317]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311831.
Sep 29 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: Failed password for invalid user test from 81.45.181.135 port 42032 ssh2
Sep 29 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: Received disconnect from 81.45.181.135 port 42032:11: Bye Bye [preauth]
Sep 29 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4239]: Disconnected from 81.45.181.135 port 42032 [preauth]
Sep 29 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session closed for user root
Sep 29 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4244]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Failed password for root from 162.144.236.216 port 50702 ssh2
Sep 29 01:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Connection closed by 162.144.236.216 port 50702 [preauth]
Sep 29 01:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Failed password for root from 162.144.236.216 port 58052 ssh2
Sep 29 01:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Connection closed by 162.144.236.216 port 58052 [preauth]
Sep 29 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Failed password for root from 162.144.236.216 port 35924 ssh2
Sep 29 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Connection closed by 162.144.236.216 port 35924 [preauth]
Sep 29 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for root from 162.144.236.216 port 42016 ssh2
Sep 29 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 162.144.236.216 port 42016 [preauth]
Sep 29 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session closed for user root
Sep 29 01:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Failed password for root from 162.144.236.216 port 48654 ssh2
Sep 29 01:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4609]: Connection closed by 162.144.236.216 port 48654 [preauth]
Sep 29 01:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Failed password for root from 162.144.236.216 port 54994 ssh2
Sep 29 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Connection closed by 162.144.236.216 port 54994 [preauth]
Sep 29 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for root from 162.144.236.216 port 60616 ssh2
Sep 29 01:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Connection closed by 162.144.236.216 port 60616 [preauth]
Sep 29 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Invalid user sales from 81.45.181.135
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: input_userauth_request: invalid user sales [preauth]
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: Successful su for rubyman by root
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: + ??? root:rubyman
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Failed password for root from 162.144.236.216 port 37824 ssh2
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311835 of user rubyman.
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4767]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311835.
Sep 29 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Connection closed by 162.144.236.216 port 37824 [preauth]
Sep 29 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Failed password for invalid user sales from 81.45.181.135 port 37260 ssh2
Sep 29 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Received disconnect from 81.45.181.135 port 37260:11: Bye Bye [preauth]
Sep 29 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Disconnected from 81.45.181.135 port 37260 [preauth]
Sep 29 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1938]: pam_unix(cron:session): session closed for user root
Sep 29 01:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Failed password for root from 162.144.236.216 port 44284 ssh2
Sep 29 01:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Connection closed by 162.144.236.216 port 44284 [preauth]
Sep 29 01:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Failed password for root from 162.144.236.216 port 50658 ssh2
Sep 29 01:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Connection closed by 162.144.236.216 port 50658 [preauth]
Sep 29 01:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Failed password for root from 162.144.236.216 port 56724 ssh2
Sep 29 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5010]: Connection closed by 162.144.236.216 port 56724 [preauth]
Sep 29 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user root
Sep 29 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for root from 162.144.236.216 port 36190 ssh2
Sep 29 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 162.144.236.216 port 36190 [preauth]
Sep 29 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: Failed password for root from 162.144.236.216 port 42790 ssh2
Sep 29 01:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: Connection closed by 162.144.236.216 port 42790 [preauth]
Sep 29 01:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: Failed password for root from 162.144.236.216 port 48724 ssh2
Sep 29 01:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5129]: Connection closed by 162.144.236.216 port 48724 [preauth]
Sep 29 01:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Failed password for root from 162.144.236.216 port 55084 ssh2
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Connection closed by 162.144.236.216 port 55084 [preauth]
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5163]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5160]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: Successful su for rubyman by root
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: + ??? root:rubyman
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311841 of user rubyman.
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5227]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311841.
Sep 29 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session closed for user root
Sep 29 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: Failed password for root from 81.45.181.135 port 60720 ssh2
Sep 29 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: Received disconnect from 81.45.181.135 port 60720:11: Bye Bye [preauth]
Sep 29 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: Disconnected from 81.45.181.135 port 60720 [preauth]
Sep 29 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: Failed password for root from 162.144.236.216 port 60760 ssh2
Sep 29 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: Connection closed by 162.144.236.216 port 60760 [preauth]
Sep 29 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5161]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Failed password for root from 162.144.236.216 port 38886 ssh2
Sep 29 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 162.144.236.216 port 38886 [preauth]
Sep 29 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Failed password for root from 162.144.236.216 port 45070 ssh2
Sep 29 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5562]: Connection closed by 162.144.236.216 port 45070 [preauth]
Sep 29 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 162.144.236.216 port 49994 ssh2
Sep 29 01:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Connection closed by 162.144.236.216 port 49994 [preauth]
Sep 29 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4246]: pam_unix(cron:session): session closed for user root
Sep 29 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for root from 162.144.236.216 port 55694 ssh2
Sep 29 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Connection closed by 162.144.236.216 port 55694 [preauth]
Sep 29 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Failed password for root from 162.144.236.216 port 33844 ssh2
Sep 29 01:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5646]: Connection closed by 162.144.236.216 port 33844 [preauth]
Sep 29 01:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5668]: Failed password for root from 162.144.236.216 port 40512 ssh2
Sep 29 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5668]: Connection closed by 162.144.236.216 port 40512 [preauth]
Sep 29 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 162.144.236.216 port 45954 ssh2
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Connection closed by 162.144.236.216 port 45954 [preauth]
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: Successful su for rubyman by root
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: + ??? root:rubyman
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311844 of user rubyman.
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5871]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311844.
Sep 29 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Invalid user didi from 81.45.181.135
Sep 29 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: input_userauth_request: invalid user didi [preauth]
Sep 29 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session closed for user root
Sep 29 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for invalid user didi from 81.45.181.135 port 55950 ssh2
Sep 29 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Received disconnect from 81.45.181.135 port 55950:11: Bye Bye [preauth]
Sep 29 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Disconnected from 81.45.181.135 port 55950 [preauth]
Sep 29 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session closed for user root
Sep 29 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: Failed password for root from 162.144.236.216 port 53090 ssh2
Sep 29 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5706]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5854]: Connection closed by 162.144.236.216 port 53090 [preauth]
Sep 29 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: Failed password for root from 162.144.236.216 port 59546 ssh2
Sep 29 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: Connection closed by 162.144.236.216 port 59546 [preauth]
Sep 29 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: Failed password for root from 162.144.236.216 port 36124 ssh2
Sep 29 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: Connection closed by 162.144.236.216 port 36124 [preauth]
Sep 29 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session closed for user root
Sep 29 01:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Failed password for root from 162.144.236.216 port 43760 ssh2
Sep 29 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Connection closed by 162.144.236.216 port 43760 [preauth]
Sep 29 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: Failed password for root from 162.144.236.216 port 53350 ssh2
Sep 29 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6208]: Connection closed by 162.144.236.216 port 53350 [preauth]
Sep 29 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Failed password for root from 162.144.236.216 port 33046 ssh2
Sep 29 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Connection closed by 162.144.236.216 port 33046 [preauth]
Sep 29 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Failed password for root from 81.45.181.135 port 51182 ssh2
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Received disconnect from 81.45.181.135 port 51182:11: Bye Bye [preauth]
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Disconnected from 81.45.181.135 port 51182 [preauth]
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for root from 162.144.236.216 port 39850 ssh2
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user root
Sep 29 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: Successful su for rubyman by root
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: + ??? root:rubyman
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311850 of user rubyman.
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311850.
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 162.144.236.216 port 39850 [preauth]
Sep 29 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session closed for user root
Sep 29 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session closed for user root
Sep 29 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Failed password for root from 162.144.236.216 port 46670 ssh2
Sep 29 01:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 162.144.236.216 port 46670 [preauth]
Sep 29 01:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Failed password for root from 162.144.236.216 port 54372 ssh2
Sep 29 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Connection closed by 162.144.236.216 port 54372 [preauth]
Sep 29 01:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Failed password for root from 162.144.236.216 port 33026 ssh2
Sep 29 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Connection closed by 162.144.236.216 port 33026 [preauth]
Sep 29 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5163]: pam_unix(cron:session): session closed for user root
Sep 29 01:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Failed password for root from 162.144.236.216 port 41084 ssh2
Sep 29 01:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Connection closed by 162.144.236.216 port 41084 [preauth]
Sep 29 01:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Failed password for root from 162.144.236.216 port 47782 ssh2
Sep 29 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Connection closed by 162.144.236.216 port 47782 [preauth]
Sep 29 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Failed password for root from 162.144.236.216 port 54314 ssh2
Sep 29 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Connection closed by 162.144.236.216 port 54314 [preauth]
Sep 29 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Failed password for root from 81.45.181.135 port 46410 ssh2
Sep 29 01:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Received disconnect from 81.45.181.135 port 46410:11: Bye Bye [preauth]
Sep 29 01:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Disconnected from 81.45.181.135 port 46410 [preauth]
Sep 29 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6851]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Failed password for root from 162.144.236.216 port 60982 ssh2
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6932]: Successful su for rubyman by root
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6932]: + ??? root:rubyman
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311854 of user rubyman.
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6932]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311854.
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Connection closed by 162.144.236.216 port 60982 [preauth]
Sep 29 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session closed for user root
Sep 29 01:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: Failed password for root from 162.144.236.216 port 38614 ssh2
Sep 29 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: Connection closed by 162.144.236.216 port 38614 [preauth]
Sep 29 01:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Invalid user sammy from 8.219.10.188
Sep 29 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: input_userauth_request: invalid user sammy [preauth]
Sep 29 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.219.10.188
Sep 29 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Failed password for invalid user sammy from 8.219.10.188 port 60992 ssh2
Sep 29 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Received disconnect from 8.219.10.188 port 60992:11: Bye Bye [preauth]
Sep 29 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Disconnected from 8.219.10.188 port 60992 [preauth]
Sep 29 01:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Failed password for root from 162.144.236.216 port 45210 ssh2
Sep 29 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Connection closed by 162.144.236.216 port 45210 [preauth]
Sep 29 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Failed password for root from 162.144.236.216 port 52314 ssh2
Sep 29 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7267]: Connection closed by 162.144.236.216 port 52314 [preauth]
Sep 29 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session closed for user root
Sep 29 01:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Failed password for root from 162.144.236.216 port 59714 ssh2
Sep 29 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Connection closed by 162.144.236.216 port 59714 [preauth]
Sep 29 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for root from 162.144.236.216 port 38266 ssh2
Sep 29 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Connection closed by 162.144.236.216 port 38266 [preauth]
Sep 29 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: Failed password for root from 162.144.236.216 port 44036 ssh2
Sep 29 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: Connection closed by 162.144.236.216 port 44036 [preauth]
Sep 29 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for root from 81.45.181.135 port 41638 ssh2
Sep 29 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Received disconnect from 81.45.181.135 port 41638:11: Bye Bye [preauth]
Sep 29 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Disconnected from 81.45.181.135 port 41638 [preauth]
Sep 29 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Failed password for root from 162.144.236.216 port 50038 ssh2
Sep 29 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Connection closed by 162.144.236.216 port 50038 [preauth]
Sep 29 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7427]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: Successful su for rubyman by root
Sep 29 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: + ??? root:rubyman
Sep 29 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311859 of user rubyman.
Sep 29 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311859.
Sep 29 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4245]: pam_unix(cron:session): session closed for user root
Sep 29 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 162.144.236.216 port 56424 ssh2
Sep 29 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Connection closed by 162.144.236.216 port 56424 [preauth]
Sep 29 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: Failed password for root from 162.144.236.216 port 34850 ssh2
Sep 29 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: Connection closed by 162.144.236.216 port 34850 [preauth]
Sep 29 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Failed password for root from 162.144.236.216 port 39990 ssh2
Sep 29 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Connection closed by 162.144.236.216 port 39990 [preauth]
Sep 29 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: Failed password for root from 162.144.236.216 port 47234 ssh2
Sep 29 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: Connection closed by 162.144.236.216 port 47234 [preauth]
Sep 29 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user root
Sep 29 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for root from 162.144.236.216 port 53842 ssh2
Sep 29 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Connection closed by 162.144.236.216 port 53842 [preauth]
Sep 29 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Failed password for root from 162.144.236.216 port 34190 ssh2
Sep 29 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Connection closed by 162.144.236.216 port 34190 [preauth]
Sep 29 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Invalid user shashank from 81.45.181.135
Sep 29 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: input_userauth_request: invalid user shashank [preauth]
Sep 29 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Failed password for root from 162.144.236.216 port 41860 ssh2
Sep 29 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Failed password for invalid user shashank from 81.45.181.135 port 36864 ssh2
Sep 29 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Received disconnect from 81.45.181.135 port 36864:11: Bye Bye [preauth]
Sep 29 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Disconnected from 81.45.181.135 port 36864 [preauth]
Sep 29 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Connection closed by 162.144.236.216 port 41860 [preauth]
Sep 29 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7901]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7970]: Successful su for rubyman by root
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7970]: + ??? root:rubyman
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311862 of user rubyman.
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7970]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311862.
Sep 29 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: Invalid user admin from 139.19.117.131
Sep 29 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: input_userauth_request: invalid user admin [preauth]
Sep 29 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session closed for user root
Sep 29 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7902]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Failed password for root from 162.144.236.216 port 48544 ssh2
Sep 29 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7899]: Connection closed by 162.144.236.216 port 48544 [preauth]
Sep 29 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: Connection closed by 139.19.117.131 port 54354 [preauth]
Sep 29 01:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Failed password for root from 162.144.236.216 port 58242 ssh2
Sep 29 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Connection closed by 162.144.236.216 port 58242 [preauth]
Sep 29 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user root
Sep 29 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Failed password for root from 162.144.236.216 port 36458 ssh2
Sep 29 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Connection closed by 162.144.236.216 port 36458 [preauth]
Sep 29 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for root from 162.144.236.216 port 43012 ssh2
Sep 29 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Connection closed by 162.144.236.216 port 43012 [preauth]
Sep 29 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: Invalid user jmarquez from 81.45.181.135
Sep 29 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: input_userauth_request: invalid user jmarquez [preauth]
Sep 29 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: Failed password for invalid user jmarquez from 81.45.181.135 port 60326 ssh2
Sep 29 01:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: Received disconnect from 81.45.181.135 port 60326:11: Bye Bye [preauth]
Sep 29 01:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8387]: Disconnected from 81.45.181.135 port 60326 [preauth]
Sep 29 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: Successful su for rubyman by root
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: + ??? root:rubyman
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311867 of user rubyman.
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8473]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311867.
Sep 29 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for root from 162.144.236.216 port 50522 ssh2
Sep 29 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Connection closed by 162.144.236.216 port 50522 [preauth]
Sep 29 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5162]: pam_unix(cron:session): session closed for user root
Sep 29 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Failed password for root from 162.144.236.216 port 55900 ssh2
Sep 29 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8511]: Connection closed by 162.144.236.216 port 55900 [preauth]
Sep 29 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Failed password for root from 162.144.236.216 port 33362 ssh2
Sep 29 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Connection closed by 162.144.236.216 port 33362 [preauth]
Sep 29 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8729]: Failed password for root from 162.144.236.216 port 39706 ssh2
Sep 29 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8729]: Connection closed by 162.144.236.216 port 39706 [preauth]
Sep 29 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: Failed password for root from 162.144.236.216 port 45706 ssh2
Sep 29 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: Connection closed by 162.144.236.216 port 45706 [preauth]
Sep 29 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7427]: pam_unix(cron:session): session closed for user root
Sep 29 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Failed password for root from 162.144.236.216 port 52182 ssh2
Sep 29 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Connection closed by 162.144.236.216 port 52182 [preauth]
Sep 29 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Failed password for root from 162.144.236.216 port 59034 ssh2
Sep 29 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Connection closed by 162.144.236.216 port 59034 [preauth]
Sep 29 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Failed password for root from 162.144.236.216 port 37800 ssh2
Sep 29 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Connection closed by 162.144.236.216 port 37800 [preauth]
Sep 29 01:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user root
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8984]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: Successful su for rubyman by root
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: + ??? root:rubyman
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311872 of user rubyman.
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311872.
Sep 29 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Invalid user boda from 81.45.181.135
Sep 29 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: input_userauth_request: invalid user boda [preauth]
Sep 29 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8986]: pam_unix(cron:session): session closed for user root
Sep 29 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session closed for user root
Sep 29 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Failed password for invalid user boda from 81.45.181.135 port 55554 ssh2
Sep 29 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Received disconnect from 81.45.181.135 port 55554:11: Bye Bye [preauth]
Sep 29 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Disconnected from 81.45.181.135 port 55554 [preauth]
Sep 29 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Failed password for root from 162.144.236.216 port 42808 ssh2
Sep 29 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Connection closed by 162.144.236.216 port 42808 [preauth]
Sep 29 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Failed password for root from 162.144.236.216 port 50118 ssh2
Sep 29 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Connection closed by 162.144.236.216 port 50118 [preauth]
Sep 29 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Failed password for root from 162.144.236.216 port 57674 ssh2
Sep 29 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Connection closed by 162.144.236.216 port 57674 [preauth]
Sep 29 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Invalid user lx from 92.27.101.99
Sep 29 01:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: input_userauth_request: invalid user lx [preauth]
Sep 29 01:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Failed password for root from 162.144.236.216 port 35790 ssh2
Sep 29 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Connection closed by 162.144.236.216 port 35790 [preauth]
Sep 29 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Failed password for invalid user lx from 92.27.101.99 port 52336 ssh2
Sep 29 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Received disconnect from 92.27.101.99 port 52336:11: Bye Bye [preauth]
Sep 29 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Disconnected from 92.27.101.99 port 52336 [preauth]
Sep 29 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session closed for user root
Sep 29 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: Failed password for root from 162.144.236.216 port 39758 ssh2
Sep 29 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9479]: Connection closed by 162.144.236.216 port 39758 [preauth]
Sep 29 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Failed password for root from 162.144.236.216 port 46486 ssh2
Sep 29 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Connection closed by 162.144.236.216 port 46486 [preauth]
Sep 29 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Failed password for root from 162.144.236.216 port 51616 ssh2
Sep 29 01:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Connection closed by 162.144.236.216 port 51616 [preauth]
Sep 29 01:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: Successful su for rubyman by root
Sep 29 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: + ??? root:rubyman
Sep 29 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311877 of user rubyman.
Sep 29 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9680]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311877.
Sep 29 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Failed password for root from 162.144.236.216 port 32874 ssh2
Sep 29 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Connection closed by 162.144.236.216 port 32874 [preauth]
Sep 29 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user root
Sep 29 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: Invalid user server1 from 81.45.181.135
Sep 29 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: input_userauth_request: invalid user server1 [preauth]
Sep 29 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: Failed password for invalid user server1 from 81.45.181.135 port 50792 ssh2
Sep 29 01:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: Received disconnect from 81.45.181.135 port 50792:11: Bye Bye [preauth]
Sep 29 01:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9960]: Disconnected from 81.45.181.135 port 50792 [preauth]
Sep 29 01:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: Failed password for root from 162.144.236.216 port 40758 ssh2
Sep 29 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: Connection closed by 162.144.236.216 port 40758 [preauth]
Sep 29 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Failed password for root from 162.144.236.216 port 48674 ssh2
Sep 29 01:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Connection closed by 162.144.236.216 port 48674 [preauth]
Sep 29 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10049]: Failed password for root from 162.144.236.216 port 56652 ssh2
Sep 29 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10049]: Connection closed by 162.144.236.216 port 56652 [preauth]
Sep 29 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session closed for user root
Sep 29 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 01:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for root from 92.27.101.99 port 49542 ssh2
Sep 29 01:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Received disconnect from 92.27.101.99 port 49542:11: Bye Bye [preauth]
Sep 29 01:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Disconnected from 92.27.101.99 port 49542 [preauth]
Sep 29 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: Failed password for root from 162.144.236.216 port 35902 ssh2
Sep 29 01:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: Connection closed by 162.144.236.216 port 35902 [preauth]
Sep 29 01:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Failed password for root from 162.144.236.216 port 42788 ssh2
Sep 29 01:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Connection closed by 162.144.236.216 port 42788 [preauth]
Sep 29 01:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Failed password for root from 162.144.236.216 port 51228 ssh2
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Connection closed by 162.144.236.216 port 51228 [preauth]
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10179]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10177]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10245]: Successful su for rubyman by root
Sep 29 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10245]: + ??? root:rubyman
Sep 29 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311881 of user rubyman.
Sep 29 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10245]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311881.
Sep 29 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session closed for user root
Sep 29 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10178]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Failed password for root from 162.144.236.216 port 58326 ssh2
Sep 29 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Connection closed by 162.144.236.216 port 58326 [preauth]
Sep 29 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Invalid user oliver from 81.45.181.135
Sep 29 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: input_userauth_request: invalid user oliver [preauth]
Sep 29 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Invalid user admin from 80.94.95.112
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: input_userauth_request: invalid user admin [preauth]
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Failed password for invalid user oliver from 81.45.181.135 port 46012 ssh2
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Received disconnect from 81.45.181.135 port 46012:11: Bye Bye [preauth]
Sep 29 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Disconnected from 81.45.181.135 port 46012 [preauth]
Sep 29 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user admin from 80.94.95.112 port 58436 ssh2
Sep 29 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user admin from 80.94.95.112 port 58436 ssh2
Sep 29 01:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Failed password for root from 162.144.236.216 port 37786 ssh2
Sep 29 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user admin from 80.94.95.112 port 58436 ssh2
Sep 29 01:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Connection closed by 162.144.236.216 port 37786 [preauth]
Sep 29 01:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user admin from 80.94.95.112 port 58436 ssh2
Sep 29 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user admin from 80.94.95.112 port 58436 ssh2
Sep 29 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Received disconnect from 80.94.95.112 port 58436:11: Bye [preauth]
Sep 29 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Disconnected from 80.94.95.112 port 58436 [preauth]
Sep 29 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: Failed password for root from 162.144.236.216 port 45028 ssh2
Sep 29 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: Connection closed by 162.144.236.216 port 45028 [preauth]
Sep 29 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session closed for user root
Sep 29 01:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Failed password for root from 162.144.236.216 port 53346 ssh2
Sep 29 01:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Invalid user alejandro from 92.27.101.99
Sep 29 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: input_userauth_request: invalid user alejandro [preauth]
Sep 29 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Connection closed by 162.144.236.216 port 53346 [preauth]
Sep 29 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Failed password for invalid user alejandro from 92.27.101.99 port 44904 ssh2
Sep 29 01:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Received disconnect from 92.27.101.99 port 44904:11: Bye Bye [preauth]
Sep 29 01:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Disconnected from 92.27.101.99 port 44904 [preauth]
Sep 29 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Failed password for root from 162.144.236.216 port 60420 ssh2
Sep 29 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Connection closed by 162.144.236.216 port 60420 [preauth]
Sep 29 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: Failed password for root from 162.144.236.216 port 37890 ssh2
Sep 29 01:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: Connection closed by 162.144.236.216 port 37890 [preauth]
Sep 29 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10655]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: Successful su for rubyman by root
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: + ??? root:rubyman
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311885 of user rubyman.
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311885.
Sep 29 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Failed password for root from 162.144.236.216 port 46900 ssh2
Sep 29 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Connection closed by 162.144.236.216 port 46900 [preauth]
Sep 29 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user root
Sep 29 01:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Invalid user b1 from 81.45.181.135
Sep 29 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: input_userauth_request: invalid user b1 [preauth]
Sep 29 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Failed password for root from 162.144.236.216 port 53350 ssh2
Sep 29 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Failed password for invalid user b1 from 81.45.181.135 port 41238 ssh2
Sep 29 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Received disconnect from 81.45.181.135 port 41238:11: Bye Bye [preauth]
Sep 29 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Disconnected from 81.45.181.135 port 41238 [preauth]
Sep 29 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Connection closed by 162.144.236.216 port 53350 [preauth]
Sep 29 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: Failed password for root from 162.144.236.216 port 32778 ssh2
Sep 29 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: Connection closed by 162.144.236.216 port 32778 [preauth]
Sep 29 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Failed password for root from 162.144.236.216 port 39296 ssh2
Sep 29 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Connection closed by 162.144.236.216 port 39296 [preauth]
Sep 29 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9582]: pam_unix(cron:session): session closed for user root
Sep 29 01:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Invalid user bing from 92.27.101.99
Sep 29 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: input_userauth_request: invalid user bing [preauth]
Sep 29 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: Failed password for root from 162.144.236.216 port 46002 ssh2
Sep 29 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for invalid user bing from 92.27.101.99 port 40274 ssh2
Sep 29 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Received disconnect from 92.27.101.99 port 40274:11: Bye Bye [preauth]
Sep 29 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Disconnected from 92.27.101.99 port 40274 [preauth]
Sep 29 01:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10998]: Connection closed by 162.144.236.216 port 46002 [preauth]
Sep 29 01:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11044]: Failed password for root from 162.144.236.216 port 53220 ssh2
Sep 29 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11044]: Connection closed by 162.144.236.216 port 53220 [preauth]
Sep 29 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Failed password for root from 162.144.236.216 port 59832 ssh2
Sep 29 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Connection closed by 162.144.236.216 port 59832 [preauth]
Sep 29 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: Successful su for rubyman by root
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: + ??? root:rubyman
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311888 of user rubyman.
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311888.
Sep 29 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session closed for user root
Sep 29 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Failed password for root from 162.144.236.216 port 39446 ssh2
Sep 29 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Connection closed by 162.144.236.216 port 39446 [preauth]
Sep 29 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Invalid user light from 81.45.181.135
Sep 29 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: input_userauth_request: invalid user light [preauth]
Sep 29 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for root from 162.144.236.216 port 46862 ssh2
Sep 29 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed password for invalid user light from 81.45.181.135 port 36470 ssh2
Sep 29 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Received disconnect from 81.45.181.135 port 36470:11: Bye Bye [preauth]
Sep 29 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Disconnected from 81.45.181.135 port 36470 [preauth]
Sep 29 01:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Connection closed by 162.144.236.216 port 46862 [preauth]
Sep 29 01:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for root from 162.144.236.216 port 53514 ssh2
Sep 29 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Connection closed by 162.144.236.216 port 53514 [preauth]
Sep 29 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: Failed password for root from 162.144.236.216 port 59332 ssh2
Sep 29 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11418]: Connection closed by 162.144.236.216 port 59332 [preauth]
Sep 29 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Invalid user rick from 92.27.101.99
Sep 29 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: input_userauth_request: invalid user rick [preauth]
Sep 29 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session closed for user root
Sep 29 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Failed password for invalid user rick from 92.27.101.99 port 35636 ssh2
Sep 29 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Received disconnect from 92.27.101.99 port 35636:11: Bye Bye [preauth]
Sep 29 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11454]: Disconnected from 92.27.101.99 port 35636 [preauth]
Sep 29 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Failed password for root from 162.144.236.216 port 37850 ssh2
Sep 29 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Connection closed by 162.144.236.216 port 37850 [preauth]
Sep 29 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Failed password for root from 162.144.236.216 port 46032 ssh2
Sep 29 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Connection closed by 162.144.236.216 port 46032 [preauth]
Sep 29 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Failed password for root from 162.144.236.216 port 51084 ssh2
Sep 29 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11512]: Connection closed by 162.144.236.216 port 51084 [preauth]
Sep 29 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session closed for user root
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11544]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11615]: Successful su for rubyman by root
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11615]: + ??? root:rubyman
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311893 of user rubyman.
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11615]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311893.
Sep 29 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for root from 162.144.236.216 port 58670 ssh2
Sep 29 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Connection closed by 162.144.236.216 port 58670 [preauth]
Sep 29 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session closed for user root
Sep 29 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
Sep 29 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11545]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Failed password for root from 162.144.236.216 port 37070 ssh2
Sep 29 01:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Connection closed by 162.144.236.216 port 37070 [preauth]
Sep 29 01:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Invalid user ftpadmin from 81.45.181.135
Sep 29 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: input_userauth_request: invalid user ftpadmin [preauth]
Sep 29 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Failed password for root from 162.144.236.216 port 44358 ssh2
Sep 29 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Failed password for invalid user ftpadmin from 81.45.181.135 port 59930 ssh2
Sep 29 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Connection closed by 162.144.236.216 port 44358 [preauth]
Sep 29 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Received disconnect from 81.45.181.135 port 59930:11: Bye Bye [preauth]
Sep 29 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Disconnected from 81.45.181.135 port 59930 [preauth]
Sep 29 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Failed password for root from 162.144.236.216 port 49208 ssh2
Sep 29 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Connection closed by 162.144.236.216 port 49208 [preauth]
Sep 29 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: Failed password for root from 92.27.101.99 port 59236 ssh2
Sep 29 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: Received disconnect from 92.27.101.99 port 59236:11: Bye Bye [preauth]
Sep 29 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: Disconnected from 92.27.101.99 port 59236 [preauth]
Sep 29 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session closed for user root
Sep 29 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12017]: Failed password for root from 162.144.236.216 port 55792 ssh2
Sep 29 01:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12017]: Connection closed by 162.144.236.216 port 55792 [preauth]
Sep 29 01:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: Successful su for rubyman by root
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: + ??? root:rubyman
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311899 of user rubyman.
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311899.
Sep 29 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for root from 162.144.236.216 port 36794 ssh2
Sep 29 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session closed for user root
Sep 29 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Connection closed by 162.144.236.216 port 36794 [preauth]
Sep 29 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12117]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Invalid user showroom from 81.45.181.135
Sep 29 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: input_userauth_request: invalid user showroom [preauth]
Sep 29 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Failed password for root from 162.144.236.216 port 43388 ssh2
Sep 29 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Failed password for invalid user showroom from 81.45.181.135 port 55164 ssh2
Sep 29 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Received disconnect from 81.45.181.135 port 55164:11: Bye Bye [preauth]
Sep 29 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Disconnected from 81.45.181.135 port 55164 [preauth]
Sep 29 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Connection closed by 162.144.236.216 port 43388 [preauth]
Sep 29 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: Failed password for root from 162.144.236.216 port 50842 ssh2
Sep 29 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: Connection closed by 162.144.236.216 port 50842 [preauth]
Sep 29 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Invalid user ashish from 92.27.101.99
Sep 29 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: input_userauth_request: invalid user ashish [preauth]
Sep 29 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for invalid user ashish from 92.27.101.99 port 54600 ssh2
Sep 29 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Received disconnect from 92.27.101.99 port 54600:11: Bye Bye [preauth]
Sep 29 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Disconnected from 92.27.101.99 port 54600 [preauth]
Sep 29 01:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user root
Sep 29 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Failed password for root from 162.144.236.216 port 57354 ssh2
Sep 29 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Connection closed by 162.144.236.216 port 57354 [preauth]
Sep 29 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12572]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Failed password for root from 162.144.236.216 port 38686 ssh2
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12647]: Successful su for rubyman by root
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12647]: + ??? root:rubyman
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311903 of user rubyman.
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12647]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311903.
Sep 29 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Connection closed by 162.144.236.216 port 38686 [preauth]
Sep 29 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Connection closed by 175.139.85.249 port 61091 [preauth]
Sep 29 01:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9581]: pam_unix(cron:session): session closed for user root
Sep 29 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12575]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Failed password for root from 162.144.236.216 port 43902 ssh2
Sep 29 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Connection closed by 162.144.236.216 port 43902 [preauth]
Sep 29 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Invalid user grandpa from 81.45.181.135
Sep 29 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: input_userauth_request: invalid user grandpa [preauth]
Sep 29 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Failed password for invalid user grandpa from 81.45.181.135 port 50394 ssh2
Sep 29 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Received disconnect from 81.45.181.135 port 50394:11: Bye Bye [preauth]
Sep 29 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Disconnected from 81.45.181.135 port 50394 [preauth]
Sep 29 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12879]: Failed password for root from 162.144.236.216 port 51120 ssh2
Sep 29 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12879]: Connection closed by 162.144.236.216 port 51120 [preauth]
Sep 29 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for root from 92.27.101.99 port 49964 ssh2
Sep 29 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Received disconnect from 92.27.101.99 port 49964:11: Bye Bye [preauth]
Sep 29 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Disconnected from 92.27.101.99 port 49964 [preauth]
Sep 29 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session closed for user root
Sep 29 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Failed password for root from 162.144.236.216 port 58382 ssh2
Sep 29 01:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Connection closed by 162.144.236.216 port 58382 [preauth]
Sep 29 01:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Failed password for root from 162.144.236.216 port 37122 ssh2
Sep 29 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Connection closed by 162.144.236.216 port 37122 [preauth]
Sep 29 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13053]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13117]: Successful su for rubyman by root
Sep 29 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13117]: + ??? root:rubyman
Sep 29 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311908 of user rubyman.
Sep 29 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13117]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311908.
Sep 29 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Failed password for root from 162.144.236.216 port 42136 ssh2
Sep 29 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10179]: pam_unix(cron:session): session closed for user root
Sep 29 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Connection closed by 162.144.236.216 port 42136 [preauth]
Sep 29 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13054]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Failed password for root from 162.144.236.216 port 49490 ssh2
Sep 29 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Connection closed by 162.144.236.216 port 49490 [preauth]
Sep 29 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user sshuser from 81.45.181.135
Sep 29 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user sshuser [preauth]
Sep 29 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user sshuser from 81.45.181.135 port 45620 ssh2
Sep 29 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Received disconnect from 81.45.181.135 port 45620:11: Bye Bye [preauth]
Sep 29 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Disconnected from 81.45.181.135 port 45620 [preauth]
Sep 29 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Invalid user under from 92.27.101.99
Sep 29 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: input_userauth_request: invalid user under [preauth]
Sep 29 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Failed password for root from 162.144.236.216 port 55848 ssh2
Sep 29 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Connection closed by 162.144.236.216 port 55848 [preauth]
Sep 29 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Failed password for invalid user under from 92.27.101.99 port 45330 ssh2
Sep 29 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Received disconnect from 92.27.101.99 port 45330:11: Bye Bye [preauth]
Sep 29 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Disconnected from 92.27.101.99 port 45330 [preauth]
Sep 29 01:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12119]: pam_unix(cron:session): session closed for user root
Sep 29 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Failed password for root from 162.144.236.216 port 35214 ssh2
Sep 29 01:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13381]: Connection closed by 162.144.236.216 port 35214 [preauth]
Sep 29 01:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for root from 162.144.236.216 port 45372 ssh2
Sep 29 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Connection closed by 162.144.236.216 port 45372 [preauth]
Sep 29 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: Failed password for root from 162.144.236.216 port 51832 ssh2
Sep 29 01:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13472]: Connection closed by 162.144.236.216 port 51832 [preauth]
Sep 29 01:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Failed password for root from 162.144.236.216 port 57950 ssh2
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13506]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Connection closed by 162.144.236.216 port 57950 [preauth]
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: Successful su for rubyman by root
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: + ??? root:rubyman
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311910 of user rubyman.
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311910.
Sep 29 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session closed for user root
Sep 29 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13507]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Failed password for root from 162.144.236.216 port 37770 ssh2
Sep 29 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Connection closed by 162.144.236.216 port 37770 [preauth]
Sep 29 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Failed password for root from 81.45.181.135 port 40850 ssh2
Sep 29 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Received disconnect from 81.45.181.135 port 40850:11: Bye Bye [preauth]
Sep 29 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Disconnected from 81.45.181.135 port 40850 [preauth]
Sep 29 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Invalid user tommy from 92.27.101.99
Sep 29 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user tommy [preauth]
Sep 29 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user tommy from 92.27.101.99 port 40688 ssh2
Sep 29 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Received disconnect from 92.27.101.99 port 40688:11: Bye Bye [preauth]
Sep 29 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Disconnected from 92.27.101.99 port 40688 [preauth]
Sep 29 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: Failed password for root from 162.144.236.216 port 44354 ssh2
Sep 29 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13781]: Connection closed by 162.144.236.216 port 44354 [preauth]
Sep 29 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12577]: pam_unix(cron:session): session closed for user root
Sep 29 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Failed password for root from 162.144.236.216 port 52136 ssh2
Sep 29 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Connection closed by 162.144.236.216 port 52136 [preauth]
Sep 29 01:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Failed password for root from 162.144.236.216 port 58748 ssh2
Sep 29 01:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Connection closed by 162.144.236.216 port 58748 [preauth]
Sep 29 01:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: Failed password for root from 162.144.236.216 port 36768 ssh2
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13951]: pam_unix(cron:session): session closed for user root
Sep 29 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: Successful su for rubyman by root
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: + ??? root:rubyman
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: Connection closed by 162.144.236.216 port 36768 [preauth]
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311918 of user rubyman.
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311918.
Sep 29 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user root
Sep 29 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user root
Sep 29 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Failed password for root from 162.144.236.216 port 43838 ssh2
Sep 29 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Invalid user test from 81.45.181.135
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: input_userauth_request: invalid user test [preauth]
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: Failed password for root from 92.27.101.99 port 36054 ssh2
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Connection closed by 162.144.236.216 port 43838 [preauth]
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: Received disconnect from 92.27.101.99 port 36054:11: Bye Bye [preauth]
Sep 29 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14315]: Disconnected from 92.27.101.99 port 36054 [preauth]
Sep 29 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Failed password for invalid user test from 81.45.181.135 port 36074 ssh2
Sep 29 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Received disconnect from 81.45.181.135 port 36074:11: Bye Bye [preauth]
Sep 29 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Disconnected from 81.45.181.135 port 36074 [preauth]
Sep 29 01:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for root from 162.144.236.216 port 50370 ssh2
Sep 29 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Connection closed by 162.144.236.216 port 50370 [preauth]
Sep 29 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for root from 162.144.236.216 port 57544 ssh2
Sep 29 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Connection closed by 162.144.236.216 port 57544 [preauth]
Sep 29 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session closed for user root
Sep 29 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: Failed password for root from 162.144.236.216 port 35532 ssh2
Sep 29 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: Connection closed by 162.144.236.216 port 35532 [preauth]
Sep 29 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Failed password for root from 162.144.236.216 port 44120 ssh2
Sep 29 01:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Connection closed by 162.144.236.216 port 44120 [preauth]
Sep 29 01:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Failed password for root from 162.144.236.216 port 49734 ssh2
Sep 29 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14455]: Connection closed by 162.144.236.216 port 49734 [preauth]
Sep 29 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Failed password for root from 162.144.236.216 port 55498 ssh2
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Connection closed by 162.144.236.216 port 55498 [preauth]
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14577]: Successful su for rubyman by root
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14577]: + ??? root:rubyman
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311922 of user rubyman.
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14577]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311922.
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Invalid user morgan from 92.27.101.99
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: input_userauth_request: invalid user morgan [preauth]
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user morgan from 92.27.101.99 port 59646 ssh2
Sep 29 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Received disconnect from 92.27.101.99 port 59646:11: Bye Bye [preauth]
Sep 29 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Disconnected from 92.27.101.99 port 59646 [preauth]
Sep 29 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session closed for user root
Sep 29 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14500]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Failed password for root from 162.144.236.216 port 35288 ssh2
Sep 29 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Invalid user user04 from 81.45.181.135
Sep 29 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: input_userauth_request: invalid user user04 [preauth]
Sep 29 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Connection closed by 162.144.236.216 port 35288 [preauth]
Sep 29 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Failed password for invalid user user04 from 81.45.181.135 port 59534 ssh2
Sep 29 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Received disconnect from 81.45.181.135 port 59534:11: Bye Bye [preauth]
Sep 29 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Disconnected from 81.45.181.135 port 59534 [preauth]
Sep 29 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13510]: pam_unix(cron:session): session closed for user root
Sep 29 01:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for root from 162.144.236.216 port 42140 ssh2
Sep 29 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Connection closed by 162.144.236.216 port 42140 [preauth]
Sep 29 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Failed password for root from 162.144.236.216 port 52564 ssh2
Sep 29 01:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Connection closed by 162.144.236.216 port 52564 [preauth]
Sep 29 01:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Invalid user matheus from 92.27.101.99
Sep 29 01:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: input_userauth_request: invalid user matheus [preauth]
Sep 29 01:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Failed password for invalid user matheus from 92.27.101.99 port 55008 ssh2
Sep 29 01:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Received disconnect from 92.27.101.99 port 55008:11: Bye Bye [preauth]
Sep 29 01:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14925]: Disconnected from 92.27.101.99 port 55008 [preauth]
Sep 29 01:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Failed password for root from 162.144.236.216 port 33906 ssh2
Sep 29 01:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Connection closed by 162.144.236.216 port 33906 [preauth]
Sep 29 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15007]: Successful su for rubyman by root
Sep 29 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15007]: + ??? root:rubyman
Sep 29 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311925 of user rubyman.
Sep 29 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15007]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311925.
Sep 29 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12118]: pam_unix(cron:session): session closed for user root
Sep 29 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Failed password for root from 162.144.236.216 port 39626 ssh2
Sep 29 01:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Connection closed by 162.144.236.216 port 39626 [preauth]
Sep 29 01:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: Failed password for root from 162.144.236.216 port 46538 ssh2
Sep 29 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: Connection closed by 162.144.236.216 port 46538 [preauth]
Sep 29 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Failed password for root from 81.45.181.135 port 54774 ssh2
Sep 29 01:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Received disconnect from 81.45.181.135 port 54774:11: Bye Bye [preauth]
Sep 29 01:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Disconnected from 81.45.181.135 port 54774 [preauth]
Sep 29 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: Failed password for root from 162.144.236.216 port 52770 ssh2
Sep 29 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: Connection closed by 162.144.236.216 port 52770 [preauth]
Sep 29 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Failed password for root from 162.144.236.216 port 57950 ssh2
Sep 29 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Connection closed by 162.144.236.216 port 57950 [preauth]
Sep 29 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session closed for user root
Sep 29 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: Failed password for root from 162.144.236.216 port 37062 ssh2
Sep 29 01:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15288]: Connection closed by 162.144.236.216 port 37062 [preauth]
Sep 29 01:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Invalid user tpaterni from 92.27.101.99
Sep 29 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: input_userauth_request: invalid user tpaterni [preauth]
Sep 29 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Failed password for invalid user tpaterni from 92.27.101.99 port 50376 ssh2
Sep 29 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Received disconnect from 92.27.101.99 port 50376:11: Bye Bye [preauth]
Sep 29 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15371]: Disconnected from 92.27.101.99 port 50376 [preauth]
Sep 29 01:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Failed password for root from 162.144.236.216 port 44562 ssh2
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: Successful su for rubyman by root
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: + ??? root:rubyman
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311929 of user rubyman.
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15445]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311929.
Sep 29 01:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Connection closed by 162.144.236.216 port 44562 [preauth]
Sep 29 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session closed for user root
Sep 29 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Failed password for root from 162.144.236.216 port 52728 ssh2
Sep 29 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Connection closed by 162.144.236.216 port 52728 [preauth]
Sep 29 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Invalid user mc from 81.45.181.135
Sep 29 01:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: input_userauth_request: invalid user mc [preauth]
Sep 29 01:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for invalid user mc from 81.45.181.135 port 49998 ssh2
Sep 29 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Received disconnect from 81.45.181.135 port 49998:11: Bye Bye [preauth]
Sep 29 01:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Disconnected from 81.45.181.135 port 49998 [preauth]
Sep 29 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Failed password for root from 162.144.236.216 port 57660 ssh2
Sep 29 01:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Connection closed by 162.144.236.216 port 57660 [preauth]
Sep 29 01:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Failed password for root from 162.144.236.216 port 35634 ssh2
Sep 29 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Connection closed by 162.144.236.216 port 35634 [preauth]
Sep 29 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session closed for user root
Sep 29 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: Failed password for root from 162.144.236.216 port 43022 ssh2
Sep 29 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15730]: Connection closed by 162.144.236.216 port 43022 [preauth]
Sep 29 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: Failed password for root from 162.144.236.216 port 49632 ssh2
Sep 29 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: Connection closed by 162.144.236.216 port 49632 [preauth]
Sep 29 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Invalid user es_user from 92.27.101.99
Sep 29 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: input_userauth_request: invalid user es_user [preauth]
Sep 29 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Failed password for invalid user es_user from 92.27.101.99 port 45742 ssh2
Sep 29 01:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Received disconnect from 92.27.101.99 port 45742:11: Bye Bye [preauth]
Sep 29 01:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Disconnected from 92.27.101.99 port 45742 [preauth]
Sep 29 01:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Failed password for root from 162.144.236.216 port 56684 ssh2
Sep 29 01:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15791]: Connection closed by 162.144.236.216 port 56684 [preauth]
Sep 29 01:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user p13x
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15880]: Successful su for rubyman by root
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15880]: + ??? root:rubyman
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311932 of user rubyman.
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15880]: pam_unix(su:session): session closed for user rubyman
Sep 29 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311932.
Sep 29 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session closed for user root
Sep 29 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 29 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: Failed password for root from 162.144.236.216 port 36490 ssh2
Sep 29 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: Connection closed by 162.144.236.216 port 36490 [preauth]
Sep 29 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user samftp
Sep 29 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: Failed password for root from 46.101.170.54 port 43598 ssh2
Sep 29 01:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: Connection closed by 46.101.170.54 port 43598 [preauth]
Sep 29 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Failed password for root from 162.144.236.216 port 41806 ssh2
Sep 29 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Connection closed by 162.144.236.216 port 41806 [preauth]
Sep 29 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Failed password for root from 81.45.181.135 port 45226 ssh2
Sep 29 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Received disconnect from 81.45.181.135 port 45226:11: Bye Bye [preauth]
Sep 29 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Disconnected from 81.45.181.135 port 45226 [preauth]
Sep 29 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for root from 162.144.236.216 port 50826 ssh2
Sep 29 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Connection closed by 162.144.236.216 port 50826 [preauth]
Sep 29 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session closed for user root
Sep 29 01:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16150]: Failed password for root from 162.144.236.216 port 57418 ssh2
Sep 29 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16150]: Connection closed by 162.144.236.216 port 57418 [preauth]
Sep 29 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for root from 162.144.236.216 port 37952 ssh2
Sep 29 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Connection closed by 162.144.236.216 port 37952 [preauth]
Sep 29 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: Invalid user dataiku from 92.27.101.99
Sep 29 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: input_userauth_request: invalid user dataiku [preauth]
Sep 29 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: Failed password for invalid user dataiku from 92.27.101.99 port 41108 ssh2
Sep 29 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: Received disconnect from 92.27.101.99 port 41108:11: Bye Bye [preauth]
Sep 29 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16240]: Disconnected from 92.27.101.99 port 41108 [preauth]
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16267]: pam_unix(cron:session): session closed for user root
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session closed for user root
Sep 29 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16260]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16376]: Successful su for rubyman by root
Sep 29 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16376]: + ??? root:rubyman
Sep 29 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311940 of user rubyman.
Sep 29 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16376]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311940.
Sep 29 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Failed password for root from 162.144.236.216 port 44232 ssh2
Sep 29 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13508]: pam_unix(cron:session): session closed for user root
Sep 29 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session closed for user root
Sep 29 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Connection closed by 162.144.236.216 port 44232 [preauth]
Sep 29 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16261]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Failed password for root from 81.45.181.135 port 40454 ssh2
Sep 29 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Received disconnect from 81.45.181.135 port 40454:11: Bye Bye [preauth]
Sep 29 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16644]: Disconnected from 81.45.181.135 port 40454 [preauth]
Sep 29 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: Failed password for root from 162.144.236.216 port 53070 ssh2
Sep 29 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: Connection closed by 162.144.236.216 port 53070 [preauth]
Sep 29 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15388]: pam_unix(cron:session): session closed for user root
Sep 29 02:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for root from 162.144.236.216 port 34980 ssh2
Sep 29 02:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Connection closed by 162.144.236.216 port 34980 [preauth]
Sep 29 02:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Failed password for root from 162.144.236.216 port 41124 ssh2
Sep 29 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16754]: Connection closed by 162.144.236.216 port 41124 [preauth]
Sep 29 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Failed password for root from 92.27.101.99 port 36472 ssh2
Sep 29 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Received disconnect from 92.27.101.99 port 36472:11: Bye Bye [preauth]
Sep 29 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16802]: Disconnected from 92.27.101.99 port 36472 [preauth]
Sep 29 02:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Failed password for root from 162.144.236.216 port 48238 ssh2
Sep 29 02:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Connection closed by 162.144.236.216 port 48238 [preauth]
Sep 29 02:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: Successful su for rubyman by root
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: + ??? root:rubyman
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311943 of user rubyman.
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311943.
Sep 29 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13948]: pam_unix(cron:session): session closed for user root
Sep 29 02:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Failed password for root from 162.144.236.216 port 54388 ssh2
Sep 29 02:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Connection closed by 162.144.236.216 port 54388 [preauth]
Sep 29 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17143]: Failed password for root from 81.45.181.135 port 35676 ssh2
Sep 29 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17143]: Received disconnect from 81.45.181.135 port 35676:11: Bye Bye [preauth]
Sep 29 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17143]: Disconnected from 81.45.181.135 port 35676 [preauth]
Sep 29 02:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Failed password for root from 162.144.236.216 port 33210 ssh2
Sep 29 02:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Connection closed by 162.144.236.216 port 33210 [preauth]
Sep 29 02:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session closed for user root
Sep 29 02:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for root from 162.144.236.216 port 38472 ssh2
Sep 29 02:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Connection closed by 162.144.236.216 port 38472 [preauth]
Sep 29 02:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Invalid user base from 92.27.101.99
Sep 29 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: input_userauth_request: invalid user base [preauth]
Sep 29 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for root from 162.144.236.216 port 45312 ssh2
Sep 29 02:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Connection closed by 162.144.236.216 port 45312 [preauth]
Sep 29 02:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Failed password for invalid user base from 92.27.101.99 port 60066 ssh2
Sep 29 02:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Received disconnect from 92.27.101.99 port 60066:11: Bye Bye [preauth]
Sep 29 02:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Disconnected from 92.27.101.99 port 60066 [preauth]
Sep 29 02:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Failed password for root from 162.144.236.216 port 51660 ssh2
Sep 29 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Connection closed by 162.144.236.216 port 51660 [preauth]
Sep 29 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for root from 162.144.236.216 port 58710 ssh2
Sep 29 02:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Connection closed by 162.144.236.216 port 58710 [preauth]
Sep 29 02:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: Successful su for rubyman by root
Sep 29 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: + ??? root:rubyman
Sep 29 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311947 of user rubyman.
Sep 29 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311947.
Sep 29 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14502]: pam_unix(cron:session): session closed for user root
Sep 29 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Failed password for root from 162.144.236.216 port 36796 ssh2
Sep 29 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Connection closed by 162.144.236.216 port 36796 [preauth]
Sep 29 02:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for root from 162.144.236.216 port 43064 ssh2
Sep 29 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Connection closed by 162.144.236.216 port 43064 [preauth]
Sep 29 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Failed password for root from 81.45.181.135 port 59140 ssh2
Sep 29 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Received disconnect from 81.45.181.135 port 59140:11: Bye Bye [preauth]
Sep 29 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Disconnected from 81.45.181.135 port 59140 [preauth]
Sep 29 02:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17602]: Failed password for root from 162.144.236.216 port 48902 ssh2
Sep 29 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17602]: Connection closed by 162.144.236.216 port 48902 [preauth]
Sep 29 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Failed password for root from 162.144.236.216 port 56212 ssh2
Sep 29 02:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Connection closed by 162.144.236.216 port 56212 [preauth]
Sep 29 02:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Invalid user lms from 164.68.105.9
Sep 29 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: input_userauth_request: invalid user lms [preauth]
Sep 29 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session closed for user root
Sep 29 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Failed password for invalid user lms from 164.68.105.9 port 60148 ssh2
Sep 29 02:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Connection closed by 164.68.105.9 port 60148 [preauth]
Sep 29 02:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Failed password for root from 162.144.236.216 port 34846 ssh2
Sep 29 02:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Connection closed by 162.144.236.216 port 34846 [preauth]
Sep 29 02:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Invalid user postgres from 92.27.101.99
Sep 29 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: input_userauth_request: invalid user postgres [preauth]
Sep 29 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Failed password for invalid user postgres from 92.27.101.99 port 55432 ssh2
Sep 29 02:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Received disconnect from 92.27.101.99 port 55432:11: Bye Bye [preauth]
Sep 29 02:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Disconnected from 92.27.101.99 port 55432 [preauth]
Sep 29 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: Failed password for root from 162.144.236.216 port 40404 ssh2
Sep 29 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: Connection closed by 162.144.236.216 port 40404 [preauth]
Sep 29 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 162.144.236.216 port 47954 ssh2
Sep 29 02:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Connection closed by 162.144.236.216 port 47954 [preauth]
Sep 29 02:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17912]: Successful su for rubyman by root
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17912]: + ??? root:rubyman
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311952 of user rubyman.
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17912]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311952.
Sep 29 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Failed password for root from 162.144.236.216 port 54222 ssh2
Sep 29 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Connection closed by 162.144.236.216 port 54222 [preauth]
Sep 29 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session closed for user root
Sep 29 02:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Failed password for root from 162.144.236.216 port 60394 ssh2
Sep 29 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Connection closed by 162.144.236.216 port 60394 [preauth]
Sep 29 02:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: Invalid user test1234 from 81.45.181.135
Sep 29 02:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: input_userauth_request: invalid user test1234 [preauth]
Sep 29 02:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135
Sep 29 02:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: Failed password for invalid user test1234 from 81.45.181.135 port 54364 ssh2
Sep 29 02:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: Received disconnect from 81.45.181.135 port 54364:11: Bye Bye [preauth]
Sep 29 02:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18279]: Disconnected from 81.45.181.135 port 54364 [preauth]
Sep 29 02:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: Failed password for root from 162.144.236.216 port 37572 ssh2
Sep 29 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Invalid user user from 62.60.131.157
Sep 29 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: input_userauth_request: invalid user user [preauth]
Sep 29 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: Connection closed by 162.144.236.216 port 37572 [preauth]
Sep 29 02:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Failed password for invalid user user from 62.60.131.157 port 9262 ssh2
Sep 29 02:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Failed password for invalid user user from 62.60.131.157 port 9262 ssh2
Sep 29 02:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Failed password for invalid user user from 62.60.131.157 port 9262 ssh2
Sep 29 02:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18306]: Failed password for root from 162.144.236.216 port 45276 ssh2
Sep 29 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Failed password for invalid user user from 62.60.131.157 port 9262 ssh2
Sep 29 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18306]: Connection closed by 162.144.236.216 port 45276 [preauth]
Sep 29 02:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Failed password for invalid user user from 62.60.131.157 port 9262 ssh2
Sep 29 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Received disconnect from 62.60.131.157 port 9262:11: Bye [preauth]
Sep 29 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: Disconnected from 62.60.131.157 port 9262 [preauth]
Sep 29 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session closed for user root
Sep 29 02:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18441]: Failed password for root from 162.144.236.216 port 52020 ssh2
Sep 29 02:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18441]: Connection closed by 162.144.236.216 port 52020 [preauth]
Sep 29 02:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Invalid user sammy from 92.27.101.99
Sep 29 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: input_userauth_request: invalid user sammy [preauth]
Sep 29 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for invalid user sammy from 92.27.101.99 port 50800 ssh2
Sep 29 02:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Received disconnect from 92.27.101.99 port 50800:11: Bye Bye [preauth]
Sep 29 02:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Disconnected from 92.27.101.99 port 50800 [preauth]
Sep 29 02:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Failed password for root from 162.144.236.216 port 59480 ssh2
Sep 29 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Connection closed by 162.144.236.216 port 59480 [preauth]
Sep 29 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Failed password for root from 162.144.236.216 port 37188 ssh2
Sep 29 02:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18517]: Connection closed by 162.144.236.216 port 37188 [preauth]
Sep 29 02:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Failed password for root from 162.144.236.216 port 41806 ssh2
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18642]: Successful su for rubyman by root
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18642]: + ??? root:rubyman
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311956 of user rubyman.
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18642]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311956.
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Connection closed by 162.144.236.216 port 41806 [preauth]
Sep 29 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session closed for user root
Sep 29 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Failed password for root from 162.144.236.216 port 49374 ssh2
Sep 29 02:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Connection closed by 162.144.236.216 port 49374 [preauth]
Sep 29 02:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Failed password for root from 162.144.236.216 port 55052 ssh2
Sep 29 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.45.181.135  user=root
Sep 29 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Connection closed by 162.144.236.216 port 55052 [preauth]
Sep 29 02:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: Failed password for root from 81.45.181.135 port 49598 ssh2
Sep 29 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: Received disconnect from 81.45.181.135 port 49598:11: Bye Bye [preauth]
Sep 29 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: Disconnected from 81.45.181.135 port 49598 [preauth]
Sep 29 02:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Failed password for root from 162.144.236.216 port 33426 ssh2
Sep 29 02:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Connection closed by 162.144.236.216 port 33426 [preauth]
Sep 29 02:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
Sep 29 02:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for root from 162.144.236.216 port 41116 ssh2
Sep 29 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Invalid user sam from 92.27.101.99
Sep 29 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: input_userauth_request: invalid user sam [preauth]
Sep 29 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Connection closed by 162.144.236.216 port 41116 [preauth]
Sep 29 02:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Failed password for invalid user sam from 92.27.101.99 port 46168 ssh2
Sep 29 02:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Received disconnect from 92.27.101.99 port 46168:11: Bye Bye [preauth]
Sep 29 02:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18983]: Disconnected from 92.27.101.99 port 46168 [preauth]
Sep 29 02:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for root from 162.144.236.216 port 49022 ssh2
Sep 29 02:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Connection closed by 162.144.236.216 port 49022 [preauth]
Sep 29 02:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Failed password for root from 162.144.236.216 port 55194 ssh2
Sep 29 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19029]: Connection closed by 162.144.236.216 port 55194 [preauth]
Sep 29 02:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19040]: Failed password for root from 162.144.236.216 port 33206 ssh2
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19040]: Connection closed by 162.144.236.216 port 33206 [preauth]
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19070]: pam_unix(cron:session): session closed for user root
Sep 29 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19144]: Successful su for rubyman by root
Sep 29 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19144]: + ??? root:rubyman
Sep 29 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311962 of user rubyman.
Sep 29 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19144]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311962.
Sep 29 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session closed for user root
Sep 29 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session closed for user root
Sep 29 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Failed password for root from 162.144.236.216 port 40974 ssh2
Sep 29 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Connection closed by 162.144.236.216 port 40974 [preauth]
Sep 29 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: Failed password for root from 162.144.236.216 port 47012 ssh2
Sep 29 02:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: Connection closed by 162.144.236.216 port 47012 [preauth]
Sep 29 02:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: Failed password for root from 162.144.236.216 port 53382 ssh2
Sep 29 02:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19679]: Connection closed by 162.144.236.216 port 53382 [preauth]
Sep 29 02:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Invalid user site from 92.27.101.99
Sep 29 02:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: input_userauth_request: invalid user site [preauth]
Sep 29 02:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: Failed password for root from 162.144.236.216 port 60492 ssh2
Sep 29 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Failed password for invalid user site from 92.27.101.99 port 41526 ssh2
Sep 29 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Received disconnect from 92.27.101.99 port 41526:11: Bye Bye [preauth]
Sep 29 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Disconnected from 92.27.101.99 port 41526 [preauth]
Sep 29 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: Connection closed by 162.144.236.216 port 60492 [preauth]
Sep 29 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user root
Sep 29 02:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Failed password for root from 162.144.236.216 port 36016 ssh2
Sep 29 02:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Connection closed by 162.144.236.216 port 36016 [preauth]
Sep 29 02:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Failed password for root from 162.144.236.216 port 42160 ssh2
Sep 29 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Connection closed by 162.144.236.216 port 42160 [preauth]
Sep 29 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Failed password for root from 162.144.236.216 port 50180 ssh2
Sep 29 02:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19874]: Connection closed by 162.144.236.216 port 50180 [preauth]
Sep 29 02:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19930]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Failed password for root from 162.144.236.216 port 56320 ssh2
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20011]: Successful su for rubyman by root
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20011]: + ??? root:rubyman
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311965 of user rubyman.
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20011]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311965.
Sep 29 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Connection closed by 162.144.236.216 port 56320 [preauth]
Sep 29 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session closed for user root
Sep 29 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19931]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Failed password for root from 162.144.236.216 port 34402 ssh2
Sep 29 02:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Connection closed by 162.144.236.216 port 34402 [preauth]
Sep 29 02:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Failed password for root from 162.144.236.216 port 40666 ssh2
Sep 29 02:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Connection closed by 162.144.236.216 port 40666 [preauth]
Sep 29 02:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 02:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Failed password for root from 92.27.101.99 port 36886 ssh2
Sep 29 02:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Received disconnect from 92.27.101.99 port 36886:11: Bye Bye [preauth]
Sep 29 02:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Disconnected from 92.27.101.99 port 36886 [preauth]
Sep 29 02:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Failed password for root from 162.144.236.216 port 48532 ssh2
Sep 29 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18568]: pam_unix(cron:session): session closed for user root
Sep 29 02:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Connection closed by 162.144.236.216 port 48532 [preauth]
Sep 29 02:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: Failed password for root from 162.144.236.216 port 55842 ssh2
Sep 29 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: Connection closed by 162.144.236.216 port 55842 [preauth]
Sep 29 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20441]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20442]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20439]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20507]: Successful su for rubyman by root
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20507]: + ??? root:rubyman
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311969 of user rubyman.
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20507]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311969.
Sep 29 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session closed for user root
Sep 29 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Invalid user daniel from 190.103.202.7
Sep 29 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: input_userauth_request: invalid user daniel [preauth]
Sep 29 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Failed password for root from 162.144.236.216 port 35226 ssh2
Sep 29 02:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Failed password for invalid user daniel from 190.103.202.7 port 56230 ssh2
Sep 29 02:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Connection closed by 190.103.202.7 port 56230 [preauth]
Sep 29 02:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20440]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20417]: Connection closed by 162.144.236.216 port 35226 [preauth]
Sep 29 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Invalid user test from 92.27.101.99
Sep 29 02:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: input_userauth_request: invalid user test [preauth]
Sep 29 02:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Failed password for invalid user test from 92.27.101.99 port 60482 ssh2
Sep 29 02:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Received disconnect from 92.27.101.99 port 60482:11: Bye Bye [preauth]
Sep 29 02:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Disconnected from 92.27.101.99 port 60482 [preauth]
Sep 29 02:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20720]: Failed password for root from 162.144.236.216 port 42994 ssh2
Sep 29 02:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20720]: Connection closed by 162.144.236.216 port 42994 [preauth]
Sep 29 02:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Failed password for root from 162.144.236.216 port 52198 ssh2
Sep 29 02:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Connection closed by 162.144.236.216 port 52198 [preauth]
Sep 29 02:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19068]: pam_unix(cron:session): session closed for user root
Sep 29 02:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: Failed password for root from 162.144.236.216 port 57778 ssh2
Sep 29 02:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: Connection closed by 162.144.236.216 port 57778 [preauth]
Sep 29 02:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for root from 162.144.236.216 port 37032 ssh2
Sep 29 02:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Connection closed by 162.144.236.216 port 37032 [preauth]
Sep 29 02:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20904]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20901]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20966]: Successful su for rubyman by root
Sep 29 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20966]: + ??? root:rubyman
Sep 29 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311974 of user rubyman.
Sep 29 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20966]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311974.
Sep 29 02:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
Sep 29 02:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Invalid user tauro from 92.27.101.99
Sep 29 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: input_userauth_request: invalid user tauro [preauth]
Sep 29 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Failed password for invalid user tauro from 92.27.101.99 port 55844 ssh2
Sep 29 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Received disconnect from 92.27.101.99 port 55844:11: Bye Bye [preauth]
Sep 29 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21163]: Disconnected from 92.27.101.99 port 55844 [preauth]
Sep 29 02:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: Failed password for root from 162.144.236.216 port 43734 ssh2
Sep 29 02:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: Connection closed by 162.144.236.216 port 43734 [preauth]
Sep 29 02:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Failed password for root from 162.144.236.216 port 53010 ssh2
Sep 29 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Connection closed by 162.144.236.216 port 53010 [preauth]
Sep 29 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: Failed password for root from 162.144.236.216 port 60022 ssh2
Sep 29 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: Connection closed by 162.144.236.216 port 60022 [preauth]
Sep 29 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user root
Sep 29 02:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Failed password for root from 162.144.236.216 port 39446 ssh2
Sep 29 02:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Connection closed by 162.144.236.216 port 39446 [preauth]
Sep 29 02:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Failed password for root from 162.144.236.216 port 44568 ssh2
Sep 29 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Connection closed by 162.144.236.216 port 44568 [preauth]
Sep 29 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for root from 162.144.236.216 port 50008 ssh2
Sep 29 02:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Connection closed by 162.144.236.216 port 50008 [preauth]
Sep 29 02:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21342]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21339]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21500]: Successful su for rubyman by root
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21500]: + ??? root:rubyman
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311977 of user rubyman.
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21500]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311977.
Sep 29 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21337]: pam_unix(cron:session): session closed for user root
Sep 29 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Did not receive identification string from 196.251.114.29
Sep 29 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session closed for user root
Sep 29 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Failed password for root from 162.144.236.216 port 58140 ssh2
Sep 29 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Failed password for root from 92.27.101.99 port 51204 ssh2
Sep 29 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Connection closed by 162.144.236.216 port 58140 [preauth]
Sep 29 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Received disconnect from 92.27.101.99 port 51204:11: Bye Bye [preauth]
Sep 29 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Disconnected from 92.27.101.99 port 51204 [preauth]
Sep 29 02:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: Failed password for root from 162.144.236.216 port 36608 ssh2
Sep 29 02:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: Connection closed by 162.144.236.216 port 36608 [preauth]
Sep 29 02:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: Failed password for root from 162.144.236.216 port 43424 ssh2
Sep 29 02:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: Connection closed by 162.144.236.216 port 43424 [preauth]
Sep 29 02:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21762]: Failed password for root from 162.144.236.216 port 51344 ssh2
Sep 29 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21762]: Connection closed by 162.144.236.216 port 51344 [preauth]
Sep 29 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20442]: pam_unix(cron:session): session closed for user root
Sep 29 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Failed password for root from 162.144.236.216 port 59138 ssh2
Sep 29 02:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Connection closed by 162.144.236.216 port 59138 [preauth]
Sep 29 02:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for root from 162.144.236.216 port 36884 ssh2
Sep 29 02:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Connection closed by 162.144.236.216 port 36884 [preauth]
Sep 29 02:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21880]: Failed password for root from 162.144.236.216 port 42336 ssh2
Sep 29 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21880]: Connection closed by 162.144.236.216 port 42336 [preauth]
Sep 29 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21912]: pam_unix(cron:session): session closed for user root
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21907]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Invalid user szy from 92.27.101.99
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: input_userauth_request: invalid user szy [preauth]
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: Successful su for rubyman by root
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: + ??? root:rubyman
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311982 of user rubyman.
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21979]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311982.
Sep 29 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21892]: Failed password for root from 162.144.236.216 port 48002 ssh2
Sep 29 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21892]: Connection closed by 162.144.236.216 port 48002 [preauth]
Sep 29 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Failed password for invalid user szy from 92.27.101.99 port 46564 ssh2
Sep 29 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Received disconnect from 92.27.101.99 port 46564:11: Bye Bye [preauth]
Sep 29 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Disconnected from 92.27.101.99 port 46564 [preauth]
Sep 29 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21909]: pam_unix(cron:session): session closed for user root
Sep 29 02:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18566]: pam_unix(cron:session): session closed for user root
Sep 29 02:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21908]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: Failed password for root from 162.144.236.216 port 54784 ssh2
Sep 29 02:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: Connection closed by 162.144.236.216 port 54784 [preauth]
Sep 29 02:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: Failed password for root from 162.144.236.216 port 35698 ssh2
Sep 29 02:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22253]: Connection closed by 162.144.236.216 port 35698 [preauth]
Sep 29 02:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20904]: pam_unix(cron:session): session closed for user root
Sep 29 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Failed password for root from 162.144.236.216 port 42980 ssh2
Sep 29 02:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22293]: Connection closed by 162.144.236.216 port 42980 [preauth]
Sep 29 02:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: Failed password for root from 162.144.236.216 port 51562 ssh2
Sep 29 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Invalid user cloudftp from 92.27.101.99
Sep 29 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: input_userauth_request: invalid user cloudftp [preauth]
Sep 29 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Failed password for invalid user cloudftp from 92.27.101.99 port 41938 ssh2
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Received disconnect from 92.27.101.99 port 41938:11: Bye Bye [preauth]
Sep 29 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Disconnected from 92.27.101.99 port 41938 [preauth]
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: Successful su for rubyman by root
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: + ??? root:rubyman
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311989 of user rubyman.
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22473]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311989.
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22358]: Connection closed by 162.144.236.216 port 51562 [preauth]
Sep 29 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user root
Sep 29 02:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for root from 162.144.236.216 port 59114 ssh2
Sep 29 02:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Connection closed by 162.144.236.216 port 59114 [preauth]
Sep 29 02:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: Failed password for root from 162.144.236.216 port 38020 ssh2
Sep 29 02:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: Connection closed by 162.144.236.216 port 38020 [preauth]
Sep 29 02:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Failed password for root from 162.144.236.216 port 44148 ssh2
Sep 29 02:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22913]: Connection closed by 162.144.236.216 port 44148 [preauth]
Sep 29 02:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22941]: Failed password for root from 162.144.236.216 port 49070 ssh2
Sep 29 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22941]: Connection closed by 162.144.236.216 port 49070 [preauth]
Sep 29 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session closed for user root
Sep 29 02:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for root from 162.144.236.216 port 55870 ssh2
Sep 29 02:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Connection closed by 162.144.236.216 port 55870 [preauth]
Sep 29 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Failed password for root from 162.144.236.216 port 35032 ssh2
Sep 29 02:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Connection closed by 162.144.236.216 port 35032 [preauth]
Sep 29 02:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Failed password for root from 162.144.236.216 port 38998 ssh2
Sep 29 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Connection closed by 162.144.236.216 port 38998 [preauth]
Sep 29 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Invalid user digital from 92.27.101.99
Sep 29 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: input_userauth_request: invalid user digital [preauth]
Sep 29 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Failed password for invalid user digital from 92.27.101.99 port 37304 ssh2
Sep 29 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Received disconnect from 92.27.101.99 port 37304:11: Bye Bye [preauth]
Sep 29 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Disconnected from 92.27.101.99 port 37304 [preauth]
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23084]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: Successful su for rubyman by root
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: + ??? root:rubyman
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311992 of user rubyman.
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23182]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311992.
Sep 29 02:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Failed password for root from 162.144.236.216 port 45686 ssh2
Sep 29 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session closed for user root
Sep 29 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Connection closed by 162.144.236.216 port 45686 [preauth]
Sep 29 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23088]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Failed password for root from 162.144.236.216 port 54274 ssh2
Sep 29 02:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Connection closed by 162.144.236.216 port 54274 [preauth]
Sep 29 02:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for root from 162.144.236.216 port 59792 ssh2
Sep 29 02:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 162.144.236.216 port 59792 [preauth]
Sep 29 02:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: Failed password for root from 162.144.236.216 port 38144 ssh2
Sep 29 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23469]: Connection closed by 162.144.236.216 port 38144 [preauth]
Sep 29 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: Failed password for root from 162.144.236.216 port 44268 ssh2
Sep 29 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: Connection closed by 162.144.236.216 port 44268 [preauth]
Sep 29 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session closed for user root
Sep 29 02:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Failed password for root from 162.144.236.216 port 49434 ssh2
Sep 29 02:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Connection closed by 162.144.236.216 port 49434 [preauth]
Sep 29 02:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Failed password for root from 162.144.236.216 port 55830 ssh2
Sep 29 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Connection closed by 162.144.236.216 port 55830 [preauth]
Sep 29 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Invalid user nikolay from 92.27.101.99
Sep 29 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: input_userauth_request: invalid user nikolay [preauth]
Sep 29 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Failed password for invalid user nikolay from 92.27.101.99 port 60898 ssh2
Sep 29 02:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Received disconnect from 92.27.101.99 port 60898:11: Bye Bye [preauth]
Sep 29 02:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23793]: Disconnected from 92.27.101.99 port 60898 [preauth]
Sep 29 02:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: Failed password for root from 162.144.236.216 port 33322 ssh2
Sep 29 02:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: Connection closed by 162.144.236.216 port 33322 [preauth]
Sep 29 02:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Failed password for root from 162.144.236.216 port 39140 ssh2
Sep 29 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23822]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23891]: Successful su for rubyman by root
Sep 29 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23891]: + ??? root:rubyman
Sep 29 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 311996 of user rubyman.
Sep 29 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23891]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 311996.
Sep 29 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Connection closed by 162.144.236.216 port 39140 [preauth]
Sep 29 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20441]: pam_unix(cron:session): session closed for user root
Sep 29 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23823]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Failed password for root from 162.144.236.216 port 44930 ssh2
Sep 29 02:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Connection closed by 162.144.236.216 port 44930 [preauth]
Sep 29 02:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for root from 162.144.236.216 port 52566 ssh2
Sep 29 02:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Connection closed by 162.144.236.216 port 52566 [preauth]
Sep 29 02:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Failed password for root from 162.144.236.216 port 58314 ssh2
Sep 29 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Connection closed by 162.144.236.216 port 58314 [preauth]
Sep 29 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session closed for user root
Sep 29 02:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Failed password for root from 162.144.236.216 port 39364 ssh2
Sep 29 02:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Connection closed by 162.144.236.216 port 39364 [preauth]
Sep 29 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: Invalid user ubuntu from 92.27.101.99
Sep 29 02:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 02:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: Failed password for root from 162.144.236.216 port 45902 ssh2
Sep 29 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: Connection closed by 162.144.236.216 port 45902 [preauth]
Sep 29 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: Failed password for invalid user ubuntu from 92.27.101.99 port 56254 ssh2
Sep 29 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: Received disconnect from 92.27.101.99 port 56254:11: Bye Bye [preauth]
Sep 29 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24267]: Disconnected from 92.27.101.99 port 56254 [preauth]
Sep 29 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: Failed password for root from 162.144.236.216 port 51538 ssh2
Sep 29 02:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: Connection closed by 162.144.236.216 port 51538 [preauth]
Sep 29 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24325]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24324]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24322]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: Failed password for root from 162.144.236.216 port 57986 ssh2
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: Successful su for rubyman by root
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: + ??? root:rubyman
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312000 of user rubyman.
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312000.
Sep 29 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: Connection closed by 162.144.236.216 port 57986 [preauth]
Sep 29 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session closed for user root
Sep 29 02:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24323]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: Failed password for root from 162.144.236.216 port 36742 ssh2
Sep 29 02:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: Connection closed by 162.144.236.216 port 36742 [preauth]
Sep 29 02:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Failed password for root from 162.144.236.216 port 43978 ssh2
Sep 29 02:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Connection closed by 162.144.236.216 port 43978 [preauth]
Sep 29 02:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user root
Sep 29 02:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Invalid user git from 92.27.101.99
Sep 29 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: input_userauth_request: invalid user git [preauth]
Sep 29 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Failed password for root from 162.144.236.216 port 51840 ssh2
Sep 29 02:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Failed password for invalid user git from 92.27.101.99 port 51620 ssh2
Sep 29 02:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Received disconnect from 92.27.101.99 port 51620:11: Bye Bye [preauth]
Sep 29 02:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Disconnected from 92.27.101.99 port 51620 [preauth]
Sep 29 02:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Connection closed by 162.144.236.216 port 51840 [preauth]
Sep 29 02:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: Failed password for root from 162.144.236.216 port 60324 ssh2
Sep 29 02:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: Connection closed by 162.144.236.216 port 60324 [preauth]
Sep 29 02:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session closed for user root
Sep 29 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: Successful su for rubyman by root
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: + ??? root:rubyman
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312004 of user rubyman.
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312004.
Sep 29 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: Failed password for root from 162.144.236.216 port 39258 ssh2
Sep 29 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21342]: pam_unix(cron:session): session closed for user root
Sep 29 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user root
Sep 29 02:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: Connection closed by 162.144.236.216 port 39258 [preauth]
Sep 29 02:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Failed password for root from 162.144.236.216 port 47178 ssh2
Sep 29 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Connection closed by 162.144.236.216 port 47178 [preauth]
Sep 29 02:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Failed password for root from 162.144.236.216 port 53400 ssh2
Sep 29 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Connection closed by 162.144.236.216 port 53400 [preauth]
Sep 29 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: Invalid user devel from 92.27.101.99
Sep 29 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: input_userauth_request: invalid user devel [preauth]
Sep 29 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99
Sep 29 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23825]: pam_unix(cron:session): session closed for user root
Sep 29 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Failed password for root from 162.144.236.216 port 34094 ssh2
Sep 29 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Connection closed by 162.144.236.216 port 34094 [preauth]
Sep 29 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: Failed password for invalid user devel from 92.27.101.99 port 46984 ssh2
Sep 29 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: Received disconnect from 92.27.101.99 port 46984:11: Bye Bye [preauth]
Sep 29 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: Disconnected from 92.27.101.99 port 46984 [preauth]
Sep 29 02:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Failed password for root from 162.144.236.216 port 40906 ssh2
Sep 29 02:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25241]: Connection closed by 162.144.236.216 port 40906 [preauth]
Sep 29 02:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Failed password for root from 162.144.236.216 port 47160 ssh2
Sep 29 02:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Connection closed by 162.144.236.216 port 47160 [preauth]
Sep 29 02:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Failed password for root from 162.144.236.216 port 53232 ssh2
Sep 29 02:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Connection closed by 162.144.236.216 port 53232 [preauth]
Sep 29 02:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25541]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25612]: Successful su for rubyman by root
Sep 29 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25612]: + ??? root:rubyman
Sep 29 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312011 of user rubyman.
Sep 29 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25612]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312011.
Sep 29 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session closed for user root
Sep 29 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Failed password for root from 162.144.236.216 port 60778 ssh2
Sep 29 02:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25533]: Connection closed by 162.144.236.216 port 60778 [preauth]
Sep 29 02:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25919]: Failed password for root from 162.144.236.216 port 39146 ssh2
Sep 29 02:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25919]: Connection closed by 162.144.236.216 port 39146 [preauth]
Sep 29 02:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25966]: Failed password for root from 162.144.236.216 port 46566 ssh2
Sep 29 02:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25966]: Connection closed by 162.144.236.216 port 46566 [preauth]
Sep 29 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 02:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Failed password for root from 92.27.101.99 port 42350 ssh2
Sep 29 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Failed password for root from 162.144.236.216 port 53166 ssh2
Sep 29 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Received disconnect from 92.27.101.99 port 42350:11: Bye Bye [preauth]
Sep 29 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Disconnected from 92.27.101.99 port 42350 [preauth]
Sep 29 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Connection closed by 162.144.236.216 port 53166 [preauth]
Sep 29 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24325]: pam_unix(cron:session): session closed for user root
Sep 29 02:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: Failed password for root from 162.144.236.216 port 58824 ssh2
Sep 29 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: Connection closed by 162.144.236.216 port 58824 [preauth]
Sep 29 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Failed password for root from 162.144.236.216 port 36312 ssh2
Sep 29 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Connection closed by 162.144.236.216 port 36312 [preauth]
Sep 29 02:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Failed password for root from 162.144.236.216 port 42866 ssh2
Sep 29 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Connection closed by 162.144.236.216 port 42866 [preauth]
Sep 29 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user root
Sep 29 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Failed password for root from 162.144.236.216 port 48258 ssh2
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: Successful su for rubyman by root
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: + ??? root:rubyman
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312014 of user rubyman.
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26190]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312014.
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Connection closed by 162.144.236.216 port 48258 [preauth]
Sep 29 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session closed for user root
Sep 29 02:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: Failed password for root from 162.144.236.216 port 55146 ssh2
Sep 29 02:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: Connection closed by 162.144.236.216 port 55146 [preauth]
Sep 29 02:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Failed password for root from 162.144.236.216 port 33512 ssh2
Sep 29 02:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26507]: Connection closed by 162.144.236.216 port 33512 [preauth]
Sep 29 02:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.27.101.99  user=root
Sep 29 02:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Failed password for root from 92.27.101.99 port 37710 ssh2
Sep 29 02:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Received disconnect from 92.27.101.99 port 37710:11: Bye Bye [preauth]
Sep 29 02:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Disconnected from 92.27.101.99 port 37710 [preauth]
Sep 29 02:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Failed password for root from 162.144.236.216 port 42544 ssh2
Sep 29 02:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Connection closed by 162.144.236.216 port 42544 [preauth]
Sep 29 02:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Failed password for root from 162.144.236.216 port 48154 ssh2
Sep 29 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user root
Sep 29 02:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Connection closed by 162.144.236.216 port 48154 [preauth]
Sep 29 02:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Failed password for root from 162.144.236.216 port 54794 ssh2
Sep 29 02:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Connection closed by 162.144.236.216 port 54794 [preauth]
Sep 29 02:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for root from 162.144.236.216 port 60408 ssh2
Sep 29 02:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Connection closed by 162.144.236.216 port 60408 [preauth]
Sep 29 02:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Failed password for root from 162.144.236.216 port 37218 ssh2
Sep 29 02:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Connection closed by 162.144.236.216 port 37218 [preauth]
Sep 29 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26704]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26701]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26794]: Successful su for rubyman by root
Sep 29 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26794]: + ??? root:rubyman
Sep 29 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312020 of user rubyman.
Sep 29 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26794]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312020.
Sep 29 02:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session closed for user root
Sep 29 02:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Failed password for root from 162.144.236.216 port 45788 ssh2
Sep 29 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Connection closed by 162.144.236.216 port 45788 [preauth]
Sep 29 02:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26703]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Failed password for root from 162.144.236.216 port 52324 ssh2
Sep 29 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Connection closed by 162.144.236.216 port 52324 [preauth]
Sep 29 02:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Failed password for root from 162.144.236.216 port 58134 ssh2
Sep 29 02:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Connection closed by 162.144.236.216 port 58134 [preauth]
Sep 29 02:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Failed password for root from 162.144.236.216 port 35356 ssh2
Sep 29 02:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Connection closed by 162.144.236.216 port 35356 [preauth]
Sep 29 02:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session closed for user root
Sep 29 02:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for root from 162.144.236.216 port 43030 ssh2
Sep 29 02:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Connection closed by 162.144.236.216 port 43030 [preauth]
Sep 29 02:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Failed password for root from 162.144.236.216 port 49160 ssh2
Sep 29 02:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Connection closed by 162.144.236.216 port 49160 [preauth]
Sep 29 02:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Failed password for root from 162.144.236.216 port 55226 ssh2
Sep 29 02:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Connection closed by 162.144.236.216 port 55226 [preauth]
Sep 29 02:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27279]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27346]: Successful su for rubyman by root
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27346]: + ??? root:rubyman
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312023 of user rubyman.
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27346]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312023.
Sep 29 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Failed password for root from 162.144.236.216 port 34512 ssh2
Sep 29 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Connection closed by 162.144.236.216 port 34512 [preauth]
Sep 29 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23824]: pam_unix(cron:session): session closed for user root
Sep 29 02:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: Failed password for root from 162.144.236.216 port 40110 ssh2
Sep 29 02:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: Connection closed by 162.144.236.216 port 40110 [preauth]
Sep 29 02:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: fatal: monitor_read: unpermitted request 6
Sep 29 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user root
Sep 29 02:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Failed password for root from 162.144.236.216 port 45596 ssh2
Sep 29 02:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Connection closed by 162.144.236.216 port 45596 [preauth]
Sep 29 02:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Failed password for root from 162.144.236.216 port 56832 ssh2
Sep 29 02:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27827]: Connection closed by 216.180.246.54 port 50856 [preauth]
Sep 29 02:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27863]: Connection closed by 162.144.236.216 port 56832 [preauth]
Sep 29 02:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Failed password for root from 162.144.236.216 port 33282 ssh2
Sep 29 02:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Connection closed by 162.144.236.216 port 33282 [preauth]
Sep 29 02:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Failed password for root from 162.144.236.216 port 39258 ssh2
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Connection closed by 162.144.236.216 port 39258 [preauth]
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session closed for user root
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27925]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: Successful su for rubyman by root
Sep 29 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: + ??? root:rubyman
Sep 29 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312028 of user rubyman.
Sep 29 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28008]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312028.
Sep 29 02:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24324]: pam_unix(cron:session): session closed for user root
Sep 29 02:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27927]: pam_unix(cron:session): session closed for user root
Sep 29 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Failed password for root from 162.144.236.216 port 45578 ssh2
Sep 29 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Connection closed by 162.144.236.216 port 45578 [preauth]
Sep 29 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27926]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: Failed password for root from 162.144.236.216 port 49930 ssh2
Sep 29 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: Connection closed by 162.144.236.216 port 49930 [preauth]
Sep 29 02:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: Failed password for root from 162.144.236.216 port 59926 ssh2
Sep 29 02:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28280]: Connection closed by 162.144.236.216 port 59926 [preauth]
Sep 29 02:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26705]: pam_unix(cron:session): session closed for user root
Sep 29 02:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Failed password for root from 162.144.236.216 port 39244 ssh2
Sep 29 02:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Connection closed by 162.144.236.216 port 39244 [preauth]
Sep 29 02:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28366]: Failed password for root from 162.144.236.216 port 45504 ssh2
Sep 29 02:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28366]: Connection closed by 162.144.236.216 port 45504 [preauth]
Sep 29 02:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Failed password for root from 162.144.236.216 port 52180 ssh2
Sep 29 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Connection closed by 162.144.236.216 port 52180 [preauth]
Sep 29 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28435]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28622]: Successful su for rubyman by root
Sep 29 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28622]: + ??? root:rubyman
Sep 29 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312034 of user rubyman.
Sep 29 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28622]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312034.
Sep 29 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Failed password for root from 162.144.236.216 port 60464 ssh2
Sep 29 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Connection closed by 162.144.236.216 port 60464 [preauth]
Sep 29 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session closed for user root
Sep 29 02:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28785]: Failed password for root from 162.144.236.216 port 38488 ssh2
Sep 29 02:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28785]: Connection closed by 162.144.236.216 port 38488 [preauth]
Sep 29 02:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: Failed password for root from 162.144.236.216 port 46906 ssh2
Sep 29 02:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28878]: Connection closed by 162.144.236.216 port 46906 [preauth]
Sep 29 02:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Failed password for root from 162.144.236.216 port 53866 ssh2
Sep 29 02:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Connection closed by 162.144.236.216 port 53866 [preauth]
Sep 29 02:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27280]: pam_unix(cron:session): session closed for user root
Sep 29 02:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Failed password for root from 162.144.236.216 port 60588 ssh2
Sep 29 02:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Connection closed by 162.144.236.216 port 60588 [preauth]
Sep 29 02:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Failed password for root from 162.144.236.216 port 39168 ssh2
Sep 29 02:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Connection closed by 162.144.236.216 port 39168 [preauth]
Sep 29 02:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Failed password for root from 162.144.236.216 port 46638 ssh2
Sep 29 02:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Connection closed by 162.144.236.216 port 46638 [preauth]
Sep 29 02:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29136]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29134]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29209]: Successful su for rubyman by root
Sep 29 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29209]: + ??? root:rubyman
Sep 29 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312038 of user rubyman.
Sep 29 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29209]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312038.
Sep 29 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25541]: pam_unix(cron:session): session closed for user root
Sep 29 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Failed password for root from 162.144.236.216 port 52692 ssh2
Sep 29 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Connection closed by 162.144.236.216 port 52692 [preauth]
Sep 29 02:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29135]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: Failed password for root from 162.144.236.216 port 59898 ssh2
Sep 29 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29414]: Connection closed by 162.144.236.216 port 59898 [preauth]
Sep 29 02:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for root from 162.144.236.216 port 41266 ssh2
Sep 29 02:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Connection closed by 162.144.236.216 port 41266 [preauth]
Sep 29 02:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: Failed password for root from 162.144.236.216 port 47034 ssh2
Sep 29 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: Connection closed by 162.144.236.216 port 47034 [preauth]
Sep 29 02:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session closed for user root
Sep 29 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Failed password for root from 162.144.236.216 port 53840 ssh2
Sep 29 02:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Connection closed by 162.144.236.216 port 53840 [preauth]
Sep 29 02:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: Failed password for root from 162.144.236.216 port 60318 ssh2
Sep 29 02:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: Connection closed by 162.144.236.216 port 60318 [preauth]
Sep 29 02:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Failed password for root from 162.144.236.216 port 37632 ssh2
Sep 29 02:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Connection closed by 162.144.236.216 port 37632 [preauth]
Sep 29 02:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29617]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29689]: Successful su for rubyman by root
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29689]: + ??? root:rubyman
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312042 of user rubyman.
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29689]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312042.
Sep 29 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user root
Sep 29 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: Failed password for root from 162.144.236.216 port 45526 ssh2
Sep 29 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29614]: Connection closed by 162.144.236.216 port 45526 [preauth]
Sep 29 02:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29618]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Failed password for root from 162.144.236.216 port 51562 ssh2
Sep 29 02:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: Connection closed by 162.144.236.216 port 51562 [preauth]
Sep 29 02:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: Failed password for root from 162.144.236.216 port 58520 ssh2
Sep 29 02:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: Connection closed by 162.144.236.216 port 58520 [preauth]
Sep 29 02:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Failed password for root from 162.144.236.216 port 36916 ssh2
Sep 29 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Connection closed by 162.144.236.216 port 36916 [preauth]
Sep 29 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session closed for user root
Sep 29 02:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Failed password for root from 162.144.236.216 port 43118 ssh2
Sep 29 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Connection closed by 162.144.236.216 port 43118 [preauth]
Sep 29 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: Failed password for root from 162.144.236.216 port 49370 ssh2
Sep 29 02:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: Connection closed by 162.144.236.216 port 49370 [preauth]
Sep 29 02:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30112]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: Successful su for rubyman by root
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: + ??? root:rubyman
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312045 of user rubyman.
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312045.
Sep 29 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Failed password for root from 162.144.236.216 port 57358 ssh2
Sep 29 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26704]: pam_unix(cron:session): session closed for user root
Sep 29 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Connection closed by 162.144.236.216 port 57358 [preauth]
Sep 29 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30113]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Failed password for root from 162.144.236.216 port 34184 ssh2
Sep 29 02:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Connection closed by 162.144.236.216 port 34184 [preauth]
Sep 29 02:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Failed password for root from 162.144.236.216 port 41268 ssh2
Sep 29 02:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Connection closed by 162.144.236.216 port 41268 [preauth]
Sep 29 02:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session closed for user root
Sep 29 02:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Failed password for root from 162.144.236.216 port 47984 ssh2
Sep 29 02:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Connection closed by 162.144.236.216 port 47984 [preauth]
Sep 29 02:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Failed password for root from 162.144.236.216 port 54860 ssh2
Sep 29 02:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Connection closed by 162.144.236.216 port 54860 [preauth]
Sep 29 02:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Failed password for root from 162.144.236.216 port 34004 ssh2
Sep 29 02:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Connection closed by 162.144.236.216 port 34004 [preauth]
Sep 29 02:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Failed password for root from 162.144.236.216 port 39318 ssh2
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user root
Sep 29 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Connection closed by 162.144.236.216 port 39318 [preauth]
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30785]: Successful su for rubyman by root
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30785]: + ??? root:rubyman
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312049 of user rubyman.
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30785]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312049.
Sep 29 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30709]: pam_unix(cron:session): session closed for user root
Sep 29 02:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27279]: pam_unix(cron:session): session closed for user root
Sep 29 02:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Failed password for root from 162.144.236.216 port 44666 ssh2
Sep 29 02:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Connection closed by 162.144.236.216 port 44666 [preauth]
Sep 29 02:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: Failed password for root from 162.144.236.216 port 52392 ssh2
Sep 29 02:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: Connection closed by 162.144.236.216 port 52392 [preauth]
Sep 29 02:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Failed password for root from 162.144.236.216 port 60892 ssh2
Sep 29 02:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Connection closed by 162.144.236.216 port 60892 [preauth]
Sep 29 02:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29621]: pam_unix(cron:session): session closed for user root
Sep 29 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for root from 162.144.236.216 port 39446 ssh2
Sep 29 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Connection closed by 162.144.236.216 port 39446 [preauth]
Sep 29 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Failed password for root from 162.144.236.216 port 46206 ssh2
Sep 29 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Connection closed by 162.144.236.216 port 46206 [preauth]
Sep 29 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Failed password for root from 162.144.236.216 port 53778 ssh2
Sep 29 02:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Connection closed by 162.144.236.216 port 53778 [preauth]
Sep 29 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: Successful su for rubyman by root
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: + ??? root:rubyman
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312055 of user rubyman.
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312055.
Sep 29 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for root from 162.144.236.216 port 60444 ssh2
Sep 29 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27928]: pam_unix(cron:session): session closed for user root
Sep 29 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Connection closed by 162.144.236.216 port 60444 [preauth]
Sep 29 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for root from 162.144.236.216 port 39670 ssh2
Sep 29 02:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Connection closed by 162.144.236.216 port 39670 [preauth]
Sep 29 02:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 162.144.236.216 port 44314 ssh2
Sep 29 02:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 162.144.236.216 port 44314 [preauth]
Sep 29 02:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Failed password for root from 162.144.236.216 port 51974 ssh2
Sep 29 02:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Connection closed by 162.144.236.216 port 51974 [preauth]
Sep 29 02:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30116]: pam_unix(cron:session): session closed for user root
Sep 29 02:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for root from 162.144.236.216 port 59748 ssh2
Sep 29 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Connection closed by 162.144.236.216 port 59748 [preauth]
Sep 29 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for root from 162.144.236.216 port 38050 ssh2
Sep 29 02:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Connection closed by 162.144.236.216 port 38050 [preauth]
Sep 29 02:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Failed password for root from 162.144.236.216 port 45682 ssh2
Sep 29 02:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Connection closed by 162.144.236.216 port 45682 [preauth]
Sep 29 02:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: Successful su for rubyman by root
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: + ??? root:rubyman
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312060 of user rubyman.
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312060.
Sep 29 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session closed for user root
Sep 29 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Failed password for root from 162.144.236.216 port 52180 ssh2
Sep 29 02:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Connection closed by 162.144.236.216 port 52180 [preauth]
Sep 29 02:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: Failed password for root from 162.144.236.216 port 59052 ssh2
Sep 29 02:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: Connection closed by 162.144.236.216 port 59052 [preauth]
Sep 29 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.137.255.140  user=root
Sep 29 02:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Failed password for root from 23.137.255.140 port 7802 ssh2
Sep 29 02:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Received disconnect from 23.137.255.140 port 7802:11: Bye Bye [preauth]
Sep 29 02:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32058]: Disconnected from 23.137.255.140 port 7802 [preauth]
Sep 29 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session closed for user root
Sep 29 02:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Failed password for root from 162.144.236.216 port 36560 ssh2
Sep 29 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Connection closed by 162.144.236.216 port 36560 [preauth]
Sep 29 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Failed password for root from 24.232.50.5 port 54324 ssh2
Sep 29 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Received disconnect from 24.232.50.5 port 54324:11: Bye Bye [preauth]
Sep 29 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Disconnected from 24.232.50.5 port 54324 [preauth]
Sep 29 02:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Failed password for root from 162.144.236.216 port 43836 ssh2
Sep 29 02:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Connection closed by 162.144.236.216 port 43836 [preauth]
Sep 29 02:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Failed password for root from 162.144.236.216 port 50060 ssh2
Sep 29 02:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Connection closed by 162.144.236.216 port 50060 [preauth]
Sep 29 02:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32173]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: Failed password for root from 162.144.236.216 port 56724 ssh2
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: Successful su for rubyman by root
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: + ??? root:rubyman
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312064 of user rubyman.
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312064.
Sep 29 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: Connection closed by 162.144.236.216 port 56724 [preauth]
Sep 29 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29136]: pam_unix(cron:session): session closed for user root
Sep 29 02:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32174]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for root from 162.144.236.216 port 32810 ssh2
Sep 29 02:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Connection closed by 162.144.236.216 port 32810 [preauth]
Sep 29 02:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Failed password for root from 162.144.236.216 port 39368 ssh2
Sep 29 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Connection closed by 162.144.236.216 port 39368 [preauth]
Sep 29 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Failed password for root from 162.144.236.216 port 46612 ssh2
Sep 29 02:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Connection closed by 162.144.236.216 port 46612 [preauth]
Sep 29 02:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session closed for user root
Sep 29 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: Failed password for root from 162.144.236.216 port 54576 ssh2
Sep 29 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: Connection closed by 162.144.236.216 port 54576 [preauth]
Sep 29 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: Failed password for root from 162.144.236.216 port 60384 ssh2
Sep 29 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: Connection closed by 162.144.236.216 port 60384 [preauth]
Sep 29 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32686]: Successful su for rubyman by root
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32686]: + ??? root:rubyman
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312067 of user rubyman.
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32686]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312067.
Sep 29 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Failed password for root from 162.144.236.216 port 39096 ssh2
Sep 29 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29620]: pam_unix(cron:session): session closed for user root
Sep 29 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Connection closed by 162.144.236.216 port 39096 [preauth]
Sep 29 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[403]: Failed password for root from 162.144.236.216 port 48610 ssh2
Sep 29 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[403]: Connection closed by 162.144.236.216 port 48610 [preauth]
Sep 29 02:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session closed for user root
Sep 29 02:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Failed password for root from 162.144.236.216 port 57058 ssh2
Sep 29 02:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Connection closed by 162.144.236.216 port 57058 [preauth]
Sep 29 02:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Failed password for root from 162.144.236.216 port 37746 ssh2
Sep 29 02:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Connection closed by 162.144.236.216 port 37746 [preauth]
Sep 29 02:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: Failed password for root from 162.144.236.216 port 44120 ssh2
Sep 29 02:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[574]: Connection closed by 162.144.236.216 port 44120 [preauth]
Sep 29 02:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session closed for user root
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[675]: Successful su for rubyman by root
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[675]: + ??? root:rubyman
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312073 of user rubyman.
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[675]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312073.
Sep 29 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Failed password for root from 162.144.236.216 port 51356 ssh2
Sep 29 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Connection closed by 162.144.236.216 port 51356 [preauth]
Sep 29 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session closed for user root
Sep 29 02:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30114]: pam_unix(cron:session): session closed for user root
Sep 29 02:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Failed password for root from 162.144.236.216 port 58628 ssh2
Sep 29 02:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Connection closed by 162.144.236.216 port 58628 [preauth]
Sep 29 02:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Failed password for root from 162.144.236.216 port 37146 ssh2
Sep 29 02:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Connection closed by 162.144.236.216 port 37146 [preauth]
Sep 29 02:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Failed password for root from 162.144.236.216 port 42538 ssh2
Sep 29 02:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Connection closed by 162.144.236.216 port 42538 [preauth]
Sep 29 02:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 162.144.236.216 port 49400 ssh2
Sep 29 02:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Connection closed by 162.144.236.216 port 49400 [preauth]
Sep 29 02:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32176]: pam_unix(cron:session): session closed for user root
Sep 29 02:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Invalid user work from 24.232.50.5
Sep 29 02:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: input_userauth_request: invalid user work [preauth]
Sep 29 02:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Failed password for invalid user work from 24.232.50.5 port 46676 ssh2
Sep 29 02:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Received disconnect from 24.232.50.5 port 46676:11: Bye Bye [preauth]
Sep 29 02:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Disconnected from 24.232.50.5 port 46676 [preauth]
Sep 29 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Failed password for root from 162.144.236.216 port 54322 ssh2
Sep 29 02:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Connection closed by 162.144.236.216 port 54322 [preauth]
Sep 29 02:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 29 02:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: Failed password for root from 20.163.71.109 port 37574 ssh2
Sep 29 02:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: Connection closed by 20.163.71.109 port 37574 [preauth]
Sep 29 02:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for root from 162.144.236.216 port 33676 ssh2
Sep 29 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Connection closed by 162.144.236.216 port 33676 [preauth]
Sep 29 02:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Failed password for root from 162.144.236.216 port 40340 ssh2
Sep 29 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Connection closed by 162.144.236.216 port 40340 [preauth]
Sep 29 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1193]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1190]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1274]: Successful su for rubyman by root
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1274]: + ??? root:rubyman
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312078 of user rubyman.
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1274]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312078.
Sep 29 02:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session closed for user root
Sep 29 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Failed password for root from 162.144.236.216 port 47046 ssh2
Sep 29 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1191]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Connection closed by 162.144.236.216 port 47046 [preauth]
Sep 29 02:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Failed password for root from 162.144.236.216 port 55042 ssh2
Sep 29 02:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Connection closed by 162.144.236.216 port 55042 [preauth]
Sep 29 02:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: Failed password for root from 162.144.236.216 port 34650 ssh2
Sep 29 02:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1549]: Connection closed by 162.144.236.216 port 34650 [preauth]
Sep 29 02:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Failed password for root from 162.144.236.216 port 41882 ssh2
Sep 29 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session closed for user root
Sep 29 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Connection closed by 162.144.236.216 port 41882 [preauth]
Sep 29 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Failed password for root from 162.144.236.216 port 47466 ssh2
Sep 29 02:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Connection closed by 162.144.236.216 port 47466 [preauth]
Sep 29 02:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Failed password for root from 162.144.236.216 port 54592 ssh2
Sep 29 02:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Connection closed by 162.144.236.216 port 54592 [preauth]
Sep 29 02:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Failed password for root from 162.144.236.216 port 34310 ssh2
Sep 29 02:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Connection closed by 162.144.236.216 port 34310 [preauth]
Sep 29 02:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1702]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1703]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1700]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: Successful su for rubyman by root
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: + ??? root:rubyman
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312083 of user rubyman.
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312083.
Sep 29 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Invalid user user from 24.232.50.5
Sep 29 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: input_userauth_request: invalid user user [preauth]
Sep 29 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session closed for user root
Sep 29 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Failed password for invalid user user from 24.232.50.5 port 52040 ssh2
Sep 29 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Received disconnect from 24.232.50.5 port 52040:11: Bye Bye [preauth]
Sep 29 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Disconnected from 24.232.50.5 port 52040 [preauth]
Sep 29 02:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1701]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1698]: Failed password for root from 162.144.236.216 port 39754 ssh2
Sep 29 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1698]: Connection closed by 162.144.236.216 port 39754 [preauth]
Sep 29 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1977]: Failed password for root from 162.144.236.216 port 47108 ssh2
Sep 29 02:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1977]: Connection closed by 162.144.236.216 port 47108 [preauth]
Sep 29 02:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: Failed password for root from 162.144.236.216 port 53540 ssh2
Sep 29 02:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: Connection closed by 162.144.236.216 port 53540 [preauth]
Sep 29 02:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Failed password for root from 162.144.236.216 port 60934 ssh2
Sep 29 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Connection closed by 162.144.236.216 port 60934 [preauth]
Sep 29 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session closed for user root
Sep 29 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Failed password for root from 162.144.236.216 port 38920 ssh2
Sep 29 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Connection closed by 162.144.236.216 port 38920 [preauth]
Sep 29 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Failed password for root from 162.144.236.216 port 46248 ssh2
Sep 29 02:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Connection closed by 162.144.236.216 port 46248 [preauth]
Sep 29 02:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Failed password for root from 162.144.236.216 port 50620 ssh2
Sep 29 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Connection closed by 162.144.236.216 port 50620 [preauth]
Sep 29 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2159]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: Successful su for rubyman by root
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: + ??? root:rubyman
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312085 of user rubyman.
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312085.
Sep 29 02:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Failed password for root from 162.144.236.216 port 57130 ssh2
Sep 29 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Connection closed by 162.144.236.216 port 57130 [preauth]
Sep 29 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session closed for user root
Sep 29 02:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2160]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Failed password for root from 162.144.236.216 port 35180 ssh2
Sep 29 02:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Connection closed by 162.144.236.216 port 35180 [preauth]
Sep 29 02:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Failed password for root from 162.144.236.216 port 40944 ssh2
Sep 29 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Connection closed by 162.144.236.216 port 40944 [preauth]
Sep 29 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Failed password for root from 162.144.236.216 port 47074 ssh2
Sep 29 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Connection closed by 162.144.236.216 port 47074 [preauth]
Sep 29 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Invalid user test from 24.232.50.5
Sep 29 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: input_userauth_request: invalid user test [preauth]
Sep 29 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Failed password for invalid user test from 24.232.50.5 port 38684 ssh2
Sep 29 02:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Received disconnect from 24.232.50.5 port 38684:11: Bye Bye [preauth]
Sep 29 02:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Disconnected from 24.232.50.5 port 38684 [preauth]
Sep 29 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1193]: pam_unix(cron:session): session closed for user root
Sep 29 02:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: Failed password for root from 162.144.236.216 port 54240 ssh2
Sep 29 02:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2511]: Connection closed by 162.144.236.216 port 54240 [preauth]
Sep 29 02:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Failed password for root from 162.144.236.216 port 33148 ssh2
Sep 29 02:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Connection closed by 162.144.236.216 port 33148 [preauth]
Sep 29 02:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: Failed password for root from 162.144.236.216 port 38514 ssh2
Sep 29 02:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: Connection closed by 162.144.236.216 port 38514 [preauth]
Sep 29 02:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: Failed password for root from 162.144.236.216 port 47330 ssh2
Sep 29 02:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: Connection closed by 162.144.236.216 port 47330 [preauth]
Sep 29 02:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2618]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2678]: Successful su for rubyman by root
Sep 29 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2678]: + ??? root:rubyman
Sep 29 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312091 of user rubyman.
Sep 29 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2678]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312091.
Sep 29 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32175]: pam_unix(cron:session): session closed for user root
Sep 29 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: Failed password for root from 162.144.236.216 port 53110 ssh2
Sep 29 02:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: Connection closed by 162.144.236.216 port 53110 [preauth]
Sep 29 02:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for root from 162.144.236.216 port 59018 ssh2
Sep 29 02:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Connection closed by 162.144.236.216 port 59018 [preauth]
Sep 29 02:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Failed password for root from 162.144.236.216 port 37680 ssh2
Sep 29 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Connection closed by 162.144.236.216 port 37680 [preauth]
Sep 29 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Failed password for root from 162.144.236.216 port 44018 ssh2
Sep 29 02:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2939]: Connection closed by 162.144.236.216 port 44018 [preauth]
Sep 29 02:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1703]: pam_unix(cron:session): session closed for user root
Sep 29 02:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Failed password for root from 162.144.236.216 port 49938 ssh2
Sep 29 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Connection closed by 162.144.236.216 port 49938 [preauth]
Sep 29 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2990]: Failed password for root from 162.144.236.216 port 54610 ssh2
Sep 29 02:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2990]: Connection closed by 162.144.236.216 port 54610 [preauth]
Sep 29 02:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Invalid user deploybot from 24.232.50.5
Sep 29 02:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: input_userauth_request: invalid user deploybot [preauth]
Sep 29 02:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Failed password for root from 162.144.236.216 port 34068 ssh2
Sep 29 02:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Failed password for invalid user deploybot from 24.232.50.5 port 46176 ssh2
Sep 29 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Received disconnect from 24.232.50.5 port 46176:11: Bye Bye [preauth]
Sep 29 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Disconnected from 24.232.50.5 port 46176 [preauth]
Sep 29 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Connection closed by 162.144.236.216 port 34068 [preauth]
Sep 29 02:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session closed for user root
Sep 29 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3055]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3126]: Successful su for rubyman by root
Sep 29 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3126]: + ??? root:rubyman
Sep 29 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312095 of user rubyman.
Sep 29 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3126]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312095.
Sep 29 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for root from 162.144.236.216 port 40614 ssh2
Sep 29 02:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session closed for user root
Sep 29 02:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 162.144.236.216 port 40614 [preauth]
Sep 29 02:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3057]: pam_unix(cron:session): session closed for user root
Sep 29 02:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3056]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 162.144.236.216 port 48084 ssh2
Sep 29 02:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Connection closed by 162.144.236.216 port 48084 [preauth]
Sep 29 02:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Failed password for root from 162.144.236.216 port 54192 ssh2
Sep 29 02:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Connection closed by 162.144.236.216 port 54192 [preauth]
Sep 29 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Failed password for root from 162.144.236.216 port 59434 ssh2
Sep 29 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3392]: Connection closed by 162.144.236.216 port 59434 [preauth]
Sep 29 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session closed for user root
Sep 29 02:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Failed password for root from 162.144.236.216 port 37628 ssh2
Sep 29 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Connection closed by 162.144.236.216 port 37628 [preauth]
Sep 29 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Failed password for root from 162.144.236.216 port 43242 ssh2
Sep 29 02:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Connection closed by 162.144.236.216 port 43242 [preauth]
Sep 29 02:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Failed password for root from 162.144.236.216 port 49900 ssh2
Sep 29 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Connection closed by 162.144.236.216 port 49900 [preauth]
Sep 29 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Failed password for root from 162.144.236.216 port 55030 ssh2
Sep 29 02:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3507]: Connection closed by 162.144.236.216 port 55030 [preauth]
Sep 29 02:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3534]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3531]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: Successful su for rubyman by root
Sep 29 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: + ??? root:rubyman
Sep 29 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312101 of user rubyman.
Sep 29 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312101.
Sep 29 02:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session closed for user root
Sep 29 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Failed password for root from 162.144.236.216 port 34722 ssh2
Sep 29 02:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3532]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Connection closed by 162.144.236.216 port 34722 [preauth]
Sep 29 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for root from 162.144.236.216 port 42032 ssh2
Sep 29 02:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Connection closed by 162.144.236.216 port 42032 [preauth]
Sep 29 02:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Invalid user dennis from 24.232.50.5
Sep 29 02:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: input_userauth_request: invalid user dennis [preauth]
Sep 29 02:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Failed password for invalid user dennis from 24.232.50.5 port 39602 ssh2
Sep 29 02:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Received disconnect from 24.232.50.5 port 39602:11: Bye Bye [preauth]
Sep 29 02:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Disconnected from 24.232.50.5 port 39602 [preauth]
Sep 29 02:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Failed password for root from 162.144.236.216 port 48590 ssh2
Sep 29 02:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Connection closed by 162.144.236.216 port 48590 [preauth]
Sep 29 02:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Failed password for root from 162.144.236.216 port 53700 ssh2
Sep 29 02:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Connection closed by 162.144.236.216 port 53700 [preauth]
Sep 29 02:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2619]: pam_unix(cron:session): session closed for user root
Sep 29 02:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: Failed password for root from 162.144.236.216 port 60650 ssh2
Sep 29 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: Connection closed by 162.144.236.216 port 60650 [preauth]
Sep 29 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Failed password for root from 162.144.236.216 port 39416 ssh2
Sep 29 02:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Connection closed by 162.144.236.216 port 39416 [preauth]
Sep 29 02:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 162.144.236.216 port 45090 ssh2
Sep 29 02:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Connection closed by 162.144.236.216 port 45090 [preauth]
Sep 29 02:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3989]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3990]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3987]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4053]: Successful su for rubyman by root
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4053]: + ??? root:rubyman
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312106 of user rubyman.
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4053]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312106.
Sep 29 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Failed password for root from 162.144.236.216 port 51550 ssh2
Sep 29 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1192]: pam_unix(cron:session): session closed for user root
Sep 29 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Connection closed by 162.144.236.216 port 51550 [preauth]
Sep 29 02:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3988]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4246]: Failed password for root from 162.144.236.216 port 59798 ssh2
Sep 29 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4246]: Connection closed by 162.144.236.216 port 59798 [preauth]
Sep 29 02:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: Failed password for root from 162.144.236.216 port 37596 ssh2
Sep 29 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: Connection closed by 162.144.236.216 port 37596 [preauth]
Sep 29 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Failed password for root from 162.144.236.216 port 43428 ssh2
Sep 29 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Connection closed by 162.144.236.216 port 43428 [preauth]
Sep 29 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3059]: pam_unix(cron:session): session closed for user root
Sep 29 02:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: Failed password for root from 162.144.236.216 port 49574 ssh2
Sep 29 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4340]: Connection closed by 162.144.236.216 port 49574 [preauth]
Sep 29 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for root from 162.144.236.216 port 55788 ssh2
Sep 29 02:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Connection closed by 162.144.236.216 port 55788 [preauth]
Sep 29 02:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Invalid user toni from 24.232.50.5
Sep 29 02:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: input_userauth_request: invalid user toni [preauth]
Sep 29 02:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Failed password for invalid user toni from 24.232.50.5 port 60964 ssh2
Sep 29 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Received disconnect from 24.232.50.5 port 60964:11: Bye Bye [preauth]
Sep 29 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Disconnected from 24.232.50.5 port 60964 [preauth]
Sep 29 02:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: Failed password for root from 162.144.236.216 port 33312 ssh2
Sep 29 02:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4401]: Connection closed by 162.144.236.216 port 33312 [preauth]
Sep 29 02:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: Successful su for rubyman by root
Sep 29 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: + ??? root:rubyman
Sep 29 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312107 of user rubyman.
Sep 29 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312107.
Sep 29 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for root from 162.144.236.216 port 42090 ssh2
Sep 29 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Connection closed by 162.144.236.216 port 42090 [preauth]
Sep 29 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1702]: pam_unix(cron:session): session closed for user root
Sep 29 02:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Failed password for root from 162.144.236.216 port 48734 ssh2
Sep 29 02:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Connection closed by 162.144.236.216 port 48734 [preauth]
Sep 29 02:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for root from 162.144.236.216 port 55054 ssh2
Sep 29 02:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Connection closed by 162.144.236.216 port 55054 [preauth]
Sep 29 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3534]: pam_unix(cron:session): session closed for user root
Sep 29 02:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Failed password for root from 162.144.236.216 port 34974 ssh2
Sep 29 02:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Connection closed by 162.144.236.216 port 34974 [preauth]
Sep 29 02:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: Failed password for root from 162.144.236.216 port 42432 ssh2
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4890]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4885]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4888]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: Connection closed by 162.144.236.216 port 42432 [preauth]
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: Successful su for rubyman by root
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: + ??? root:rubyman
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312113 of user rubyman.
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5048]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312113.
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4885]: pam_unix(cron:session): session closed for user root
Sep 29 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2161]: pam_unix(cron:session): session closed for user root
Sep 29 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Invalid user wjx from 24.232.50.5
Sep 29 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: input_userauth_request: invalid user wjx [preauth]
Sep 29 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5072]: Failed password for root from 162.144.236.216 port 51422 ssh2
Sep 29 02:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Failed password for invalid user wjx from 24.232.50.5 port 51830 ssh2
Sep 29 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Received disconnect from 24.232.50.5 port 51830:11: Bye Bye [preauth]
Sep 29 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Disconnected from 24.232.50.5 port 51830 [preauth]
Sep 29 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5072]: Connection closed by 162.144.236.216 port 51422 [preauth]
Sep 29 02:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Failed password for root from 162.144.236.216 port 58352 ssh2
Sep 29 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Connection closed by 162.144.236.216 port 58352 [preauth]
Sep 29 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Failed password for root from 162.144.236.216 port 37382 ssh2
Sep 29 02:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Connection closed by 162.144.236.216 port 37382 [preauth]
Sep 29 02:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: Failed password for root from 162.144.236.216 port 43320 ssh2
Sep 29 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: Connection closed by 162.144.236.216 port 43320 [preauth]
Sep 29 02:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3990]: pam_unix(cron:session): session closed for user root
Sep 29 02:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Failed password for root from 162.144.236.216 port 49496 ssh2
Sep 29 02:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Connection closed by 162.144.236.216 port 49496 [preauth]
Sep 29 02:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: Failed password for root from 162.144.236.216 port 57128 ssh2
Sep 29 02:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: Connection closed by 162.144.236.216 port 57128 [preauth]
Sep 29 02:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Failed password for root from 162.144.236.216 port 34582 ssh2
Sep 29 02:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5513]: Connection closed by 162.144.236.216 port 34582 [preauth]
Sep 29 02:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session closed for user root
Sep 29 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5543]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5617]: Successful su for rubyman by root
Sep 29 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5617]: + ??? root:rubyman
Sep 29 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312119 of user rubyman.
Sep 29 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5617]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312119.
Sep 29 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session closed for user root
Sep 29 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2618]: pam_unix(cron:session): session closed for user root
Sep 29 02:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for root from 162.144.236.216 port 41726 ssh2
Sep 29 02:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5544]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Connection closed by 162.144.236.216 port 41726 [preauth]
Sep 29 02:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: Failed password for root from 162.144.236.216 port 48984 ssh2
Sep 29 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5864]: Connection closed by 162.144.236.216 port 48984 [preauth]
Sep 29 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for root from 162.144.236.216 port 55292 ssh2
Sep 29 02:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Connection closed by 162.144.236.216 port 55292 [preauth]
Sep 29 02:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for root from 162.144.236.216 port 60874 ssh2
Sep 29 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Connection closed by 162.144.236.216 port 60874 [preauth]
Sep 29 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user root
Sep 29 02:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for root from 162.144.236.216 port 39724 ssh2
Sep 29 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Invalid user sangoma from 24.232.50.5
Sep 29 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: input_userauth_request: invalid user sangoma [preauth]
Sep 29 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 162.144.236.216 port 39724 [preauth]
Sep 29 02:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Failed password for invalid user sangoma from 24.232.50.5 port 60706 ssh2
Sep 29 02:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Received disconnect from 24.232.50.5 port 60706:11: Bye Bye [preauth]
Sep 29 02:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Disconnected from 24.232.50.5 port 60706 [preauth]
Sep 29 02:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Failed password for root from 162.144.236.216 port 45732 ssh2
Sep 29 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Connection closed by 162.144.236.216 port 45732 [preauth]
Sep 29 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6017]: Failed password for root from 162.144.236.216 port 54148 ssh2
Sep 29 02:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6017]: Connection closed by 162.144.236.216 port 54148 [preauth]
Sep 29 02:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6042]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6115]: Successful su for rubyman by root
Sep 29 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6115]: + ??? root:rubyman
Sep 29 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312125 of user rubyman.
Sep 29 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6115]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312125.
Sep 29 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Failed password for root from 162.144.236.216 port 60370 ssh2
Sep 29 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session closed for user root
Sep 29 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Connection closed by 162.144.236.216 port 60370 [preauth]
Sep 29 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6043]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for root from 162.144.236.216 port 38614 ssh2
Sep 29 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Connection closed by 162.144.236.216 port 38614 [preauth]
Sep 29 02:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Failed password for root from 162.144.236.216 port 46568 ssh2
Sep 29 02:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6353]: Connection closed by 162.144.236.216 port 46568 [preauth]
Sep 29 02:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Failed password for root from 162.144.236.216 port 53058 ssh2
Sep 29 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Invalid user admin from 139.19.117.131
Sep 29 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: input_userauth_request: invalid user admin [preauth]
Sep 29 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Connection closed by 162.144.236.216 port 53058 [preauth]
Sep 29 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session closed for user root
Sep 29 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for root from 162.144.236.216 port 58930 ssh2
Sep 29 02:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Connection closed by 162.144.236.216 port 58930 [preauth]
Sep 29 02:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Connection closed by 139.19.117.131 port 34756 [preauth]
Sep 29 02:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Failed password for root from 162.144.236.216 port 37008 ssh2
Sep 29 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Connection closed by 162.144.236.216 port 37008 [preauth]
Sep 29 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Failed password for root from 162.144.236.216 port 44084 ssh2
Sep 29 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Connection closed by 162.144.236.216 port 44084 [preauth]
Sep 29 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: Successful su for rubyman by root
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: + ??? root:rubyman
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312127 of user rubyman.
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312127.
Sep 29 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Failed password for root from 162.144.236.216 port 49980 ssh2
Sep 29 02:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Connection closed by 162.144.236.216 port 49980 [preauth]
Sep 29 02:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session closed for user root
Sep 29 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Failed password for root from 24.232.50.5 port 41400 ssh2
Sep 29 02:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Received disconnect from 24.232.50.5 port 41400:11: Bye Bye [preauth]
Sep 29 02:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Disconnected from 24.232.50.5 port 41400 [preauth]
Sep 29 02:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for root from 162.144.236.216 port 56258 ssh2
Sep 29 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Connection closed by 162.144.236.216 port 56258 [preauth]
Sep 29 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Failed password for root from 162.144.236.216 port 33850 ssh2
Sep 29 02:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Connection closed by 162.144.236.216 port 33850 [preauth]
Sep 29 02:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Failed password for root from 162.144.236.216 port 41588 ssh2
Sep 29 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Connection closed by 162.144.236.216 port 41588 [preauth]
Sep 29 02:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session closed for user root
Sep 29 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Failed password for root from 162.144.236.216 port 46820 ssh2
Sep 29 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Connection closed by 162.144.236.216 port 46820 [preauth]
Sep 29 02:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Failed password for root from 162.144.236.216 port 54770 ssh2
Sep 29 02:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Connection closed by 162.144.236.216 port 54770 [preauth]
Sep 29 02:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7017]: Failed password for root from 162.144.236.216 port 34180 ssh2
Sep 29 02:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7017]: Connection closed by 162.144.236.216 port 34180 [preauth]
Sep 29 02:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: Successful su for rubyman by root
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: + ??? root:rubyman
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312132 of user rubyman.
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7215]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312132.
Sep 29 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: Failed password for root from 162.144.236.216 port 41916 ssh2
Sep 29 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7040]: Connection closed by 162.144.236.216 port 41916 [preauth]
Sep 29 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3989]: pam_unix(cron:session): session closed for user root
Sep 29 02:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Failed password for root from 162.144.236.216 port 48830 ssh2
Sep 29 02:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Connection closed by 162.144.236.216 port 48830 [preauth]
Sep 29 02:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Failed password for root from 162.144.236.216 port 55832 ssh2
Sep 29 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Connection closed by 162.144.236.216 port 55832 [preauth]
Sep 29 02:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for root from 162.144.236.216 port 34640 ssh2
Sep 29 02:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection closed by 162.144.236.216 port 34640 [preauth]
Sep 29 02:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session closed for user root
Sep 29 02:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: Failed password for root from 24.232.50.5 port 55042 ssh2
Sep 29 02:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: Received disconnect from 24.232.50.5 port 55042:11: Bye Bye [preauth]
Sep 29 02:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: Disconnected from 24.232.50.5 port 55042 [preauth]
Sep 29 02:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for root from 162.144.236.216 port 43228 ssh2
Sep 29 02:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Connection closed by 162.144.236.216 port 43228 [preauth]
Sep 29 02:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Failed password for root from 162.144.236.216 port 48924 ssh2
Sep 29 02:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Connection closed by 162.144.236.216 port 48924 [preauth]
Sep 29 02:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Failed password for root from 162.144.236.216 port 56924 ssh2
Sep 29 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Connection closed by 162.144.236.216 port 56924 [preauth]
Sep 29 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: Successful su for rubyman by root
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: + ??? root:rubyman
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312136 of user rubyman.
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312136.
Sep 29 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session closed for user root
Sep 29 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Failed password for root from 162.144.236.216 port 36534 ssh2
Sep 29 02:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Connection closed by 162.144.236.216 port 36534 [preauth]
Sep 29 02:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7608]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Failed password for root from 162.144.236.216 port 42584 ssh2
Sep 29 02:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Connection closed by 162.144.236.216 port 42584 [preauth]
Sep 29 02:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Failed password for root from 162.144.236.216 port 50770 ssh2
Sep 29 02:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Connection closed by 162.144.236.216 port 50770 [preauth]
Sep 29 02:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Failed password for root from 162.144.236.216 port 56664 ssh2
Sep 29 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Connection closed by 162.144.236.216 port 56664 [preauth]
Sep 29 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session closed for user root
Sep 29 02:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Failed password for root from 162.144.236.216 port 35712 ssh2
Sep 29 02:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Connection closed by 162.144.236.216 port 35712 [preauth]
Sep 29 02:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Failed password for root from 162.144.236.216 port 42044 ssh2
Sep 29 02:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Connection closed by 162.144.236.216 port 42044 [preauth]
Sep 29 02:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: Failed password for root from 162.144.236.216 port 49216 ssh2
Sep 29 02:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8074]: Connection closed by 162.144.236.216 port 49216 [preauth]
Sep 29 02:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8115]: pam_unix(cron:session): session closed for user root
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8200]: Successful su for rubyman by root
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8200]: + ??? root:rubyman
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312141 of user rubyman.
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8200]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312141.
Sep 29 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 162.144.236.216 port 54556 ssh2
Sep 29 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Failed password for root from 24.232.50.5 port 57032 ssh2
Sep 29 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Received disconnect from 24.232.50.5 port 57032:11: Bye Bye [preauth]
Sep 29 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Disconnected from 24.232.50.5 port 57032 [preauth]
Sep 29 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 162.144.236.216 port 54556 [preauth]
Sep 29 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8109]: pam_unix(cron:session): session closed for user root
Sep 29 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4890]: pam_unix(cron:session): session closed for user root
Sep 29 02:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for root from 162.144.236.216 port 60054 ssh2
Sep 29 02:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Connection closed by 162.144.236.216 port 60054 [preauth]
Sep 29 02:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Failed password for root from 162.144.236.216 port 37812 ssh2
Sep 29 02:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Connection closed by 162.144.236.216 port 37812 [preauth]
Sep 29 02:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Failed password for root from 162.144.236.216 port 45108 ssh2
Sep 29 02:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Connection closed by 162.144.236.216 port 45108 [preauth]
Sep 29 02:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Failed password for root from 162.144.236.216 port 50770 ssh2
Sep 29 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session closed for user root
Sep 29 02:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Connection closed by 162.144.236.216 port 50770 [preauth]
Sep 29 02:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: Failed password for root from 162.144.236.216 port 56162 ssh2
Sep 29 02:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: Connection closed by 162.144.236.216 port 56162 [preauth]
Sep 29 02:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Failed password for root from 162.144.236.216 port 33954 ssh2
Sep 29 02:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Connection closed by 162.144.236.216 port 33954 [preauth]
Sep 29 02:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: Failed password for root from 162.144.236.216 port 40836 ssh2
Sep 29 02:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8612]: Connection closed by 162.144.236.216 port 40836 [preauth]
Sep 29 02:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8720]: Successful su for rubyman by root
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8720]: + ??? root:rubyman
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312145 of user rubyman.
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8720]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312145.
Sep 29 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Failed password for root from 162.144.236.216 port 46820 ssh2
Sep 29 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8627]: Connection closed by 162.144.236.216 port 46820 [preauth]
Sep 29 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session closed for user root
Sep 29 02:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8641]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: Failed password for root from 162.144.236.216 port 53038 ssh2
Sep 29 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8987]: Connection closed by 162.144.236.216 port 53038 [preauth]
Sep 29 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Failed password for root from 162.144.236.216 port 60080 ssh2
Sep 29 02:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Connection closed by 162.144.236.216 port 60080 [preauth]
Sep 29 02:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Failed password for root from 162.144.236.216 port 36958 ssh2
Sep 29 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Invalid user fox from 24.232.50.5
Sep 29 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: input_userauth_request: invalid user fox [preauth]
Sep 29 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Connection closed by 162.144.236.216 port 36958 [preauth]
Sep 29 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for invalid user fox from 24.232.50.5 port 34780 ssh2
Sep 29 02:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Received disconnect from 24.232.50.5 port 34780:11: Bye Bye [preauth]
Sep 29 02:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Disconnected from 24.232.50.5 port 34780 [preauth]
Sep 29 02:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user root
Sep 29 02:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Failed password for root from 162.144.236.216 port 42976 ssh2
Sep 29 02:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Connection closed by 162.144.236.216 port 42976 [preauth]
Sep 29 02:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Failed password for root from 162.144.236.216 port 48864 ssh2
Sep 29 02:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Connection closed by 162.144.236.216 port 48864 [preauth]
Sep 29 02:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Failed password for root from 162.144.236.216 port 58288 ssh2
Sep 29 02:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Connection closed by 162.144.236.216 port 58288 [preauth]
Sep 29 02:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Failed password for root from 162.144.236.216 port 35846 ssh2
Sep 29 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9397]: Successful su for rubyman by root
Sep 29 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9397]: + ??? root:rubyman
Sep 29 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312149 of user rubyman.
Sep 29 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9397]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312149.
Sep 29 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Connection closed by 162.144.236.216 port 35846 [preauth]
Sep 29 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6044]: pam_unix(cron:session): session closed for user root
Sep 29 02:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9318]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Failed password for root from 162.144.236.216 port 43502 ssh2
Sep 29 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Connection closed by 162.144.236.216 port 43502 [preauth]
Sep 29 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Failed password for root from 162.144.236.216 port 49158 ssh2
Sep 29 02:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Connection closed by 162.144.236.216 port 49158 [preauth]
Sep 29 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: Failed password for root from 162.144.236.216 port 54844 ssh2
Sep 29 02:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: Connection closed by 162.144.236.216 port 54844 [preauth]
Sep 29 02:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: Failed password for root from 162.144.236.216 port 34302 ssh2
Sep 29 02:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: Connection closed by 162.144.236.216 port 34302 [preauth]
Sep 29 02:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session closed for user root
Sep 29 02:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Failed password for root from 162.144.236.216 port 40604 ssh2
Sep 29 02:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Connection closed by 162.144.236.216 port 40604 [preauth]
Sep 29 02:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Failed password for root from 162.144.236.216 port 47744 ssh2
Sep 29 02:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Connection closed by 162.144.236.216 port 47744 [preauth]
Sep 29 02:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Invalid user admin from 24.232.50.5
Sep 29 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: input_userauth_request: invalid user admin [preauth]
Sep 29 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Failed password for invalid user admin from 24.232.50.5 port 59634 ssh2
Sep 29 02:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Received disconnect from 24.232.50.5 port 59634:11: Bye Bye [preauth]
Sep 29 02:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Disconnected from 24.232.50.5 port 59634 [preauth]
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9897]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9894]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9962]: Successful su for rubyman by root
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9962]: + ??? root:rubyman
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312152 of user rubyman.
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9962]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312152.
Sep 29 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Failed password for root from 162.144.236.216 port 54668 ssh2
Sep 29 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session closed for user root
Sep 29 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9879]: Connection closed by 162.144.236.216 port 54668 [preauth]
Sep 29 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9895]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Failed password for root from 162.144.236.216 port 36284 ssh2
Sep 29 02:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10159]: Connection closed by 162.144.236.216 port 36284 [preauth]
Sep 29 02:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10216]: Failed password for root from 162.144.236.216 port 43464 ssh2
Sep 29 02:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10216]: Connection closed by 162.144.236.216 port 43464 [preauth]
Sep 29 02:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Failed password for root from 162.144.236.216 port 48764 ssh2
Sep 29 02:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Connection closed by 162.144.236.216 port 48764 [preauth]
Sep 29 02:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session closed for user root
Sep 29 02:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10261]: Failed password for root from 162.144.236.216 port 55702 ssh2
Sep 29 02:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10261]: Connection closed by 162.144.236.216 port 55702 [preauth]
Sep 29 02:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Failed password for root from 162.144.236.216 port 33534 ssh2
Sep 29 02:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Connection closed by 162.144.236.216 port 33534 [preauth]
Sep 29 02:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10325]: Failed password for root from 162.144.236.216 port 38876 ssh2
Sep 29 02:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10325]: Connection closed by 162.144.236.216 port 38876 [preauth]
Sep 29 02:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10373]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: Successful su for rubyman by root
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: + ??? root:rubyman
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312156 of user rubyman.
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312156.
Sep 29 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Failed password for root from 162.144.236.216 port 45028 ssh2
Sep 29 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10357]: Connection closed by 162.144.236.216 port 45028 [preauth]
Sep 29 02:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session closed for user root
Sep 29 02:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10374]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Failed password for root from 162.144.236.216 port 52976 ssh2
Sep 29 02:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Connection closed by 162.144.236.216 port 52976 [preauth]
Sep 29 02:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Invalid user javier from 24.232.50.5
Sep 29 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: input_userauth_request: invalid user javier [preauth]
Sep 29 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Failed password for invalid user javier from 24.232.50.5 port 37094 ssh2
Sep 29 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Received disconnect from 24.232.50.5 port 37094:11: Bye Bye [preauth]
Sep 29 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10718]: Disconnected from 24.232.50.5 port 37094 [preauth]
Sep 29 02:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10665]: Failed password for root from 162.144.236.216 port 59468 ssh2
Sep 29 02:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user root
Sep 29 02:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10665]: Connection closed by 162.144.236.216 port 59468 [preauth]
Sep 29 02:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Failed password for root from 162.144.236.216 port 40868 ssh2
Sep 29 02:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Connection closed by 162.144.236.216 port 40868 [preauth]
Sep 29 02:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: Failed password for root from 162.144.236.216 port 48006 ssh2
Sep 29 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10800]: Connection closed by 162.144.236.216 port 48006 [preauth]
Sep 29 02:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session closed for user root
Sep 29 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10902]: Successful su for rubyman by root
Sep 29 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10902]: + ??? root:rubyman
Sep 29 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312160 of user rubyman.
Sep 29 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10902]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312160.
Sep 29 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session closed for user root
Sep 29 02:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10825]: pam_unix(cron:session): session closed for user root
Sep 29 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for root from 162.144.236.216 port 54286 ssh2
Sep 29 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Connection closed by 162.144.236.216 port 54286 [preauth]
Sep 29 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11115]: Failed password for root from 162.144.236.216 port 34334 ssh2
Sep 29 02:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11115]: Connection closed by 162.144.236.216 port 34334 [preauth]
Sep 29 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Failed password for root from 162.144.236.216 port 39746 ssh2
Sep 29 02:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9897]: pam_unix(cron:session): session closed for user root
Sep 29 02:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Connection closed by 162.144.236.216 port 39746 [preauth]
Sep 29 02:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Failed password for root from 162.144.236.216 port 46560 ssh2
Sep 29 02:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11215]: Connection closed by 162.144.236.216 port 46560 [preauth]
Sep 29 02:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Failed password for root from 24.232.50.5 port 44668 ssh2
Sep 29 02:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Received disconnect from 24.232.50.5 port 44668:11: Bye Bye [preauth]
Sep 29 02:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Disconnected from 24.232.50.5 port 44668 [preauth]
Sep 29 02:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for root from 162.144.236.216 port 53682 ssh2
Sep 29 02:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Connection closed by 162.144.236.216 port 53682 [preauth]
Sep 29 02:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11301]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: Successful su for rubyman by root
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: + ??? root:rubyman
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312168 of user rubyman.
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312168.
Sep 29 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for root from 162.144.236.216 port 60002 ssh2
Sep 29 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 162.144.236.216 port 60002 [preauth]
Sep 29 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session closed for user root
Sep 29 02:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Failed password for root from 162.144.236.216 port 36858 ssh2
Sep 29 02:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Connection closed by 162.144.236.216 port 36858 [preauth]
Sep 29 02:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Failed password for root from 162.144.236.216 port 43490 ssh2
Sep 29 02:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Connection closed by 162.144.236.216 port 43490 [preauth]
Sep 29 02:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for root from 162.144.236.216 port 50698 ssh2
Sep 29 02:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Connection closed by 162.144.236.216 port 50698 [preauth]
Sep 29 02:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session closed for user root
Sep 29 02:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for root from 162.144.236.216 port 56858 ssh2
Sep 29 02:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Connection closed by 162.144.236.216 port 56858 [preauth]
Sep 29 02:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: Failed password for root from 162.144.236.216 port 34312 ssh2
Sep 29 02:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: Connection closed by 162.144.236.216 port 34312 [preauth]
Sep 29 02:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Failed password for root from 162.144.236.216 port 39368 ssh2
Sep 29 02:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Connection closed by 162.144.236.216 port 39368 [preauth]
Sep 29 02:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: Successful su for rubyman by root
Sep 29 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: + ??? root:rubyman
Sep 29 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312172 of user rubyman.
Sep 29 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312172.
Sep 29 02:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: Failed password for root from 162.144.236.216 port 46310 ssh2
Sep 29 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8642]: pam_unix(cron:session): session closed for user root
Sep 29 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: Connection closed by 162.144.236.216 port 46310 [preauth]
Sep 29 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Invalid user rise from 24.232.50.5
Sep 29 02:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: input_userauth_request: invalid user rise [preauth]
Sep 29 02:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Failed password for invalid user rise from 24.232.50.5 port 42702 ssh2
Sep 29 02:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Received disconnect from 24.232.50.5 port 42702:11: Bye Bye [preauth]
Sep 29 02:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Disconnected from 24.232.50.5 port 42702 [preauth]
Sep 29 02:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Failed password for root from 162.144.236.216 port 53838 ssh2
Sep 29 02:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Connection closed by 162.144.236.216 port 53838 [preauth]
Sep 29 02:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session closed for user root
Sep 29 02:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Failed password for root from 162.144.236.216 port 36970 ssh2
Sep 29 02:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Connection closed by 162.144.236.216 port 36970 [preauth]
Sep 29 02:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12288]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12285]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12349]: Successful su for rubyman by root
Sep 29 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12349]: + ??? root:rubyman
Sep 29 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312174 of user rubyman.
Sep 29 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12349]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312174.
Sep 29 02:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session closed for user root
Sep 29 02:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12286]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Failed password for root from 162.144.236.216 port 46396 ssh2
Sep 29 02:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Connection closed by 162.144.236.216 port 46396 [preauth]
Sep 29 02:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: Failed password for root from 162.144.236.216 port 54542 ssh2
Sep 29 02:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12559]: Connection closed by 162.144.236.216 port 54542 [preauth]
Sep 29 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Failed password for root from 162.144.236.216 port 60080 ssh2
Sep 29 02:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Connection closed by 162.144.236.216 port 60080 [preauth]
Sep 29 02:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session closed for user root
Sep 29 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12624]: Failed password for root from 162.144.236.216 port 40928 ssh2
Sep 29 02:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12624]: Connection closed by 162.144.236.216 port 40928 [preauth]
Sep 29 02:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Failed password for root from 162.144.236.216 port 47020 ssh2
Sep 29 02:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Connection closed by 162.144.236.216 port 47020 [preauth]
Sep 29 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: Failed password for root from 24.232.50.5 port 42582 ssh2
Sep 29 02:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: Received disconnect from 24.232.50.5 port 42582:11: Bye Bye [preauth]
Sep 29 02:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12704]: Disconnected from 24.232.50.5 port 42582 [preauth]
Sep 29 02:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Failed password for root from 162.144.236.216 port 54872 ssh2
Sep 29 02:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Connection closed by 162.144.236.216 port 54872 [preauth]
Sep 29 02:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: Failed password for root from 162.144.236.216 port 60570 ssh2
Sep 29 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12743]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12808]: Successful su for rubyman by root
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12808]: + ??? root:rubyman
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312178 of user rubyman.
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12808]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312178.
Sep 29 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: Connection closed by 162.144.236.216 port 60570 [preauth]
Sep 29 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9896]: pam_unix(cron:session): session closed for user root
Sep 29 02:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12745]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Failed password for root from 162.144.236.216 port 39234 ssh2
Sep 29 02:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Connection closed by 162.144.236.216 port 39234 [preauth]
Sep 29 02:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: Failed password for root from 162.144.236.216 port 46336 ssh2
Sep 29 02:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: Connection closed by 162.144.236.216 port 46336 [preauth]
Sep 29 02:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Failed password for root from 162.144.236.216 port 52252 ssh2
Sep 29 02:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Connection closed by 162.144.236.216 port 52252 [preauth]
Sep 29 02:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: Failed password for root from 162.144.236.216 port 58934 ssh2
Sep 29 02:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user root
Sep 29 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: Connection closed by 162.144.236.216 port 58934 [preauth]
Sep 29 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: Failed password for root from 162.144.236.216 port 36106 ssh2
Sep 29 02:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13131]: Connection closed by 162.144.236.216 port 36106 [preauth]
Sep 29 02:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13149]: Failed password for root from 162.144.236.216 port 42502 ssh2
Sep 29 02:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13149]: Connection closed by 162.144.236.216 port 42502 [preauth]
Sep 29 02:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Failed password for root from 162.144.236.216 port 49876 ssh2
Sep 29 02:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Connection closed by 162.144.236.216 port 49876 [preauth]
Sep 29 02:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13205]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13205]: pam_unix(cron:session): session closed for user root
Sep 29 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13280]: Successful su for rubyman by root
Sep 29 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13280]: + ??? root:rubyman
Sep 29 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312184 of user rubyman.
Sep 29 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13280]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312184.
Sep 29 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10375]: pam_unix(cron:session): session closed for user root
Sep 29 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13202]: pam_unix(cron:session): session closed for user root
Sep 29 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for root from 162.144.236.216 port 57034 ssh2
Sep 29 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Connection closed by 162.144.236.216 port 57034 [preauth]
Sep 29 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13201]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Failed password for root from 162.144.236.216 port 33272 ssh2
Sep 29 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Connection closed by 162.144.236.216 port 33272 [preauth]
Sep 29 02:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: Failed password for root from 24.232.50.5 port 51806 ssh2
Sep 29 02:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: Received disconnect from 24.232.50.5 port 51806:11: Bye Bye [preauth]
Sep 29 02:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: Disconnected from 24.232.50.5 port 51806 [preauth]
Sep 29 02:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: Failed password for root from 162.144.236.216 port 39354 ssh2
Sep 29 02:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: Connection closed by 162.144.236.216 port 39354 [preauth]
Sep 29 02:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Failed password for root from 162.144.236.216 port 46958 ssh2
Sep 29 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Connection closed by 162.144.236.216 port 46958 [preauth]
Sep 29 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12288]: pam_unix(cron:session): session closed for user root
Sep 29 02:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Failed password for root from 162.144.236.216 port 50898 ssh2
Sep 29 02:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Connection closed by 162.144.236.216 port 50898 [preauth]
Sep 29 02:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for root from 162.144.236.216 port 58922 ssh2
Sep 29 02:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Connection closed by 162.144.236.216 port 58922 [preauth]
Sep 29 02:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: Failed password for root from 162.144.236.216 port 37500 ssh2
Sep 29 02:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13648]: Connection closed by 162.144.236.216 port 37500 [preauth]
Sep 29 02:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Failed password for root from 162.144.236.216 port 43144 ssh2
Sep 29 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Connection closed by 162.144.236.216 port 43144 [preauth]
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13762]: Successful su for rubyman by root
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13762]: + ??? root:rubyman
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312190 of user rubyman.
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13762]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312190.
Sep 29 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session closed for user root
Sep 29 02:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for root from 162.144.236.216 port 48328 ssh2
Sep 29 02:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 162.144.236.216 port 48328 [preauth]
Sep 29 02:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Failed password for root from 162.144.236.216 port 54990 ssh2
Sep 29 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Connection closed by 162.144.236.216 port 54990 [preauth]
Sep 29 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for root from 162.144.236.216 port 33656 ssh2
Sep 29 02:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Connection closed by 162.144.236.216 port 33656 [preauth]
Sep 29 02:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Failed password for root from 162.144.236.216 port 38694 ssh2
Sep 29 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Connection closed by 162.144.236.216 port 38694 [preauth]
Sep 29 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12747]: pam_unix(cron:session): session closed for user root
Sep 29 02:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Failed password for root from 162.144.236.216 port 45086 ssh2
Sep 29 02:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Connection closed by 162.144.236.216 port 45086 [preauth]
Sep 29 02:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Invalid user bot from 24.232.50.5
Sep 29 02:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: input_userauth_request: invalid user bot [preauth]
Sep 29 02:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Failed password for invalid user bot from 24.232.50.5 port 41946 ssh2
Sep 29 02:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Received disconnect from 24.232.50.5 port 41946:11: Bye Bye [preauth]
Sep 29 02:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Disconnected from 24.232.50.5 port 41946 [preauth]
Sep 29 02:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for root from 162.144.236.216 port 49290 ssh2
Sep 29 02:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Connection closed by 162.144.236.216 port 49290 [preauth]
Sep 29 02:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Failed password for root from 162.144.236.216 port 56360 ssh2
Sep 29 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14201]: Connection closed by 162.144.236.216 port 56360 [preauth]
Sep 29 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Failed password for root from 162.144.236.216 port 34840 ssh2
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Connection closed by 162.144.236.216 port 34840 [preauth]
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14300]: Successful su for rubyman by root
Sep 29 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14300]: + ??? root:rubyman
Sep 29 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312192 of user rubyman.
Sep 29 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14300]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312192.
Sep 29 02:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11304]: pam_unix(cron:session): session closed for user root
Sep 29 02:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Failed password for root from 162.144.236.216 port 39724 ssh2
Sep 29 02:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Connection closed by 162.144.236.216 port 39724 [preauth]
Sep 29 02:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14494]: Failed password for root from 162.144.236.216 port 47840 ssh2
Sep 29 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14494]: Connection closed by 162.144.236.216 port 47840 [preauth]
Sep 29 02:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Failed password for root from 162.144.236.216 port 53840 ssh2
Sep 29 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Connection closed by 162.144.236.216 port 53840 [preauth]
Sep 29 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Failed password for root from 162.144.236.216 port 58736 ssh2
Sep 29 02:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Connection closed by 162.144.236.216 port 58736 [preauth]
Sep 29 02:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13204]: pam_unix(cron:session): session closed for user root
Sep 29 02:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for root from 162.144.236.216 port 37442 ssh2
Sep 29 02:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 162.144.236.216 port 37442 [preauth]
Sep 29 02:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Failed password for root from 162.144.236.216 port 43356 ssh2
Sep 29 02:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14602]: Connection closed by 162.144.236.216 port 43356 [preauth]
Sep 29 02:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: Failed password for root from 162.144.236.216 port 49132 ssh2
Sep 29 02:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: Connection closed by 162.144.236.216 port 49132 [preauth]
Sep 29 02:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14661]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14659]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14647]: Failed password for root from 162.144.236.216 port 55482 ssh2
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: Successful su for rubyman by root
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: + ??? root:rubyman
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312198 of user rubyman.
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14717]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312198.
Sep 29 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14647]: Connection closed by 162.144.236.216 port 55482 [preauth]
Sep 29 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user root
Sep 29 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 02:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Failed password for root from 24.232.50.5 port 44772 ssh2
Sep 29 02:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Received disconnect from 24.232.50.5 port 44772:11: Bye Bye [preauth]
Sep 29 02:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Disconnected from 24.232.50.5 port 44772 [preauth]
Sep 29 02:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14660]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: Failed password for root from 162.144.236.216 port 60992 ssh2
Sep 29 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: Connection closed by 162.144.236.216 port 60992 [preauth]
Sep 29 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Failed password for root from 162.144.236.216 port 38984 ssh2
Sep 29 02:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Connection closed by 162.144.236.216 port 38984 [preauth]
Sep 29 02:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Failed password for root from 162.144.236.216 port 44460 ssh2
Sep 29 02:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Connection closed by 162.144.236.216 port 44460 [preauth]
Sep 29 02:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Failed password for root from 162.144.236.216 port 50538 ssh2
Sep 29 02:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13684]: pam_unix(cron:session): session closed for user root
Sep 29 02:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14986]: Connection closed by 162.144.236.216 port 50538 [preauth]
Sep 29 02:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Failed password for root from 162.144.236.216 port 58766 ssh2
Sep 29 02:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Connection closed by 162.144.236.216 port 58766 [preauth]
Sep 29 02:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Failed password for root from 162.144.236.216 port 36122 ssh2
Sep 29 02:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15050]: Connection closed by 162.144.236.216 port 36122 [preauth]
Sep 29 02:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Failed password for root from 162.144.236.216 port 42934 ssh2
Sep 29 02:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Connection closed by 162.144.236.216 port 42934 [preauth]
Sep 29 02:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15099]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15100]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session closed for user p13x
Sep 29 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: Failed password for root from 162.144.236.216 port 47686 ssh2
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: Successful su for rubyman by root
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: + ??? root:rubyman
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312202 of user rubyman.
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: pam_unix(su:session): session closed for user rubyman
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312202.
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: Connection closed by 162.144.236.216 port 47686 [preauth]
Sep 29 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12287]: pam_unix(cron:session): session closed for user root
Sep 29 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session closed for user samftp
Sep 29 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for root from 162.144.236.216 port 52632 ssh2
Sep 29 02:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Connection closed by 162.144.236.216 port 52632 [preauth]
Sep 29 02:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: Failed password for root from 162.144.236.216 port 60382 ssh2
Sep 29 02:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15379]: Connection closed by 162.144.236.216 port 60382 [preauth]
Sep 29 02:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: Failed password for root from 162.144.236.216 port 39696 ssh2
Sep 29 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: Connection closed by 162.144.236.216 port 39696 [preauth]
Sep 29 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session closed for user root
Sep 29 02:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Invalid user rupesh from 24.232.50.5
Sep 29 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: input_userauth_request: invalid user rupesh [preauth]
Sep 29 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for root from 162.144.236.216 port 46050 ssh2
Sep 29 02:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Connection closed by 162.144.236.216 port 46050 [preauth]
Sep 29 02:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Failed password for invalid user rupesh from 24.232.50.5 port 47860 ssh2
Sep 29 02:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Received disconnect from 24.232.50.5 port 47860:11: Bye Bye [preauth]
Sep 29 02:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Disconnected from 24.232.50.5 port 47860 [preauth]
Sep 29 02:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: Failed password for root from 162.144.236.216 port 53642 ssh2
Sep 29 02:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15476]: Connection closed by 162.144.236.216 port 53642 [preauth]
Sep 29 02:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 02:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Failed password for root from 162.144.236.216 port 60174 ssh2
Sep 29 02:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Connection closed by 162.144.236.216 port 60174 [preauth]
Sep 29 02:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session closed for user root
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user root
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: Successful su for rubyman by root
Sep 29 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: + ??? root:rubyman
Sep 29 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312204 of user rubyman.
Sep 29 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15645]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312204.
Sep 29 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Failed password for root from 162.144.236.216 port 39584 ssh2
Sep 29 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Connection closed by 162.144.236.216 port 39584 [preauth]
Sep 29 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session closed for user root
Sep 29 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12746]: pam_unix(cron:session): session closed for user root
Sep 29 03:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Failed password for root from 162.144.236.216 port 45394 ssh2
Sep 29 03:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Connection closed by 162.144.236.216 port 45394 [preauth]
Sep 29 03:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session closed for user root
Sep 29 03:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Failed password for root from 162.144.236.216 port 51948 ssh2
Sep 29 03:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Connection closed by 162.144.236.216 port 51948 [preauth]
Sep 29 03:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16038]: Did not receive identification string from 61.129.155.195
Sep 29 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: Failed password for root from 162.144.236.216 port 59668 ssh2
Sep 29 03:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: Connection closed by 162.144.236.216 port 59668 [preauth]
Sep 29 03:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Failed password for root from 162.144.236.216 port 37276 ssh2
Sep 29 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Connection closed by 162.144.236.216 port 37276 [preauth]
Sep 29 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16142]: Successful su for rubyman by root
Sep 29 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16142]: + ??? root:rubyman
Sep 29 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312211 of user rubyman.
Sep 29 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16142]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312211.
Sep 29 03:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for root from 162.144.236.216 port 45338 ssh2
Sep 29 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13203]: pam_unix(cron:session): session closed for user root
Sep 29 03:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Connection closed by 162.144.236.216 port 45338 [preauth]
Sep 29 03:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Failed password for root from 24.232.50.5 port 33016 ssh2
Sep 29 03:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Received disconnect from 24.232.50.5 port 33016:11: Bye Bye [preauth]
Sep 29 03:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Disconnected from 24.232.50.5 port 33016 [preauth]
Sep 29 03:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Failed password for root from 162.144.236.216 port 51884 ssh2
Sep 29 03:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Connection closed by 162.144.236.216 port 51884 [preauth]
Sep 29 03:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Failed password for root from 162.144.236.216 port 58794 ssh2
Sep 29 03:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16379]: Connection closed by 162.144.236.216 port 58794 [preauth]
Sep 29 03:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for root from 162.144.236.216 port 38038 ssh2
Sep 29 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Connection closed by 162.144.236.216 port 38038 [preauth]
Sep 29 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15100]: pam_unix(cron:session): session closed for user root
Sep 29 03:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16440]: Failed password for root from 162.144.236.216 port 44734 ssh2
Sep 29 03:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16440]: Connection closed by 162.144.236.216 port 44734 [preauth]
Sep 29 03:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Failed password for root from 162.144.236.216 port 52404 ssh2
Sep 29 03:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Connection closed by 162.144.236.216 port 52404 [preauth]
Sep 29 03:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Failed password for root from 162.144.236.216 port 58440 ssh2
Sep 29 03:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Connection closed by 162.144.236.216 port 58440 [preauth]
Sep 29 03:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16526]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: Successful su for rubyman by root
Sep 29 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: + ??? root:rubyman
Sep 29 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312215 of user rubyman.
Sep 29 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312215.
Sep 29 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session closed for user root
Sep 29 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Failed password for root from 162.144.236.216 port 36166 ssh2
Sep 29 03:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Connection closed by 162.144.236.216 port 36166 [preauth]
Sep 29 03:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16527]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Failed password for root from 162.144.236.216 port 43668 ssh2
Sep 29 03:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16805]: Connection closed by 162.144.236.216 port 43668 [preauth]
Sep 29 03:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Failed password for root from 162.144.236.216 port 50260 ssh2
Sep 29 03:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Connection closed by 162.144.236.216 port 50260 [preauth]
Sep 29 03:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Failed password for root from 162.144.236.216 port 56646 ssh2
Sep 29 03:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Connection closed by 162.144.236.216 port 56646 [preauth]
Sep 29 03:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Invalid user debian from 24.232.50.5
Sep 29 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: input_userauth_request: invalid user debian [preauth]
Sep 29 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session closed for user root
Sep 29 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Failed password for invalid user debian from 24.232.50.5 port 39496 ssh2
Sep 29 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Received disconnect from 24.232.50.5 port 39496:11: Bye Bye [preauth]
Sep 29 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16911]: Disconnected from 24.232.50.5 port 39496 [preauth]
Sep 29 03:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16889]: Failed password for root from 162.144.236.216 port 35740 ssh2
Sep 29 03:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16889]: Connection closed by 162.144.236.216 port 35740 [preauth]
Sep 29 03:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: Failed password for root from 162.144.236.216 port 41748 ssh2
Sep 29 03:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: Connection closed by 162.144.236.216 port 41748 [preauth]
Sep 29 03:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for root from 162.144.236.216 port 48558 ssh2
Sep 29 03:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Connection closed by 162.144.236.216 port 48558 [preauth]
Sep 29 03:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17053]: Successful su for rubyman by root
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17053]: + ??? root:rubyman
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312220 of user rubyman.
Sep 29 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17053]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312220.
Sep 29 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session closed for user root
Sep 29 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Failed password for root from 162.144.236.216 port 55786 ssh2
Sep 29 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Connection closed by 162.144.236.216 port 55786 [preauth]
Sep 29 03:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Failed password for root from 162.144.236.216 port 33350 ssh2
Sep 29 03:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Connection closed by 162.144.236.216 port 33350 [preauth]
Sep 29 03:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Failed password for root from 162.144.236.216 port 40428 ssh2
Sep 29 03:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Connection closed by 162.144.236.216 port 40428 [preauth]
Sep 29 03:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Failed password for root from 162.144.236.216 port 46564 ssh2
Sep 29 03:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Connection closed by 162.144.236.216 port 46564 [preauth]
Sep 29 03:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session closed for user root
Sep 29 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: Failed password for root from 162.144.236.216 port 51848 ssh2
Sep 29 03:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: Connection closed by 162.144.236.216 port 51848 [preauth]
Sep 29 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Received disconnect from 193.46.255.33 port 53332:11:  [preauth]
Sep 29 03:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Disconnected from 193.46.255.33 port 53332 [preauth]
Sep 29 03:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Failed password for root from 162.144.236.216 port 58080 ssh2
Sep 29 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Connection closed by 162.144.236.216 port 58080 [preauth]
Sep 29 03:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Failed password for root from 162.144.236.216 port 39116 ssh2
Sep 29 03:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Connection closed by 162.144.236.216 port 39116 [preauth]
Sep 29 03:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: Successful su for rubyman by root
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: + ??? root:rubyman
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312224 of user rubyman.
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312224.
Sep 29 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14661]: pam_unix(cron:session): session closed for user root
Sep 29 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for root from 162.144.236.216 port 47576 ssh2
Sep 29 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Connection closed by 162.144.236.216 port 47576 [preauth]
Sep 29 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for root from 24.232.50.5 port 33266 ssh2
Sep 29 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Received disconnect from 24.232.50.5 port 33266:11: Bye Bye [preauth]
Sep 29 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Disconnected from 24.232.50.5 port 33266 [preauth]
Sep 29 03:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Failed password for root from 162.144.236.216 port 53340 ssh2
Sep 29 03:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Connection closed by 162.144.236.216 port 53340 [preauth]
Sep 29 03:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Failed password for root from 162.144.236.216 port 60214 ssh2
Sep 29 03:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Connection closed by 162.144.236.216 port 60214 [preauth]
Sep 29 03:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Failed password for root from 162.144.236.216 port 38664 ssh2
Sep 29 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Connection closed by 162.144.236.216 port 38664 [preauth]
Sep 29 03:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session closed for user root
Sep 29 03:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Failed password for root from 162.144.236.216 port 44854 ssh2
Sep 29 03:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Connection closed by 162.144.236.216 port 44854 [preauth]
Sep 29 03:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Failed password for root from 162.144.236.216 port 51040 ssh2
Sep 29 03:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Connection closed by 162.144.236.216 port 51040 [preauth]
Sep 29 03:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user root
Sep 29 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18086]: Successful su for rubyman by root
Sep 29 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18086]: + ??? root:rubyman
Sep 29 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312229 of user rubyman.
Sep 29 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18086]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312229.
Sep 29 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session closed for user root
Sep 29 03:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15099]: pam_unix(cron:session): session closed for user root
Sep 29 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for root from 162.144.236.216 port 59452 ssh2
Sep 29 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Connection closed by 162.144.236.216 port 59452 [preauth]
Sep 29 03:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Failed password for root from 162.144.236.216 port 40368 ssh2
Sep 29 03:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Connection closed by 162.144.236.216 port 40368 [preauth]
Sep 29 03:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 03:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session closed for user root
Sep 29 03:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Failed password for root from 24.232.50.5 port 43424 ssh2
Sep 29 03:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Received disconnect from 24.232.50.5 port 43424:11: Bye Bye [preauth]
Sep 29 03:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Disconnected from 24.232.50.5 port 43424 [preauth]
Sep 29 03:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Failed password for root from 162.144.236.216 port 48558 ssh2
Sep 29 03:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Connection closed by 162.144.236.216 port 48558 [preauth]
Sep 29 03:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Did not receive identification string from 121.43.208.125
Sep 29 03:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: Failed password for root from 162.144.236.216 port 54076 ssh2
Sep 29 03:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18698]: Connection closed by 162.144.236.216 port 54076 [preauth]
Sep 29 03:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Failed password for root from 162.144.236.216 port 59806 ssh2
Sep 29 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Connection closed by 162.144.236.216 port 59806 [preauth]
Sep 29 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18738]: Failed password for root from 162.144.236.216 port 37410 ssh2
Sep 29 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: Invalid user ubuntu from 138.68.58.124
Sep 29 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18738]: Connection closed by 162.144.236.216 port 37410 [preauth]
Sep 29 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18765]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: Failed password for invalid user ubuntu from 138.68.58.124 port 43086 ssh2
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: Connection closed by 138.68.58.124 port 43086 [preauth]
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18850]: Successful su for rubyman by root
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18850]: + ??? root:rubyman
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312233 of user rubyman.
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18850]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312233.
Sep 29 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session closed for user root
Sep 29 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: Failed password for root from 162.144.236.216 port 44244 ssh2
Sep 29 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: Connection closed by 162.144.236.216 port 44244 [preauth]
Sep 29 03:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Failed password for root from 162.144.236.216 port 51396 ssh2
Sep 29 03:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Connection closed by 162.144.236.216 port 51396 [preauth]
Sep 29 03:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Failed password for root from 162.144.236.216 port 57506 ssh2
Sep 29 03:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Connection closed by 162.144.236.216 port 57506 [preauth]
Sep 29 03:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Failed password for root from 162.144.236.216 port 34752 ssh2
Sep 29 03:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Connection closed by 162.144.236.216 port 34752 [preauth]
Sep 29 03:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session closed for user root
Sep 29 03:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Failed password for root from 162.144.236.216 port 41126 ssh2
Sep 29 03:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Connection closed by 162.144.236.216 port 41126 [preauth]
Sep 29 03:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Failed password for root from 162.144.236.216 port 45944 ssh2
Sep 29 03:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Connection closed by 162.144.236.216 port 45944 [preauth]
Sep 29 03:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Invalid user admin from 78.128.112.74
Sep 29 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: input_userauth_request: invalid user admin [preauth]
Sep 29 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 03:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Failed password for root from 162.144.236.216 port 53258 ssh2
Sep 29 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for invalid user admin from 78.128.112.74 port 46900 ssh2
Sep 29 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Connection closed by 78.128.112.74 port 46900 [preauth]
Sep 29 03:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Connection closed by 162.144.236.216 port 53258 [preauth]
Sep 29 03:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: Failed password for root from 162.144.236.216 port 60300 ssh2
Sep 29 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: Successful su for rubyman by root
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: + ??? root:rubyman
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312238 of user rubyman.
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312238.
Sep 29 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: Connection closed by 162.144.236.216 port 60300 [preauth]
Sep 29 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user root
Sep 29 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Failed password for root from 24.232.50.5 port 57678 ssh2
Sep 29 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Received disconnect from 24.232.50.5 port 57678:11: Bye Bye [preauth]
Sep 29 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Disconnected from 24.232.50.5 port 57678 [preauth]
Sep 29 03:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19621]: Failed password for root from 162.144.236.216 port 38466 ssh2
Sep 29 03:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19621]: Connection closed by 162.144.236.216 port 38466 [preauth]
Sep 29 03:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Failed password for root from 162.144.236.216 port 45280 ssh2
Sep 29 03:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Connection closed by 162.144.236.216 port 45280 [preauth]
Sep 29 03:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Failed password for root from 162.144.236.216 port 52158 ssh2
Sep 29 03:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Connection closed by 162.144.236.216 port 52158 [preauth]
Sep 29 03:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session closed for user root
Sep 29 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Failed password for root from 162.144.236.216 port 59806 ssh2
Sep 29 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Connection closed by 162.144.236.216 port 59806 [preauth]
Sep 29 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Failed password for root from 162.144.236.216 port 36178 ssh2
Sep 29 03:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Connection closed by 162.144.236.216 port 36178 [preauth]
Sep 29 03:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Failed password for root from 162.144.236.216 port 41790 ssh2
Sep 29 03:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Connection closed by 162.144.236.216 port 41790 [preauth]
Sep 29 03:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Failed password for root from 162.144.236.216 port 47078 ssh2
Sep 29 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Connection closed by 162.144.236.216 port 47078 [preauth]
Sep 29 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: Successful su for rubyman by root
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: + ??? root:rubyman
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312241 of user rubyman.
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312241.
Sep 29 03:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session closed for user root
Sep 29 03:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20111]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: Failed password for root from 162.144.236.216 port 54280 ssh2
Sep 29 03:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: Connection closed by 162.144.236.216 port 54280 [preauth]
Sep 29 03:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Failed password for root from 162.144.236.216 port 34708 ssh2
Sep 29 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Connection closed by 162.144.236.216 port 34708 [preauth]
Sep 29 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Invalid user admin from 24.232.50.5
Sep 29 03:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: input_userauth_request: invalid user admin [preauth]
Sep 29 03:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session closed for user root
Sep 29 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Failed password for invalid user admin from 24.232.50.5 port 41940 ssh2
Sep 29 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Received disconnect from 24.232.50.5 port 41940:11: Bye Bye [preauth]
Sep 29 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20497]: Disconnected from 24.232.50.5 port 41940 [preauth]
Sep 29 03:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Failed password for root from 162.144.236.216 port 42332 ssh2
Sep 29 03:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Connection closed by 162.144.236.216 port 42332 [preauth]
Sep 29 03:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: Successful su for rubyman by root
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: + ??? root:rubyman
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312246 of user rubyman.
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312246.
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for root from 162.144.236.216 port 49992 ssh2
Sep 29 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session closed for user root
Sep 29 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session closed for user root
Sep 29 03:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Connection closed by 162.144.236.216 port 49992 [preauth]
Sep 29 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Invalid user nadmin from 92.125.33.38
Sep 29 03:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: input_userauth_request: invalid user nadmin [preauth]
Sep 29 03:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Failed password for invalid user nadmin from 92.125.33.38 port 52710 ssh2
Sep 29 03:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Received disconnect from 92.125.33.38 port 52710:11: Bye Bye [preauth]
Sep 29 03:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Disconnected from 92.125.33.38 port 52710 [preauth]
Sep 29 03:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Failed password for root from 162.144.236.216 port 60054 ssh2
Sep 29 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20976]: Connection closed by 162.144.236.216 port 60054 [preauth]
Sep 29 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Failed password for root from 162.144.236.216 port 38732 ssh2
Sep 29 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Connection closed by 162.144.236.216 port 38732 [preauth]
Sep 29 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user root
Sep 29 03:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Failed password for root from 162.144.236.216 port 44692 ssh2
Sep 29 03:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Connection closed by 162.144.236.216 port 44692 [preauth]
Sep 29 03:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: Failed password for root from 162.144.236.216 port 50524 ssh2
Sep 29 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: Connection closed by 162.144.236.216 port 50524 [preauth]
Sep 29 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Failed password for root from 162.144.236.216 port 58858 ssh2
Sep 29 03:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Connection closed by 162.144.236.216 port 58858 [preauth]
Sep 29 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Invalid user costel from 24.232.50.5
Sep 29 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: input_userauth_request: invalid user costel [preauth]
Sep 29 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Failed password for invalid user costel from 24.232.50.5 port 56968 ssh2
Sep 29 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Received disconnect from 24.232.50.5 port 56968:11: Bye Bye [preauth]
Sep 29 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Disconnected from 24.232.50.5 port 56968 [preauth]
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session closed for user root
Sep 29 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21161]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: Successful su for rubyman by root
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: + ??? root:rubyman
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312254 of user rubyman.
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312254.
Sep 29 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Failed password for root from 162.144.236.216 port 36162 ssh2
Sep 29 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Connection closed by 162.144.236.216 port 36162 [preauth]
Sep 29 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session closed for user root
Sep 29 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session closed for user root
Sep 29 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: Failed password for root from 162.144.236.216 port 42268 ssh2
Sep 29 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: Connection closed by 162.144.236.216 port 42268 [preauth]
Sep 29 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Failed password for root from 162.144.236.216 port 48594 ssh2
Sep 29 03:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Connection closed by 162.144.236.216 port 48594 [preauth]
Sep 29 03:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Failed password for root from 162.144.236.216 port 55822 ssh2
Sep 29 03:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Connection closed by 162.144.236.216 port 55822 [preauth]
Sep 29 03:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session closed for user root
Sep 29 03:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Failed password for root from 162.144.236.216 port 34222 ssh2
Sep 29 03:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21537]: Connection closed by 162.144.236.216 port 34222 [preauth]
Sep 29 03:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Failed password for root from 162.144.236.216 port 39138 ssh2
Sep 29 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Connection closed by 162.144.236.216 port 39138 [preauth]
Sep 29 03:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: Successful su for rubyman by root
Sep 29 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: + ??? root:rubyman
Sep 29 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312256 of user rubyman.
Sep 29 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312256.
Sep 29 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session closed for user root
Sep 29 03:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Failed password for root from 162.144.236.216 port 45192 ssh2
Sep 29 03:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Connection closed by 162.144.236.216 port 45192 [preauth]
Sep 29 03:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Failed password for root from 162.144.236.216 port 50724 ssh2
Sep 29 03:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Connection closed by 162.144.236.216 port 50724 [preauth]
Sep 29 03:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 03:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: Failed password for root from 162.144.236.216 port 57576 ssh2
Sep 29 03:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: Failed password for root from 24.232.50.5 port 36982 ssh2
Sep 29 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: Received disconnect from 24.232.50.5 port 36982:11: Bye Bye [preauth]
Sep 29 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: Disconnected from 24.232.50.5 port 36982 [preauth]
Sep 29 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21949]: Connection closed by 162.144.236.216 port 57576 [preauth]
Sep 29 03:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user root
Sep 29 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Failed password for root from 162.144.236.216 port 36744 ssh2
Sep 29 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Connection closed by 162.144.236.216 port 36744 [preauth]
Sep 29 03:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: Failed password for root from 162.144.236.216 port 43566 ssh2
Sep 29 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22028]: Connection closed by 162.144.236.216 port 43566 [preauth]
Sep 29 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Failed password for root from 162.144.236.216 port 51642 ssh2
Sep 29 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Connection closed by 162.144.236.216 port 51642 [preauth]
Sep 29 03:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22073]: Failed password for root from 92.125.33.38 port 38140 ssh2
Sep 29 03:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22073]: Received disconnect from 92.125.33.38 port 38140:11: Bye Bye [preauth]
Sep 29 03:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22073]: Disconnected from 92.125.33.38 port 38140 [preauth]
Sep 29 03:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Failed password for root from 162.144.236.216 port 59322 ssh2
Sep 29 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Connection closed by 162.144.236.216 port 59322 [preauth]
Sep 29 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22099]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22171]: Successful su for rubyman by root
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22171]: + ??? root:rubyman
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312261 of user rubyman.
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22171]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312261.
Sep 29 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18767]: pam_unix(cron:session): session closed for user root
Sep 29 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22100]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Failed password for root from 162.144.236.216 port 36456 ssh2
Sep 29 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Connection closed by 162.144.236.216 port 36456 [preauth]
Sep 29 03:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Failed password for root from 162.144.236.216 port 43854 ssh2
Sep 29 03:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Connection closed by 162.144.236.216 port 43854 [preauth]
Sep 29 03:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: Failed password for root from 162.144.236.216 port 50558 ssh2
Sep 29 03:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: Connection closed by 162.144.236.216 port 50558 [preauth]
Sep 29 03:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Failed password for root from 162.144.236.216 port 56994 ssh2
Sep 29 03:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21165]: pam_unix(cron:session): session closed for user root
Sep 29 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Connection closed by 162.144.236.216 port 56994 [preauth]
Sep 29 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Failed password for root from 162.144.236.216 port 35218 ssh2
Sep 29 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Connection closed by 162.144.236.216 port 35218 [preauth]
Sep 29 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Failed password for root from 162.144.236.216 port 41382 ssh2
Sep 29 03:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Connection closed by 162.144.236.216 port 41382 [preauth]
Sep 29 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Invalid user git from 24.232.50.5
Sep 29 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: input_userauth_request: invalid user git [preauth]
Sep 29 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Failed password for invalid user git from 24.232.50.5 port 48042 ssh2
Sep 29 03:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Received disconnect from 24.232.50.5 port 48042:11: Bye Bye [preauth]
Sep 29 03:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Disconnected from 24.232.50.5 port 48042 [preauth]
Sep 29 03:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22536]: Failed password for root from 162.144.236.216 port 47476 ssh2
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22536]: Connection closed by 162.144.236.216 port 47476 [preauth]
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: Successful su for rubyman by root
Sep 29 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: + ??? root:rubyman
Sep 29 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312264 of user rubyman.
Sep 29 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22623]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312264.
Sep 29 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session closed for user root
Sep 29 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Failed password for root from 162.144.236.216 port 55092 ssh2
Sep 29 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Connection closed by 162.144.236.216 port 55092 [preauth]
Sep 29 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Failed password for root from 162.144.236.216 port 60468 ssh2
Sep 29 03:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23049]: Connection closed by 162.144.236.216 port 60468 [preauth]
Sep 29 03:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Failed password for root from 162.144.236.216 port 39060 ssh2
Sep 29 03:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user root
Sep 29 03:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Connection closed by 162.144.236.216 port 39060 [preauth]
Sep 29 03:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Failed password for root from 162.144.236.216 port 45442 ssh2
Sep 29 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Connection closed by 162.144.236.216 port 45442 [preauth]
Sep 29 03:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: Failed password for root from 162.144.236.216 port 49216 ssh2
Sep 29 03:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: Connection closed by 162.144.236.216 port 49216 [preauth]
Sep 29 03:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23363]: Successful su for rubyman by root
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23363]: + ??? root:rubyman
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312270 of user rubyman.
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23363]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312270.
Sep 29 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Invalid user loader from 92.125.33.38
Sep 29 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: input_userauth_request: invalid user loader [preauth]
Sep 29 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: Failed password for root from 162.144.236.216 port 55344 ssh2
Sep 29 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23266]: Connection closed by 162.144.236.216 port 55344 [preauth]
Sep 29 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for invalid user loader from 92.125.33.38 port 56034 ssh2
Sep 29 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session closed for user root
Sep 29 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Received disconnect from 92.125.33.38 port 56034:11: Bye Bye [preauth]
Sep 29 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Disconnected from 92.125.33.38 port 56034 [preauth]
Sep 29 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Failed password for root from 162.144.236.216 port 33282 ssh2
Sep 29 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Connection closed by 162.144.236.216 port 33282 [preauth]
Sep 29 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Failed password for root from 162.144.236.216 port 40144 ssh2
Sep 29 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Connection closed by 162.144.236.216 port 40144 [preauth]
Sep 29 03:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5  user=root
Sep 29 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Failed password for root from 24.232.50.5 port 37974 ssh2
Sep 29 03:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Received disconnect from 24.232.50.5 port 37974:11: Bye Bye [preauth]
Sep 29 03:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Disconnected from 24.232.50.5 port 37974 [preauth]
Sep 29 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Failed password for root from 162.144.236.216 port 46990 ssh2
Sep 29 03:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Connection closed by 162.144.236.216 port 46990 [preauth]
Sep 29 03:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session closed for user root
Sep 29 03:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Failed password for root from 162.144.236.216 port 53124 ssh2
Sep 29 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Connection closed by 162.144.236.216 port 53124 [preauth]
Sep 29 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23898]: Failed password for root from 162.144.236.216 port 59506 ssh2
Sep 29 03:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23898]: Connection closed by 162.144.236.216 port 59506 [preauth]
Sep 29 03:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: Failed password for root from 162.144.236.216 port 39932 ssh2
Sep 29 03:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: Connection closed by 162.144.236.216 port 39932 [preauth]
Sep 29 03:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Failed password for root from 162.144.236.216 port 46530 ssh2
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Connection closed by 162.144.236.216 port 46530 [preauth]
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23978]: pam_unix(cron:session): session closed for user root
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: Successful su for rubyman by root
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: + ??? root:rubyman
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312275 of user rubyman.
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312275.
Sep 29 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user root
Sep 29 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user root
Sep 29 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Failed password for root from 162.144.236.216 port 51584 ssh2
Sep 29 03:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24063]: Connection closed by 162.144.236.216 port 51584 [preauth]
Sep 29 03:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Bad protocol version identification '\003' from 47.251.166.236 port 60855
Sep 29 03:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Failed password for root from 162.144.236.216 port 60182 ssh2
Sep 29 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22563]: pam_unix(cron:session): session closed for user root
Sep 29 03:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Connection closed by 162.144.236.216 port 60182 [preauth]
Sep 29 03:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Failed password for root from 162.144.236.216 port 39336 ssh2
Sep 29 03:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Connection closed by 162.144.236.216 port 39336 [preauth]
Sep 29 03:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Invalid user dbuser from 24.232.50.5
Sep 29 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: input_userauth_request: invalid user dbuser [preauth]
Sep 29 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for invalid user dbuser from 24.232.50.5 port 37174 ssh2
Sep 29 03:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Received disconnect from 24.232.50.5 port 37174:11: Bye Bye [preauth]
Sep 29 03:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Disconnected from 24.232.50.5 port 37174 [preauth]
Sep 29 03:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: Failed password for root from 162.144.236.216 port 45848 ssh2
Sep 29 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24489]: Connection closed by 162.144.236.216 port 45848 [preauth]
Sep 29 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: Failed password for root from 162.144.236.216 port 53006 ssh2
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24603]: Successful su for rubyman by root
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24603]: + ??? root:rubyman
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312278 of user rubyman.
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24603]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312278.
Sep 29 03:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: Connection closed by 162.144.236.216 port 53006 [preauth]
Sep 29 03:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21164]: pam_unix(cron:session): session closed for user root
Sep 29 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24675]: Failed password for root from 92.125.33.38 port 43338 ssh2
Sep 29 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24675]: Received disconnect from 92.125.33.38 port 43338:11: Bye Bye [preauth]
Sep 29 03:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24675]: Disconnected from 92.125.33.38 port 43338 [preauth]
Sep 29 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for root from 162.144.236.216 port 58380 ssh2
Sep 29 03:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Connection closed by 162.144.236.216 port 58380 [preauth]
Sep 29 03:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Failed password for root from 162.144.236.216 port 38416 ssh2
Sep 29 03:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24826]: Connection closed by 162.144.236.216 port 38416 [preauth]
Sep 29 03:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session closed for user root
Sep 29 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Failed password for root from 162.144.236.216 port 44698 ssh2
Sep 29 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Connection closed by 162.144.236.216 port 44698 [preauth]
Sep 29 03:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Failed password for root from 162.144.236.216 port 56202 ssh2
Sep 29 03:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Connection closed by 162.144.236.216 port 56202 [preauth]
Sep 29 03:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: Failed password for root from 162.144.236.216 port 34762 ssh2
Sep 29 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24946]: Connection closed by 162.144.236.216 port 34762 [preauth]
Sep 29 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Failed password for root from 162.144.236.216 port 39936 ssh2
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session closed for user root
Sep 29 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24995]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25062]: Successful su for rubyman by root
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25062]: + ??? root:rubyman
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312284 of user rubyman.
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25062]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312284.
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Connection closed by 162.144.236.216 port 39936 [preauth]
Sep 29 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user root
Sep 29 03:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24996]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for root from 162.144.236.216 port 48698 ssh2
Sep 29 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Connection closed by 162.144.236.216 port 48698 [preauth]
Sep 29 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Invalid user bart from 24.232.50.5
Sep 29 03:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: input_userauth_request: invalid user bart [preauth]
Sep 29 03:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Failed password for invalid user bart from 24.232.50.5 port 48624 ssh2
Sep 29 03:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Received disconnect from 24.232.50.5 port 48624:11: Bye Bye [preauth]
Sep 29 03:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Disconnected from 24.232.50.5 port 48624 [preauth]
Sep 29 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Failed password for root from 162.144.236.216 port 57018 ssh2
Sep 29 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Connection closed by 162.144.236.216 port 57018 [preauth]
Sep 29 03:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Failed password for root from 162.144.236.216 port 35498 ssh2
Sep 29 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25554]: Connection closed by 162.144.236.216 port 35498 [preauth]
Sep 29 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Failed password for root from 162.144.236.216 port 42570 ssh2
Sep 29 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session closed for user root
Sep 29 03:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Connection closed by 162.144.236.216 port 42570 [preauth]
Sep 29 03:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: Failed password for root from 162.144.236.216 port 47962 ssh2
Sep 29 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25626]: Connection closed by 162.144.236.216 port 47962 [preauth]
Sep 29 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Failed password for root from 162.144.236.216 port 53810 ssh2
Sep 29 03:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Connection closed by 162.144.236.216 port 53810 [preauth]
Sep 29 03:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Failed password for root from 92.125.33.38 port 55158 ssh2
Sep 29 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Failed password for root from 162.144.236.216 port 33272 ssh2
Sep 29 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Received disconnect from 92.125.33.38 port 55158:11: Bye Bye [preauth]
Sep 29 03:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Disconnected from 92.125.33.38 port 55158 [preauth]
Sep 29 03:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Connection closed by 162.144.236.216 port 33272 [preauth]
Sep 29 03:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25703]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25702]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: Successful su for rubyman by root
Sep 29 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: + ??? root:rubyman
Sep 29 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312287 of user rubyman.
Sep 29 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312287.
Sep 29 03:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22105]: pam_unix(cron:session): session closed for user root
Sep 29 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Failed password for root from 162.144.236.216 port 38916 ssh2
Sep 29 03:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Connection closed by 162.144.236.216 port 38916 [preauth]
Sep 29 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Failed password for root from 162.144.236.216 port 46284 ssh2
Sep 29 03:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Connection closed by 162.144.236.216 port 46284 [preauth]
Sep 29 03:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Failed password for root from 162.144.236.216 port 54640 ssh2
Sep 29 03:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26127]: Connection closed by 162.144.236.216 port 54640 [preauth]
Sep 29 03:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session closed for user root
Sep 29 03:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: Failed password for root from 162.144.236.216 port 60950 ssh2
Sep 29 03:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: Connection closed by 162.144.236.216 port 60950 [preauth]
Sep 29 03:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Invalid user osadmin from 24.232.50.5
Sep 29 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: input_userauth_request: invalid user osadmin [preauth]
Sep 29 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24.232.50.5
Sep 29 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for invalid user osadmin from 24.232.50.5 port 47758 ssh2
Sep 29 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Received disconnect from 24.232.50.5 port 47758:11: Bye Bye [preauth]
Sep 29 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Disconnected from 24.232.50.5 port 47758 [preauth]
Sep 29 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for root from 162.144.236.216 port 39104 ssh2
Sep 29 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Connection closed by 162.144.236.216 port 39104 [preauth]
Sep 29 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Failed password for root from 162.144.236.216 port 46110 ssh2
Sep 29 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26241]: Connection closed by 162.144.236.216 port 46110 [preauth]
Sep 29 03:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Failed password for root from 162.144.236.216 port 51584 ssh2
Sep 29 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26253]: Connection closed by 162.144.236.216 port 51584 [preauth]
Sep 29 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: Successful su for rubyman by root
Sep 29 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: + ??? root:rubyman
Sep 29 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312291 of user rubyman.
Sep 29 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312291.
Sep 29 03:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session closed for user root
Sep 29 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: Failed password for root from 162.144.236.216 port 58040 ssh2
Sep 29 03:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: Connection closed by 162.144.236.216 port 58040 [preauth]
Sep 29 03:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Failed password for root from 162.144.236.216 port 36634 ssh2
Sep 29 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Connection closed by 162.144.236.216 port 36634 [preauth]
Sep 29 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: Failed password for root from 162.144.236.216 port 42928 ssh2
Sep 29 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: Connection closed by 162.144.236.216 port 42928 [preauth]
Sep 29 03:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Failed password for root from 162.144.236.216 port 49804 ssh2
Sep 29 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Connection closed by 162.144.236.216 port 49804 [preauth]
Sep 29 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session closed for user root
Sep 29 03:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: Failed password for root from 162.144.236.216 port 55924 ssh2
Sep 29 03:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: Connection closed by 162.144.236.216 port 55924 [preauth]
Sep 29 03:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for root from 162.144.236.216 port 34484 ssh2
Sep 29 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Connection closed by 162.144.236.216 port 34484 [preauth]
Sep 29 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: Failed password for root from 162.144.236.216 port 40782 ssh2
Sep 29 03:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: Connection closed by 162.144.236.216 port 40782 [preauth]
Sep 29 03:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Invalid user code87 from 92.125.33.38
Sep 29 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: input_userauth_request: invalid user code87 [preauth]
Sep 29 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Failed password for invalid user code87 from 92.125.33.38 port 60950 ssh2
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Received disconnect from 92.125.33.38 port 60950:11: Bye Bye [preauth]
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Disconnected from 92.125.33.38 port 60950 [preauth]
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session closed for user root
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26923]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: Successful su for rubyman by root
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: + ??? root:rubyman
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312295 of user rubyman.
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312295.
Sep 29 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Failed password for root from 162.144.236.216 port 45914 ssh2
Sep 29 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Connection closed by 162.144.236.216 port 45914 [preauth]
Sep 29 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user root
Sep 29 03:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user root
Sep 29 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: Failed password for root from 162.144.236.216 port 51256 ssh2
Sep 29 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27192]: Connection closed by 162.144.236.216 port 51256 [preauth]
Sep 29 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27317]: Failed password for root from 162.144.236.216 port 57600 ssh2
Sep 29 03:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27317]: Connection closed by 162.144.236.216 port 57600 [preauth]
Sep 29 03:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25703]: pam_unix(cron:session): session closed for user root
Sep 29 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for root from 162.144.236.216 port 35436 ssh2
Sep 29 03:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Connection closed by 162.144.236.216 port 35436 [preauth]
Sep 29 03:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Failed password for root from 162.144.236.216 port 42428 ssh2
Sep 29 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Connection closed by 162.144.236.216 port 42428 [preauth]
Sep 29 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: Failed password for root from 162.144.236.216 port 47316 ssh2
Sep 29 03:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27454]: Connection closed by 162.144.236.216 port 47316 [preauth]
Sep 29 03:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: Successful su for rubyman by root
Sep 29 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: + ??? root:rubyman
Sep 29 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312302 of user rubyman.
Sep 29 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27729]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312302.
Sep 29 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27486]: Connection reset by 147.185.132.249 port 63196 [preauth]
Sep 29 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
Sep 29 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: Failed password for root from 162.144.236.216 port 53520 ssh2
Sep 29 03:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27482]: Connection closed by 162.144.236.216 port 53520 [preauth]
Sep 29 03:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for root from 162.144.236.216 port 60146 ssh2
Sep 29 03:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection closed by 162.144.236.216 port 60146 [preauth]
Sep 29 03:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Failed password for root from 162.144.236.216 port 35664 ssh2
Sep 29 03:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Connection closed by 162.144.236.216 port 35664 [preauth]
Sep 29 03:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Invalid user guest from 93.152.230.176
Sep 29 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: input_userauth_request: invalid user guest [preauth]
Sep 29 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 03:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Failed password for root from 162.144.236.216 port 43508 ssh2
Sep 29 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Failed password for invalid user guest from 93.152.230.176 port 5326 ssh2
Sep 29 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Received disconnect from 93.152.230.176 port 5326:11: Client disconnecting normally [preauth]
Sep 29 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Disconnected from 93.152.230.176 port 5326 [preauth]
Sep 29 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Connection closed by 162.144.236.216 port 43508 [preauth]
Sep 29 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user root
Sep 29 03:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Invalid user jona from 92.125.33.38
Sep 29 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: input_userauth_request: invalid user jona [preauth]
Sep 29 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: Failed password for root from 162.144.236.216 port 50554 ssh2
Sep 29 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Failed password for invalid user jona from 92.125.33.38 port 58106 ssh2
Sep 29 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Received disconnect from 92.125.33.38 port 58106:11: Bye Bye [preauth]
Sep 29 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28038]: Disconnected from 92.125.33.38 port 58106 [preauth]
Sep 29 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: Connection closed by 162.144.236.216 port 50554 [preauth]
Sep 29 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Failed password for root from 162.144.236.216 port 58188 ssh2
Sep 29 03:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Connection closed by 162.144.236.216 port 58188 [preauth]
Sep 29 03:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: Failed password for root from 162.144.236.216 port 36188 ssh2
Sep 29 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: Connection closed by 162.144.236.216 port 36188 [preauth]
Sep 29 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28134]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28133]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28130]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28204]: Successful su for rubyman by root
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28204]: + ??? root:rubyman
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312305 of user rubyman.
Sep 29 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28204]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312305.
Sep 29 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Failed password for root from 162.144.236.216 port 41734 ssh2
Sep 29 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Connection closed by 162.144.236.216 port 41734 [preauth]
Sep 29 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session closed for user root
Sep 29 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Failed password for root from 162.144.236.216 port 48186 ssh2
Sep 29 03:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Connection closed by 162.144.236.216 port 48186 [preauth]
Sep 29 03:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28442]: Failed password for root from 162.144.236.216 port 55610 ssh2
Sep 29 03:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28442]: Connection closed by 162.144.236.216 port 55610 [preauth]
Sep 29 03:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Failed password for root from 162.144.236.216 port 33340 ssh2
Sep 29 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Sep 29 03:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Connection closed by 162.144.236.216 port 33340 [preauth]
Sep 29 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Failed password for root from 162.144.236.216 port 40364 ssh2
Sep 29 03:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Connection closed by 162.144.236.216 port 40364 [preauth]
Sep 29 03:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: Successful su for rubyman by root
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: + ??? root:rubyman
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312310 of user rubyman.
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312310.
Sep 29 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24997]: pam_unix(cron:session): session closed for user root
Sep 29 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28685]: Failed password for root from 162.144.236.216 port 45710 ssh2
Sep 29 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28685]: Connection closed by 162.144.236.216 port 45710 [preauth]
Sep 29 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29100]: Failed password for root from 162.144.236.216 port 55508 ssh2
Sep 29 03:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29100]: Connection closed by 162.144.236.216 port 55508 [preauth]
Sep 29 03:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Failed password for root from 162.144.236.216 port 34270 ssh2
Sep 29 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Connection closed by 162.144.236.216 port 34270 [preauth]
Sep 29 03:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Invalid user devel from 92.125.33.38
Sep 29 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: input_userauth_request: invalid user devel [preauth]
Sep 29 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: Failed password for root from 162.144.236.216 port 41318 ssh2
Sep 29 03:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Failed password for invalid user devel from 92.125.33.38 port 34916 ssh2
Sep 29 03:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: Connection closed by 162.144.236.216 port 41318 [preauth]
Sep 29 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session closed for user root
Sep 29 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Received disconnect from 92.125.33.38 port 34916:11: Bye Bye [preauth]
Sep 29 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Disconnected from 92.125.33.38 port 34916 [preauth]
Sep 29 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for root from 162.144.236.216 port 47696 ssh2
Sep 29 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Connection closed by 162.144.236.216 port 47696 [preauth]
Sep 29 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Failed password for root from 162.144.236.216 port 52632 ssh2
Sep 29 03:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Connection closed by 162.144.236.216 port 52632 [preauth]
Sep 29 03:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for root from 162.144.236.216 port 58712 ssh2
Sep 29 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Connection closed by 162.144.236.216 port 58712 [preauth]
Sep 29 03:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Failed password for root from 162.144.236.216 port 34952 ssh2
Sep 29 03:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Connection closed by 162.144.236.216 port 34952 [preauth]
Sep 29 03:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29306]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29376]: Successful su for rubyman by root
Sep 29 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29376]: + ??? root:rubyman
Sep 29 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312314 of user rubyman.
Sep 29 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29376]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312314.
Sep 29 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25702]: pam_unix(cron:session): session closed for user root
Sep 29 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: Failed password for root from 162.144.236.216 port 41960 ssh2
Sep 29 03:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: Connection closed by 162.144.236.216 port 41960 [preauth]
Sep 29 03:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29587]: Failed password for root from 162.144.236.216 port 48540 ssh2
Sep 29 03:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29587]: Connection closed by 162.144.236.216 port 48540 [preauth]
Sep 29 03:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Failed password for root from 162.144.236.216 port 56044 ssh2
Sep 29 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Connection closed by 162.144.236.216 port 56044 [preauth]
Sep 29 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28134]: pam_unix(cron:session): session closed for user root
Sep 29 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Failed password for root from 162.144.236.216 port 35064 ssh2
Sep 29 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Connection closed by 162.144.236.216 port 35064 [preauth]
Sep 29 03:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Failed password for root from 162.144.236.216 port 41438 ssh2
Sep 29 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29702]: Connection closed by 162.144.236.216 port 41438 [preauth]
Sep 29 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Failed password for root from 162.144.236.216 port 48156 ssh2
Sep 29 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Connection closed by 162.144.236.216 port 48156 [preauth]
Sep 29 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Failed password for root from 162.144.236.216 port 56244 ssh2
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session closed for user root
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29779]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Connection closed by 162.144.236.216 port 56244 [preauth]
Sep 29 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: Successful su for rubyman by root
Sep 29 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: + ??? root:rubyman
Sep 29 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312319 of user rubyman.
Sep 29 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312319.
Sep 29 03:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26286]: pam_unix(cron:session): session closed for user root
Sep 29 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session closed for user root
Sep 29 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Failed password for root from 162.144.236.216 port 34172 ssh2
Sep 29 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Connection closed by 162.144.236.216 port 34172 [preauth]
Sep 29 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29780]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Failed password for root from 162.144.236.216 port 40342 ssh2
Sep 29 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Connection closed by 162.144.236.216 port 40342 [preauth]
Sep 29 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: Failed password for root from 162.144.236.216 port 45678 ssh2
Sep 29 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30142]: Connection closed by 162.144.236.216 port 45678 [preauth]
Sep 29 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for root from 162.144.236.216 port 52016 ssh2
Sep 29 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 162.144.236.216 port 52016 [preauth]
Sep 29 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user root
Sep 29 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: Invalid user mani from 92.125.33.38
Sep 29 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: input_userauth_request: invalid user mani [preauth]
Sep 29 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: Failed password for invalid user mani from 92.125.33.38 port 36722 ssh2
Sep 29 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Failed password for root from 162.144.236.216 port 58172 ssh2
Sep 29 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: Received disconnect from 92.125.33.38 port 36722:11: Bye Bye [preauth]
Sep 29 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30223]: Disconnected from 92.125.33.38 port 36722 [preauth]
Sep 29 03:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Connection closed by 162.144.236.216 port 58172 [preauth]
Sep 29 03:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Failed password for root from 162.144.236.216 port 36008 ssh2
Sep 29 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Connection closed by 162.144.236.216 port 36008 [preauth]
Sep 29 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Failed password for root from 162.144.236.216 port 43074 ssh2
Sep 29 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Connection closed by 162.144.236.216 port 43074 [preauth]
Sep 29 03:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: Successful su for rubyman by root
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: + ??? root:rubyman
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312323 of user rubyman.
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: Failed password for root from 162.144.236.216 port 49486 ssh2
Sep 29 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312323.
Sep 29 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30325]: Connection closed by 162.144.236.216 port 49486 [preauth]
Sep 29 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Sep 29 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: Failed password for root from 162.144.236.216 port 55460 ssh2
Sep 29 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: Connection closed by 162.144.236.216 port 55460 [preauth]
Sep 29 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user root
Sep 29 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: Failed password for root from 162.144.236.216 port 33986 ssh2
Sep 29 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: Connection closed by 162.144.236.216 port 33986 [preauth]
Sep 29 03:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Failed password for root from 162.144.236.216 port 41848 ssh2
Sep 29 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Connection closed by 162.144.236.216 port 41848 [preauth]
Sep 29 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 29 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Failed password for root from 213.209.157.9 port 3804 ssh2
Sep 29 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: Failed password for root from 162.144.236.216 port 47872 ssh2
Sep 29 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: Connection closed by 162.144.236.216 port 47872 [preauth]
Sep 29 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Connection closed by 213.209.157.9 port 3804 [preauth]
Sep 29 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30910]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30979]: Successful su for rubyman by root
Sep 29 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30979]: + ??? root:rubyman
Sep 29 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312327 of user rubyman.
Sep 29 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30979]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312327.
Sep 29 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session closed for user root
Sep 29 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Failed password for root from 162.144.236.216 port 55778 ssh2
Sep 29 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Connection closed by 162.144.236.216 port 55778 [preauth]
Sep 29 03:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: Failed password for root from 162.144.236.216 port 35006 ssh2
Sep 29 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: Connection closed by 162.144.236.216 port 35006 [preauth]
Sep 29 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: Failed password for root from 162.144.236.216 port 41006 ssh2
Sep 29 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: Connection closed by 162.144.236.216 port 41006 [preauth]
Sep 29 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: Failed password for root from 162.144.236.216 port 48362 ssh2
Sep 29 03:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31246]: Connection closed by 162.144.236.216 port 48362 [preauth]
Sep 29 03:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Connection closed by 92.125.33.38 port 34644 [preauth]
Sep 29 03:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user root
Sep 29 03:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Failed password for root from 162.144.236.216 port 54532 ssh2
Sep 29 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31273]: Connection closed by 162.144.236.216 port 54532 [preauth]
Sep 29 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: Failed password for root from 162.144.236.216 port 34316 ssh2
Sep 29 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: Connection closed by 162.144.236.216 port 34316 [preauth]
Sep 29 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: Failed password for root from 162.144.236.216 port 40132 ssh2
Sep 29 03:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: Connection closed by 162.144.236.216 port 40132 [preauth]
Sep 29 03:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31370]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31464]: Successful su for rubyman by root
Sep 29 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31464]: + ??? root:rubyman
Sep 29 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312332 of user rubyman.
Sep 29 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31464]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312332.
Sep 29 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28133]: pam_unix(cron:session): session closed for user root
Sep 29 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Failed password for root from 162.144.236.216 port 47960 ssh2
Sep 29 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Connection closed by 162.144.236.216 port 47960 [preauth]
Sep 29 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Failed password for root from 162.144.236.216 port 55316 ssh2
Sep 29 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Connection closed by 162.144.236.216 port 55316 [preauth]
Sep 29 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: Failed password for root from 162.144.236.216 port 35098 ssh2
Sep 29 03:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: Connection closed by 162.144.236.216 port 35098 [preauth]
Sep 29 03:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session closed for user root
Sep 29 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Failed password for root from 162.144.236.216 port 40486 ssh2
Sep 29 03:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Connection closed by 162.144.236.216 port 40486 [preauth]
Sep 29 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: Failed password for root from 162.144.236.216 port 46196 ssh2
Sep 29 03:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31826]: Connection closed by 162.144.236.216 port 46196 [preauth]
Sep 29 03:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31865]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: Successful su for rubyman by root
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: + ??? root:rubyman
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312335 of user rubyman.
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31936]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312335.
Sep 29 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session closed for user root
Sep 29 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Failed password for root from 162.144.236.216 port 52920 ssh2
Sep 29 03:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31866]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Connection closed by 162.144.236.216 port 52920 [preauth]
Sep 29 03:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32138]: Failed password for root from 162.144.236.216 port 58866 ssh2
Sep 29 03:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32138]: Connection closed by 162.144.236.216 port 58866 [preauth]
Sep 29 03:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Failed password for root from 162.144.236.216 port 36896 ssh2
Sep 29 03:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Connection closed by 162.144.236.216 port 36896 [preauth]
Sep 29 03:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Invalid user mysqluser from 92.125.33.38
Sep 29 03:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: input_userauth_request: invalid user mysqluser [preauth]
Sep 29 03:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Failed password for invalid user mysqluser from 92.125.33.38 port 58774 ssh2
Sep 29 03:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Received disconnect from 92.125.33.38 port 58774:11: Bye Bye [preauth]
Sep 29 03:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Disconnected from 92.125.33.38 port 58774 [preauth]
Sep 29 03:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: Failed password for root from 162.144.236.216 port 44010 ssh2
Sep 29 03:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: Connection closed by 162.144.236.216 port 44010 [preauth]
Sep 29 03:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30911]: pam_unix(cron:session): session closed for user root
Sep 29 03:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Failed password for root from 162.144.236.216 port 50306 ssh2
Sep 29 03:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Connection closed by 162.144.236.216 port 50306 [preauth]
Sep 29 03:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Failed password for root from 162.144.236.216 port 55938 ssh2
Sep 29 03:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Connection closed by 162.144.236.216 port 55938 [preauth]
Sep 29 03:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for root from 162.144.236.216 port 35234 ssh2
Sep 29 03:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Connection closed by 162.144.236.216 port 35234 [preauth]
Sep 29 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session closed for user root
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32394]: Successful su for rubyman by root
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32394]: + ??? root:rubyman
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312344 of user rubyman.
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32394]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312344.
Sep 29 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session closed for user root
Sep 29 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Failed password for root from 162.144.236.216 port 43826 ssh2
Sep 29 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Connection closed by 162.144.236.216 port 43826 [preauth]
Sep 29 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29308]: pam_unix(cron:session): session closed for user root
Sep 29 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32319]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Failed password for root from 162.144.236.216 port 48068 ssh2
Sep 29 03:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Connection closed by 162.144.236.216 port 48068 [preauth]
Sep 29 03:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32650]: Failed password for root from 162.144.236.216 port 55398 ssh2
Sep 29 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32650]: Connection closed by 162.144.236.216 port 55398 [preauth]
Sep 29 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31375]: pam_unix(cron:session): session closed for user root
Sep 29 03:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Failed password for root from 162.144.236.216 port 35174 ssh2
Sep 29 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Connection closed by 162.144.236.216 port 35174 [preauth]
Sep 29 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for root from 162.144.236.216 port 40486 ssh2
Sep 29 03:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Connection closed by 162.144.236.216 port 40486 [preauth]
Sep 29 03:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[407]: Successful su for rubyman by root
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[407]: + ??? root:rubyman
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312346 of user rubyman.
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[407]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312346.
Sep 29 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: Failed password for root from 162.144.236.216 port 48312 ssh2
Sep 29 03:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: Connection closed by 162.144.236.216 port 48312 [preauth]
Sep 29 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session closed for user root
Sep 29 03:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Failed password for root from 162.144.236.216 port 53558 ssh2
Sep 29 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Connection closed by 162.144.236.216 port 53558 [preauth]
Sep 29 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Invalid user svxlink from 92.125.33.38
Sep 29 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: input_userauth_request: invalid user svxlink [preauth]
Sep 29 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: Failed password for root from 162.144.236.216 port 60296 ssh2
Sep 29 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: Connection closed by 162.144.236.216 port 60296 [preauth]
Sep 29 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Failed password for invalid user svxlink from 92.125.33.38 port 40966 ssh2
Sep 29 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Received disconnect from 92.125.33.38 port 40966:11: Bye Bye [preauth]
Sep 29 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Disconnected from 92.125.33.38 port 40966 [preauth]
Sep 29 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[663]: Failed password for root from 162.144.236.216 port 38048 ssh2
Sep 29 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[663]: Connection closed by 162.144.236.216 port 38048 [preauth]
Sep 29 03:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session closed for user root
Sep 29 03:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[688]: Failed password for root from 162.144.236.216 port 44336 ssh2
Sep 29 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[688]: Connection closed by 162.144.236.216 port 44336 [preauth]
Sep 29 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for root from 162.144.236.216 port 51266 ssh2
Sep 29 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 162.144.236.216 port 51266 [preauth]
Sep 29 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 144.24.131.233 port 36252 ssh2
Sep 29 03:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Failed password for root from 162.144.236.216 port 58390 ssh2
Sep 29 03:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 144.24.131.233 port 36252 ssh2
Sep 29 03:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Connection closed by 162.144.236.216 port 58390 [preauth]
Sep 29 03:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 144.24.131.233 port 36252 ssh2
Sep 29 03:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 144.24.131.233 port 36252 ssh2
Sep 29 03:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 144.24.131.233 port 36252 ssh2
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: Failed password for root from 162.144.236.216 port 37082 ssh2
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: Connection closed by 162.144.236.216 port 37082 [preauth]
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[808]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: Successful su for rubyman by root
Sep 29 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: + ??? root:rubyman
Sep 29 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312350 of user rubyman.
Sep 29 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312350.
Sep 29 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 144.24.131.233 port 36252 ssh2
Sep 29 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: error: maximum authentication attempts exceeded for root from 144.24.131.233 port 36252 ssh2 [preauth]
Sep 29 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session closed for user root
Sep 29 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[809]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 144.24.131.233 port 35476 ssh2
Sep 29 03:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Failed password for root from 162.144.236.216 port 42600 ssh2
Sep 29 03:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 144.24.131.233 port 35476 ssh2
Sep 29 03:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[851]: Connection closed by 162.144.236.216 port 42600 [preauth]
Sep 29 03:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 144.24.131.233 port 35476 ssh2
Sep 29 03:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 144.24.131.233 port 35476 ssh2
Sep 29 03:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 144.24.131.233 port 35476 ssh2
Sep 29 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Failed password for root from 162.144.236.216 port 49620 ssh2
Sep 29 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Invalid user renato from 45.115.217.248
Sep 29 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: input_userauth_request: invalid user renato [preauth]
Sep 29 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for root from 144.24.131.233 port 35476 ssh2
Sep 29 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: error: maximum authentication attempts exceeded for root from 144.24.131.233 port 35476 ssh2 [preauth]
Sep 29 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Connection closed by 162.144.236.216 port 49620 [preauth]
Sep 29 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Failed password for invalid user renato from 45.115.217.248 port 51516 ssh2
Sep 29 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Received disconnect from 45.115.217.248 port 51516:11: Bye Bye [preauth]
Sep 29 03:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Disconnected from 45.115.217.248 port 51516 [preauth]
Sep 29 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 144.24.131.233 port 57282 ssh2
Sep 29 03:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 144.24.131.233 port 57282 ssh2
Sep 29 03:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: Failed password for root from 162.144.236.216 port 57234 ssh2
Sep 29 03:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1222]: Connection closed by 162.144.236.216 port 57234 [preauth]
Sep 29 03:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 144.24.131.233 port 57282 ssh2
Sep 29 03:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 144.24.131.233 port 57282 ssh2
Sep 29 03:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 144.24.131.233 port 57282 ssh2
Sep 29 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Failed password for root from 162.144.236.216 port 35430 ssh2
Sep 29 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session closed for user root
Sep 29 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Connection closed by 162.144.236.216 port 35430 [preauth]
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for root from 144.24.131.233 port 57282 ssh2
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: error: maximum authentication attempts exceeded for root from 144.24.131.233 port 57282 ssh2 [preauth]
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233  user=root
Sep 29 03:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Failed password for root from 144.24.131.233 port 52278 ssh2
Sep 29 03:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Received disconnect from 144.24.131.233 port 52278:11: disconnected by user [preauth]
Sep 29 03:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Disconnected from 144.24.131.233 port 52278 [preauth]
Sep 29 03:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Invalid user admin from 144.24.131.233
Sep 29 03:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: input_userauth_request: invalid user admin [preauth]
Sep 29 03:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user admin from 144.24.131.233 port 52286 ssh2
Sep 29 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: Bad protocol version identification 'GET / HTTP/1.1' from 64.62.197.212 port 15924
Sep 29 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Failed password for root from 162.144.236.216 port 41622 ssh2
Sep 29 03:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user admin from 144.24.131.233 port 52286 ssh2
Sep 29 03:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Connection closed by 162.144.236.216 port 41622 [preauth]
Sep 29 03:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user admin from 144.24.131.233 port 52286 ssh2
Sep 29 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user admin from 144.24.131.233 port 52286 ssh2
Sep 29 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user admin from 144.24.131.233 port 52286 ssh2
Sep 29 03:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Failed password for root from 162.144.236.216 port 51056 ssh2
Sep 29 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Connection closed by 162.144.236.216 port 51056 [preauth]
Sep 29 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user admin from 144.24.131.233 port 52286 ssh2
Sep 29 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: error: maximum authentication attempts exceeded for invalid user admin from 144.24.131.233 port 52286 ssh2 [preauth]
Sep 29 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Invalid user admin from 144.24.131.233
Sep 29 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: input_userauth_request: invalid user admin [preauth]
Sep 29 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for invalid user admin from 144.24.131.233 port 46534 ssh2
Sep 29 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: Successful su for rubyman by root
Sep 29 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: + ??? root:rubyman
Sep 29 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312354 of user rubyman.
Sep 29 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312354.
Sep 29 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Failed password for root from 162.144.236.216 port 57162 ssh2
Sep 29 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for invalid user admin from 144.24.131.233 port 46534 ssh2
Sep 29 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1364]: Connection closed by 162.144.236.216 port 57162 [preauth]
Sep 29 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30910]: pam_unix(cron:session): session closed for user root
Sep 29 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for invalid user admin from 144.24.131.233 port 46534 ssh2
Sep 29 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Invalid user abdullah from 92.125.33.38
Sep 29 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: input_userauth_request: invalid user abdullah [preauth]
Sep 29 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for invalid user admin from 144.24.131.233 port 46534 ssh2
Sep 29 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Failed password for invalid user abdullah from 92.125.33.38 port 56594 ssh2
Sep 29 03:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Received disconnect from 92.125.33.38 port 56594:11: Bye Bye [preauth]
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Disconnected from 92.125.33.38 port 56594 [preauth]
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Failed password for root from 162.144.236.216 port 35592 ssh2
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for invalid user admin from 144.24.131.233 port 46534 ssh2
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Invalid user sdadmin from 94.182.95.185
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: input_userauth_request: invalid user sdadmin [preauth]
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Connection closed by 162.144.236.216 port 35592 [preauth]
Sep 29 03:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Failed password for invalid user sdadmin from 94.182.95.185 port 55730 ssh2
Sep 29 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Received disconnect from 94.182.95.185 port 55730:11: Bye Bye [preauth]
Sep 29 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Disconnected from 94.182.95.185 port 55730 [preauth]
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for invalid user admin from 144.24.131.233 port 46534 ssh2
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: error: maximum authentication attempts exceeded for invalid user admin from 144.24.131.233 port 46534 ssh2 [preauth]
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Invalid user elearn from 8.243.50.114
Sep 29 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: input_userauth_request: invalid user elearn [preauth]
Sep 29 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Invalid user admin from 144.24.131.233
Sep 29 03:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: input_userauth_request: invalid user admin [preauth]
Sep 29 03:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Failed password for invalid user elearn from 8.243.50.114 port 58484 ssh2
Sep 29 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Received disconnect from 8.243.50.114 port 58484:11: Bye Bye [preauth]
Sep 29 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Disconnected from 8.243.50.114 port 58484 [preauth]
Sep 29 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user admin from 144.24.131.233 port 53486 ssh2
Sep 29 03:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Failed password for root from 162.144.236.216 port 41404 ssh2
Sep 29 03:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Connection closed by 162.144.236.216 port 41404 [preauth]
Sep 29 03:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user admin from 144.24.131.233 port 53486 ssh2
Sep 29 03:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user admin from 144.24.131.233 port 53486 ssh2
Sep 29 03:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user admin from 144.24.131.233 port 53486 ssh2
Sep 29 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Received disconnect from 144.24.131.233 port 53486:11: disconnected by user [preauth]
Sep 29 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Disconnected from 144.24.131.233 port 53486 [preauth]
Sep 29 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Invalid user oracle from 144.24.131.233
Sep 29 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: input_userauth_request: invalid user oracle [preauth]
Sep 29 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Failed password for root from 162.144.236.216 port 47682 ssh2
Sep 29 03:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user oracle from 144.24.131.233 port 37058 ssh2
Sep 29 03:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Connection closed by 162.144.236.216 port 47682 [preauth]
Sep 29 03:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user oracle from 144.24.131.233 port 37058 ssh2
Sep 29 03:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user oracle from 144.24.131.233 port 37058 ssh2
Sep 29 03:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session closed for user root
Sep 29 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user oracle from 144.24.131.233 port 37058 ssh2
Sep 29 03:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Failed password for root from 162.144.236.216 port 55016 ssh2
Sep 29 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user oracle from 144.24.131.233 port 37058 ssh2
Sep 29 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Connection closed by 162.144.236.216 port 55016 [preauth]
Sep 29 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user oracle from 144.24.131.233 port 37058 ssh2
Sep 29 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: error: maximum authentication attempts exceeded for invalid user oracle from 144.24.131.233 port 37058 ssh2 [preauth]
Sep 29 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Invalid user oracle from 144.24.131.233
Sep 29 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: input_userauth_request: invalid user oracle [preauth]
Sep 29 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user oracle from 144.24.131.233 port 46072 ssh2
Sep 29 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Failed password for root from 162.144.236.216 port 34858 ssh2
Sep 29 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user oracle from 144.24.131.233 port 46072 ssh2
Sep 29 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Connection closed by 162.144.236.216 port 34858 [preauth]
Sep 29 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user oracle from 144.24.131.233 port 46072 ssh2
Sep 29 03:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user oracle from 144.24.131.233 port 46072 ssh2
Sep 29 03:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: Failed password for root from 162.144.236.216 port 39958 ssh2
Sep 29 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user oracle from 144.24.131.233 port 46072 ssh2
Sep 29 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: Connection closed by 162.144.236.216 port 39958 [preauth]
Sep 29 03:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user oracle from 144.24.131.233 port 46072 ssh2
Sep 29 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: error: maximum authentication attempts exceeded for invalid user oracle from 144.24.131.233 port 46072 ssh2 [preauth]
Sep 29 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Invalid user oracle from 144.24.131.233
Sep 29 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: input_userauth_request: invalid user oracle [preauth]
Sep 29 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Failed password for invalid user oracle from 144.24.131.233 port 34778 ssh2
Sep 29 03:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: Failed password for root from 162.144.236.216 port 45568 ssh2
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: Connection closed by 162.144.236.216 port 45568 [preauth]
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Failed password for invalid user oracle from 144.24.131.233 port 34778 ssh2
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Received disconnect from 144.24.131.233 port 34778:11: disconnected by user [preauth]
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: Disconnected from 144.24.131.233 port 34778 [preauth]
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1868]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: Successful su for rubyman by root
Sep 29 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: + ??? root:rubyman
Sep 29 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312357 of user rubyman.
Sep 29 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1958]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312357.
Sep 29 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Invalid user usuario from 144.24.131.233
Sep 29 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: input_userauth_request: invalid user usuario [preauth]
Sep 29 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31374]: pam_unix(cron:session): session closed for user root
Sep 29 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user usuario from 144.24.131.233 port 34782 ssh2
Sep 29 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: Failed password for root from 162.144.236.216 port 52086 ssh2
Sep 29 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1879]: Connection closed by 162.144.236.216 port 52086 [preauth]
Sep 29 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user usuario from 144.24.131.233 port 34782 ssh2
Sep 29 03:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user usuario from 144.24.131.233 port 34782 ssh2
Sep 29 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user usuario from 144.24.131.233 port 34782 ssh2
Sep 29 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: Failed password for root from 162.144.236.216 port 56020 ssh2
Sep 29 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2141]: Connection closed by 162.144.236.216 port 56020 [preauth]
Sep 29 03:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user usuario from 144.24.131.233 port 34782 ssh2
Sep 29 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user usuario from 144.24.131.233 port 34782 ssh2
Sep 29 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: error: maximum authentication attempts exceeded for invalid user usuario from 144.24.131.233 port 34782 ssh2 [preauth]
Sep 29 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Invalid user usuario from 144.24.131.233
Sep 29 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: input_userauth_request: invalid user usuario [preauth]
Sep 29 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Failed password for invalid user usuario from 144.24.131.233 port 59996 ssh2
Sep 29 03:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for root from 162.144.236.216 port 33960 ssh2
Sep 29 03:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Failed password for invalid user usuario from 144.24.131.233 port 59996 ssh2
Sep 29 03:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Connection closed by 162.144.236.216 port 33960 [preauth]
Sep 29 03:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Failed password for invalid user usuario from 144.24.131.233 port 59996 ssh2
Sep 29 03:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Failed password for invalid user usuario from 144.24.131.233 port 59996 ssh2
Sep 29 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Failed password for invalid user usuario from 144.24.131.233 port 59996 ssh2
Sep 29 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Failed password for root from 162.144.236.216 port 41334 ssh2
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Connection closed by 162.144.236.216 port 41334 [preauth]
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Failed password for invalid user usuario from 144.24.131.233 port 59996 ssh2
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: error: maximum authentication attempts exceeded for invalid user usuario from 144.24.131.233 port 59996 ssh2 [preauth]
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Invalid user usuario from 144.24.131.233
Sep 29 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: input_userauth_request: invalid user usuario [preauth]
Sep 29 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session closed for user root
Sep 29 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for invalid user usuario from 144.24.131.233 port 51690 ssh2
Sep 29 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for invalid user usuario from 144.24.131.233 port 51690 ssh2
Sep 29 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Received disconnect from 144.24.131.233 port 51690:11: disconnected by user [preauth]
Sep 29 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Disconnected from 144.24.131.233 port 51690 [preauth]
Sep 29 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Invalid user frontend from 92.125.33.38
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: input_userauth_request: invalid user frontend [preauth]
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Invalid user test from 144.24.131.233
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: input_userauth_request: invalid user test [preauth]
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Failed password for root from 162.144.236.216 port 47120 ssh2
Sep 29 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Failed password for invalid user frontend from 92.125.33.38 port 40404 ssh2
Sep 29 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user test from 144.24.131.233 port 46578 ssh2
Sep 29 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for root from 8.243.50.114 port 53214 ssh2
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Received disconnect from 92.125.33.38 port 40404:11: Bye Bye [preauth]
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Disconnected from 92.125.33.38 port 40404 [preauth]
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Received disconnect from 8.243.50.114 port 53214:11: Bye Bye [preauth]
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Disconnected from 8.243.50.114 port 53214 [preauth]
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Connection closed by 162.144.236.216 port 47120 [preauth]
Sep 29 03:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user test from 144.24.131.233 port 46578 ssh2
Sep 29 03:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user test from 144.24.131.233 port 46578 ssh2
Sep 29 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user test from 144.24.131.233 port 46578 ssh2
Sep 29 03:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user test from 144.24.131.233 port 46578 ssh2
Sep 29 03:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Failed password for root from 162.144.236.216 port 55864 ssh2
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user test from 144.24.131.233 port 46578 ssh2
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: maximum authentication attempts exceeded for invalid user test from 144.24.131.233 port 46578 ssh2 [preauth]
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Connection closed by 162.144.236.216 port 55864 [preauth]
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Invalid user test from 144.24.131.233
Sep 29 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: input_userauth_request: invalid user test [preauth]
Sep 29 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for invalid user test from 144.24.131.233 port 48434 ssh2
Sep 29 03:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for invalid user test from 144.24.131.233 port 48434 ssh2
Sep 29 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for invalid user test from 144.24.131.233 port 48434 ssh2
Sep 29 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Failed password for root from 162.144.236.216 port 35880 ssh2
Sep 29 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2352]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2351]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2350]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2352]: pam_unix(cron:session): session closed for user root
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Connection closed by 162.144.236.216 port 35880 [preauth]
Sep 29 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: Successful su for rubyman by root
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: + ??? root:rubyman
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312364 of user rubyman.
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312364.
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for invalid user test from 144.24.131.233 port 48434 ssh2
Sep 29 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for invalid user test from 144.24.131.233 port 48434 ssh2
Sep 29 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session closed for user root
Sep 29 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session closed for user root
Sep 29 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for invalid user test from 144.24.131.233 port 48434 ssh2
Sep 29 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: error: maximum authentication attempts exceeded for invalid user test from 144.24.131.233 port 48434 ssh2 [preauth]
Sep 29 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Failed password for root from 162.144.236.216 port 43168 ssh2
Sep 29 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Invalid user test from 144.24.131.233
Sep 29 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: input_userauth_request: invalid user test [preauth]
Sep 29 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Connection closed by 162.144.236.216 port 43168 [preauth]
Sep 29 03:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Failed password for invalid user test from 144.24.131.233 port 43856 ssh2
Sep 29 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Failed password for invalid user test from 144.24.131.233 port 43856 ssh2
Sep 29 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Received disconnect from 144.24.131.233 port 43856:11: disconnected by user [preauth]
Sep 29 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Disconnected from 144.24.131.233 port 43856 [preauth]
Sep 29 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Invalid user user from 144.24.131.233
Sep 29 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: input_userauth_request: invalid user user [preauth]
Sep 29 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for root from 162.144.236.216 port 50088 ssh2
Sep 29 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user user from 144.24.131.233 port 43860 ssh2
Sep 29 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Connection closed by 162.144.236.216 port 50088 [preauth]
Sep 29 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user user from 144.24.131.233 port 43860 ssh2
Sep 29 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user user from 144.24.131.233 port 43860 ssh2
Sep 29 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user user from 144.24.131.233 port 43860 ssh2
Sep 29 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Failed password for root from 162.144.236.216 port 56458 ssh2
Sep 29 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Connection closed by 162.144.236.216 port 56458 [preauth]
Sep 29 03:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user user from 144.24.131.233 port 43860 ssh2
Sep 29 03:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for invalid user user from 144.24.131.233 port 43860 ssh2
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: maximum authentication attempts exceeded for invalid user user from 144.24.131.233 port 43860 ssh2 [preauth]
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Invalid user user from 144.24.131.233
Sep 29 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: input_userauth_request: invalid user user [preauth]
Sep 29 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Failed password for root from 162.144.236.216 port 33066 ssh2
Sep 29 03:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Connection closed by 162.144.236.216 port 33066 [preauth]
Sep 29 03:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user user from 144.24.131.233 port 32862 ssh2
Sep 29 03:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Invalid user test from 45.115.217.248
Sep 29 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: input_userauth_request: invalid user test [preauth]
Sep 29 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user user from 144.24.131.233 port 32862 ssh2
Sep 29 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session closed for user root
Sep 29 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Failed password for invalid user test from 45.115.217.248 port 52090 ssh2
Sep 29 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Received disconnect from 45.115.217.248 port 52090:11: Bye Bye [preauth]
Sep 29 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2740]: Disconnected from 45.115.217.248 port 52090 [preauth]
Sep 29 03:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user user from 144.24.131.233 port 32862 ssh2
Sep 29 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user user from 144.24.131.233 port 32862 ssh2
Sep 29 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Failed password for root from 162.144.236.216 port 37404 ssh2
Sep 29 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Connection closed by 162.144.236.216 port 37404 [preauth]
Sep 29 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Failed password for root from 8.243.50.114 port 42676 ssh2
Sep 29 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Received disconnect from 8.243.50.114 port 42676:11: Bye Bye [preauth]
Sep 29 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Disconnected from 8.243.50.114 port 42676 [preauth]
Sep 29 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user user from 144.24.131.233 port 32862 ssh2
Sep 29 03:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user user from 144.24.131.233 port 32862 ssh2
Sep 29 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: error: maximum authentication attempts exceeded for invalid user user from 144.24.131.233 port 32862 ssh2 [preauth]
Sep 29 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Invalid user user from 144.24.131.233
Sep 29 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: input_userauth_request: invalid user user [preauth]
Sep 29 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Failed password for root from 162.144.236.216 port 44702 ssh2
Sep 29 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user user from 144.24.131.233 port 37088 ssh2
Sep 29 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2784]: Connection closed by 162.144.236.216 port 44702 [preauth]
Sep 29 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user user from 144.24.131.233 port 37088 ssh2
Sep 29 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user user from 144.24.131.233 port 37088 ssh2
Sep 29 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user user from 144.24.131.233 port 37088 ssh2
Sep 29 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Received disconnect from 144.24.131.233 port 37088:11: disconnected by user [preauth]
Sep 29 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Disconnected from 144.24.131.233 port 37088 [preauth]
Sep 29 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 03:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for root from 94.182.95.185 port 43510 ssh2
Sep 29 03:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Received disconnect from 94.182.95.185 port 43510:11: Bye Bye [preauth]
Sep 29 03:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Disconnected from 94.182.95.185 port 43510 [preauth]
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Failed password for root from 162.144.236.216 port 50244 ssh2
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2812]: Connection closed by 162.144.236.216 port 50244 [preauth]
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Invalid user ftpuser from 144.24.131.233
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user ftpuser from 144.24.131.233 port 58822 ssh2
Sep 29 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user ftpuser from 144.24.131.233 port 58822 ssh2
Sep 29 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Failed password for root from 162.144.236.216 port 56726 ssh2
Sep 29 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user ftpuser from 144.24.131.233 port 58822 ssh2
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Connection closed by 162.144.236.216 port 56726 [preauth]
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2855]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2851]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2933]: Successful su for rubyman by root
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2933]: + ??? root:rubyman
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312367 of user rubyman.
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2933]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312367.
Sep 29 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user ftpuser from 144.24.131.233 port 58822 ssh2
Sep 29 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user ftpuser from 144.24.131.233 port 58822 ssh2
Sep 29 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32321]: pam_unix(cron:session): session closed for user root
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user ftpuser from 144.24.131.233 port 58822 ssh2
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: error: maximum authentication attempts exceeded for invalid user ftpuser from 144.24.131.233 port 58822 ssh2 [preauth]
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Failed password for root from 162.144.236.216 port 33230 ssh2
Sep 29 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2852]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2849]: Connection closed by 162.144.236.216 port 33230 [preauth]
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Invalid user ftpuser from 144.24.131.233
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Invalid user user from 62.60.131.157
Sep 29 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: input_userauth_request: invalid user user [preauth]
Sep 29 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for invalid user ftpuser from 144.24.131.233 port 50108 ssh2
Sep 29 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for invalid user user from 62.60.131.157 port 39851 ssh2
Sep 29 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for invalid user ftpuser from 144.24.131.233 port 50108 ssh2
Sep 29 03:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for invalid user user from 62.60.131.157 port 39851 ssh2
Sep 29 03:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: Failed password for root from 162.144.236.216 port 40126 ssh2
Sep 29 03:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for invalid user ftpuser from 144.24.131.233 port 50108 ssh2
Sep 29 03:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3128]: Connection closed by 162.144.236.216 port 40126 [preauth]
Sep 29 03:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for invalid user user from 62.60.131.157 port 39851 ssh2
Sep 29 03:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for invalid user ftpuser from 144.24.131.233 port 50108 ssh2
Sep 29 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for invalid user user from 62.60.131.157 port 39851 ssh2
Sep 29 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for invalid user ftpuser from 144.24.131.233 port 50108 ssh2
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for invalid user user from 62.60.131.157 port 39851 ssh2
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Received disconnect from 62.60.131.157 port 39851:11: Bye [preauth]
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Disconnected from 62.60.131.157 port 39851 [preauth]
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for invalid user ftpuser from 144.24.131.233 port 50108 ssh2
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: maximum authentication attempts exceeded for invalid user ftpuser from 144.24.131.233 port 50108 ssh2 [preauth]
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Invalid user ftpuser from 144.24.131.233
Sep 29 03:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 03:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Failed password for root from 162.144.236.216 port 46052 ssh2
Sep 29 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Connection closed by 162.144.236.216 port 46052 [preauth]
Sep 29 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Invalid user caja2 from 92.125.33.38
Sep 29 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: input_userauth_request: invalid user caja2 [preauth]
Sep 29 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for invalid user ftpuser from 144.24.131.233 port 57354 ssh2
Sep 29 03:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Failed password for invalid user caja2 from 92.125.33.38 port 40538 ssh2
Sep 29 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Received disconnect from 92.125.33.38 port 40538:11: Bye Bye [preauth]
Sep 29 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3175]: Disconnected from 92.125.33.38 port 40538 [preauth]
Sep 29 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for invalid user ftpuser from 144.24.131.233 port 57354 ssh2
Sep 29 03:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for invalid user ftpuser from 144.24.131.233 port 57354 ssh2
Sep 29 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3191]: Failed password for root from 162.144.236.216 port 53142 ssh2
Sep 29 03:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for invalid user ftpuser from 144.24.131.233 port 57354 ssh2
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3191]: Connection closed by 162.144.236.216 port 53142 [preauth]
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Received disconnect from 144.24.131.233 port 57354:11: disconnected by user [preauth]
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Disconnected from 144.24.131.233 port 57354 [preauth]
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Invalid user carol from 8.243.50.114
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: input_userauth_request: invalid user carol [preauth]
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session closed for user root
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Invalid user test1 from 144.24.131.233
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: input_userauth_request: invalid user test1 [preauth]
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Failed password for invalid user carol from 8.243.50.114 port 60368 ssh2
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Received disconnect from 8.243.50.114 port 60368:11: Bye Bye [preauth]
Sep 29 03:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Disconnected from 8.243.50.114 port 60368 [preauth]
Sep 29 03:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user test1 from 144.24.131.233 port 60892 ssh2
Sep 29 03:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user test1 from 144.24.131.233 port 60892 ssh2
Sep 29 03:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user test1 from 144.24.131.233 port 60892 ssh2
Sep 29 03:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user test1 from 144.24.131.233 port 60892 ssh2
Sep 29 03:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: Failed password for root from 162.144.236.216 port 58814 ssh2
Sep 29 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user test1 from 144.24.131.233 port 60892 ssh2
Sep 29 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3214]: Connection closed by 162.144.236.216 port 58814 [preauth]
Sep 29 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Failed password for invalid user test1 from 144.24.131.233 port 60892 ssh2
Sep 29 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: error: maximum authentication attempts exceeded for invalid user test1 from 144.24.131.233 port 60892 ssh2 [preauth]
Sep 29 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3215]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Invalid user test1 from 144.24.131.233
Sep 29 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: input_userauth_request: invalid user test1 [preauth]
Sep 29 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user test1 from 144.24.131.233 port 56912 ssh2
Sep 29 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for root from 94.182.95.185 port 52464 ssh2
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user test1 from 144.24.131.233 port 56912 ssh2
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Received disconnect from 94.182.95.185 port 52464:11: Bye Bye [preauth]
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Disconnected from 94.182.95.185 port 52464 [preauth]
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 03:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Failed password for root from 162.144.236.216 port 38462 ssh2
Sep 29 03:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user test1 from 144.24.131.233 port 56912 ssh2
Sep 29 03:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Failed password for root from 45.115.217.248 port 36616 ssh2
Sep 29 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Received disconnect from 45.115.217.248 port 36616:11: Bye Bye [preauth]
Sep 29 03:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Disconnected from 45.115.217.248 port 36616 [preauth]
Sep 29 03:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user test1 from 144.24.131.233 port 56912 ssh2
Sep 29 03:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user test1 from 144.24.131.233 port 56912 ssh2
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3318]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: Successful su for rubyman by root
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: + ??? root:rubyman
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312371 of user rubyman.
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312371.
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Connection closed by 162.144.236.216 port 38462 [preauth]
Sep 29 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user test1 from 144.24.131.233 port 56912 ssh2
Sep 29 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: error: maximum authentication attempts exceeded for invalid user test1 from 144.24.131.233 port 56912 ssh2 [preauth]
Sep 29 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
Sep 29 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Invalid user test1 from 144.24.131.233
Sep 29 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: input_userauth_request: invalid user test1 [preauth]
Sep 29 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Failed password for invalid user test1 from 144.24.131.233 port 56390 ssh2
Sep 29 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3319]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Failed password for invalid user test1 from 144.24.131.233 port 56390 ssh2
Sep 29 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Received disconnect from 144.24.131.233 port 56390:11: disconnected by user [preauth]
Sep 29 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Disconnected from 144.24.131.233 port 56390 [preauth]
Sep 29 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Invalid user test2 from 144.24.131.233
Sep 29 03:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: input_userauth_request: invalid user test2 [preauth]
Sep 29 03:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Failed password for root from 162.144.236.216 port 45190 ssh2
Sep 29 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Connection closed by 162.144.236.216 port 45190 [preauth]
Sep 29 03:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user test2 from 144.24.131.233 port 56394 ssh2
Sep 29 03:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user test2 from 144.24.131.233 port 56394 ssh2
Sep 29 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user test2 from 144.24.131.233 port 56394 ssh2
Sep 29 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user test2 from 144.24.131.233 port 56394 ssh2
Sep 29 03:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user test2 from 144.24.131.233 port 56394 ssh2
Sep 29 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Failed password for root from 162.144.236.216 port 50660 ssh2
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3599]: Connection closed by 162.144.236.216 port 50660 [preauth]
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user test2 from 144.24.131.233 port 56394 ssh2
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: error: maximum authentication attempts exceeded for invalid user test2 from 144.24.131.233 port 56394 ssh2 [preauth]
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Invalid user test2 from 144.24.131.233
Sep 29 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: input_userauth_request: invalid user test2 [preauth]
Sep 29 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user test2 from 144.24.131.233 port 44734 ssh2
Sep 29 03:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: Failed password for root from 8.243.50.114 port 49832 ssh2
Sep 29 03:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: Received disconnect from 8.243.50.114 port 49832:11: Bye Bye [preauth]
Sep 29 03:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3654]: Disconnected from 8.243.50.114 port 49832 [preauth]
Sep 29 03:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user test2 from 144.24.131.233 port 44734 ssh2
Sep 29 03:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for root from 162.144.236.216 port 58012 ssh2
Sep 29 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user test2 from 144.24.131.233 port 44734 ssh2
Sep 29 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Connection closed by 162.144.236.216 port 58012 [preauth]
Sep 29 03:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2351]: pam_unix(cron:session): session closed for user root
Sep 29 03:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user test2 from 144.24.131.233 port 44734 ssh2
Sep 29 03:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user test2 from 144.24.131.233 port 44734 ssh2
Sep 29 03:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Failed password for invalid user test2 from 144.24.131.233 port 44734 ssh2
Sep 29 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: maximum authentication attempts exceeded for invalid user test2 from 144.24.131.233 port 44734 ssh2 [preauth]
Sep 29 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Invalid user test2 from 144.24.131.233
Sep 29 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: input_userauth_request: invalid user test2 [preauth]
Sep 29 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for invalid user test2 from 144.24.131.233 port 52502 ssh2
Sep 29 03:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Failed password for root from 162.144.236.216 port 37400 ssh2
Sep 29 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Connection closed by 162.144.236.216 port 37400 [preauth]
Sep 29 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for invalid user test2 from 144.24.131.233 port 52502 ssh2
Sep 29 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Received disconnect from 144.24.131.233 port 52502:11: disconnected by user [preauth]
Sep 29 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Disconnected from 144.24.131.233 port 52502 [preauth]
Sep 29 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Invalid user ubuntu from 144.24.131.233
Sep 29 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user ubuntu from 144.24.131.233 port 44686 ssh2
Sep 29 03:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Failed password for root from 162.144.236.216 port 46610 ssh2
Sep 29 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Invalid user weblogic from 94.182.95.185
Sep 29 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: input_userauth_request: invalid user weblogic [preauth]
Sep 29 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user ubuntu from 144.24.131.233 port 44686 ssh2
Sep 29 03:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Connection closed by 162.144.236.216 port 46610 [preauth]
Sep 29 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Failed password for invalid user weblogic from 94.182.95.185 port 53134 ssh2
Sep 29 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Received disconnect from 94.182.95.185 port 53134:11: Bye Bye [preauth]
Sep 29 03:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Disconnected from 94.182.95.185 port 53134 [preauth]
Sep 29 03:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user ubuntu from 144.24.131.233 port 44686 ssh2
Sep 29 03:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user ubuntu from 144.24.131.233 port 44686 ssh2
Sep 29 03:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user ubuntu from 144.24.131.233 port 44686 ssh2
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Failed password for root from 162.144.236.216 port 53420 ssh2
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Connection closed by 162.144.236.216 port 53420 [preauth]
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: Successful su for rubyman by root
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: + ??? root:rubyman
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312375 of user rubyman.
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312375.
Sep 29 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user ubuntu from 144.24.131.233 port 44686 ssh2
Sep 29 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: error: maximum authentication attempts exceeded for invalid user ubuntu from 144.24.131.233 port 44686 ssh2 [preauth]
Sep 29 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Invalid user ubuntu from 144.24.131.233
Sep 29 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session closed for user root
Sep 29 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3773]: Failed password for root from 92.125.33.38 port 57464 ssh2
Sep 29 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3773]: Received disconnect from 92.125.33.38 port 57464:11: Bye Bye [preauth]
Sep 29 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3773]: Disconnected from 92.125.33.38 port 57464 [preauth]
Sep 29 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user ubuntu from 144.24.131.233 port 45344 ssh2
Sep 29 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Failed password for root from 162.144.236.216 port 57510 ssh2
Sep 29 03:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Connection closed by 162.144.236.216 port 57510 [preauth]
Sep 29 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user ubuntu from 144.24.131.233 port 45344 ssh2
Sep 29 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user ubuntu from 144.24.131.233 port 45344 ssh2
Sep 29 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user ubuntu from 144.24.131.233 port 45344 ssh2
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Failed password for root from 162.144.236.216 port 36034 ssh2
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Invalid user franz from 45.115.217.248
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: input_userauth_request: invalid user franz [preauth]
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Connection closed by 162.144.236.216 port 36034 [preauth]
Sep 29 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user ubuntu from 144.24.131.233 port 45344 ssh2
Sep 29 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for invalid user franz from 45.115.217.248 port 51022 ssh2
Sep 29 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Received disconnect from 45.115.217.248 port 51022:11: Bye Bye [preauth]
Sep 29 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Disconnected from 45.115.217.248 port 51022 [preauth]
Sep 29 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user ubuntu from 144.24.131.233 port 45344 ssh2
Sep 29 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: error: maximum authentication attempts exceeded for invalid user ubuntu from 144.24.131.233 port 45344 ssh2 [preauth]
Sep 29 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Disconnecting: Too many authentication failures [preauth]
Sep 29 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 03:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Invalid user ubuntu from 144.24.131.233
Sep 29 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: Failed password for root from 162.144.236.216 port 42104 ssh2
Sep 29 03:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for invalid user ubuntu from 144.24.131.233 port 45374 ssh2
Sep 29 03:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 8.243.50.114 port 39288 ssh2
Sep 29 03:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Received disconnect from 8.243.50.114 port 39288:11: Bye Bye [preauth]
Sep 29 03:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Disconnected from 8.243.50.114 port 39288 [preauth]
Sep 29 03:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4088]: Connection closed by 162.144.236.216 port 42104 [preauth]
Sep 29 03:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for invalid user ubuntu from 144.24.131.233 port 45374 ssh2
Sep 29 03:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for invalid user ubuntu from 144.24.131.233 port 45374 ssh2
Sep 29 03:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for invalid user ubuntu from 144.24.131.233 port 45374 ssh2
Sep 29 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Received disconnect from 144.24.131.233 port 45374:11: disconnected by user [preauth]
Sep 29 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Disconnected from 144.24.131.233 port 45374 [preauth]
Sep 29 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 03:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: Failed password for root from 162.144.236.216 port 49056 ssh2
Sep 29 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Invalid user pi from 144.24.131.233
Sep 29 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: input_userauth_request: invalid user pi [preauth]
Sep 29 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4121]: Connection closed by 162.144.236.216 port 49056 [preauth]
Sep 29 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2855]: pam_unix(cron:session): session closed for user root
Sep 29 03:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for invalid user pi from 144.24.131.233 port 46640 ssh2
Sep 29 03:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for invalid user pi from 144.24.131.233 port 46640 ssh2
Sep 29 03:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Failed password for root from 162.144.236.216 port 55828 ssh2
Sep 29 03:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for invalid user pi from 144.24.131.233 port 46640 ssh2
Sep 29 03:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Connection closed by 162.144.236.216 port 55828 [preauth]
Sep 29 03:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for invalid user pi from 144.24.131.233 port 46640 ssh2
Sep 29 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Received disconnect from 144.24.131.233 port 46640:11: disconnected by user [preauth]
Sep 29 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Disconnected from 144.24.131.233 port 46640 [preauth]
Sep 29 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Invalid user baikal from 144.24.131.233
Sep 29 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: input_userauth_request: invalid user baikal [preauth]
Sep 29 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.24.131.233
Sep 29 03:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Failed password for invalid user baikal from 144.24.131.233 port 42780 ssh2
Sep 29 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4186]: Failed password for root from 162.144.236.216 port 33782 ssh2
Sep 29 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Received disconnect from 144.24.131.233 port 42780:11: disconnected by user [preauth]
Sep 29 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Disconnected from 144.24.131.233 port 42780 [preauth]
Sep 29 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4186]: Connection closed by 162.144.236.216 port 33782 [preauth]
Sep 29 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Failed password for root from 94.182.95.185 port 38322 ssh2
Sep 29 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Received disconnect from 94.182.95.185 port 38322:11: Bye Bye [preauth]
Sep 29 03:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Disconnected from 94.182.95.185 port 38322 [preauth]
Sep 29 03:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for root from 162.144.236.216 port 39794 ssh2
Sep 29 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Connection closed by 162.144.236.216 port 39794 [preauth]
Sep 29 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=avanazzz@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4414]: Successful su for rubyman by root
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4414]: + ??? root:rubyman
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312379 of user rubyman.
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4414]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312379.
Sep 29 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4258]: pam_unix(cron:session): session closed for user root
Sep 29 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=avanazzz rhost=::ffff:79.124.49.146
Sep 29 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session closed for user root
Sep 29 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4252]: Failed password for root from 162.144.236.216 port 47820 ssh2
Sep 29 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4252]: Connection closed by 162.144.236.216 port 47820 [preauth]
Sep 29 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Failed password for root from 162.144.236.216 port 53578 ssh2
Sep 29 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4611]: Connection closed by 162.144.236.216 port 53578 [preauth]
Sep 29 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Invalid user TEST from 8.243.50.114
Sep 29 03:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: input_userauth_request: invalid user TEST [preauth]
Sep 29 03:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Failed password for invalid user TEST from 8.243.50.114 port 56982 ssh2
Sep 29 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Received disconnect from 8.243.50.114 port 56982:11: Bye Bye [preauth]
Sep 29 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4666]: Disconnected from 8.243.50.114 port 56982 [preauth]
Sep 29 03:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Failed password for root from 162.144.236.216 port 32782 ssh2
Sep 29 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Connection closed by 162.144.236.216 port 32782 [preauth]
Sep 29 03:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Failed password for root from 162.144.236.216 port 38660 ssh2
Sep 29 03:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Connection closed by 162.144.236.216 port 38660 [preauth]
Sep 29 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 03:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session closed for user root
Sep 29 03:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Failed password for root from 45.115.217.248 port 33964 ssh2
Sep 29 03:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Received disconnect from 45.115.217.248 port 33964:11: Bye Bye [preauth]
Sep 29 03:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Disconnected from 45.115.217.248 port 33964 [preauth]
Sep 29 03:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for root from 162.144.236.216 port 45942 ssh2
Sep 29 03:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Connection closed by 162.144.236.216 port 45942 [preauth]
Sep 29 03:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: Failed password for root from 162.144.236.216 port 52490 ssh2
Sep 29 03:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: Connection closed by 162.144.236.216 port 52490 [preauth]
Sep 29 03:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Invalid user dev from 94.182.95.185
Sep 29 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: input_userauth_request: invalid user dev [preauth]
Sep 29 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Failed password for invalid user dev from 94.182.95.185 port 56680 ssh2
Sep 29 03:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Received disconnect from 94.182.95.185 port 56680:11: Bye Bye [preauth]
Sep 29 03:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4802]: Disconnected from 94.182.95.185 port 56680 [preauth]
Sep 29 03:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Failed password for root from 162.144.236.216 port 59092 ssh2
Sep 29 03:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Connection closed by 162.144.236.216 port 59092 [preauth]
Sep 29 03:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user root
Sep 29 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: Successful su for rubyman by root
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: + ??? root:rubyman
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312387 of user rubyman.
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312387.
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: Invalid user server from 92.125.33.38
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: input_userauth_request: invalid user server [preauth]
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session closed for user root
Sep 29 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: Failed password for invalid user server from 92.125.33.38 port 20084 ssh2
Sep 29 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: Received disconnect from 92.125.33.38 port 20084:11: Bye Bye [preauth]
Sep 29 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4814]: Disconnected from 92.125.33.38 port 20084 [preauth]
Sep 29 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session closed for user root
Sep 29 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Failed password for root from 162.144.236.216 port 38410 ssh2
Sep 29 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Connection closed by 162.144.236.216 port 38410 [preauth]
Sep 29 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Invalid user allinone from 8.243.50.114
Sep 29 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: input_userauth_request: invalid user allinone [preauth]
Sep 29 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: Failed password for root from 162.144.236.216 port 46412 ssh2
Sep 29 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Failed password for invalid user allinone from 8.243.50.114 port 46444 ssh2
Sep 29 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Received disconnect from 8.243.50.114 port 46444:11: Bye Bye [preauth]
Sep 29 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Disconnected from 8.243.50.114 port 46444 [preauth]
Sep 29 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: Connection closed by 162.144.236.216 port 46412 [preauth]
Sep 29 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: Failed password for root from 162.144.236.216 port 53564 ssh2
Sep 29 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: Connection closed by 162.144.236.216 port 53564 [preauth]
Sep 29 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Failed password for root from 162.144.236.216 port 57992 ssh2
Sep 29 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user root
Sep 29 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Connection closed by 162.144.236.216 port 57992 [preauth]
Sep 29 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: Failed password for root from 162.144.236.216 port 38724 ssh2
Sep 29 03:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: Connection closed by 162.144.236.216 port 38724 [preauth]
Sep 29 03:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Failed password for root from 162.144.236.216 port 44728 ssh2
Sep 29 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5267]: Connection closed by 162.144.236.216 port 44728 [preauth]
Sep 29 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Invalid user hello from 45.115.217.248
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: input_userauth_request: invalid user hello [preauth]
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: Invalid user juan from 94.182.95.185
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: input_userauth_request: invalid user juan [preauth]
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Failed password for invalid user hello from 45.115.217.248 port 46414 ssh2
Sep 29 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: Failed password for invalid user juan from 94.182.95.185 port 43052 ssh2
Sep 29 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Received disconnect from 45.115.217.248 port 46414:11: Bye Bye [preauth]
Sep 29 03:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5303]: Disconnected from 45.115.217.248 port 46414 [preauth]
Sep 29 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: Received disconnect from 94.182.95.185 port 43052:11: Bye Bye [preauth]
Sep 29 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5306]: Disconnected from 94.182.95.185 port 43052 [preauth]
Sep 29 03:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Failed password for root from 162.144.236.216 port 50284 ssh2
Sep 29 03:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5301]: Connection closed by 162.144.236.216 port 50284 [preauth]
Sep 29 03:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5423]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5493]: Successful su for rubyman by root
Sep 29 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5493]: + ??? root:rubyman
Sep 29 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312390 of user rubyman.
Sep 29 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5493]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312390.
Sep 29 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Failed password for root from 162.144.236.216 port 55156 ssh2
Sep 29 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5404]: Connection closed by 162.144.236.216 port 55156 [preauth]
Sep 29 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2350]: pam_unix(cron:session): session closed for user root
Sep 29 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Invalid user franz from 8.243.50.114
Sep 29 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: input_userauth_request: invalid user franz [preauth]
Sep 29 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5424]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for invalid user franz from 8.243.50.114 port 35904 ssh2
Sep 29 03:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Received disconnect from 8.243.50.114 port 35904:11: Bye Bye [preauth]
Sep 29 03:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Disconnected from 8.243.50.114 port 35904 [preauth]
Sep 29 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Failed password for root from 162.144.236.216 port 34368 ssh2
Sep 29 03:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Connection closed by 162.144.236.216 port 34368 [preauth]
Sep 29 03:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Failed password for root from 162.144.236.216 port 42782 ssh2
Sep 29 03:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Connection closed by 162.144.236.216 port 42782 [preauth]
Sep 29 03:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Failed password for root from 162.144.236.216 port 50694 ssh2
Sep 29 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Connection closed by 162.144.236.216 port 50694 [preauth]
Sep 29 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Invalid user admin from 139.19.117.131
Sep 29 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: input_userauth_request: invalid user admin [preauth]
Sep 29 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4263]: pam_unix(cron:session): session closed for user root
Sep 29 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: Invalid user osboxes from 164.68.105.9
Sep 29 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: input_userauth_request: invalid user osboxes [preauth]
Sep 29 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: Failed password for invalid user osboxes from 164.68.105.9 port 51236 ssh2
Sep 29 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Failed password for root from 162.144.236.216 port 55430 ssh2
Sep 29 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: Connection closed by 164.68.105.9 port 51236 [preauth]
Sep 29 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5779]: Connection closed by 162.144.236.216 port 55430 [preauth]
Sep 29 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5780]: Connection closed by 139.19.117.131 port 57848 [preauth]
Sep 29 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: Failed password for root from 162.144.236.216 port 34230 ssh2
Sep 29 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Failed password for root from 94.182.95.185 port 57032 ssh2
Sep 29 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Received disconnect from 94.182.95.185 port 57032:11: Bye Bye [preauth]
Sep 29 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5862]: Disconnected from 94.182.95.185 port 57032 [preauth]
Sep 29 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: Connection closed by 162.144.236.216 port 34230 [preauth]
Sep 29 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: Failed password for root from 162.144.236.216 port 42318 ssh2
Sep 29 03:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: Connection closed by 162.144.236.216 port 42318 [preauth]
Sep 29 03:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Failed password for root from 92.125.33.38 port 54302 ssh2
Sep 29 03:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Invalid user sagar from 8.243.50.114
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: input_userauth_request: invalid user sagar [preauth]
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5907]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Received disconnect from 92.125.33.38 port 54302:11: Bye Bye [preauth]
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Disconnected from 92.125.33.38 port 54302 [preauth]
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5971]: Successful su for rubyman by root
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5971]: + ??? root:rubyman
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312395 of user rubyman.
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5971]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312395.
Sep 29 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for invalid user sagar from 8.243.50.114 port 53594 ssh2
Sep 29 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Received disconnect from 8.243.50.114 port 53594:11: Bye Bye [preauth]
Sep 29 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Disconnected from 8.243.50.114 port 53594 [preauth]
Sep 29 03:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: Failed password for root from 162.144.236.216 port 48464 ssh2
Sep 29 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5886]: Connection closed by 162.144.236.216 port 48464 [preauth]
Sep 29 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2854]: pam_unix(cron:session): session closed for user root
Sep 29 03:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5908]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 03:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: Failed password for root from 45.115.217.248 port 58764 ssh2
Sep 29 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: Received disconnect from 45.115.217.248 port 58764:11: Bye Bye [preauth]
Sep 29 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6176]: Disconnected from 45.115.217.248 port 58764 [preauth]
Sep 29 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Failed password for root from 162.144.236.216 port 54460 ssh2
Sep 29 03:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Connection closed by 162.144.236.216 port 54460 [preauth]
Sep 29 03:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Failed password for root from 162.144.236.216 port 33804 ssh2
Sep 29 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Connection closed by 162.144.236.216 port 33804 [preauth]
Sep 29 03:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: Failed password for root from 162.144.236.216 port 37940 ssh2
Sep 29 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: Connection closed by 162.144.236.216 port 37940 [preauth]
Sep 29 03:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Failed password for root from 162.144.236.216 port 43978 ssh2
Sep 29 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user root
Sep 29 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Connection closed by 162.144.236.216 port 43978 [preauth]
Sep 29 03:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Failed password for root from 162.144.236.216 port 50538 ssh2
Sep 29 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Connection closed by 162.144.236.216 port 50538 [preauth]
Sep 29 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Failed password for root from 94.182.95.185 port 46812 ssh2
Sep 29 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Received disconnect from 94.182.95.185 port 46812:11: Bye Bye [preauth]
Sep 29 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Disconnected from 94.182.95.185 port 46812 [preauth]
Sep 29 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for root from 162.144.236.216 port 56936 ssh2
Sep 29 03:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Invalid user erick from 8.243.50.114
Sep 29 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: input_userauth_request: invalid user erick [preauth]
Sep 29 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Connection closed by 162.144.236.216 port 56936 [preauth]
Sep 29 03:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Failed password for invalid user erick from 8.243.50.114 port 43050 ssh2
Sep 29 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Received disconnect from 8.243.50.114 port 43050:11: Bye Bye [preauth]
Sep 29 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Disconnected from 8.243.50.114 port 43050 [preauth]
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: Successful su for rubyman by root
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: + ??? root:rubyman
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312400 of user rubyman.
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6420]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312400.
Sep 29 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3320]: pam_unix(cron:session): session closed for user root
Sep 29 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Failed password for root from 162.144.236.216 port 35120 ssh2
Sep 29 03:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Connection closed by 162.144.236.216 port 35120 [preauth]
Sep 29 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Failed password for root from 162.144.236.216 port 41934 ssh2
Sep 29 03:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6726]: Connection closed by 162.144.236.216 port 41934 [preauth]
Sep 29 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Failed password for root from 162.144.236.216 port 46732 ssh2
Sep 29 03:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6764]: Connection closed by 162.144.236.216 port 46732 [preauth]
Sep 29 03:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 03:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session closed for user root
Sep 29 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for root from 45.115.217.248 port 43002 ssh2
Sep 29 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Received disconnect from 45.115.217.248 port 43002:11: Bye Bye [preauth]
Sep 29 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Disconnected from 45.115.217.248 port 43002 [preauth]
Sep 29 03:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for root from 162.144.236.216 port 53270 ssh2
Sep 29 03:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: Invalid user bill from 94.182.95.185
Sep 29 03:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: input_userauth_request: invalid user bill [preauth]
Sep 29 03:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Connection closed by 162.144.236.216 port 53270 [preauth]
Sep 29 03:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: Failed password for invalid user bill from 94.182.95.185 port 40544 ssh2
Sep 29 03:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: Received disconnect from 94.182.95.185 port 40544:11: Bye Bye [preauth]
Sep 29 03:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6849]: Disconnected from 94.182.95.185 port 40544 [preauth]
Sep 29 03:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for root from 8.243.50.114 port 60740 ssh2
Sep 29 03:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Received disconnect from 8.243.50.114 port 60740:11: Bye Bye [preauth]
Sep 29 03:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Disconnected from 8.243.50.114 port 60740 [preauth]
Sep 29 03:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Failed password for root from 162.144.236.216 port 33094 ssh2
Sep 29 03:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Connection closed by 162.144.236.216 port 33094 [preauth]
Sep 29 03:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: Failed password for root from 92.125.33.38 port 54024 ssh2
Sep 29 03:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: Received disconnect from 92.125.33.38 port 54024:11: Bye Bye [preauth]
Sep 29 03:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6886]: Disconnected from 92.125.33.38 port 54024 [preauth]
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6977]: Successful su for rubyman by root
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6977]: + ??? root:rubyman
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312404 of user rubyman.
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6977]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312404.
Sep 29 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Failed password for root from 162.144.236.216 port 40682 ssh2
Sep 29 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6899]: Connection closed by 162.144.236.216 port 40682 [preauth]
Sep 29 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session closed for user root
Sep 29 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Failed password for root from 162.144.236.216 port 48072 ssh2
Sep 29 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Connection closed by 162.144.236.216 port 48072 [preauth]
Sep 29 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session closed for user root
Sep 29 03:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Failed password for root from 162.144.236.216 port 58444 ssh2
Sep 29 03:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Connection closed by 162.144.236.216 port 58444 [preauth]
Sep 29 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Invalid user patricia from 8.243.50.114
Sep 29 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: input_userauth_request: invalid user patricia [preauth]
Sep 29 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for invalid user patricia from 8.243.50.114 port 50200 ssh2
Sep 29 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Received disconnect from 8.243.50.114 port 50200:11: Bye Bye [preauth]
Sep 29 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Disconnected from 8.243.50.114 port 50200 [preauth]
Sep 29 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Failed password for root from 94.182.95.185 port 33798 ssh2
Sep 29 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Received disconnect from 94.182.95.185 port 33798:11: Bye Bye [preauth]
Sep 29 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Disconnected from 94.182.95.185 port 33798 [preauth]
Sep 29 03:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Failed password for root from 162.144.236.216 port 37328 ssh2
Sep 29 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Connection closed by 162.144.236.216 port 37328 [preauth]
Sep 29 03:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Failed password for root from 45.115.217.248 port 55298 ssh2
Sep 29 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Received disconnect from 45.115.217.248 port 55298:11: Bye Bye [preauth]
Sep 29 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7449]: Disconnected from 45.115.217.248 port 55298 [preauth]
Sep 29 03:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Failed password for root from 162.144.236.216 port 44184 ssh2
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session closed for user root
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Connection closed by 162.144.236.216 port 44184 [preauth]
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: Successful su for rubyman by root
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: + ??? root:rubyman
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312406 of user rubyman.
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312406.
Sep 29 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session closed for user root
Sep 29 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4262]: pam_unix(cron:session): session closed for user root
Sep 29 03:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Failed password for root from 162.144.236.216 port 52150 ssh2
Sep 29 03:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7535]: Connection closed by 162.144.236.216 port 52150 [preauth]
Sep 29 03:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Failed password for root from 162.144.236.216 port 60594 ssh2
Sep 29 03:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session closed for user root
Sep 29 03:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Connection closed by 162.144.236.216 port 60594 [preauth]
Sep 29 03:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Failed password for root from 8.243.50.114 port 39662 ssh2
Sep 29 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Received disconnect from 8.243.50.114 port 39662:11: Bye Bye [preauth]
Sep 29 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Disconnected from 8.243.50.114 port 39662 [preauth]
Sep 29 03:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Invalid user test from 94.182.95.185
Sep 29 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: input_userauth_request: invalid user test [preauth]
Sep 29 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Failed password for invalid user test from 94.182.95.185 port 40842 ssh2
Sep 29 03:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Received disconnect from 94.182.95.185 port 40842:11: Bye Bye [preauth]
Sep 29 03:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7915]: Disconnected from 94.182.95.185 port 40842 [preauth]
Sep 29 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Failed password for root from 162.144.236.216 port 40280 ssh2
Sep 29 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Connection closed by 162.144.236.216 port 40280 [preauth]
Sep 29 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Invalid user stu from 92.125.33.38
Sep 29 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: input_userauth_request: invalid user stu [preauth]
Sep 29 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Failed password for invalid user stu from 92.125.33.38 port 60024 ssh2
Sep 29 03:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Received disconnect from 92.125.33.38 port 60024:11: Bye Bye [preauth]
Sep 29 03:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Disconnected from 92.125.33.38 port 60024 [preauth]
Sep 29 03:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Failed password for root from 162.144.236.216 port 46918 ssh2
Sep 29 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Connection closed by 162.144.236.216 port 46918 [preauth]
Sep 29 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7982]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7978]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Failed password for root from 162.144.236.216 port 54066 ssh2
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: Successful su for rubyman by root
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: + ??? root:rubyman
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312412 of user rubyman.
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8071]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312412.
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Connection closed by 162.144.236.216 port 54066 [preauth]
Sep 29 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user root
Sep 29 03:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7979]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for root from 162.144.236.216 port 58320 ssh2
Sep 29 03:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 162.144.236.216 port 58320 [preauth]
Sep 29 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Failed password for root from 162.144.236.216 port 36680 ssh2
Sep 29 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Connection closed by 162.144.236.216 port 36680 [preauth]
Sep 29 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Invalid user eduard from 45.115.217.248
Sep 29 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: input_userauth_request: invalid user eduard [preauth]
Sep 29 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user eduard from 45.115.217.248 port 39956 ssh2
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Received disconnect from 45.115.217.248 port 39956:11: Bye Bye [preauth]
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Disconnected from 45.115.217.248 port 39956 [preauth]
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 55108
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Failed password for root from 162.144.236.216 port 44426 ssh2
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 57834
Sep 29 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Connection closed by 162.144.236.216 port 44426 [preauth]
Sep 29 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Invalid user testuser from 8.243.50.114
Sep 29 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: input_userauth_request: invalid user testuser [preauth]
Sep 29 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Failed password for invalid user testuser from 8.243.50.114 port 57350 ssh2
Sep 29 03:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Received disconnect from 8.243.50.114 port 57350:11: Bye Bye [preauth]
Sep 29 03:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Disconnected from 8.243.50.114 port 57350 [preauth]
Sep 29 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session closed for user root
Sep 29 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Failed password for root from 162.144.236.216 port 49932 ssh2
Sep 29 03:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Connection closed by 162.144.236.216 port 49932 [preauth]
Sep 29 03:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Invalid user xiaoli from 94.182.95.185
Sep 29 03:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: input_userauth_request: invalid user xiaoli [preauth]
Sep 29 03:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Failed password for invalid user xiaoli from 94.182.95.185 port 55442 ssh2
Sep 29 03:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Received disconnect from 94.182.95.185 port 55442:11: Bye Bye [preauth]
Sep 29 03:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Disconnected from 94.182.95.185 port 55442 [preauth]
Sep 29 03:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Failed password for root from 162.144.236.216 port 57156 ssh2
Sep 29 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Connection closed by 162.144.236.216 port 57156 [preauth]
Sep 29 03:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Failed password for root from 162.144.236.216 port 33522 ssh2
Sep 29 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8566]: Successful su for rubyman by root
Sep 29 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8566]: + ??? root:rubyman
Sep 29 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312416 of user rubyman.
Sep 29 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8566]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312416.
Sep 29 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Connection closed by 162.144.236.216 port 33522 [preauth]
Sep 29 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session closed for user root
Sep 29 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8500]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: Failed password for root from 162.144.236.216 port 39672 ssh2
Sep 29 03:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8676]: Connection closed by 162.144.236.216 port 39672 [preauth]
Sep 29 03:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: Failed password for root from 162.144.236.216 port 48178 ssh2
Sep 29 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: Connection closed by 162.144.236.216 port 48178 [preauth]
Sep 29 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8952]: Failed password for root from 8.243.50.114 port 46808 ssh2
Sep 29 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8952]: Received disconnect from 8.243.50.114 port 46808:11: Bye Bye [preauth]
Sep 29 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8952]: Disconnected from 8.243.50.114 port 46808 [preauth]
Sep 29 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Failed password for root from 162.144.236.216 port 53174 ssh2
Sep 29 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Connection closed by 162.144.236.216 port 53174 [preauth]
Sep 29 03:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session closed for user root
Sep 29 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Failed password for root from 162.144.236.216 port 58078 ssh2
Sep 29 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Connection closed by 162.144.236.216 port 58078 [preauth]
Sep 29 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Invalid user testuser from 45.115.217.248
Sep 29 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: input_userauth_request: invalid user testuser [preauth]
Sep 29 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Failed password for root from 94.182.95.185 port 60752 ssh2
Sep 29 03:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Received disconnect from 94.182.95.185 port 60752:11: Bye Bye [preauth]
Sep 29 03:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Disconnected from 94.182.95.185 port 60752 [preauth]
Sep 29 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Failed password for invalid user testuser from 45.115.217.248 port 50380 ssh2
Sep 29 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Received disconnect from 45.115.217.248 port 50380:11: Bye Bye [preauth]
Sep 29 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Disconnected from 45.115.217.248 port 50380 [preauth]
Sep 29 03:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Failed password for root from 162.144.236.216 port 36898 ssh2
Sep 29 03:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Invalid user deploy from 92.125.33.38
Sep 29 03:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: input_userauth_request: invalid user deploy [preauth]
Sep 29 03:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9016]: Connection closed by 162.144.236.216 port 36898 [preauth]
Sep 29 03:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Failed password for invalid user deploy from 92.125.33.38 port 37166 ssh2
Sep 29 03:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Received disconnect from 92.125.33.38 port 37166:11: Bye Bye [preauth]
Sep 29 03:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Disconnected from 92.125.33.38 port 37166 [preauth]
Sep 29 03:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Failed password for root from 162.144.236.216 port 44114 ssh2
Sep 29 03:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Connection closed by 162.144.236.216 port 44114 [preauth]
Sep 29 03:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9080]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: Successful su for rubyman by root
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: + ??? root:rubyman
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312422 of user rubyman.
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9243]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312422.
Sep 29 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5909]: pam_unix(cron:session): session closed for user root
Sep 29 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Failed password for root from 162.144.236.216 port 50888 ssh2
Sep 29 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Connection closed by 162.144.236.216 port 50888 [preauth]
Sep 29 03:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Failed password for root from 162.144.236.216 port 58144 ssh2
Sep 29 03:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Connection closed by 162.144.236.216 port 58144 [preauth]
Sep 29 03:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Invalid user xyx from 8.243.50.114
Sep 29 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: input_userauth_request: invalid user xyx [preauth]
Sep 29 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Failed password for root from 162.144.236.216 port 36156 ssh2
Sep 29 03:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Failed password for invalid user xyx from 8.243.50.114 port 36268 ssh2
Sep 29 03:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Received disconnect from 8.243.50.114 port 36268:11: Bye Bye [preauth]
Sep 29 03:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Disconnected from 8.243.50.114 port 36268 [preauth]
Sep 29 03:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Connection closed by 162.144.236.216 port 36156 [preauth]
Sep 29 03:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Failed password for root from 162.144.236.216 port 44126 ssh2
Sep 29 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Connection closed by 162.144.236.216 port 44126 [preauth]
Sep 29 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7982]: pam_unix(cron:session): session closed for user root
Sep 29 03:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Failed password for root from 94.182.95.185 port 49432 ssh2
Sep 29 03:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Received disconnect from 94.182.95.185 port 49432:11: Bye Bye [preauth]
Sep 29 03:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Disconnected from 94.182.95.185 port 49432 [preauth]
Sep 29 03:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Failed password for root from 162.144.236.216 port 51458 ssh2
Sep 29 03:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Connection closed by 162.144.236.216 port 51458 [preauth]
Sep 29 03:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for root from 162.144.236.216 port 58586 ssh2
Sep 29 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Connection closed by 162.144.236.216 port 58586 [preauth]
Sep 29 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: Failed password for root from 162.144.236.216 port 37656 ssh2
Sep 29 03:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9626]: Connection closed by 162.144.236.216 port 37656 [preauth]
Sep 29 03:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9652]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: Successful su for rubyman by root
Sep 29 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: + ??? root:rubyman
Sep 29 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312424 of user rubyman.
Sep 29 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312424.
Sep 29 03:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session closed for user root
Sep 29 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for root from 45.115.217.248 port 35530 ssh2
Sep 29 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Failed password for root from 162.144.236.216 port 44384 ssh2
Sep 29 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Received disconnect from 45.115.217.248 port 35530:11: Bye Bye [preauth]
Sep 29 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Disconnected from 45.115.217.248 port 35530 [preauth]
Sep 29 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9653]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9647]: Connection closed by 162.144.236.216 port 44384 [preauth]
Sep 29 03:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: Failed password for root from 162.144.236.216 port 50812 ssh2
Sep 29 03:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: Connection closed by 162.144.236.216 port 50812 [preauth]
Sep 29 03:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: Failed password for root from 8.243.50.114 port 53962 ssh2
Sep 29 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: Received disconnect from 8.243.50.114 port 53962:11: Bye Bye [preauth]
Sep 29 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10082]: Disconnected from 8.243.50.114 port 53962 [preauth]
Sep 29 03:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Failed password for root from 162.144.236.216 port 56230 ssh2
Sep 29 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Connection closed by 162.144.236.216 port 56230 [preauth]
Sep 29 03:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Invalid user qq from 92.125.33.38
Sep 29 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: input_userauth_request: invalid user qq [preauth]
Sep 29 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Failed password for root from 162.144.236.216 port 35912 ssh2
Sep 29 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Connection closed by 162.144.236.216 port 35912 [preauth]
Sep 29 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Failed password for invalid user qq from 92.125.33.38 port 33436 ssh2
Sep 29 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Received disconnect from 92.125.33.38 port 33436:11: Bye Bye [preauth]
Sep 29 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Disconnected from 92.125.33.38 port 33436 [preauth]
Sep 29 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session closed for user root
Sep 29 03:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Failed password for root from 162.144.236.216 port 41162 ssh2
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10178]: Failed password for root from 94.182.95.185 port 33060 ssh2
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Connection closed by 162.144.236.216 port 41162 [preauth]
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10178]: Received disconnect from 94.182.95.185 port 33060:11: Bye Bye [preauth]
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10178]: Disconnected from 94.182.95.185 port 33060 [preauth]
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Failed password for root from 138.68.58.124 port 42276 ssh2
Sep 29 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Connection closed by 138.68.58.124 port 42276 [preauth]
Sep 29 03:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for root from 162.144.236.216 port 48790 ssh2
Sep 29 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Connection closed by 162.144.236.216 port 48790 [preauth]
Sep 29 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Failed password for root from 162.144.236.216 port 55122 ssh2
Sep 29 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Connection closed by 162.144.236.216 port 55122 [preauth]
Sep 29 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10244]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10247]: pam_unix(cron:session): session closed for user root
Sep 29 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10242]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10324]: Successful su for rubyman by root
Sep 29 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10324]: + ??? root:rubyman
Sep 29 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312433 of user rubyman.
Sep 29 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10324]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312433.
Sep 29 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Failed password for root from 162.144.236.216 port 60676 ssh2
Sep 29 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Connection closed by 162.144.236.216 port 60676 [preauth]
Sep 29 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6915]: pam_unix(cron:session): session closed for user root
Sep 29 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10244]: pam_unix(cron:session): session closed for user root
Sep 29 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for root from 162.144.236.216 port 39026 ssh2
Sep 29 03:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Connection closed by 162.144.236.216 port 39026 [preauth]
Sep 29 03:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: Invalid user newusername from 8.243.50.114
Sep 29 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: input_userauth_request: invalid user newusername [preauth]
Sep 29 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: Failed password for invalid user newusername from 8.243.50.114 port 43428 ssh2
Sep 29 03:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: Received disconnect from 8.243.50.114 port 43428:11: Bye Bye [preauth]
Sep 29 03:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10590]: Disconnected from 8.243.50.114 port 43428 [preauth]
Sep 29 03:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: Failed password for root from 162.144.236.216 port 46192 ssh2
Sep 29 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10580]: Connection closed by 162.144.236.216 port 46192 [preauth]
Sep 29 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Invalid user ito from 45.115.217.248
Sep 29 03:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: input_userauth_request: invalid user ito [preauth]
Sep 29 03:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Failed password for invalid user ito from 45.115.217.248 port 46520 ssh2
Sep 29 03:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Received disconnect from 45.115.217.248 port 46520:11: Bye Bye [preauth]
Sep 29 03:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Disconnected from 45.115.217.248 port 46520 [preauth]
Sep 29 03:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Failed password for root from 162.144.236.216 port 53460 ssh2
Sep 29 03:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Connection closed by 162.144.236.216 port 53460 [preauth]
Sep 29 03:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session closed for user root
Sep 29 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for root from 162.144.236.216 port 60026 ssh2
Sep 29 03:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 162.144.236.216 port 60026 [preauth]
Sep 29 03:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Invalid user wangchangyou from 94.182.95.185
Sep 29 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: input_userauth_request: invalid user wangchangyou [preauth]
Sep 29 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Failed password for invalid user wangchangyou from 94.182.95.185 port 53364 ssh2
Sep 29 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Received disconnect from 94.182.95.185 port 53364:11: Bye Bye [preauth]
Sep 29 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Disconnected from 94.182.95.185 port 53364 [preauth]
Sep 29 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Failed password for root from 162.144.236.216 port 39022 ssh2
Sep 29 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Connection closed by 162.144.236.216 port 39022 [preauth]
Sep 29 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Failed password for root from 162.144.236.216 port 45654 ssh2
Sep 29 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10722]: Connection closed by 162.144.236.216 port 45654 [preauth]
Sep 29 03:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10756]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: Successful su for rubyman by root
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: + ??? root:rubyman
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312435 of user rubyman.
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10825]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312435.
Sep 29 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for root from 162.144.236.216 port 51484 ssh2
Sep 29 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Connection closed by 162.144.236.216 port 51484 [preauth]
Sep 29 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session closed for user root
Sep 29 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Failed password for root from 162.144.236.216 port 58188 ssh2
Sep 29 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10924]: Connection closed by 162.144.236.216 port 58188 [preauth]
Sep 29 03:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Failed password for root from 8.243.50.114 port 32888 ssh2
Sep 29 03:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Received disconnect from 8.243.50.114 port 32888:11: Bye Bye [preauth]
Sep 29 03:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Disconnected from 8.243.50.114 port 32888 [preauth]
Sep 29 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: Failed password for root from 162.144.236.216 port 37926 ssh2
Sep 29 03:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: Connection closed by 162.144.236.216 port 37926 [preauth]
Sep 29 03:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Invalid user test from 92.125.33.38
Sep 29 03:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: input_userauth_request: invalid user test [preauth]
Sep 29 03:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Failed password for invalid user test from 92.125.33.38 port 57732 ssh2
Sep 29 03:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Received disconnect from 92.125.33.38 port 57732:11: Bye Bye [preauth]
Sep 29 03:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Disconnected from 92.125.33.38 port 57732 [preauth]
Sep 29 03:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Failed password for root from 162.144.236.216 port 46588 ssh2
Sep 29 03:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11094]: Connection closed by 162.144.236.216 port 46588 [preauth]
Sep 29 03:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9656]: pam_unix(cron:session): session closed for user root
Sep 29 03:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: Failed password for root from 162.144.236.216 port 54490 ssh2
Sep 29 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11135]: Connection closed by 162.144.236.216 port 54490 [preauth]
Sep 29 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Invalid user vyos from 94.182.95.185
Sep 29 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: input_userauth_request: invalid user vyos [preauth]
Sep 29 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Failed password for invalid user vyos from 94.182.95.185 port 53302 ssh2
Sep 29 03:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Received disconnect from 94.182.95.185 port 53302:11: Bye Bye [preauth]
Sep 29 03:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Disconnected from 94.182.95.185 port 53302 [preauth]
Sep 29 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: Invalid user carol from 45.115.217.248
Sep 29 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: input_userauth_request: invalid user carol [preauth]
Sep 29 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Failed password for root from 162.144.236.216 port 33390 ssh2
Sep 29 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: Failed password for invalid user carol from 45.115.217.248 port 58204 ssh2
Sep 29 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Connection closed by 162.144.236.216 port 33390 [preauth]
Sep 29 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: Received disconnect from 45.115.217.248 port 58204:11: Bye Bye [preauth]
Sep 29 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11171]: Disconnected from 45.115.217.248 port 58204 [preauth]
Sep 29 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for root from 162.144.236.216 port 38718 ssh2
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Connection closed by 162.144.236.216 port 38718 [preauth]
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: Successful su for rubyman by root
Sep 29 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: + ??? root:rubyman
Sep 29 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312438 of user rubyman.
Sep 29 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11281]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312438.
Sep 29 03:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7980]: pam_unix(cron:session): session closed for user root
Sep 29 03:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Failed password for root from 162.144.236.216 port 46790 ssh2
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Connection closed by 162.144.236.216 port 46790 [preauth]
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Invalid user ito from 8.243.50.114
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: input_userauth_request: invalid user ito [preauth]
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Failed password for invalid user ito from 8.243.50.114 port 50578 ssh2
Sep 29 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Received disconnect from 8.243.50.114 port 50578:11: Bye Bye [preauth]
Sep 29 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11450]: Disconnected from 8.243.50.114 port 50578 [preauth]
Sep 29 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: Failed password for root from 162.144.236.216 port 51528 ssh2
Sep 29 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11459]: Connection closed by 162.144.236.216 port 51528 [preauth]
Sep 29 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Failed password for root from 162.144.236.216 port 59346 ssh2
Sep 29 03:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Connection closed by 162.144.236.216 port 59346 [preauth]
Sep 29 03:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: Failed password for root from 162.144.236.216 port 38200 ssh2
Sep 29 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: Invalid user spadmin from 190.103.202.7
Sep 29 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: input_userauth_request: invalid user spadmin [preauth]
Sep 29 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11539]: Connection closed by 162.144.236.216 port 38200 [preauth]
Sep 29 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: Failed password for invalid user spadmin from 190.103.202.7 port 44986 ssh2
Sep 29 03:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11559]: Connection closed by 190.103.202.7 port 44986 [preauth]
Sep 29 03:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10246]: pam_unix(cron:session): session closed for user root
Sep 29 03:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Failed password for root from 162.144.236.216 port 44982 ssh2
Sep 29 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Connection closed by 162.144.236.216 port 44982 [preauth]
Sep 29 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11604]: Failed password for root from 94.182.95.185 port 34002 ssh2
Sep 29 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11604]: Received disconnect from 94.182.95.185 port 34002:11: Bye Bye [preauth]
Sep 29 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11604]: Disconnected from 94.182.95.185 port 34002 [preauth]
Sep 29 03:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Failed password for root from 162.144.236.216 port 50560 ssh2
Sep 29 03:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Connection closed by 162.144.236.216 port 50560 [preauth]
Sep 29 03:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for root from 162.144.236.216 port 57422 ssh2
Sep 29 03:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 162.144.236.216 port 57422 [preauth]
Sep 29 03:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Invalid user postgre from 8.243.50.114
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: input_userauth_request: invalid user postgre [preauth]
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: Successful su for rubyman by root
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: + ??? root:rubyman
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312444 of user rubyman.
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312444.
Sep 29 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for invalid user postgre from 8.243.50.114 port 40034 ssh2
Sep 29 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Received disconnect from 8.243.50.114 port 40034:11: Bye Bye [preauth]
Sep 29 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Disconnected from 8.243.50.114 port 40034 [preauth]
Sep 29 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Failed password for root from 162.144.236.216 port 35680 ssh2
Sep 29 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session closed for user root
Sep 29 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Invalid user allinone from 45.115.217.248
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: input_userauth_request: invalid user allinone [preauth]
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Connection closed by 162.144.236.216 port 35680 [preauth]
Sep 29 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Failed password for invalid user allinone from 45.115.217.248 port 42238 ssh2
Sep 29 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Received disconnect from 45.115.217.248 port 42238:11: Bye Bye [preauth]
Sep 29 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Disconnected from 45.115.217.248 port 42238 [preauth]
Sep 29 03:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Failed password for root from 162.144.236.216 port 43988 ssh2
Sep 29 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Connection closed by 162.144.236.216 port 43988 [preauth]
Sep 29 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12044]: Failed password for root from 92.125.33.38 port 47190 ssh2
Sep 29 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12044]: Received disconnect from 92.125.33.38 port 47190:11: Bye Bye [preauth]
Sep 29 03:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12044]: Disconnected from 92.125.33.38 port 47190 [preauth]
Sep 29 03:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Failed password for root from 162.144.236.216 port 51158 ssh2
Sep 29 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Connection closed by 162.144.236.216 port 51158 [preauth]
Sep 29 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Failed password for root from 162.144.236.216 port 57178 ssh2
Sep 29 03:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Connection closed by 162.144.236.216 port 57178 [preauth]
Sep 29 03:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session closed for user root
Sep 29 03:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Failed password for root from 162.144.236.216 port 35456 ssh2
Sep 29 03:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Connection closed by 162.144.236.216 port 35456 [preauth]
Sep 29 03:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Failed password for root from 94.182.95.185 port 58862 ssh2
Sep 29 03:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Received disconnect from 94.182.95.185 port 58862:11: Bye Bye [preauth]
Sep 29 03:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Disconnected from 94.182.95.185 port 58862 [preauth]
Sep 29 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: Failed password for root from 162.144.236.216 port 43474 ssh2
Sep 29 03:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12149]: Connection closed by 162.144.236.216 port 43474 [preauth]
Sep 29 03:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 8.243.50.114 port 57726 ssh2
Sep 29 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Received disconnect from 8.243.50.114 port 57726:11: Bye Bye [preauth]
Sep 29 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Disconnected from 8.243.50.114 port 57726 [preauth]
Sep 29 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12180]: Failed password for root from 162.144.236.216 port 50624 ssh2
Sep 29 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12180]: Connection closed by 162.144.236.216 port 50624 [preauth]
Sep 29 03:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12210]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12207]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12283]: Successful su for rubyman by root
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12283]: + ??? root:rubyman
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312446 of user rubyman.
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12283]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312446.
Sep 29 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Failed password for root from 162.144.236.216 port 56064 ssh2
Sep 29 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session closed for user root
Sep 29 03:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Connection closed by 162.144.236.216 port 56064 [preauth]
Sep 29 03:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12209]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12460]: Failed password for root from 162.144.236.216 port 33114 ssh2
Sep 29 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12460]: Connection closed by 162.144.236.216 port 33114 [preauth]
Sep 29 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Failed password for root from 162.144.236.216 port 37784 ssh2
Sep 29 03:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Connection closed by 162.144.236.216 port 37784 [preauth]
Sep 29 03:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Failed password for root from 162.144.236.216 port 43560 ssh2
Sep 29 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Invalid user bot from 45.115.217.248
Sep 29 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: input_userauth_request: invalid user bot [preauth]
Sep 29 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Connection closed by 162.144.236.216 port 43560 [preauth]
Sep 29 03:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Failed password for invalid user bot from 45.115.217.248 port 54794 ssh2
Sep 29 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Received disconnect from 45.115.217.248 port 54794:11: Bye Bye [preauth]
Sep 29 03:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Disconnected from 45.115.217.248 port 54794 [preauth]
Sep 29 03:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: Failed password for root from 162.144.236.216 port 50922 ssh2
Sep 29 03:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: Connection closed by 162.144.236.216 port 50922 [preauth]
Sep 29 03:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user root
Sep 29 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Invalid user ubuntu from 94.182.95.185
Sep 29 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Failed password for invalid user ubuntu from 94.182.95.185 port 39070 ssh2
Sep 29 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Received disconnect from 94.182.95.185 port 39070:11: Bye Bye [preauth]
Sep 29 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Disconnected from 94.182.95.185 port 39070 [preauth]
Sep 29 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: Failed password for root from 162.144.236.216 port 57688 ssh2
Sep 29 03:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12588]: Connection closed by 162.144.236.216 port 57688 [preauth]
Sep 29 03:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Invalid user bot from 8.243.50.114
Sep 29 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: input_userauth_request: invalid user bot [preauth]
Sep 29 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Failed password for invalid user bot from 8.243.50.114 port 47180 ssh2
Sep 29 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Received disconnect from 8.243.50.114 port 47180:11: Bye Bye [preauth]
Sep 29 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Disconnected from 8.243.50.114 port 47180 [preauth]
Sep 29 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 162.144.236.216 port 35704 ssh2
Sep 29 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Connection closed by 162.144.236.216 port 35704 [preauth]
Sep 29 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12685]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12686]: pam_unix(cron:session): session closed for user root
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12680]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Failed password for root from 92.125.33.38 port 22758 ssh2
Sep 29 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Failed password for root from 162.144.236.216 port 42098 ssh2
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12759]: Successful su for rubyman by root
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12759]: + ??? root:rubyman
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312453 of user rubyman.
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12759]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312453.
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Received disconnect from 92.125.33.38 port 22758:11: Bye Bye [preauth]
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Disconnected from 92.125.33.38 port 22758 [preauth]
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12648]: Connection closed by 162.144.236.216 port 42098 [preauth]
Sep 29 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12683]: pam_unix(cron:session): session closed for user root
Sep 29 03:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9655]: pam_unix(cron:session): session closed for user root
Sep 29 03:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: Failed password for root from 162.144.236.216 port 51312 ssh2
Sep 29 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12681]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: Connection closed by 162.144.236.216 port 51312 [preauth]
Sep 29 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Failed password for root from 162.144.236.216 port 57072 ssh2
Sep 29 03:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Connection closed by 162.144.236.216 port 57072 [preauth]
Sep 29 03:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for root from 162.144.236.216 port 34994 ssh2
Sep 29 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Connection closed by 162.144.236.216 port 34994 [preauth]
Sep 29 03:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Failed password for root from 162.144.236.216 port 41640 ssh2
Sep 29 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session closed for user root
Sep 29 03:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Connection closed by 162.144.236.216 port 41640 [preauth]
Sep 29 03:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Invalid user cdn from 94.182.95.185
Sep 29 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: input_userauth_request: invalid user cdn [preauth]
Sep 29 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Failed password for invalid user cdn from 94.182.95.185 port 38008 ssh2
Sep 29 03:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Received disconnect from 94.182.95.185 port 38008:11: Bye Bye [preauth]
Sep 29 03:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Disconnected from 94.182.95.185 port 38008 [preauth]
Sep 29 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: Failed password for root from 162.144.236.216 port 49196 ssh2
Sep 29 03:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Invalid user hello from 8.243.50.114
Sep 29 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: input_userauth_request: invalid user hello [preauth]
Sep 29 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: Connection closed by 162.144.236.216 port 49196 [preauth]
Sep 29 03:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Invalid user michelle from 45.115.217.248
Sep 29 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: input_userauth_request: invalid user michelle [preauth]
Sep 29 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for invalid user hello from 8.243.50.114 port 36640 ssh2
Sep 29 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Received disconnect from 8.243.50.114 port 36640:11: Bye Bye [preauth]
Sep 29 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Disconnected from 8.243.50.114 port 36640 [preauth]
Sep 29 03:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Failed password for invalid user michelle from 45.115.217.248 port 37714 ssh2
Sep 29 03:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Received disconnect from 45.115.217.248 port 37714:11: Bye Bye [preauth]
Sep 29 03:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: Disconnected from 45.115.217.248 port 37714 [preauth]
Sep 29 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Failed password for root from 162.144.236.216 port 54556 ssh2
Sep 29 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Connection closed by 162.144.236.216 port 54556 [preauth]
Sep 29 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: Failed password for root from 162.144.236.216 port 33030 ssh2
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: Connection closed by 162.144.236.216 port 33030 [preauth]
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: Successful su for rubyman by root
Sep 29 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: + ??? root:rubyman
Sep 29 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312457 of user rubyman.
Sep 29 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312457.
Sep 29 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10245]: pam_unix(cron:session): session closed for user root
Sep 29 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Failed password for root from 162.144.236.216 port 42700 ssh2
Sep 29 03:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Connection closed by 162.144.236.216 port 42700 [preauth]
Sep 29 03:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Failed password for root from 162.144.236.216 port 49070 ssh2
Sep 29 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13481]: Connection closed by 162.144.236.216 port 49070 [preauth]
Sep 29 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for root from 162.144.236.216 port 58152 ssh2
Sep 29 03:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Connection closed by 162.144.236.216 port 58152 [preauth]
Sep 29 03:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Invalid user phoenix from 92.125.33.38
Sep 29 03:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: input_userauth_request: invalid user phoenix [preauth]
Sep 29 03:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13542]: Failed password for root from 162.144.236.216 port 35328 ssh2
Sep 29 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12211]: pam_unix(cron:session): session closed for user root
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13542]: Connection closed by 162.144.236.216 port 35328 [preauth]
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Invalid user user from 94.182.95.185
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: input_userauth_request: invalid user user [preauth]
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Failed password for invalid user phoenix from 92.125.33.38 port 56302 ssh2
Sep 29 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Received disconnect from 92.125.33.38 port 56302:11: Bye Bye [preauth]
Sep 29 03:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Disconnected from 92.125.33.38 port 56302 [preauth]
Sep 29 03:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114  user=root
Sep 29 03:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Failed password for invalid user user from 94.182.95.185 port 58000 ssh2
Sep 29 03:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Received disconnect from 94.182.95.185 port 58000:11: Bye Bye [preauth]
Sep 29 03:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Disconnected from 94.182.95.185 port 58000 [preauth]
Sep 29 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: Failed password for root from 8.243.50.114 port 54330 ssh2
Sep 29 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: Received disconnect from 8.243.50.114 port 54330:11: Bye Bye [preauth]
Sep 29 03:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13580]: Disconnected from 8.243.50.114 port 54330 [preauth]
Sep 29 03:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Failed password for root from 162.144.236.216 port 40876 ssh2
Sep 29 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Connection closed by 162.144.236.216 port 40876 [preauth]
Sep 29 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 03:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: Failed password for root from 162.144.236.216 port 50732 ssh2
Sep 29 03:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: Failed password for root from 93.152.230.176 port 51809 ssh2
Sep 29 03:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: Received disconnect from 93.152.230.176 port 51809:11: Client disconnecting normally [preauth]
Sep 29 03:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: Disconnected from 93.152.230.176 port 51809 [preauth]
Sep 29 03:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13612]: Connection closed by 162.144.236.216 port 50732 [preauth]
Sep 29 03:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Failed password for root from 162.144.236.216 port 57672 ssh2
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: Successful su for rubyman by root
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: + ??? root:rubyman
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312461 of user rubyman.
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312461.
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Connection closed by 162.144.236.216 port 57672 [preauth]
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Invalid user sagar from 45.115.217.248
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: input_userauth_request: invalid user sagar [preauth]
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Failed password for invalid user sagar from 45.115.217.248 port 49876 ssh2
Sep 29 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user root
Sep 29 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Received disconnect from 45.115.217.248 port 49876:11: Bye Bye [preauth]
Sep 29 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Disconnected from 45.115.217.248 port 49876 [preauth]
Sep 29 03:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13646]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Failed password for root from 162.144.236.216 port 35096 ssh2
Sep 29 03:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Connection closed by 162.144.236.216 port 35096 [preauth]
Sep 29 03:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Failed password for root from 162.144.236.216 port 42760 ssh2
Sep 29 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Connection closed by 162.144.236.216 port 42760 [preauth]
Sep 29 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Failed password for root from 162.144.236.216 port 48022 ssh2
Sep 29 03:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Connection closed by 162.144.236.216 port 48022 [preauth]
Sep 29 03:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Invalid user administrator from 20.163.71.109
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: input_userauth_request: invalid user administrator [preauth]
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Invalid user brian from 8.243.50.114
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: input_userauth_request: invalid user brian [preauth]
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Failed password for root from 162.144.236.216 port 54692 ssh2
Sep 29 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Invalid user rapid from 94.182.95.185
Sep 29 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: input_userauth_request: invalid user rapid [preauth]
Sep 29 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Connection closed by 162.144.236.216 port 54692 [preauth]
Sep 29 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12685]: pam_unix(cron:session): session closed for user root
Sep 29 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for invalid user administrator from 20.163.71.109 port 48410 ssh2
Sep 29 03:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Connection closed by 20.163.71.109 port 48410 [preauth]
Sep 29 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Failed password for invalid user brian from 8.243.50.114 port 43792 ssh2
Sep 29 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Received disconnect from 8.243.50.114 port 43792:11: Bye Bye [preauth]
Sep 29 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14000]: Disconnected from 8.243.50.114 port 43792 [preauth]
Sep 29 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user rapid from 94.182.95.185 port 45362 ssh2
Sep 29 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Received disconnect from 94.182.95.185 port 45362:11: Bye Bye [preauth]
Sep 29 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Disconnected from 94.182.95.185 port 45362 [preauth]
Sep 29 03:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Failed password for root from 162.144.236.216 port 33082 ssh2
Sep 29 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Connection closed by 162.144.236.216 port 33082 [preauth]
Sep 29 03:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Failed password for root from 162.144.236.216 port 38494 ssh2
Sep 29 03:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Connection closed by 162.144.236.216 port 38494 [preauth]
Sep 29 03:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 162.144.236.216 port 45262 ssh2
Sep 29 03:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Connection closed by 162.144.236.216 port 45262 [preauth]
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: Successful su for rubyman by root
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: + ??? root:rubyman
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312465 of user rubyman.
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14261]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312465.
Sep 29 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user root
Sep 29 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Failed password for root from 162.144.236.216 port 53350 ssh2
Sep 29 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Connection closed by 162.144.236.216 port 53350 [preauth]
Sep 29 03:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: Failed password for root from 162.144.236.216 port 59188 ssh2
Sep 29 03:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14442]: Connection closed by 162.144.236.216 port 59188 [preauth]
Sep 29 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Failed password for root from 92.125.33.38 port 47286 ssh2
Sep 29 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Received disconnect from 92.125.33.38 port 47286:11: Bye Bye [preauth]
Sep 29 03:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Disconnected from 92.125.33.38 port 47286 [preauth]
Sep 29 03:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Invalid user TEST from 45.115.217.248
Sep 29 03:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: input_userauth_request: invalid user TEST [preauth]
Sep 29 03:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Failed password for root from 162.144.236.216 port 37012 ssh2
Sep 29 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Connection closed by 162.144.236.216 port 37012 [preauth]
Sep 29 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Failed password for invalid user TEST from 45.115.217.248 port 34230 ssh2
Sep 29 03:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Received disconnect from 45.115.217.248 port 34230:11: Bye Bye [preauth]
Sep 29 03:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Disconnected from 45.115.217.248 port 34230 [preauth]
Sep 29 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Invalid user eduard from 8.243.50.114
Sep 29 03:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: input_userauth_request: invalid user eduard [preauth]
Sep 29 03:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Failed password for invalid user eduard from 8.243.50.114 port 33252 ssh2
Sep 29 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Received disconnect from 8.243.50.114 port 33252:11: Bye Bye [preauth]
Sep 29 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Disconnected from 8.243.50.114 port 33252 [preauth]
Sep 29 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: Failed password for root from 162.144.236.216 port 44126 ssh2
Sep 29 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: Connection closed by 162.144.236.216 port 44126 [preauth]
Sep 29 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13186]: pam_unix(cron:session): session closed for user root
Sep 29 03:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Failed password for root from 162.144.236.216 port 50792 ssh2
Sep 29 03:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Connection closed by 162.144.236.216 port 50792 [preauth]
Sep 29 03:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Failed password for root from 94.182.95.185 port 38996 ssh2
Sep 29 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Received disconnect from 94.182.95.185 port 38996:11: Bye Bye [preauth]
Sep 29 03:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Disconnected from 94.182.95.185 port 38996 [preauth]
Sep 29 03:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Failed password for root from 162.144.236.216 port 56346 ssh2
Sep 29 03:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14569]: Connection closed by 162.144.236.216 port 56346 [preauth]
Sep 29 03:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for root from 162.144.236.216 port 34676 ssh2
Sep 29 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Connection closed by 162.144.236.216 port 34676 [preauth]
Sep 29 03:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14616]: Failed password for root from 162.144.236.216 port 38880 ssh2
Sep 29 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14630]: pam_unix(cron:session): session closed for user p13x
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14616]: Connection closed by 162.144.236.216 port 38880 [preauth]
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: Successful su for rubyman by root
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: + ??? root:rubyman
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312469 of user rubyman.
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14689]: pam_unix(su:session): session closed for user rubyman
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312469.
Sep 29 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session closed for user root
Sep 29 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: Failed password for root from 162.144.236.216 port 45264 ssh2
Sep 29 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session closed for user samftp
Sep 29 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: Connection closed by 162.144.236.216 port 45264 [preauth]
Sep 29 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for root from 162.144.236.216 port 51196 ssh2
Sep 29 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Connection closed by 162.144.236.216 port 51196 [preauth]
Sep 29 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Invalid user test from 8.243.50.114
Sep 29 03:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: input_userauth_request: invalid user test [preauth]
Sep 29 03:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 03:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14922]: Failed password for root from 162.144.236.216 port 57488 ssh2
Sep 29 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14922]: Connection closed by 162.144.236.216 port 57488 [preauth]
Sep 29 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Failed password for invalid user test from 8.243.50.114 port 50942 ssh2
Sep 29 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Received disconnect from 8.243.50.114 port 50942:11: Bye Bye [preauth]
Sep 29 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Disconnected from 8.243.50.114 port 50942 [preauth]
Sep 29 03:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Failed password for root from 162.144.236.216 port 36192 ssh2
Sep 29 03:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session closed for user root
Sep 29 03:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Connection closed by 162.144.236.216 port 36192 [preauth]
Sep 29 03:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for root from 162.144.236.216 port 43668 ssh2
Sep 29 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Connection closed by 162.144.236.216 port 43668 [preauth]
Sep 29 03:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 03:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Invalid user brian from 45.115.217.248
Sep 29 03:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: input_userauth_request: invalid user brian [preauth]
Sep 29 03:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 03:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 03:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Failed password for root from 94.182.95.185 port 59984 ssh2
Sep 29 03:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Received disconnect from 94.182.95.185 port 59984:11: Bye Bye [preauth]
Sep 29 03:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Disconnected from 94.182.95.185 port 59984 [preauth]
Sep 29 03:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Failed password for invalid user brian from 45.115.217.248 port 45916 ssh2
Sep 29 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Received disconnect from 45.115.217.248 port 45916:11: Bye Bye [preauth]
Sep 29 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Disconnected from 45.115.217.248 port 45916 [preauth]
Sep 29 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Failed password for root from 162.144.236.216 port 48128 ssh2
Sep 29 03:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Connection closed by 162.144.236.216 port 48128 [preauth]
Sep 29 03:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Failed password for root from 162.144.236.216 port 54320 ssh2
Sep 29 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Connection closed by 162.144.236.216 port 54320 [preauth]
Sep 29 03:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session closed for user root
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user root
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Failed password for root from 162.144.236.216 port 60890 ssh2
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: Successful su for rubyman by root
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: + ??? root:rubyman
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312472 of user rubyman.
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15177]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312472.
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Connection closed by 162.144.236.216 port 60890 [preauth]
Sep 29 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12210]: pam_unix(cron:session): session closed for user root
Sep 29 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session closed for user root
Sep 29 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Invalid user magento from 92.125.33.38
Sep 29 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: input_userauth_request: invalid user magento [preauth]
Sep 29 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Failed password for invalid user magento from 92.125.33.38 port 52232 ssh2
Sep 29 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Received disconnect from 92.125.33.38 port 52232:11: Bye Bye [preauth]
Sep 29 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Disconnected from 92.125.33.38 port 52232 [preauth]
Sep 29 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Failed password for root from 162.144.236.216 port 37356 ssh2
Sep 29 04:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Connection closed by 162.144.236.216 port 37356 [preauth]
Sep 29 04:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 162.144.236.216 port 44956 ssh2
Sep 29 04:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Invalid user gf from 8.243.50.114
Sep 29 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: input_userauth_request: invalid user gf [preauth]
Sep 29 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 162.144.236.216 port 44956 [preauth]
Sep 29 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for invalid user gf from 8.243.50.114 port 40406 ssh2
Sep 29 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Received disconnect from 8.243.50.114 port 40406:11: Bye Bye [preauth]
Sep 29 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Disconnected from 8.243.50.114 port 40406 [preauth]
Sep 29 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: Failed password for root from 162.144.236.216 port 51446 ssh2
Sep 29 04:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15446]: Connection closed by 162.144.236.216 port 51446 [preauth]
Sep 29 04:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
Sep 29 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: Failed password for root from 162.144.236.216 port 59540 ssh2
Sep 29 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15478]: Connection closed by 162.144.236.216 port 59540 [preauth]
Sep 29 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Invalid user rustserver from 94.182.95.185
Sep 29 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: input_userauth_request: invalid user rustserver [preauth]
Sep 29 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Failed password for invalid user rustserver from 94.182.95.185 port 47368 ssh2
Sep 29 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Received disconnect from 94.182.95.185 port 47368:11: Bye Bye [preauth]
Sep 29 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Disconnected from 94.182.95.185 port 47368 [preauth]
Sep 29 04:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Failed password for root from 162.144.236.216 port 36316 ssh2
Sep 29 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Connection closed by 162.144.236.216 port 36316 [preauth]
Sep 29 04:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Failed password for root from 162.144.236.216 port 44604 ssh2
Sep 29 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Connection closed by 162.144.236.216 port 44604 [preauth]
Sep 29 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Failed password for root from 162.144.236.216 port 50210 ssh2
Sep 29 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Connection closed by 162.144.236.216 port 50210 [preauth]
Sep 29 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Invalid user postgre from 45.115.217.248
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: input_userauth_request: invalid user postgre [preauth]
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15693]: Successful su for rubyman by root
Sep 29 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15693]: + ??? root:rubyman
Sep 29 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312479 of user rubyman.
Sep 29 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15693]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312479.
Sep 29 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Failed password for invalid user postgre from 45.115.217.248 port 58906 ssh2
Sep 29 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Received disconnect from 45.115.217.248 port 58906:11: Bye Bye [preauth]
Sep 29 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Disconnected from 45.115.217.248 port 58906 [preauth]
Sep 29 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12684]: pam_unix(cron:session): session closed for user root
Sep 29 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15619]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15616]: Failed password for root from 162.144.236.216 port 56054 ssh2
Sep 29 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15616]: Connection closed by 162.144.236.216 port 56054 [preauth]
Sep 29 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Invalid user michelle from 8.243.50.114
Sep 29 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: input_userauth_request: invalid user michelle [preauth]
Sep 29 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for invalid user michelle from 8.243.50.114 port 58100 ssh2
Sep 29 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Received disconnect from 8.243.50.114 port 58100:11: Bye Bye [preauth]
Sep 29 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Disconnected from 8.243.50.114 port 58100 [preauth]
Sep 29 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Failed password for root from 162.144.236.216 port 35916 ssh2
Sep 29 04:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15899]: Connection closed by 162.144.236.216 port 35916 [preauth]
Sep 29 04:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Failed password for root from 162.144.236.216 port 41248 ssh2
Sep 29 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session closed for user root
Sep 29 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Invalid user morgan from 94.182.95.185
Sep 29 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: input_userauth_request: invalid user morgan [preauth]
Sep 29 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15924]: Connection closed by 162.144.236.216 port 41248 [preauth]
Sep 29 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Failed password for invalid user morgan from 94.182.95.185 port 43068 ssh2
Sep 29 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Received disconnect from 94.182.95.185 port 43068:11: Bye Bye [preauth]
Sep 29 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Disconnected from 94.182.95.185 port 43068 [preauth]
Sep 29 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Failed password for root from 162.144.236.216 port 46956 ssh2
Sep 29 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Connection closed by 162.144.236.216 port 46956 [preauth]
Sep 29 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16040]: Connection closed by 92.125.33.38 port 47332 [preauth]
Sep 29 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Failed password for root from 162.144.236.216 port 53454 ssh2
Sep 29 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Connection closed by 162.144.236.216 port 53454 [preauth]
Sep 29 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: Successful su for rubyman by root
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: + ??? root:rubyman
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312483 of user rubyman.
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312483.
Sep 29 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13185]: pam_unix(cron:session): session closed for user root
Sep 29 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 162.144.236.216 port 59892 ssh2
Sep 29 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Connection closed by 162.144.236.216 port 59892 [preauth]
Sep 29 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Invalid user danny from 8.243.50.114
Sep 29 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: input_userauth_request: invalid user danny [preauth]
Sep 29 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for invalid user danny from 8.243.50.114 port 47558 ssh2
Sep 29 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Received disconnect from 8.243.50.114 port 47558:11: Bye Bye [preauth]
Sep 29 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Disconnected from 8.243.50.114 port 47558 [preauth]
Sep 29 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 162.144.236.216 port 37678 ssh2
Sep 29 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 162.144.236.216 port 37678 [preauth]
Sep 29 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Invalid user xyx from 45.115.217.248
Sep 29 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: input_userauth_request: invalid user xyx [preauth]
Sep 29 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Failed password for invalid user xyx from 45.115.217.248 port 44824 ssh2
Sep 29 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Received disconnect from 45.115.217.248 port 44824:11: Bye Bye [preauth]
Sep 29 04:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Disconnected from 45.115.217.248 port 44824 [preauth]
Sep 29 04:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Failed password for root from 162.144.236.216 port 45742 ssh2
Sep 29 04:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Connection closed by 162.144.236.216 port 45742 [preauth]
Sep 29 04:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185  user=root
Sep 29 04:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user root
Sep 29 04:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for root from 94.182.95.185 port 54992 ssh2
Sep 29 04:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Received disconnect from 94.182.95.185 port 54992:11: Bye Bye [preauth]
Sep 29 04:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Disconnected from 94.182.95.185 port 54992 [preauth]
Sep 29 04:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: Failed password for root from 162.144.236.216 port 53168 ssh2
Sep 29 04:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16412]: Connection closed by 162.144.236.216 port 53168 [preauth]
Sep 29 04:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Failed password for root from 162.144.236.216 port 32864 ssh2
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: Successful su for rubyman by root
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: + ??? root:rubyman
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312488 of user rubyman.
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16587]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312488.
Sep 29 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Connection closed by 162.144.236.216 port 32864 [preauth]
Sep 29 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session closed for user root
Sep 29 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Invalid user boot from 8.243.50.114
Sep 29 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: input_userauth_request: invalid user boot [preauth]
Sep 29 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 04:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Failed password for invalid user boot from 8.243.50.114 port 37022 ssh2
Sep 29 04:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Received disconnect from 8.243.50.114 port 37022:11: Bye Bye [preauth]
Sep 29 04:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Disconnected from 8.243.50.114 port 37022 [preauth]
Sep 29 04:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Failed password for root from 162.144.236.216 port 41700 ssh2
Sep 29 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Connection closed by 162.144.236.216 port 41700 [preauth]
Sep 29 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Failed password for root from 162.144.236.216 port 48160 ssh2
Sep 29 04:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Connection closed by 162.144.236.216 port 48160 [preauth]
Sep 29 04:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Failed password for root from 162.144.236.216 port 56000 ssh2
Sep 29 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session closed for user root
Sep 29 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Connection closed by 162.144.236.216 port 56000 [preauth]
Sep 29 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Invalid user cyrus from 94.182.95.185
Sep 29 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: input_userauth_request: invalid user cyrus [preauth]
Sep 29 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for invalid user cyrus from 94.182.95.185 port 42704 ssh2
Sep 29 04:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Received disconnect from 94.182.95.185 port 42704:11: Bye Bye [preauth]
Sep 29 04:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Disconnected from 94.182.95.185 port 42704 [preauth]
Sep 29 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: Invalid user kali from 92.125.33.38
Sep 29 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: input_userauth_request: invalid user kali [preauth]
Sep 29 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: Failed password for invalid user kali from 92.125.33.38 port 55886 ssh2
Sep 29 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: Received disconnect from 92.125.33.38 port 55886:11: Bye Bye [preauth]
Sep 29 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16883]: Disconnected from 92.125.33.38 port 55886 [preauth]
Sep 29 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Failed password for root from 162.144.236.216 port 34604 ssh2
Sep 29 04:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Connection closed by 162.144.236.216 port 34604 [preauth]
Sep 29 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Failed password for root from 45.115.217.248 port 59450 ssh2
Sep 29 04:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Received disconnect from 45.115.217.248 port 59450:11: Bye Bye [preauth]
Sep 29 04:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Disconnected from 45.115.217.248 port 59450 [preauth]
Sep 29 04:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17044]: Successful su for rubyman by root
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17044]: + ??? root:rubyman
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312492 of user rubyman.
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17044]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312492.
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Invalid user renato from 8.243.50.114
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: input_userauth_request: invalid user renato [preauth]
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Failed password for invalid user renato from 8.243.50.114 port 54712 ssh2
Sep 29 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Received disconnect from 8.243.50.114 port 54712:11: Bye Bye [preauth]
Sep 29 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Disconnected from 8.243.50.114 port 54712 [preauth]
Sep 29 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user root
Sep 29 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for root from 162.144.236.216 port 42666 ssh2
Sep 29 04:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Connection closed by 162.144.236.216 port 42666 [preauth]
Sep 29 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: Failed password for root from 162.144.236.216 port 49560 ssh2
Sep 29 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: Connection closed by 162.144.236.216 port 49560 [preauth]
Sep 29 04:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for root from 162.144.236.216 port 55620 ssh2
Sep 29 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Connection closed by 162.144.236.216 port 55620 [preauth]
Sep 29 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Failed password for root from 162.144.236.216 port 33014 ssh2
Sep 29 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session closed for user root
Sep 29 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Connection closed by 162.144.236.216 port 33014 [preauth]
Sep 29 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Invalid user bash from 94.182.95.185
Sep 29 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: input_userauth_request: invalid user bash [preauth]
Sep 29 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Failed password for invalid user bash from 94.182.95.185 port 39638 ssh2
Sep 29 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Received disconnect from 94.182.95.185 port 39638:11: Bye Bye [preauth]
Sep 29 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Disconnected from 94.182.95.185 port 39638 [preauth]
Sep 29 04:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Failed password for root from 162.144.236.216 port 39548 ssh2
Sep 29 04:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Connection closed by 162.144.236.216 port 39548 [preauth]
Sep 29 04:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Failed password for root from 162.144.236.216 port 47152 ssh2
Sep 29 04:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Connection closed by 162.144.236.216 port 47152 [preauth]
Sep 29 04:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Invalid user ubuntu from 8.243.50.114
Sep 29 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.243.50.114
Sep 29 04:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Failed password for invalid user ubuntu from 8.243.50.114 port 44170 ssh2
Sep 29 04:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Received disconnect from 8.243.50.114 port 44170:11: Bye Bye [preauth]
Sep 29 04:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Disconnected from 8.243.50.114 port 44170 [preauth]
Sep 29 04:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17443]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17445]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17445]: pam_unix(cron:session): session closed for user root
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Failed password for root from 162.144.236.216 port 53566 ssh2
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17419]: Connection closed by 162.144.236.216 port 53566 [preauth]
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: Successful su for rubyman by root
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: + ??? root:rubyman
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312497 of user rubyman.
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312497.
Sep 29 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session closed for user root
Sep 29 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session closed for user root
Sep 29 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Failed password for root from 162.144.236.216 port 33744 ssh2
Sep 29 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Connection closed by 162.144.236.216 port 33744 [preauth]
Sep 29 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: Invalid user patricia from 45.115.217.248
Sep 29 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: input_userauth_request: invalid user patricia [preauth]
Sep 29 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for root from 162.144.236.216 port 37570 ssh2
Sep 29 04:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Connection closed by 162.144.236.216 port 37570 [preauth]
Sep 29 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: Failed password for invalid user patricia from 45.115.217.248 port 44834 ssh2
Sep 29 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: Received disconnect from 45.115.217.248 port 44834:11: Bye Bye [preauth]
Sep 29 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: Disconnected from 45.115.217.248 port 44834 [preauth]
Sep 29 04:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Failed password for root from 162.144.236.216 port 46248 ssh2
Sep 29 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Connection closed by 162.144.236.216 port 46248 [preauth]
Sep 29 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Did not receive identification string from 47.251.166.236
Sep 29 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Failed password for root from 92.125.33.38 port 59642 ssh2
Sep 29 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user root
Sep 29 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Received disconnect from 92.125.33.38 port 59642:11: Bye Bye [preauth]
Sep 29 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Disconnected from 92.125.33.38 port 59642 [preauth]
Sep 29 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: Invalid user ehsan from 94.182.95.185
Sep 29 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: input_userauth_request: invalid user ehsan [preauth]
Sep 29 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Failed password for root from 162.144.236.216 port 54040 ssh2
Sep 29 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: Failed password for invalid user ehsan from 94.182.95.185 port 37400 ssh2
Sep 29 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17920]: Connection closed by 162.144.236.216 port 54040 [preauth]
Sep 29 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: Received disconnect from 94.182.95.185 port 37400:11: Bye Bye [preauth]
Sep 29 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17953]: Disconnected from 94.182.95.185 port 37400 [preauth]
Sep 29 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for root from 162.144.236.216 port 33750 ssh2
Sep 29 04:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Connection closed by 162.144.236.216 port 33750 [preauth]
Sep 29 04:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Failed password for root from 162.144.236.216 port 39308 ssh2
Sep 29 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Connection closed by 162.144.236.216 port 39308 [preauth]
Sep 29 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18041]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18039]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18241]: Successful su for rubyman by root
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18241]: + ??? root:rubyman
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312501 of user rubyman.
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18241]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312501.
Sep 29 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Failed password for root from 162.144.236.216 port 46392 ssh2
Sep 29 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18027]: Connection closed by 162.144.236.216 port 46392 [preauth]
Sep 29 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user root
Sep 29 04:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18040]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18467]: Failed password for root from 162.144.236.216 port 53478 ssh2
Sep 29 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18467]: Connection closed by 162.144.236.216 port 53478 [preauth]
Sep 29 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Failed password for root from 162.144.236.216 port 33562 ssh2
Sep 29 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Connection closed by 162.144.236.216 port 33562 [preauth]
Sep 29 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: Failed password for root from 162.144.236.216 port 43432 ssh2
Sep 29 04:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: Connection closed by 162.144.236.216 port 43432 [preauth]
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: Invalid user noc from 94.182.95.185
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: input_userauth_request: invalid user noc [preauth]
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session closed for user root
Sep 29 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Invalid user erick from 45.115.217.248
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: input_userauth_request: invalid user erick [preauth]
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: Failed password for invalid user noc from 94.182.95.185 port 38742 ssh2
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: Received disconnect from 94.182.95.185 port 38742:11: Bye Bye [preauth]
Sep 29 04:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: Disconnected from 94.182.95.185 port 38742 [preauth]
Sep 29 04:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Failed password for invalid user erick from 45.115.217.248 port 56492 ssh2
Sep 29 04:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Received disconnect from 45.115.217.248 port 56492:11: Bye Bye [preauth]
Sep 29 04:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Disconnected from 45.115.217.248 port 56492 [preauth]
Sep 29 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Failed password for root from 162.144.236.216 port 49868 ssh2
Sep 29 04:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Connection closed by 162.144.236.216 port 49868 [preauth]
Sep 29 04:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: Failed password for root from 162.144.236.216 port 56952 ssh2
Sep 29 04:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: Connection closed by 162.144.236.216 port 56952 [preauth]
Sep 29 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: Invalid user geo from 92.125.33.38
Sep 29 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: input_userauth_request: invalid user geo [preauth]
Sep 29 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: Failed password for invalid user geo from 92.125.33.38 port 60810 ssh2
Sep 29 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: Received disconnect from 92.125.33.38 port 60810:11: Bye Bye [preauth]
Sep 29 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18755]: Disconnected from 92.125.33.38 port 60810 [preauth]
Sep 29 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18770]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18847]: Successful su for rubyman by root
Sep 29 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18847]: + ??? root:rubyman
Sep 29 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312506 of user rubyman.
Sep 29 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18847]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312506.
Sep 29 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15620]: pam_unix(cron:session): session closed for user root
Sep 29 04:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18771]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Failed password for root from 162.144.236.216 port 37588 ssh2
Sep 29 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Connection closed by 162.144.236.216 port 37588 [preauth]
Sep 29 04:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Invalid user git from 94.182.95.185
Sep 29 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: input_userauth_request: invalid user git [preauth]
Sep 29 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: Failed password for root from 162.144.236.216 port 44776 ssh2
Sep 29 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Failed password for invalid user git from 94.182.95.185 port 38648 ssh2
Sep 29 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Received disconnect from 94.182.95.185 port 38648:11: Bye Bye [preauth]
Sep 29 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19141]: Disconnected from 94.182.95.185 port 38648 [preauth]
Sep 29 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19105]: Connection closed by 162.144.236.216 port 44776 [preauth]
Sep 29 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17444]: pam_unix(cron:session): session closed for user root
Sep 29 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Failed password for root from 162.144.236.216 port 52092 ssh2
Sep 29 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Connection closed by 162.144.236.216 port 52092 [preauth]
Sep 29 04:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Failed password for root from 162.144.236.216 port 57196 ssh2
Sep 29 04:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Connection closed by 162.144.236.216 port 57196 [preauth]
Sep 29 04:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Invalid user gf from 45.115.217.248
Sep 29 04:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: input_userauth_request: invalid user gf [preauth]
Sep 29 04:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Failed password for invalid user gf from 45.115.217.248 port 38782 ssh2
Sep 29 04:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Failed password for root from 162.144.236.216 port 37934 ssh2
Sep 29 04:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Received disconnect from 45.115.217.248 port 38782:11: Bye Bye [preauth]
Sep 29 04:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Disconnected from 45.115.217.248 port 38782 [preauth]
Sep 29 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Connection closed by 162.144.236.216 port 37934 [preauth]
Sep 29 04:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19278]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19276]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19438]: Successful su for rubyman by root
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19438]: + ??? root:rubyman
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312511 of user rubyman.
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19438]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312511.
Sep 29 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Failed password for root from 162.144.236.216 port 45250 ssh2
Sep 29 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session closed for user root
Sep 29 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Connection closed by 162.144.236.216 port 45250 [preauth]
Sep 29 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19839]: Failed password for root from 162.144.236.216 port 52172 ssh2
Sep 29 04:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19839]: Connection closed by 162.144.236.216 port 52172 [preauth]
Sep 29 04:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Failed password for root from 162.144.236.216 port 57406 ssh2
Sep 29 04:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Connection closed by 162.144.236.216 port 57406 [preauth]
Sep 29 04:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Invalid user deploy from 94.182.95.185
Sep 29 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: input_userauth_request: invalid user deploy [preauth]
Sep 29 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.182.95.185
Sep 29 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Failed password for invalid user deploy from 94.182.95.185 port 39432 ssh2
Sep 29 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Received disconnect from 94.182.95.185 port 39432:11: Bye Bye [preauth]
Sep 29 04:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Disconnected from 94.182.95.185 port 39432 [preauth]
Sep 29 04:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Failed password for root from 162.144.236.216 port 35970 ssh2
Sep 29 04:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Connection closed by 162.144.236.216 port 35970 [preauth]
Sep 29 04:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session closed for user root
Sep 29 04:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Failed password for root from 162.144.236.216 port 44486 ssh2
Sep 29 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Connection closed by 162.144.236.216 port 44486 [preauth]
Sep 29 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38  user=root
Sep 29 04:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Failed password for root from 92.125.33.38 port 33410 ssh2
Sep 29 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Received disconnect from 92.125.33.38 port 33410:11: Bye Bye [preauth]
Sep 29 04:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Disconnected from 92.125.33.38 port 33410 [preauth]
Sep 29 04:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: Failed password for root from 162.144.236.216 port 51466 ssh2
Sep 29 04:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20026]: Connection closed by 162.144.236.216 port 51466 [preauth]
Sep 29 04:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: Failed password for root from 162.144.236.216 port 58932 ssh2
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20099]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20096]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20284]: Successful su for rubyman by root
Sep 29 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20284]: + ??? root:rubyman
Sep 29 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312514 of user rubyman.
Sep 29 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20284]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312514.
Sep 29 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session closed for user root
Sep 29 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: Connection closed by 162.144.236.216 port 58932 [preauth]
Sep 29 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user root
Sep 29 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20097]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Failed password for root from 45.115.217.248 port 52152 ssh2
Sep 29 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Received disconnect from 45.115.217.248 port 52152:11: Bye Bye [preauth]
Sep 29 04:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Disconnected from 45.115.217.248 port 52152 [preauth]
Sep 29 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: Failed password for root from 162.144.236.216 port 37042 ssh2
Sep 29 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: Connection closed by 162.144.236.216 port 37042 [preauth]
Sep 29 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session closed for user root
Sep 29 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for root from 162.144.236.216 port 46576 ssh2
Sep 29 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 162.144.236.216 port 46576 [preauth]
Sep 29 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Failed password for root from 162.144.236.216 port 53276 ssh2
Sep 29 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Connection closed by 162.144.236.216 port 53276 [preauth]
Sep 29 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Failed password for root from 162.144.236.216 port 59714 ssh2
Sep 29 04:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Connection closed by 162.144.236.216 port 59714 [preauth]
Sep 29 04:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: Failed password for root from 162.144.236.216 port 37760 ssh2
Sep 29 04:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: Connection closed by 162.144.236.216 port 37760 [preauth]
Sep 29 04:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20690]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20693]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20694]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20692]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20694]: pam_unix(cron:session): session closed for user root
Sep 29 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20765]: Successful su for rubyman by root
Sep 29 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20765]: + ??? root:rubyman
Sep 29 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312520 of user rubyman.
Sep 29 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20765]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312520.
Sep 29 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20690]: pam_unix(cron:session): session closed for user root
Sep 29 04:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session closed for user root
Sep 29 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Failed password for root from 162.144.236.216 port 44466 ssh2
Sep 29 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Connection closed by 162.144.236.216 port 44466 [preauth]
Sep 29 04:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Failed password for root from 162.144.236.216 port 52434 ssh2
Sep 29 04:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Connection closed by 162.144.236.216 port 52434 [preauth]
Sep 29 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Invalid user dev from 92.125.33.38
Sep 29 04:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: input_userauth_request: invalid user dev [preauth]
Sep 29 04:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Failed password for invalid user dev from 92.125.33.38 port 43312 ssh2
Sep 29 04:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Received disconnect from 92.125.33.38 port 43312:11: Bye Bye [preauth]
Sep 29 04:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Disconnected from 92.125.33.38 port 43312 [preauth]
Sep 29 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session closed for user root
Sep 29 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 04:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Failed password for root from 45.115.217.248 port 38928 ssh2
Sep 29 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Received disconnect from 45.115.217.248 port 38928:11: Bye Bye [preauth]
Sep 29 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21105]: Disconnected from 45.115.217.248 port 38928 [preauth]
Sep 29 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Failed password for root from 162.144.236.216 port 58430 ssh2
Sep 29 04:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Connection closed by 162.144.236.216 port 58430 [preauth]
Sep 29 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: Failed password for root from 162.144.236.216 port 38360 ssh2
Sep 29 04:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21124]: Connection closed by 162.144.236.216 port 38360 [preauth]
Sep 29 04:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: Successful su for rubyman by root
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: + ??? root:rubyman
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312526 of user rubyman.
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312526.
Sep 29 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Failed password for root from 162.144.236.216 port 47054 ssh2
Sep 29 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Invalid user pi from 93.152.230.176
Sep 29 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: input_userauth_request: invalid user pi [preauth]
Sep 29 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Connection closed by 162.144.236.216 port 47054 [preauth]
Sep 29 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17443]: pam_unix(cron:session): session closed for user root
Sep 29 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Failed password for invalid user pi from 93.152.230.176 port 1792 ssh2
Sep 29 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Received disconnect from 93.152.230.176 port 1792:11: Client disconnecting normally [preauth]
Sep 29 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Disconnected from 93.152.230.176 port 1792 [preauth]
Sep 29 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21179]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: Failed password for root from 162.144.236.216 port 55234 ssh2
Sep 29 04:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21408]: Connection closed by 162.144.236.216 port 55234 [preauth]
Sep 29 04:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Failed password for root from 162.144.236.216 port 59050 ssh2
Sep 29 04:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Connection closed by 162.144.236.216 port 59050 [preauth]
Sep 29 04:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: Failed password for root from 162.144.236.216 port 37696 ssh2
Sep 29 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: Connection closed by 162.144.236.216 port 37696 [preauth]
Sep 29 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20099]: pam_unix(cron:session): session closed for user root
Sep 29 04:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Failed password for root from 162.144.236.216 port 45326 ssh2
Sep 29 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Connection closed by 162.144.236.216 port 45326 [preauth]
Sep 29 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 162.144.236.216 port 51864 ssh2
Sep 29 04:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Connection closed by 162.144.236.216 port 51864 [preauth]
Sep 29 04:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Failed password for root from 162.144.236.216 port 58914 ssh2
Sep 29 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Connection closed by 162.144.236.216 port 58914 [preauth]
Sep 29 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Invalid user newusername from 45.115.217.248
Sep 29 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: input_userauth_request: invalid user newusername [preauth]
Sep 29 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Failed password for invalid user newusername from 45.115.217.248 port 50448 ssh2
Sep 29 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Received disconnect from 45.115.217.248 port 50448:11: Bye Bye [preauth]
Sep 29 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Disconnected from 45.115.217.248 port 50448 [preauth]
Sep 29 04:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21631]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: Failed password for root from 162.144.236.216 port 38648 ssh2
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21697]: Successful su for rubyman by root
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21697]: + ??? root:rubyman
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312529 of user rubyman.
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21697]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312529.
Sep 29 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21617]: Connection closed by 162.144.236.216 port 38648 [preauth]
Sep 29 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18041]: pam_unix(cron:session): session closed for user root
Sep 29 04:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21766]: Failed password for root from 162.144.236.216 port 44540 ssh2
Sep 29 04:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21766]: Connection closed by 162.144.236.216 port 44540 [preauth]
Sep 29 04:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Invalid user tu from 92.125.33.38
Sep 29 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: input_userauth_request: invalid user tu [preauth]
Sep 29 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.125.33.38
Sep 29 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Failed password for invalid user tu from 92.125.33.38 port 52682 ssh2
Sep 29 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Received disconnect from 92.125.33.38 port 52682:11: Bye Bye [preauth]
Sep 29 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Disconnected from 92.125.33.38 port 52682 [preauth]
Sep 29 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21919]: Failed password for root from 162.144.236.216 port 50634 ssh2
Sep 29 04:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21919]: Connection closed by 162.144.236.216 port 50634 [preauth]
Sep 29 04:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Failed password for root from 162.144.236.216 port 57144 ssh2
Sep 29 04:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Connection closed by 162.144.236.216 port 57144 [preauth]
Sep 29 04:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: Failed password for root from 162.144.236.216 port 36258 ssh2
Sep 29 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20693]: pam_unix(cron:session): session closed for user root
Sep 29 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21982]: Connection closed by 162.144.236.216 port 36258 [preauth]
Sep 29 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Failed password for root from 162.144.236.216 port 42562 ssh2
Sep 29 04:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Connection closed by 162.144.236.216 port 42562 [preauth]
Sep 29 04:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: Successful su for rubyman by root
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: + ??? root:rubyman
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312532 of user rubyman.
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312532.
Sep 29 04:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session closed for user root
Sep 29 04:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Failed password for root from 162.144.236.216 port 49382 ssh2
Sep 29 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Connection closed by 162.144.236.216 port 49382 [preauth]
Sep 29 04:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Invalid user danny from 45.115.217.248
Sep 29 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: input_userauth_request: invalid user danny [preauth]
Sep 29 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Failed password for invalid user danny from 45.115.217.248 port 34072 ssh2
Sep 29 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Received disconnect from 45.115.217.248 port 34072:11: Bye Bye [preauth]
Sep 29 04:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22410]: Disconnected from 45.115.217.248 port 34072 [preauth]
Sep 29 04:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for root from 162.144.236.216 port 59150 ssh2
Sep 29 04:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Connection closed by 162.144.236.216 port 59150 [preauth]
Sep 29 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session closed for user root
Sep 29 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Failed password for root from 162.144.236.216 port 38918 ssh2
Sep 29 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Connection closed by 162.144.236.216 port 38918 [preauth]
Sep 29 04:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for root from 162.144.236.216 port 45668 ssh2
Sep 29 04:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Connection closed by 162.144.236.216 port 45668 [preauth]
Sep 29 04:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: Successful su for rubyman by root
Sep 29 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: + ??? root:rubyman
Sep 29 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312536 of user rubyman.
Sep 29 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22605]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312536.
Sep 29 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19278]: pam_unix(cron:session): session closed for user root
Sep 29 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: Failed password for root from 162.144.236.216 port 52174 ssh2
Sep 29 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22540]: Connection closed by 162.144.236.216 port 52174 [preauth]
Sep 29 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Failed password for root from 162.144.236.216 port 58978 ssh2
Sep 29 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Connection closed by 162.144.236.216 port 58978 [preauth]
Sep 29 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23071]: Failed password for root from 162.144.236.216 port 37086 ssh2
Sep 29 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23071]: Connection closed by 162.144.236.216 port 37086 [preauth]
Sep 29 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user root
Sep 29 04:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: Failed password for root from 162.144.236.216 port 42670 ssh2
Sep 29 04:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23091]: Connection closed by 162.144.236.216 port 42670 [preauth]
Sep 29 04:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: Invalid user elearn from 45.115.217.248
Sep 29 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: input_userauth_request: invalid user elearn [preauth]
Sep 29 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: Failed password for invalid user elearn from 45.115.217.248 port 44254 ssh2
Sep 29 04:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: Received disconnect from 45.115.217.248 port 44254:11: Bye Bye [preauth]
Sep 29 04:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: Disconnected from 45.115.217.248 port 44254 [preauth]
Sep 29 04:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Failed password for root from 162.144.236.216 port 47892 ssh2
Sep 29 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Connection closed by 162.144.236.216 port 47892 [preauth]
Sep 29 04:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23268]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23270]: pam_unix(cron:session): session closed for user root
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23264]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23353]: Successful su for rubyman by root
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23353]: + ??? root:rubyman
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312540 of user rubyman.
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23353]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312540.
Sep 29 04:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23266]: pam_unix(cron:session): session closed for user root
Sep 29 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20098]: pam_unix(cron:session): session closed for user root
Sep 29 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Failed password for root from 162.144.236.216 port 57406 ssh2
Sep 29 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23265]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Connection closed by 162.144.236.216 port 57406 [preauth]
Sep 29 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Failed password for root from 162.144.236.216 port 37854 ssh2
Sep 29 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Connection closed by 162.144.236.216 port 37854 [preauth]
Sep 29 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23840]: Failed password for root from 162.144.236.216 port 45148 ssh2
Sep 29 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23840]: Connection closed by 162.144.236.216 port 45148 [preauth]
Sep 29 04:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session closed for user root
Sep 29 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: Failed password for root from 162.144.236.216 port 51780 ssh2
Sep 29 04:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: Connection closed by 162.144.236.216 port 51780 [preauth]
Sep 29 04:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Failed password for root from 162.144.236.216 port 58902 ssh2
Sep 29 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Connection closed by 162.144.236.216 port 58902 [preauth]
Sep 29 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23989]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23983]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24075]: Successful su for rubyman by root
Sep 29 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24075]: + ??? root:rubyman
Sep 29 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312547 of user rubyman.
Sep 29 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24075]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312547.
Sep 29 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20692]: pam_unix(cron:session): session closed for user root
Sep 29 04:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 04:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for root from 162.144.236.216 port 38310 ssh2
Sep 29 04:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23984]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Failed password for root from 45.115.217.248 port 58328 ssh2
Sep 29 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Received disconnect from 45.115.217.248 port 58328:11: Bye Bye [preauth]
Sep 29 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Disconnected from 45.115.217.248 port 58328 [preauth]
Sep 29 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Connection closed by 162.144.236.216 port 38310 [preauth]
Sep 29 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: Failed password for root from 162.144.236.216 port 48596 ssh2
Sep 29 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: Connection closed by 162.144.236.216 port 48596 [preauth]
Sep 29 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Failed password for root from 162.144.236.216 port 55954 ssh2
Sep 29 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Connection closed by 162.144.236.216 port 55954 [preauth]
Sep 29 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22546]: pam_unix(cron:session): session closed for user root
Sep 29 04:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: Failed password for root from 162.144.236.216 port 33776 ssh2
Sep 29 04:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24398]: Connection closed by 162.144.236.216 port 33776 [preauth]
Sep 29 04:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Failed password for root from 162.144.236.216 port 39084 ssh2
Sep 29 04:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Connection closed by 162.144.236.216 port 39084 [preauth]
Sep 29 04:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: Failed password for root from 162.144.236.216 port 44498 ssh2
Sep 29 04:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24464]: Connection closed by 162.144.236.216 port 44498 [preauth]
Sep 29 04:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Failed password for root from 162.144.236.216 port 51160 ssh2
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Connection closed by 162.144.236.216 port 51160 [preauth]
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session closed for user root
Sep 29 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24501]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24583]: Successful su for rubyman by root
Sep 29 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24583]: + ??? root:rubyman
Sep 29 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312551 of user rubyman.
Sep 29 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24583]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312551.
Sep 29 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21180]: pam_unix(cron:session): session closed for user root
Sep 29 04:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24502]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Failed password for root from 162.144.236.216 port 56140 ssh2
Sep 29 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Connection closed by 162.144.236.216 port 56140 [preauth]
Sep 29 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: Failed password for root from 162.144.236.216 port 35572 ssh2
Sep 29 04:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: Connection closed by 162.144.236.216 port 35572 [preauth]
Sep 29 04:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Failed password for root from 162.144.236.216 port 42656 ssh2
Sep 29 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Connection closed by 162.144.236.216 port 42656 [preauth]
Sep 29 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Invalid user ubuntu from 45.115.217.248
Sep 29 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: Failed password for root from 162.144.236.216 port 47672 ssh2
Sep 29 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session closed for user root
Sep 29 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Failed password for invalid user ubuntu from 45.115.217.248 port 42730 ssh2
Sep 29 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: Connection closed by 162.144.236.216 port 47672 [preauth]
Sep 29 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Received disconnect from 45.115.217.248 port 42730:11: Bye Bye [preauth]
Sep 29 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Disconnected from 45.115.217.248 port 42730 [preauth]
Sep 29 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Failed password for root from 162.144.236.216 port 55224 ssh2
Sep 29 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Connection closed by 162.144.236.216 port 55224 [preauth]
Sep 29 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: Failed password for root from 162.144.236.216 port 34426 ssh2
Sep 29 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24924]: Connection closed by 162.144.236.216 port 34426 [preauth]
Sep 29 04:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24940]: Failed password for root from 162.144.236.216 port 40000 ssh2
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: Successful su for rubyman by root
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: + ??? root:rubyman
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312555 of user rubyman.
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312555.
Sep 29 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24940]: Connection closed by 162.144.236.216 port 40000 [preauth]
Sep 29 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user root
Sep 29 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Failed password for root from 162.144.236.216 port 49336 ssh2
Sep 29 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Connection closed by 162.144.236.216 port 49336 [preauth]
Sep 29 04:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for root from 162.144.236.216 port 56412 ssh2
Sep 29 04:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 162.144.236.216 port 56412 [preauth]
Sep 29 04:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23989]: pam_unix(cron:session): session closed for user root
Sep 29 04:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: Failed password for root from 162.144.236.216 port 36558 ssh2
Sep 29 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: Connection closed by 162.144.236.216 port 36558 [preauth]
Sep 29 04:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Failed password for root from 162.144.236.216 port 41806 ssh2
Sep 29 04:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Connection closed by 162.144.236.216 port 41806 [preauth]
Sep 29 04:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248  user=root
Sep 29 04:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Failed password for root from 45.115.217.248 port 55292 ssh2
Sep 29 04:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Received disconnect from 45.115.217.248 port 55292:11: Bye Bye [preauth]
Sep 29 04:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25652]: Disconnected from 45.115.217.248 port 55292 [preauth]
Sep 29 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25668]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25669]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25734]: Successful su for rubyman by root
Sep 29 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25734]: + ??? root:rubyman
Sep 29 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312559 of user rubyman.
Sep 29 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25734]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312559.
Sep 29 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session closed for user root
Sep 29 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Failed password for root from 162.144.236.216 port 49426 ssh2
Sep 29 04:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Connection closed by 162.144.236.216 port 49426 [preauth]
Sep 29 04:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Failed password for root from 162.144.236.216 port 55912 ssh2
Sep 29 04:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Connection closed by 162.144.236.216 port 55912 [preauth]
Sep 29 04:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Failed password for root from 162.144.236.216 port 34926 ssh2
Sep 29 04:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Connection closed by 162.144.236.216 port 34926 [preauth]
Sep 29 04:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Failed password for root from 162.144.236.216 port 41814 ssh2
Sep 29 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24505]: pam_unix(cron:session): session closed for user root
Sep 29 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Connection closed by 162.144.236.216 port 41814 [preauth]
Sep 29 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: Failed password for root from 162.144.236.216 port 48506 ssh2
Sep 29 04:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Did not receive identification string from 80.248.59.138
Sep 29 04:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26164]: Connection closed by 162.144.236.216 port 48506 [preauth]
Sep 29 04:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Failed password for root from 162.144.236.216 port 57252 ssh2
Sep 29 04:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Connection closed by 162.144.236.216 port 57252 [preauth]
Sep 29 04:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session closed for user root
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26330]: Successful su for rubyman by root
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26330]: + ??? root:rubyman
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312564 of user rubyman.
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26330]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312564.
Sep 29 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user root
Sep 29 04:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session closed for user root
Sep 29 04:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Failed password for root from 162.144.236.216 port 33966 ssh2
Sep 29 04:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Connection closed by 162.144.236.216 port 33966 [preauth]
Sep 29 04:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Invalid user boot from 45.115.217.248
Sep 29 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: input_userauth_request: invalid user boot [preauth]
Sep 29 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.115.217.248
Sep 29 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Failed password for invalid user boot from 45.115.217.248 port 38558 ssh2
Sep 29 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Received disconnect from 45.115.217.248 port 38558:11: Bye Bye [preauth]
Sep 29 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Disconnected from 45.115.217.248 port 38558 [preauth]
Sep 29 04:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Failed password for root from 162.144.236.216 port 39792 ssh2
Sep 29 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24977]: pam_unix(cron:session): session closed for user root
Sep 29 04:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Connection closed by 162.144.236.216 port 39792 [preauth]
Sep 29 04:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Failed password for root from 162.144.236.216 port 48338 ssh2
Sep 29 04:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Connection closed by 162.144.236.216 port 48338 [preauth]
Sep 29 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26912]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: Successful su for rubyman by root
Sep 29 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: + ??? root:rubyman
Sep 29 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312570 of user rubyman.
Sep 29 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312570.
Sep 29 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23268]: pam_unix(cron:session): session closed for user root
Sep 29 04:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26913]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Failed password for root from 162.144.236.216 port 55362 ssh2
Sep 29 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Connection closed by 162.144.236.216 port 55362 [preauth]
Sep 29 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Did not receive identification string from 162.144.236.216
Sep 29 04:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25669]: pam_unix(cron:session): session closed for user root
Sep 29 04:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Failed password for root from 162.144.236.216 port 40088 ssh2
Sep 29 04:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Connection closed by 162.144.236.216 port 40088 [preauth]
Sep 29 04:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27392]: Did not receive identification string from 162.144.236.216
Sep 29 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27435]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27428]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27518]: Successful su for rubyman by root
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27518]: + ??? root:rubyman
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312574 of user rubyman.
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27518]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312574.
Sep 29 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23986]: pam_unix(cron:session): session closed for user root
Sep 29 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27433]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Failed password for root from 162.144.236.216 port 49582 ssh2
Sep 29 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Connection closed by 162.144.236.216 port 49582 [preauth]
Sep 29 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Failed password for root from 162.144.236.216 port 59416 ssh2
Sep 29 04:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Connection closed by 162.144.236.216 port 59416 [preauth]
Sep 29 04:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Failed password for root from 162.144.236.216 port 38794 ssh2
Sep 29 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session closed for user root
Sep 29 04:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Connection closed by 162.144.236.216 port 38794 [preauth]
Sep 29 04:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28002]: Failed password for root from 162.144.236.216 port 45796 ssh2
Sep 29 04:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28002]: Connection closed by 162.144.236.216 port 45796 [preauth]
Sep 29 04:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: Successful su for rubyman by root
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: + ??? root:rubyman
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312579 of user rubyman.
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312579.
Sep 29 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24503]: pam_unix(cron:session): session closed for user root
Sep 29 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: Failed password for root from 162.144.236.216 port 53826 ssh2
Sep 29 04:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: Connection closed by 162.144.236.216 port 53826 [preauth]
Sep 29 04:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Failed password for root from 162.144.236.216 port 33254 ssh2
Sep 29 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28352]: Connection closed by 162.144.236.216 port 33254 [preauth]
Sep 29 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user root
Sep 29 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Failed password for root from 162.144.236.216 port 40940 ssh2
Sep 29 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Connection closed by 162.144.236.216 port 40940 [preauth]
Sep 29 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Failed password for root from 162.144.236.216 port 48314 ssh2
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28634]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: Successful su for rubyman by root
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: + ??? root:rubyman
Sep 29 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312581 of user rubyman.
Sep 29 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312581.
Sep 29 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Connection closed by 162.144.236.216 port 48314 [preauth]
Sep 29 04:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user root
Sep 29 04:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28635]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Failed password for root from 162.144.236.216 port 56704 ssh2
Sep 29 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Connection closed by 162.144.236.216 port 56704 [preauth]
Sep 29 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Failed password for root from 190.103.202.7 port 35552 ssh2
Sep 29 04:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29020]: Connection closed by 190.103.202.7 port 35552 [preauth]
Sep 29 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Failed password for root from 162.144.236.216 port 35782 ssh2
Sep 29 04:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Connection closed by 162.144.236.216 port 35782 [preauth]
Sep 29 04:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27435]: pam_unix(cron:session): session closed for user root
Sep 29 04:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: Failed password for root from 162.144.236.216 port 44836 ssh2
Sep 29 04:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: Connection closed by 162.144.236.216 port 44836 [preauth]
Sep 29 04:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29213]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session closed for user root
Sep 29 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: Successful su for rubyman by root
Sep 29 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: + ??? root:rubyman
Sep 29 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312585 of user rubyman.
Sep 29 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312585.
Sep 29 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: Failed password for root from 162.144.236.216 port 54540 ssh2
Sep 29 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25668]: pam_unix(cron:session): session closed for user root
Sep 29 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user root
Sep 29 04:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29198]: Connection closed by 162.144.236.216 port 54540 [preauth]
Sep 29 04:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29215]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Failed password for root from 162.144.236.216 port 60990 ssh2
Sep 29 04:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 162.144.236.216 port 60990 [preauth]
Sep 29 04:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: Failed password for root from 162.144.236.216 port 38612 ssh2
Sep 29 04:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29561]: Connection closed by 162.144.236.216 port 38612 [preauth]
Sep 29 04:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session closed for user root
Sep 29 04:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: Failed password for root from 162.144.236.216 port 44874 ssh2
Sep 29 04:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29608]: Connection closed by 162.144.236.216 port 44874 [preauth]
Sep 29 04:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: Failed password for root from 162.144.236.216 port 52268 ssh2
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: Successful su for rubyman by root
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: + ??? root:rubyman
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312593 of user rubyman.
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312593.
Sep 29 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: Connection closed by 162.144.236.216 port 52268 [preauth]
Sep 29 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session closed for user root
Sep 29 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Did not receive identification string from 162.144.236.216
Sep 29 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Failed password for root from 162.144.236.216 port 33562 ssh2
Sep 29 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Connection closed by 162.144.236.216 port 33562 [preauth]
Sep 29 04:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for root from 162.144.236.216 port 41054 ssh2
Sep 29 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28638]: pam_unix(cron:session): session closed for user root
Sep 29 04:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Connection closed by 162.144.236.216 port 41054 [preauth]
Sep 29 04:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Failed password for root from 162.144.236.216 port 47944 ssh2
Sep 29 04:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Connection closed by 162.144.236.216 port 47944 [preauth]
Sep 29 04:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: Successful su for rubyman by root
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: + ??? root:rubyman
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312595 of user rubyman.
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312595.
Sep 29 04:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session closed for user root
Sep 29 04:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: Failed password for root from 162.144.236.216 port 54572 ssh2
Sep 29 04:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30210]: Connection closed by 162.144.236.216 port 54572 [preauth]
Sep 29 04:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: Failed password for root from 162.144.236.216 port 32930 ssh2
Sep 29 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: Connection closed by 162.144.236.216 port 32930 [preauth]
Sep 29 04:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for root from 162.144.236.216 port 40448 ssh2
Sep 29 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user root
Sep 29 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Connection closed by 162.144.236.216 port 40448 [preauth]
Sep 29 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: Failed password for root from 162.144.236.216 port 47484 ssh2
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: Successful su for rubyman by root
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: + ??? root:rubyman
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312599 of user rubyman.
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312599.
Sep 29 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30748]: Connection closed by 162.144.236.216 port 47484 [preauth]
Sep 29 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27434]: pam_unix(cron:session): session closed for user root
Sep 29 04:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Failed password for root from 162.144.236.216 port 56978 ssh2
Sep 29 04:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Connection closed by 162.144.236.216 port 56978 [preauth]
Sep 29 04:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Failed password for root from 162.144.236.216 port 34676 ssh2
Sep 29 04:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Connection closed by 162.144.236.216 port 34676 [preauth]
Sep 29 04:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session closed for user root
Sep 29 04:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: Failed password for root from 162.144.236.216 port 40958 ssh2
Sep 29 04:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: Connection closed by 162.144.236.216 port 40958 [preauth]
Sep 29 04:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31330]: Successful su for rubyman by root
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31330]: + ??? root:rubyman
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312605 of user rubyman.
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31330]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312605.
Sep 29 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Failed password for root from 162.144.236.216 port 50632 ssh2
Sep 29 04:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Connection closed by 162.144.236.216 port 50632 [preauth]
Sep 29 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session closed for user root
Sep 29 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Failed password for root from 162.144.236.216 port 58616 ssh2
Sep 29 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31456]: Connection closed by 162.144.236.216 port 58616 [preauth]
Sep 29 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Failed password for root from 162.144.236.216 port 35612 ssh2
Sep 29 04:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31588]: Connection closed by 162.144.236.216 port 35612 [preauth]
Sep 29 04:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Failed password for root from 162.144.236.216 port 40938 ssh2
Sep 29 04:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Connection closed by 162.144.236.216 port 40938 [preauth]
Sep 29 04:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30240]: pam_unix(cron:session): session closed for user root
Sep 29 04:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for root from 162.144.236.216 port 47096 ssh2
Sep 29 04:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Connection closed by 162.144.236.216 port 47096 [preauth]
Sep 29 04:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Failed password for root from 162.144.236.216 port 53676 ssh2
Sep 29 04:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Connection closed by 162.144.236.216 port 53676 [preauth]
Sep 29 04:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31760]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31761]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31761]: pam_unix(cron:session): session closed for user root
Sep 29 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: Successful su for rubyman by root
Sep 29 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: + ??? root:rubyman
Sep 29 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312610 of user rubyman.
Sep 29 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312610.
Sep 29 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session closed for user root
Sep 29 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session closed for user root
Sep 29 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31757]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: Failed password for root from 162.144.236.216 port 58990 ssh2
Sep 29 04:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: Connection closed by 162.144.236.216 port 58990 [preauth]
Sep 29 04:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Failed password for root from 162.144.236.216 port 38616 ssh2
Sep 29 04:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Connection closed by 162.144.236.216 port 38616 [preauth]
Sep 29 04:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30806]: pam_unix(cron:session): session closed for user root
Sep 29 04:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Failed password for root from 162.144.236.216 port 45556 ssh2
Sep 29 04:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Connection closed by 162.144.236.216 port 45556 [preauth]
Sep 29 04:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Failed password for root from 162.144.236.216 port 54388 ssh2
Sep 29 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Connection closed by 162.144.236.216 port 54388 [preauth]
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: Successful su for rubyman by root
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: + ??? root:rubyman
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312613 of user rubyman.
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32306]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312613.
Sep 29 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session closed for user root
Sep 29 04:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Failed password for root from 162.144.236.216 port 60518 ssh2
Sep 29 04:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Connection closed by 162.144.236.216 port 60518 [preauth]
Sep 29 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Failed password for root from 162.144.236.216 port 39270 ssh2
Sep 29 04:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Connection closed by 162.144.236.216 port 39270 [preauth]
Sep 29 04:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session closed for user root
Sep 29 04:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Failed password for root from 162.144.236.216 port 45842 ssh2
Sep 29 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32555]: Connection closed by 162.144.236.216 port 45842 [preauth]
Sep 29 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Failed password for root from 162.144.236.216 port 52670 ssh2
Sep 29 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: Connection closed by 162.144.236.216 port 52670 [preauth]
Sep 29 04:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32754]: Successful su for rubyman by root
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32754]: + ??? root:rubyman
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312618 of user rubyman.
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32754]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312618.
Sep 29 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session closed for user root
Sep 29 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: Failed password for root from 162.144.236.216 port 33094 ssh2
Sep 29 04:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32682]: Connection closed by 162.144.236.216 port 33094 [preauth]
Sep 29 04:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Failed password for root from 162.144.236.216 port 39390 ssh2
Sep 29 04:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Connection closed by 162.144.236.216 port 39390 [preauth]
Sep 29 04:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31760]: pam_unix(cron:session): session closed for user root
Sep 29 04:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Failed password for root from 162.144.236.216 port 47196 ssh2
Sep 29 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Connection closed by 162.144.236.216 port 47196 [preauth]
Sep 29 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: Failed password for root from 162.144.236.216 port 56346 ssh2
Sep 29 04:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: Connection closed by 162.144.236.216 port 56346 [preauth]
Sep 29 04:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[663]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: Successful su for rubyman by root
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: + ??? root:rubyman
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312622 of user rubyman.
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[725]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312622.
Sep 29 04:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session closed for user root
Sep 29 04:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[664]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Failed password for root from 162.144.236.216 port 35154 ssh2
Sep 29 04:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Connection closed by 162.144.236.216 port 35154 [preauth]
Sep 29 04:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for root from 162.144.236.216 port 42290 ssh2
Sep 29 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Connection closed by 162.144.236.216 port 42290 [preauth]
Sep 29 04:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Failed password for root from 162.144.236.216 port 47824 ssh2
Sep 29 04:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32242]: pam_unix(cron:session): session closed for user root
Sep 29 04:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Connection closed by 162.144.236.216 port 47824 [preauth]
Sep 29 04:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Failed password for root from 162.144.236.216 port 55442 ssh2
Sep 29 04:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Connection closed by 162.144.236.216 port 55442 [preauth]
Sep 29 04:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1281]: Successful su for rubyman by root
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1281]: + ??? root:rubyman
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312627 of user rubyman.
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1281]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312627.
Sep 29 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session closed for user root
Sep 29 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for root from 162.144.236.216 port 36552 ssh2
Sep 29 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 162.144.236.216 port 36552 [preauth]
Sep 29 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Failed password for root from 162.144.236.216 port 42822 ssh2
Sep 29 04:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Connection closed by 162.144.236.216 port 42822 [preauth]
Sep 29 04:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: Failed password for root from 162.144.236.216 port 48082 ssh2
Sep 29 04:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: Connection closed by 162.144.236.216 port 48082 [preauth]
Sep 29 04:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user root
Sep 29 04:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Failed password for root from 162.144.236.216 port 54890 ssh2
Sep 29 04:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Connection closed by 162.144.236.216 port 54890 [preauth]
Sep 29 04:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Failed password for root from 162.144.236.216 port 33334 ssh2
Sep 29 04:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Connection closed by 162.144.236.216 port 33334 [preauth]
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user root
Sep 29 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1704]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: Successful su for rubyman by root
Sep 29 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: + ??? root:rubyman
Sep 29 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312629 of user rubyman.
Sep 29 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312629.
Sep 29 04:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session closed for user root
Sep 29 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user root
Sep 29 04:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Failed password for root from 162.144.236.216 port 40984 ssh2
Sep 29 04:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Connection closed by 162.144.236.216 port 40984 [preauth]
Sep 29 04:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: Failed password for root from 162.144.236.216 port 49166 ssh2
Sep 29 04:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2027]: Connection closed by 162.144.236.216 port 49166 [preauth]
Sep 29 04:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Failed password for root from 162.144.236.216 port 55204 ssh2
Sep 29 04:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Connection closed by 162.144.236.216 port 55204 [preauth]
Sep 29 04:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session closed for user root
Sep 29 04:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Failed password for root from 162.144.236.216 port 34680 ssh2
Sep 29 04:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Connection closed by 162.144.236.216 port 34680 [preauth]
Sep 29 04:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Failed password for root from 162.144.236.216 port 42228 ssh2
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2191]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2268]: Successful su for rubyman by root
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2268]: + ??? root:rubyman
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312635 of user rubyman.
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2268]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312635.
Sep 29 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Connection closed by 162.144.236.216 port 42228 [preauth]
Sep 29 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31759]: pam_unix(cron:session): session closed for user root
Sep 29 04:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2192]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Failed password for root from 162.144.236.216 port 47118 ssh2
Sep 29 04:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Connection closed by 162.144.236.216 port 47118 [preauth]
Sep 29 04:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Failed password for root from 162.144.236.216 port 52628 ssh2
Sep 29 04:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Connection closed by 162.144.236.216 port 52628 [preauth]
Sep 29 04:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user root
Sep 29 04:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Failed password for root from 162.144.236.216 port 59100 ssh2
Sep 29 04:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Connection closed by 162.144.236.216 port 59100 [preauth]
Sep 29 04:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Invalid user Admin from 93.152.230.176
Sep 29 04:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: input_userauth_request: invalid user Admin [preauth]
Sep 29 04:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 04:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Failed password for invalid user Admin from 93.152.230.176 port 21232 ssh2
Sep 29 04:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Received disconnect from 93.152.230.176 port 21232:11: Client disconnecting normally [preauth]
Sep 29 04:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Disconnected from 93.152.230.176 port 21232 [preauth]
Sep 29 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: Failed password for root from 162.144.236.216 port 37508 ssh2
Sep 29 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: Connection closed by 162.144.236.216 port 37508 [preauth]
Sep 29 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: Successful su for rubyman by root
Sep 29 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: + ??? root:rubyman
Sep 29 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312639 of user rubyman.
Sep 29 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312639.
Sep 29 04:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for root from 162.144.236.216 port 43694 ssh2
Sep 29 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Connection closed by 162.144.236.216 port 43694 [preauth]
Sep 29 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32241]: pam_unix(cron:session): session closed for user root
Sep 29 04:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Failed password for root from 162.144.236.216 port 47862 ssh2
Sep 29 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Connection closed by 162.144.236.216 port 47862 [preauth]
Sep 29 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for root from 162.144.236.216 port 55398 ssh2
Sep 29 04:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 162.144.236.216 port 55398 [preauth]
Sep 29 04:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Failed password for root from 162.144.236.216 port 59428 ssh2
Sep 29 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Connection closed by 162.144.236.216 port 59428 [preauth]
Sep 29 04:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user root
Sep 29 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Failed password for root from 162.144.236.216 port 36758 ssh2
Sep 29 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Connection closed by 162.144.236.216 port 36758 [preauth]
Sep 29 04:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3140]: Successful su for rubyman by root
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3140]: + ??? root:rubyman
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312643 of user rubyman.
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3140]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312643.
Sep 29 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: Failed password for root from 162.144.236.216 port 43732 ssh2
Sep 29 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3056]: Connection closed by 162.144.236.216 port 43732 [preauth]
Sep 29 04:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user root
Sep 29 04:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Failed password for root from 162.144.236.216 port 52416 ssh2
Sep 29 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Connection closed by 162.144.236.216 port 52416 [preauth]
Sep 29 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Failed password for root from 162.144.236.216 port 57654 ssh2
Sep 29 04:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Connection closed by 162.144.236.216 port 57654 [preauth]
Sep 29 04:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session closed for user root
Sep 29 04:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Failed password for root from 162.144.236.216 port 35620 ssh2
Sep 29 04:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Connection closed by 162.144.236.216 port 35620 [preauth]
Sep 29 04:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for root from 162.144.236.216 port 43442 ssh2
Sep 29 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Connection closed by 162.144.236.216 port 43442 [preauth]
Sep 29 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3517]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: Successful su for rubyman by root
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: + ??? root:rubyman
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312647 of user rubyman.
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312647.
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session closed for user root
Sep 29 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3492]: Failed password for root from 162.144.236.216 port 48460 ssh2
Sep 29 04:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3492]: Connection closed by 162.144.236.216 port 48460 [preauth]
Sep 29 04:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session closed for user root
Sep 29 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Failed password for root from 162.144.236.216 port 54914 ssh2
Sep 29 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Connection closed by 162.144.236.216 port 54914 [preauth]
Sep 29 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Failed password for root from 162.144.236.216 port 33538 ssh2
Sep 29 04:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Connection closed by 162.144.236.216 port 33538 [preauth]
Sep 29 04:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Failed password for root from 162.144.236.216 port 38556 ssh2
Sep 29 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Connection closed by 162.144.236.216 port 38556 [preauth]
Sep 29 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user root
Sep 29 04:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Failed password for root from 162.144.236.216 port 45998 ssh2
Sep 29 04:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Connection closed by 162.144.236.216 port 45998 [preauth]
Sep 29 04:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Failed password for root from 162.144.236.216 port 53576 ssh2
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4055]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4057]: pam_unix(cron:session): session closed for user root
Sep 29 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4052]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Connection closed by 162.144.236.216 port 53576 [preauth]
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: Successful su for rubyman by root
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: + ??? root:rubyman
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312653 of user rubyman.
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4130]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312653.
Sep 29 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session closed for user root
Sep 29 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4054]: pam_unix(cron:session): session closed for user root
Sep 29 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4053]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: Failed password for root from 162.144.236.216 port 58660 ssh2
Sep 29 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: Connection closed by 162.144.236.216 port 58660 [preauth]
Sep 29 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Failed password for root from 162.144.236.216 port 36872 ssh2
Sep 29 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4385]: Connection closed by 162.144.236.216 port 36872 [preauth]
Sep 29 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Bad protocol version identification '\003' from 47.251.166.236 port 49470
Sep 29 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session closed for user root
Sep 29 04:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4416]: Failed password for root from 162.144.236.216 port 44716 ssh2
Sep 29 04:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4416]: Connection closed by 162.144.236.216 port 44716 [preauth]
Sep 29 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4534]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: Successful su for rubyman by root
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: + ??? root:rubyman
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312659 of user rubyman.
Sep 29 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4614]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312659.
Sep 29 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Failed password for root from 162.144.236.216 port 52878 ssh2
Sep 29 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Connection closed by 162.144.236.216 port 52878 [preauth]
Sep 29 04:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
Sep 29 04:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4537]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for root from 162.144.236.216 port 60840 ssh2
Sep 29 04:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Connection closed by 162.144.236.216 port 60840 [preauth]
Sep 29 04:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Failed password for root from 162.144.236.216 port 39212 ssh2
Sep 29 04:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4832]: Connection closed by 162.144.236.216 port 39212 [preauth]
Sep 29 04:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Invalid user admin from 139.19.117.131
Sep 29 04:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: input_userauth_request: invalid user admin [preauth]
Sep 29 04:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3517]: pam_unix(cron:session): session closed for user root
Sep 29 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for root from 162.144.236.216 port 46824 ssh2
Sep 29 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Connection closed by 162.144.236.216 port 46824 [preauth]
Sep 29 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Connection closed by 139.19.117.131 port 53650 [preauth]
Sep 29 04:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: Failed password for root from 162.144.236.216 port 53136 ssh2
Sep 29 04:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4934]: Connection closed by 162.144.236.216 port 53136 [preauth]
Sep 29 04:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5000]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4999]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4997]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5072]: Successful su for rubyman by root
Sep 29 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5072]: + ??? root:rubyman
Sep 29 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312662 of user rubyman.
Sep 29 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5072]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312662.
Sep 29 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2194]: pam_unix(cron:session): session closed for user root
Sep 29 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Failed password for root from 162.144.236.216 port 60488 ssh2
Sep 29 04:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4998]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Connection closed by 162.144.236.216 port 60488 [preauth]
Sep 29 04:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: Failed password for root from 162.144.236.216 port 39752 ssh2
Sep 29 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: Connection closed by 162.144.236.216 port 39752 [preauth]
Sep 29 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4056]: pam_unix(cron:session): session closed for user root
Sep 29 04:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5410]: Failed password for root from 162.144.236.216 port 48082 ssh2
Sep 29 04:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5410]: Connection closed by 162.144.236.216 port 48082 [preauth]
Sep 29 04:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Failed password for root from 162.144.236.216 port 56910 ssh2
Sep 29 04:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Connection closed by 162.144.236.216 port 56910 [preauth]
Sep 29 04:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5542]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: Successful su for rubyman by root
Sep 29 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: + ??? root:rubyman
Sep 29 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312667 of user rubyman.
Sep 29 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5603]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312667.
Sep 29 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user root
Sep 29 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Failed password for root from 162.144.236.216 port 35982 ssh2
Sep 29 04:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Connection closed by 162.144.236.216 port 35982 [preauth]
Sep 29 04:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5538]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5815]: Failed password for root from 162.144.236.216 port 43084 ssh2
Sep 29 04:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5815]: Connection closed by 162.144.236.216 port 43084 [preauth]
Sep 29 04:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: Failed password for root from 162.144.236.216 port 50370 ssh2
Sep 29 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: Connection closed by 162.144.236.216 port 50370 [preauth]
Sep 29 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session closed for user root
Sep 29 04:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Failed password for root from 162.144.236.216 port 58248 ssh2
Sep 29 04:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5908]: Connection closed by 162.144.236.216 port 58248 [preauth]
Sep 29 04:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5993]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: Successful su for rubyman by root
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: + ??? root:rubyman
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312670 of user rubyman.
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312670.
Sep 29 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for root from 162.144.236.216 port 38758 ssh2
Sep 29 04:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session closed for user root
Sep 29 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 162.144.236.216 port 38758 [preauth]
Sep 29 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5994]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Failed password for root from 162.144.236.216 port 43920 ssh2
Sep 29 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Connection closed by 162.144.236.216 port 43920 [preauth]
Sep 29 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Failed password for root from 162.144.236.216 port 50614 ssh2
Sep 29 04:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Connection closed by 162.144.236.216 port 50614 [preauth]
Sep 29 04:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5000]: pam_unix(cron:session): session closed for user root
Sep 29 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Failed password for root from 162.144.236.216 port 60522 ssh2
Sep 29 04:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Connection closed by 162.144.236.216 port 60522 [preauth]
Sep 29 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6433]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session closed for user root
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Failed password for root from 162.144.236.216 port 39126 ssh2
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: Successful su for rubyman by root
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: + ??? root:rubyman
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312674 of user rubyman.
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6505]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312674.
Sep 29 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Connection closed by 162.144.236.216 port 39126 [preauth]
Sep 29 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6431]: pam_unix(cron:session): session closed for user root
Sep 29 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session closed for user root
Sep 29 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6430]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Failed password for root from 162.144.236.216 port 46092 ssh2
Sep 29 04:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Connection closed by 162.144.236.216 port 46092 [preauth]
Sep 29 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for root from 162.144.236.216 port 55912 ssh2
Sep 29 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Connection closed by 162.144.236.216 port 55912 [preauth]
Sep 29 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5543]: pam_unix(cron:session): session closed for user root
Sep 29 04:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: Failed password for root from 162.144.236.216 port 33722 ssh2
Sep 29 04:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6914]: Connection closed by 162.144.236.216 port 33722 [preauth]
Sep 29 04:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Failed password for root from 162.144.236.216 port 42648 ssh2
Sep 29 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7121]: Successful su for rubyman by root
Sep 29 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7121]: + ??? root:rubyman
Sep 29 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312681 of user rubyman.
Sep 29 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7121]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312681.
Sep 29 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Connection closed by 162.144.236.216 port 42648 [preauth]
Sep 29 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4055]: pam_unix(cron:session): session closed for user root
Sep 29 04:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Failed password for root from 162.144.236.216 port 49800 ssh2
Sep 29 04:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Connection closed by 162.144.236.216 port 49800 [preauth]
Sep 29 04:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Invalid user admin from 80.94.95.112
Sep 29 04:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: input_userauth_request: invalid user admin [preauth]
Sep 29 04:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 04:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Failed password for root from 162.144.236.216 port 56206 ssh2
Sep 29 04:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user admin from 80.94.95.112 port 60331 ssh2
Sep 29 04:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Connection closed by 162.144.236.216 port 56206 [preauth]
Sep 29 04:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user admin from 80.94.95.112 port 60331 ssh2
Sep 29 04:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user admin from 80.94.95.112 port 60331 ssh2
Sep 29 04:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user admin from 80.94.95.112 port 60331 ssh2
Sep 29 04:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Failed password for invalid user admin from 80.94.95.112 port 60331 ssh2
Sep 29 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Received disconnect from 80.94.95.112 port 60331:11: Bye [preauth]
Sep 29 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: Disconnected from 80.94.95.112 port 60331 [preauth]
Sep 29 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7416]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
Sep 29 04:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: Failed password for root from 162.144.236.216 port 35762 ssh2
Sep 29 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: Connection closed by 162.144.236.216 port 35762 [preauth]
Sep 29 04:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for root from 162.144.236.216 port 43276 ssh2
Sep 29 04:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Connection closed by 162.144.236.216 port 43276 [preauth]
Sep 29 04:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: Successful su for rubyman by root
Sep 29 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: + ??? root:rubyman
Sep 29 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312685 of user rubyman.
Sep 29 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312685.
Sep 29 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4538]: pam_unix(cron:session): session closed for user root
Sep 29 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: Failed password for root from 162.144.236.216 port 50162 ssh2
Sep 29 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7553]: Connection closed by 162.144.236.216 port 50162 [preauth]
Sep 29 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: Failed password for root from 162.144.236.216 port 56732 ssh2
Sep 29 04:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: Connection closed by 162.144.236.216 port 56732 [preauth]
Sep 29 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: Received disconnect from 62.60.131.157 port 62941:11: Bye [preauth]
Sep 29 04:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7905]: Disconnected from 62.60.131.157 port 62941 [preauth]
Sep 29 04:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: Failed password for root from 162.144.236.216 port 34560 ssh2
Sep 29 04:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7902]: Connection closed by 162.144.236.216 port 34560 [preauth]
Sep 29 04:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6433]: pam_unix(cron:session): session closed for user root
Sep 29 04:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Failed password for root from 162.144.236.216 port 42134 ssh2
Sep 29 04:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Connection closed by 162.144.236.216 port 42134 [preauth]
Sep 29 04:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Failed password for root from 162.144.236.216 port 48634 ssh2
Sep 29 04:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7975]: Connection closed by 162.144.236.216 port 48634 [preauth]
Sep 29 04:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8062]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8057]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8149]: Successful su for rubyman by root
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8149]: + ??? root:rubyman
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312688 of user rubyman.
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8149]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312688.
Sep 29 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Failed password for root from 20.163.71.109 port 37208 ssh2
Sep 29 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Connection closed by 20.163.71.109 port 37208 [preauth]
Sep 29 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4999]: pam_unix(cron:session): session closed for user root
Sep 29 04:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8059]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Failed password for root from 162.144.236.216 port 55236 ssh2
Sep 29 04:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Connection closed by 162.144.236.216 port 55236 [preauth]
Sep 29 04:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for root from 162.144.236.216 port 35174 ssh2
Sep 29 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Connection closed by 162.144.236.216 port 35174 [preauth]
Sep 29 04:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session closed for user root
Sep 29 04:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for root from 162.144.236.216 port 42132 ssh2
Sep 29 04:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 162.144.236.216 port 42132 [preauth]
Sep 29 04:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: Failed password for root from 162.144.236.216 port 52624 ssh2
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: Connection closed by 162.144.236.216 port 52624 [preauth]
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: Successful su for rubyman by root
Sep 29 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: + ??? root:rubyman
Sep 29 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312692 of user rubyman.
Sep 29 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312692.
Sep 29 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5542]: pam_unix(cron:session): session closed for user root
Sep 29 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Failed password for root from 162.144.236.216 port 58608 ssh2
Sep 29 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8540]: Connection closed by 162.144.236.216 port 58608 [preauth]
Sep 29 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Failed password for root from 162.144.236.216 port 35090 ssh2
Sep 29 04:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Connection closed by 162.144.236.216 port 35090 [preauth]
Sep 29 04:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Failed password for root from 162.144.236.216 port 39076 ssh2
Sep 29 04:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Connection closed by 162.144.236.216 port 39076 [preauth]
Sep 29 04:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Failed password for root from 162.144.236.216 port 46416 ssh2
Sep 29 04:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7572]: pam_unix(cron:session): session closed for user root
Sep 29 04:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Connection closed by 162.144.236.216 port 46416 [preauth]
Sep 29 04:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9046]: Did not receive identification string from 90.15.121.102
Sep 29 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Failed password for root from 162.144.236.216 port 52962 ssh2
Sep 29 04:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Connection closed by 162.144.236.216 port 52962 [preauth]
Sep 29 04:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session closed for user root
Sep 29 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: Successful su for rubyman by root
Sep 29 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: + ??? root:rubyman
Sep 29 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312698 of user rubyman.
Sep 29 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312698.
Sep 29 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session closed for user root
Sep 29 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5995]: pam_unix(cron:session): session closed for user root
Sep 29 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for root from 162.144.236.216 port 59780 ssh2
Sep 29 04:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Connection closed by 162.144.236.216 port 59780 [preauth]
Sep 29 04:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: Failed password for root from 162.144.236.216 port 39960 ssh2
Sep 29 04:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: Connection closed by 162.144.236.216 port 39960 [preauth]
Sep 29 04:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Failed password for root from 162.144.236.216 port 47448 ssh2
Sep 29 04:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9565]: Connection closed by 162.144.236.216 port 47448 [preauth]
Sep 29 04:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for root from 162.144.236.216 port 53602 ssh2
Sep 29 04:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8063]: pam_unix(cron:session): session closed for user root
Sep 29 04:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Connection closed by 162.144.236.216 port 53602 [preauth]
Sep 29 04:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Failed password for root from 162.144.236.216 port 58920 ssh2
Sep 29 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Connection closed by 162.144.236.216 port 58920 [preauth]
Sep 29 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9820]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: Successful su for rubyman by root
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: + ??? root:rubyman
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312704 of user rubyman.
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312704.
Sep 29 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: Failed password for root from 162.144.236.216 port 38634 ssh2
Sep 29 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6432]: pam_unix(cron:session): session closed for user root
Sep 29 04:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: Connection closed by 162.144.236.216 port 38634 [preauth]
Sep 29 04:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Failed password for root from 162.144.236.216 port 45200 ssh2
Sep 29 04:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Connection closed by 162.144.236.216 port 45200 [preauth]
Sep 29 04:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Failed password for root from 162.144.236.216 port 52694 ssh2
Sep 29 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Connection closed by 162.144.236.216 port 52694 [preauth]
Sep 29 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8546]: pam_unix(cron:session): session closed for user root
Sep 29 04:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Failed password for root from 162.144.236.216 port 59848 ssh2
Sep 29 04:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10214]: Connection closed by 162.144.236.216 port 59848 [preauth]
Sep 29 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10293]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10370]: Successful su for rubyman by root
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10370]: + ??? root:rubyman
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312707 of user rubyman.
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10370]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312707.
Sep 29 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Failed password for root from 162.144.236.216 port 40354 ssh2
Sep 29 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Connection closed by 162.144.236.216 port 40354 [preauth]
Sep 29 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session closed for user root
Sep 29 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10294]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10558]: Failed password for root from 162.144.236.216 port 48160 ssh2
Sep 29 04:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10558]: Connection closed by 162.144.236.216 port 48160 [preauth]
Sep 29 04:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Failed password for root from 162.144.236.216 port 55418 ssh2
Sep 29 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Connection closed by 162.144.236.216 port 55418 [preauth]
Sep 29 04:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Failed password for root from 162.144.236.216 port 35124 ssh2
Sep 29 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Connection closed by 162.144.236.216 port 35124 [preauth]
Sep 29 04:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session closed for user root
Sep 29 04:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: Failed password for root from 162.144.236.216 port 41248 ssh2
Sep 29 04:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10666]: Connection closed by 162.144.236.216 port 41248 [preauth]
Sep 29 04:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Failed password for root from 162.144.236.216 port 48010 ssh2
Sep 29 04:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Connection closed by 162.144.236.216 port 48010 [preauth]
Sep 29 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10761]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: Successful su for rubyman by root
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: + ??? root:rubyman
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312711 of user rubyman.
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312711.
Sep 29 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7571]: pam_unix(cron:session): session closed for user root
Sep 29 04:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Failed password for root from 162.144.236.216 port 55574 ssh2
Sep 29 04:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Connection closed by 162.144.236.216 port 55574 [preauth]
Sep 29 04:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Did not receive identification string from 162.144.236.216
Sep 29 04:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
Sep 29 04:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11067]: Failed password for root from 162.144.236.216 port 39812 ssh2
Sep 29 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11067]: Connection closed by 162.144.236.216 port 39812 [preauth]
Sep 29 04:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11180]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: Successful su for rubyman by root
Sep 29 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: + ??? root:rubyman
Sep 29 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312714 of user rubyman.
Sep 29 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11249]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312714.
Sep 29 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8062]: pam_unix(cron:session): session closed for user root
Sep 29 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Failed password for root from 162.144.236.216 port 47654 ssh2
Sep 29 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Connection closed by 162.144.236.216 port 47654 [preauth]
Sep 29 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Failed password for root from 162.144.236.216 port 33314 ssh2
Sep 29 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Connection closed by 162.144.236.216 port 33314 [preauth]
Sep 29 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10296]: pam_unix(cron:session): session closed for user root
Sep 29 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Failed password for root from 162.144.236.216 port 40206 ssh2
Sep 29 04:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Connection closed by 162.144.236.216 port 40206 [preauth]
Sep 29 04:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session closed for user root
Sep 29 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11611]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11786]: Successful su for rubyman by root
Sep 29 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11786]: + ??? root:rubyman
Sep 29 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312718 of user rubyman.
Sep 29 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11786]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312718.
Sep 29 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: Failed password for root from 162.144.236.216 port 49572 ssh2
Sep 29 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11599]: Connection closed by 162.144.236.216 port 49572 [preauth]
Sep 29 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session closed for user root
Sep 29 04:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8545]: pam_unix(cron:session): session closed for user root
Sep 29 04:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11613]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: Failed password for root from 162.144.236.216 port 56200 ssh2
Sep 29 04:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: Connection closed by 162.144.236.216 port 56200 [preauth]
Sep 29 04:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: Failed password for root from 162.144.236.216 port 34692 ssh2
Sep 29 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12027]: Connection closed by 162.144.236.216 port 34692 [preauth]
Sep 29 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10761]: pam_unix(cron:session): session closed for user root
Sep 29 04:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: Failed password for root from 162.144.236.216 port 42118 ssh2
Sep 29 04:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12081]: Connection closed by 162.144.236.216 port 42118 [preauth]
Sep 29 04:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Failed password for root from 162.144.236.216 port 50788 ssh2
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: Successful su for rubyman by root
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: + ??? root:rubyman
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312727 of user rubyman.
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312727.
Sep 29 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Connection closed by 162.144.236.216 port 50788 [preauth]
Sep 29 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9116]: pam_unix(cron:session): session closed for user root
Sep 29 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: Failed password for root from 164.68.105.9 port 56148 ssh2
Sep 29 04:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: Connection closed by 164.68.105.9 port 56148 [preauth]
Sep 29 04:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Did not receive identification string from 164.68.105.9
Sep 29 04:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Failed password for root from 162.144.236.216 port 58334 ssh2
Sep 29 04:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Connection closed by 162.144.236.216 port 58334 [preauth]
Sep 29 04:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Failed password for root from 162.144.236.216 port 35714 ssh2
Sep 29 04:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12481]: Connection closed by 162.144.236.216 port 35714 [preauth]
Sep 29 04:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session closed for user root
Sep 29 04:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Failed password for root from 162.144.236.216 port 42100 ssh2
Sep 29 04:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Connection closed by 162.144.236.216 port 42100 [preauth]
Sep 29 04:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for root from 162.144.236.216 port 49542 ssh2
Sep 29 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 162.144.236.216 port 49542 [preauth]
Sep 29 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12721]: Successful su for rubyman by root
Sep 29 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12721]: + ??? root:rubyman
Sep 29 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312729 of user rubyman.
Sep 29 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12721]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312729.
Sep 29 04:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user root
Sep 29 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Failed password for root from 162.144.236.216 port 57422 ssh2
Sep 29 04:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Connection closed by 162.144.236.216 port 57422 [preauth]
Sep 29 04:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12942]: Failed password for root from 162.144.236.216 port 36814 ssh2
Sep 29 04:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12942]: Connection closed by 162.144.236.216 port 36814 [preauth]
Sep 29 04:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Failed password for root from 162.144.236.216 port 43950 ssh2
Sep 29 04:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session closed for user root
Sep 29 04:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Connection closed by 162.144.236.216 port 43950 [preauth]
Sep 29 04:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Failed password for root from 162.144.236.216 port 51532 ssh2
Sep 29 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Connection closed by 162.144.236.216 port 51532 [preauth]
Sep 29 04:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13108]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: Successful su for rubyman by root
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: + ??? root:rubyman
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312733 of user rubyman.
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312733.
Sep 29 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10295]: pam_unix(cron:session): session closed for user root
Sep 29 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13109]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for root from 162.144.236.216 port 58508 ssh2
Sep 29 04:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 162.144.236.216 port 58508 [preauth]
Sep 29 04:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: Failed password for root from 162.144.236.216 port 38356 ssh2
Sep 29 04:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: Connection closed by 162.144.236.216 port 38356 [preauth]
Sep 29 04:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Failed password for root from 162.144.236.216 port 46236 ssh2
Sep 29 04:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user root
Sep 29 04:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Connection closed by 162.144.236.216 port 46236 [preauth]
Sep 29 04:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Failed password for root from 162.144.236.216 port 52408 ssh2
Sep 29 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13494]: Connection closed by 162.144.236.216 port 52408 [preauth]
Sep 29 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user p13x
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13613]: Successful su for rubyman by root
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13613]: + ??? root:rubyman
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312736 of user rubyman.
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13613]: pam_unix(su:session): session closed for user rubyman
Sep 29 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312736.
Sep 29 04:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Failed password for root from 162.144.236.216 port 59480 ssh2
Sep 29 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session closed for user root
Sep 29 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Connection closed by 162.144.236.216 port 59480 [preauth]
Sep 29 04:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user samftp
Sep 29 04:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: Failed password for root from 162.144.236.216 port 38256 ssh2
Sep 29 04:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: Connection closed by 162.144.236.216 port 38256 [preauth]
Sep 29 04:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13853]: Failed password for root from 162.144.236.216 port 45244 ssh2
Sep 29 04:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13853]: Connection closed by 162.144.236.216 port 45244 [preauth]
Sep 29 04:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session closed for user root
Sep 29 04:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 04:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Failed password for root from 162.144.236.216 port 52004 ssh2
Sep 29 04:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Connection closed by 162.144.236.216 port 52004 [preauth]
Sep 29 04:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 04:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Failed password for root from 162.144.236.216 port 58754 ssh2
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13987]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13987]: pam_unix(cron:session): session closed for user root
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session closed for user root
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13981]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Connection closed by 162.144.236.216 port 58754 [preauth]
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14184]: Successful su for rubyman by root
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14184]: + ??? root:rubyman
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312746 of user rubyman.
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14184]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312746.
Sep 29 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11182]: pam_unix(cron:session): session closed for user root
Sep 29 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13984]: pam_unix(cron:session): session closed for user root
Sep 29 05:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13982]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14175]: Failed password for root from 162.144.236.216 port 37664 ssh2
Sep 29 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14175]: Connection closed by 162.144.236.216 port 37664 [preauth]
Sep 29 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Failed password for root from 162.144.236.216 port 44370 ssh2
Sep 29 05:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Connection closed by 162.144.236.216 port 44370 [preauth]
Sep 29 05:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13112]: pam_unix(cron:session): session closed for user root
Sep 29 05:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Failed password for root from 162.144.236.216 port 51114 ssh2
Sep 29 05:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Connection closed by 162.144.236.216 port 51114 [preauth]
Sep 29 05:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for root from 162.144.236.216 port 60982 ssh2
Sep 29 05:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 162.144.236.216 port 60982 [preauth]
Sep 29 05:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14602]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14671]: Successful su for rubyman by root
Sep 29 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14671]: + ??? root:rubyman
Sep 29 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312748 of user rubyman.
Sep 29 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14671]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312748.
Sep 29 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Failed password for root from 162.144.236.216 port 37892 ssh2
Sep 29 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user root
Sep 29 05:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Connection closed by 162.144.236.216 port 37892 [preauth]
Sep 29 05:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Failed password for root from 162.144.236.216 port 43348 ssh2
Sep 29 05:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Connection closed by 162.144.236.216 port 43348 [preauth]
Sep 29 05:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Failed password for root from 162.144.236.216 port 48846 ssh2
Sep 29 05:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Connection closed by 162.144.236.216 port 48846 [preauth]
Sep 29 05:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
Sep 29 05:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: Failed password for root from 162.144.236.216 port 55452 ssh2
Sep 29 05:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14913]: Connection closed by 162.144.236.216 port 55452 [preauth]
Sep 29 05:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Failed password for root from 162.144.236.216 port 35872 ssh2
Sep 29 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14981]: Connection closed by 162.144.236.216 port 35872 [preauth]
Sep 29 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: Successful su for rubyman by root
Sep 29 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: + ??? root:rubyman
Sep 29 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312752 of user rubyman.
Sep 29 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312752.
Sep 29 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12186]: pam_unix(cron:session): session closed for user root
Sep 29 05:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15027]: Failed password for root from 162.144.236.216 port 42060 ssh2
Sep 29 05:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15027]: Connection closed by 162.144.236.216 port 42060 [preauth]
Sep 29 05:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for root from 162.144.236.216 port 49774 ssh2
Sep 29 05:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Connection closed by 162.144.236.216 port 49774 [preauth]
Sep 29 05:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: Failed password for root from 162.144.236.216 port 56784 ssh2
Sep 29 05:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13986]: pam_unix(cron:session): session closed for user root
Sep 29 05:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15346]: Connection closed by 162.144.236.216 port 56784 [preauth]
Sep 29 05:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Connection closed by 175.136.140.151 port 63677 [preauth]
Sep 29 05:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Failed password for root from 162.144.236.216 port 34956 ssh2
Sep 29 05:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Connection closed by 162.144.236.216 port 34956 [preauth]
Sep 29 05:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Failed password for root from 162.144.236.216 port 42084 ssh2
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15472]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15528]: Successful su for rubyman by root
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15528]: + ??? root:rubyman
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312755 of user rubyman.
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15528]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312755.
Sep 29 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Connection closed by 162.144.236.216 port 42084 [preauth]
Sep 29 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Invalid user admin from 78.128.112.74
Sep 29 05:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: input_userauth_request: invalid user admin [preauth]
Sep 29 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user root
Sep 29 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Failed password for invalid user admin from 78.128.112.74 port 38832 ssh2
Sep 29 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Connection closed by 78.128.112.74 port 38832 [preauth]
Sep 29 05:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Failed password for root from 162.144.236.216 port 45514 ssh2
Sep 29 05:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Connection closed by 162.144.236.216 port 45514 [preauth]
Sep 29 05:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Failed password for root from 162.144.236.216 port 52486 ssh2
Sep 29 05:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Connection closed by 162.144.236.216 port 52486 [preauth]
Sep 29 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user root
Sep 29 05:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: Failed password for root from 162.144.236.216 port 58344 ssh2
Sep 29 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15769]: Connection closed by 162.144.236.216 port 58344 [preauth]
Sep 29 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Failed password for root from 162.144.236.216 port 38532 ssh2
Sep 29 05:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Connection closed by 162.144.236.216 port 38532 [preauth]
Sep 29 05:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15961]: Successful su for rubyman by root
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15961]: + ??? root:rubyman
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312760 of user rubyman.
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15961]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312760.
Sep 29 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13110]: pam_unix(cron:session): session closed for user root
Sep 29 05:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Failed password for root from 162.144.236.216 port 45900 ssh2
Sep 29 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Connection closed by 162.144.236.216 port 45900 [preauth]
Sep 29 05:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Failed password for root from 162.144.236.216 port 52042 ssh2
Sep 29 05:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Connection closed by 162.144.236.216 port 52042 [preauth]
Sep 29 05:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Failed password for root from 162.144.236.216 port 59790 ssh2
Sep 29 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Connection closed by 162.144.236.216 port 59790 [preauth]
Sep 29 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session closed for user root
Sep 29 05:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Failed password for root from 162.144.236.216 port 36678 ssh2
Sep 29 05:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Connection closed by 162.144.236.216 port 36678 [preauth]
Sep 29 05:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session closed for user root
Sep 29 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16410]: Successful su for rubyman by root
Sep 29 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16410]: + ??? root:rubyman
Sep 29 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312768 of user rubyman.
Sep 29 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16410]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312768.
Sep 29 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16310]: Failed password for root from 162.144.236.216 port 44192 ssh2
Sep 29 05:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16310]: Connection closed by 162.144.236.216 port 44192 [preauth]
Sep 29 05:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session closed for user root
Sep 29 05:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session closed for user root
Sep 29 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Failed password for root from 162.144.236.216 port 52118 ssh2
Sep 29 05:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Connection closed by 162.144.236.216 port 52118 [preauth]
Sep 29 05:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Failed password for root from 162.144.236.216 port 57724 ssh2
Sep 29 05:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Connection closed by 162.144.236.216 port 57724 [preauth]
Sep 29 05:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15472]: pam_unix(cron:session): session closed for user root
Sep 29 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Failed password for root from 162.144.236.216 port 36656 ssh2
Sep 29 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Connection closed by 162.144.236.216 port 36656 [preauth]
Sep 29 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for root from 162.144.236.216 port 42622 ssh2
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Connection closed by 162.144.236.216 port 42622 [preauth]
Sep 29 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: Successful su for rubyman by root
Sep 29 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: + ??? root:rubyman
Sep 29 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312769 of user rubyman.
Sep 29 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16898]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312769.
Sep 29 05:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session closed for user root
Sep 29 05:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16886]: Failed password for root from 162.144.236.216 port 53580 ssh2
Sep 29 05:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16886]: Connection closed by 162.144.236.216 port 53580 [preauth]
Sep 29 05:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Failed password for root from 162.144.236.216 port 33740 ssh2
Sep 29 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Connection closed by 162.144.236.216 port 33740 [preauth]
Sep 29 05:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Failed password for root from 162.144.236.216 port 41282 ssh2
Sep 29 05:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session closed for user root
Sep 29 05:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Connection closed by 162.144.236.216 port 41282 [preauth]
Sep 29 05:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Failed password for root from 162.144.236.216 port 47686 ssh2
Sep 29 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Connection closed by 162.144.236.216 port 47686 [preauth]
Sep 29 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17284]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17353]: Successful su for rubyman by root
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17353]: + ??? root:rubyman
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312773 of user rubyman.
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17353]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312773.
Sep 29 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Failed password for root from 162.144.236.216 port 54472 ssh2
Sep 29 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Connection closed by 162.144.236.216 port 54472 [preauth]
Sep 29 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user root
Sep 29 05:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17285]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Failed password for root from 162.144.236.216 port 60478 ssh2
Sep 29 05:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Connection closed by 162.144.236.216 port 60478 [preauth]
Sep 29 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Failed password for root from 162.144.236.216 port 39008 ssh2
Sep 29 05:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Connection closed by 162.144.236.216 port 39008 [preauth]
Sep 29 05:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Connection closed by 175.136.140.151 port 63703 [preauth]
Sep 29 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Failed password for root from 162.144.236.216 port 43548 ssh2
Sep 29 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17591]: Connection closed by 162.144.236.216 port 43548 [preauth]
Sep 29 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session closed for user root
Sep 29 05:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Failed password for root from 162.144.236.216 port 49580 ssh2
Sep 29 05:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17636]: Connection closed by 162.144.236.216 port 49580 [preauth]
Sep 29 05:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17768]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17761]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17887]: Successful su for rubyman by root
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17887]: + ??? root:rubyman
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312778 of user rubyman.
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17887]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312778.
Sep 29 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Failed password for root from 162.144.236.216 port 56320 ssh2
Sep 29 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Connection closed by 162.144.236.216 port 56320 [preauth]
Sep 29 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15040]: pam_unix(cron:session): session closed for user root
Sep 29 05:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for root from 162.144.236.216 port 33774 ssh2
Sep 29 05:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Connection closed by 162.144.236.216 port 33774 [preauth]
Sep 29 05:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Failed password for root from 162.144.236.216 port 41448 ssh2
Sep 29 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Connection closed by 162.144.236.216 port 41448 [preauth]
Sep 29 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Failed password for root from 162.144.236.216 port 48676 ssh2
Sep 29 05:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Connection closed by 162.144.236.216 port 48676 [preauth]
Sep 29 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session closed for user root
Sep 29 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Connection closed by 172.235.40.131 port 53840 [preauth]
Sep 29 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: Connection closed by 172.235.40.131 port 53842 [preauth]
Sep 29 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18459]: fatal: Unable to negotiate with 172.235.40.131 port 53856: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Sep 29 05:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: Failed password for root from 162.144.236.216 port 55378 ssh2
Sep 29 05:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: Connection closed by 162.144.236.216 port 55378 [preauth]
Sep 29 05:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: Invalid user admin from 93.152.230.176
Sep 29 05:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: input_userauth_request: invalid user admin [preauth]
Sep 29 05:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 05:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: Failed password for invalid user admin from 93.152.230.176 port 14688 ssh2
Sep 29 05:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: Received disconnect from 93.152.230.176 port 14688:11: Client disconnecting normally [preauth]
Sep 29 05:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: Disconnected from 93.152.230.176 port 14688 [preauth]
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18528]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18532]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18708]: Successful su for rubyman by root
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18708]: + ??? root:rubyman
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312781 of user rubyman.
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18708]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312781.
Sep 29 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18528]: pam_unix(cron:session): session closed for user root
Sep 29 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: Failed password for root from 162.144.236.216 port 34170 ssh2
Sep 29 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session closed for user root
Sep 29 05:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18504]: Connection closed by 162.144.236.216 port 34170 [preauth]
Sep 29 05:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Invalid user user from 80.94.95.112
Sep 29 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: input_userauth_request: invalid user user [preauth]
Sep 29 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 05:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user user from 80.94.95.112 port 63406 ssh2
Sep 29 05:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user user from 80.94.95.112 port 63406 ssh2
Sep 29 05:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Failed password for root from 162.144.236.216 port 41476 ssh2
Sep 29 05:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user user from 80.94.95.112 port 63406 ssh2
Sep 29 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18920]: Connection closed by 162.144.236.216 port 41476 [preauth]
Sep 29 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user user from 80.94.95.112 port 63406 ssh2
Sep 29 05:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user user from 80.94.95.112 port 63406 ssh2
Sep 29 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Received disconnect from 80.94.95.112 port 63406:11: Bye [preauth]
Sep 29 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Disconnected from 80.94.95.112 port 63406 [preauth]
Sep 29 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 05:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: Invalid user pzuser from 12.89.72.118
Sep 29 05:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: input_userauth_request: invalid user pzuser [preauth]
Sep 29 05:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: Failed password for invalid user pzuser from 12.89.72.118 port 41700 ssh2
Sep 29 05:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: Received disconnect from 12.89.72.118 port 41700:11: Bye Bye [preauth]
Sep 29 05:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19010]: Disconnected from 12.89.72.118 port 41700 [preauth]
Sep 29 05:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17289]: pam_unix(cron:session): session closed for user root
Sep 29 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Failed password for root from 162.144.236.216 port 48944 ssh2
Sep 29 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Connection closed by 162.144.236.216 port 48944 [preauth]
Sep 29 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Failed password for root from 162.144.236.216 port 58064 ssh2
Sep 29 05:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Connection closed by 162.144.236.216 port 58064 [preauth]
Sep 29 05:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19141]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19141]: pam_unix(cron:session): session closed for user root
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19135]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Failed password for root from 162.144.236.216 port 36858 ssh2
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: Successful su for rubyman by root
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: + ??? root:rubyman
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312786 of user rubyman.
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19220]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312786.
Sep 29 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19113]: Connection closed by 162.144.236.216 port 36858 [preauth]
Sep 29 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19137]: pam_unix(cron:session): session closed for user root
Sep 29 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session closed for user root
Sep 29 05:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19136]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Failed password for root from 162.144.236.216 port 44014 ssh2
Sep 29 05:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19430]: Connection closed by 162.144.236.216 port 44014 [preauth]
Sep 29 05:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Failed password for root from 162.144.236.216 port 50548 ssh2
Sep 29 05:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Connection closed by 162.144.236.216 port 50548 [preauth]
Sep 29 05:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17769]: pam_unix(cron:session): session closed for user root
Sep 29 05:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Failed password for root from 162.144.236.216 port 58352 ssh2
Sep 29 05:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Connection closed by 162.144.236.216 port 58352 [preauth]
Sep 29 05:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Invalid user user from 62.60.131.157
Sep 29 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: input_userauth_request: invalid user user [preauth]
Sep 29 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for invalid user user from 62.60.131.157 port 51017 ssh2
Sep 29 05:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for invalid user user from 62.60.131.157 port 51017 ssh2
Sep 29 05:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for invalid user user from 62.60.131.157 port 51017 ssh2
Sep 29 05:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for invalid user user from 62.60.131.157 port 51017 ssh2
Sep 29 05:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Failed password for root from 162.144.236.216 port 35874 ssh2
Sep 29 05:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Connection closed by 162.144.236.216 port 35874 [preauth]
Sep 29 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for invalid user user from 62.60.131.157 port 51017 ssh2
Sep 29 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Received disconnect from 62.60.131.157 port 51017:11: Bye [preauth]
Sep 29 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Disconnected from 62.60.131.157 port 51017 [preauth]
Sep 29 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20003]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20091]: Successful su for rubyman by root
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20091]: + ??? root:rubyman
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312793 of user rubyman.
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20091]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312793.
Sep 29 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Failed password for root from 162.144.236.216 port 42904 ssh2
Sep 29 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19987]: Connection closed by 162.144.236.216 port 42904 [preauth]
Sep 29 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session closed for user root
Sep 29 05:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20004]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: Failed password for root from 162.144.236.216 port 49166 ssh2
Sep 29 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: Connection closed by 162.144.236.216 port 49166 [preauth]
Sep 29 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Invalid user tangwei from 138.68.58.124
Sep 29 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: input_userauth_request: invalid user tangwei [preauth]
Sep 29 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 05:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Failed password for invalid user tangwei from 138.68.58.124 port 39452 ssh2
Sep 29 05:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Connection closed by 138.68.58.124 port 39452 [preauth]
Sep 29 05:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20335]: Failed password for root from 162.144.236.216 port 56346 ssh2
Sep 29 05:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20335]: Connection closed by 162.144.236.216 port 56346 [preauth]
Sep 29 05:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session closed for user root
Sep 29 05:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Failed password for root from 162.144.236.216 port 36004 ssh2
Sep 29 05:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Connection closed by 162.144.236.216 port 36004 [preauth]
Sep 29 05:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: Successful su for rubyman by root
Sep 29 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: + ??? root:rubyman
Sep 29 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312798 of user rubyman.
Sep 29 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20570]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312798.
Sep 29 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Failed password for root from 162.144.236.216 port 46384 ssh2
Sep 29 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Connection closed by 162.144.236.216 port 46384 [preauth]
Sep 29 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session closed for user root
Sep 29 05:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20505]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: Failed password for root from 162.144.236.216 port 53402 ssh2
Sep 29 05:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20656]: Connection closed by 162.144.236.216 port 53402 [preauth]
Sep 29 05:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: Failed password for root from 162.144.236.216 port 59284 ssh2
Sep 29 05:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20798]: Connection closed by 162.144.236.216 port 59284 [preauth]
Sep 29 05:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Failed password for root from 162.144.236.216 port 38186 ssh2
Sep 29 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Connection closed by 162.144.236.216 port 38186 [preauth]
Sep 29 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session closed for user root
Sep 29 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: Failed password for root from 162.144.236.216 port 44754 ssh2
Sep 29 05:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: Connection closed by 162.144.236.216 port 44754 [preauth]
Sep 29 05:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Failed password for root from 162.144.236.216 port 50964 ssh2
Sep 29 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: Successful su for rubyman by root
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: + ??? root:rubyman
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312802 of user rubyman.
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312802.
Sep 29 05:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Connection closed by 162.144.236.216 port 50964 [preauth]
Sep 29 05:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17286]: pam_unix(cron:session): session closed for user root
Sep 29 05:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20959]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Failed password for root from 162.144.236.216 port 58500 ssh2
Sep 29 05:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Connection closed by 162.144.236.216 port 58500 [preauth]
Sep 29 05:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Failed password for root from 162.144.236.216 port 37196 ssh2
Sep 29 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Connection closed by 162.144.236.216 port 37196 [preauth]
Sep 29 05:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: Failed password for root from 162.144.236.216 port 42980 ssh2
Sep 29 05:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session closed for user root
Sep 29 05:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: Connection closed by 162.144.236.216 port 42980 [preauth]
Sep 29 05:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Failed password for root from 162.144.236.216 port 51468 ssh2
Sep 29 05:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Connection closed by 162.144.236.216 port 51468 [preauth]
Sep 29 05:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: Failed password for root from 162.144.236.216 port 58016 ssh2
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21399]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: Successful su for rubyman by root
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: + ??? root:rubyman
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312805 of user rubyman.
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21470]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312805.
Sep 29 05:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21375]: Connection closed by 162.144.236.216 port 58016 [preauth]
Sep 29 05:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17768]: pam_unix(cron:session): session closed for user root
Sep 29 05:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: Failed password for root from 162.144.236.216 port 36996 ssh2
Sep 29 05:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21573]: Connection closed by 162.144.236.216 port 36996 [preauth]
Sep 29 05:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Failed password for root from 162.144.236.216 port 44542 ssh2
Sep 29 05:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Connection closed by 162.144.236.216 port 44542 [preauth]
Sep 29 05:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20508]: pam_unix(cron:session): session closed for user root
Sep 29 05:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: Failed password for root from 162.144.236.216 port 51808 ssh2
Sep 29 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21728]: Connection closed by 162.144.236.216 port 51808 [preauth]
Sep 29 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Connection closed by 12.89.72.118 port 54354 [preauth]
Sep 29 05:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: Failed password for root from 162.144.236.216 port 58224 ssh2
Sep 29 05:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: Connection closed by 162.144.236.216 port 58224 [preauth]
Sep 29 05:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21857]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21857]: pam_unix(cron:session): session closed for user root
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21927]: Successful su for rubyman by root
Sep 29 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21927]: + ??? root:rubyman
Sep 29 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312808 of user rubyman.
Sep 29 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21927]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312808.
Sep 29 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session closed for user root
Sep 29 05:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session closed for user root
Sep 29 05:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: Failed password for root from 162.144.236.216 port 37752 ssh2
Sep 29 05:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: Connection closed by 162.144.236.216 port 37752 [preauth]
Sep 29 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for root from 162.144.236.216 port 45652 ssh2
Sep 29 05:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Connection closed by 162.144.236.216 port 45652 [preauth]
Sep 29 05:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: Failed password for root from 162.144.236.216 port 51696 ssh2
Sep 29 05:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20961]: pam_unix(cron:session): session closed for user root
Sep 29 05:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22197]: Connection closed by 162.144.236.216 port 51696 [preauth]
Sep 29 05:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Failed password for root from 162.144.236.216 port 60530 ssh2
Sep 29 05:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Connection closed by 162.144.236.216 port 60530 [preauth]
Sep 29 05:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22340]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22341]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Failed password for root from 162.144.236.216 port 39142 ssh2
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: Successful su for rubyman by root
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: + ??? root:rubyman
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312815 of user rubyman.
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312815.
Sep 29 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Connection closed by 162.144.236.216 port 39142 [preauth]
Sep 29 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session closed for user root
Sep 29 05:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22339]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22487]: Failed password for root from 162.144.236.216 port 45302 ssh2
Sep 29 05:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22487]: Connection closed by 162.144.236.216 port 45302 [preauth]
Sep 29 05:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for root from 162.144.236.216 port 52820 ssh2
Sep 29 05:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Connection closed by 162.144.236.216 port 52820 [preauth]
Sep 29 05:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21399]: pam_unix(cron:session): session closed for user root
Sep 29 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Failed password for root from 162.144.236.216 port 59410 ssh2
Sep 29 05:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22681]: Connection closed by 162.144.236.216 port 59410 [preauth]
Sep 29 05:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Failed password for root from 162.144.236.216 port 38730 ssh2
Sep 29 05:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Connection closed by 162.144.236.216 port 38730 [preauth]
Sep 29 05:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23001]: pam_unix(cron:session): session closed for user root
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23003]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23094]: Successful su for rubyman by root
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23094]: + ??? root:rubyman
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312818 of user rubyman.
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23094]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312818.
Sep 29 05:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session closed for user root
Sep 29 05:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23004]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: Failed password for root from 162.144.236.216 port 46196 ssh2
Sep 29 05:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22986]: Connection closed by 162.144.236.216 port 46196 [preauth]
Sep 29 05:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Invalid user sftpuser from 12.89.72.118
Sep 29 05:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: input_userauth_request: invalid user sftpuser [preauth]
Sep 29 05:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Failed password for invalid user sftpuser from 12.89.72.118 port 45888 ssh2
Sep 29 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: Failed password for root from 162.144.236.216 port 54804 ssh2
Sep 29 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Received disconnect from 12.89.72.118 port 45888:11: Bye Bye [preauth]
Sep 29 05:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Disconnected from 12.89.72.118 port 45888 [preauth]
Sep 29 05:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23353]: Connection closed by 162.144.236.216 port 54804 [preauth]
Sep 29 05:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23395]: Failed password for root from 162.144.236.216 port 33630 ssh2
Sep 29 05:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23395]: Connection closed by 162.144.236.216 port 33630 [preauth]
Sep 29 05:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session closed for user root
Sep 29 05:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23433]: Failed password for root from 162.144.236.216 port 39788 ssh2
Sep 29 05:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23433]: Connection closed by 162.144.236.216 port 39788 [preauth]
Sep 29 05:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23749]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Failed password for root from 162.144.236.216 port 45926 ssh2
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23818]: Successful su for rubyman by root
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23818]: + ??? root:rubyman
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312823 of user rubyman.
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23818]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312823.
Sep 29 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Connection closed by 162.144.236.216 port 45926 [preauth]
Sep 29 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20507]: pam_unix(cron:session): session closed for user root
Sep 29 05:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Failed password for root from 162.144.236.216 port 53916 ssh2
Sep 29 05:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Connection closed by 162.144.236.216 port 53916 [preauth]
Sep 29 05:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Failed password for root from 162.144.236.216 port 33006 ssh2
Sep 29 05:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Connection closed by 162.144.236.216 port 33006 [preauth]
Sep 29 05:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for root from 93.152.230.176 port 10299 ssh2
Sep 29 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Received disconnect from 93.152.230.176 port 10299:11: Client disconnecting normally [preauth]
Sep 29 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Disconnected from 93.152.230.176 port 10299 [preauth]
Sep 29 05:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22341]: pam_unix(cron:session): session closed for user root
Sep 29 05:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Failed password for root from 162.144.236.216 port 39902 ssh2
Sep 29 05:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Connection closed by 162.144.236.216 port 39902 [preauth]
Sep 29 05:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Failed password for root from 162.144.236.216 port 47314 ssh2
Sep 29 05:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Connection closed by 162.144.236.216 port 47314 [preauth]
Sep 29 05:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24258]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: Successful su for rubyman by root
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: + ??? root:rubyman
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312827 of user rubyman.
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312827.
Sep 29 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for root from 162.144.236.216 port 53218 ssh2
Sep 29 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Connection closed by 162.144.236.216 port 53218 [preauth]
Sep 29 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20960]: pam_unix(cron:session): session closed for user root
Sep 29 05:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24260]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Failed password for root from 162.144.236.216 port 60020 ssh2
Sep 29 05:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Connection closed by 162.144.236.216 port 60020 [preauth]
Sep 29 05:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: Failed password for root from 162.144.236.216 port 38380 ssh2
Sep 29 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: Connection closed by 162.144.236.216 port 38380 [preauth]
Sep 29 05:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user root
Sep 29 05:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Invalid user wa from 190.103.202.7
Sep 29 05:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: input_userauth_request: invalid user wa [preauth]
Sep 29 05:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 05:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Failed password for invalid user wa from 190.103.202.7 port 48042 ssh2
Sep 29 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Connection closed by 190.103.202.7 port 48042 [preauth]
Sep 29 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Failed password for root from 162.144.236.216 port 45210 ssh2
Sep 29 05:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 05:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Connection closed by 162.144.236.216 port 45210 [preauth]
Sep 29 05:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Failed password for root from 12.89.72.118 port 53062 ssh2
Sep 29 05:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Received disconnect from 12.89.72.118 port 53062:11: Bye Bye [preauth]
Sep 29 05:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Disconnected from 12.89.72.118 port 53062 [preauth]
Sep 29 05:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: Failed password for root from 162.144.236.216 port 53530 ssh2
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24714]: Connection closed by 162.144.236.216 port 53530 [preauth]
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24742]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session closed for user root
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24740]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: Successful su for rubyman by root
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: + ??? root:rubyman
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312834 of user rubyman.
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312834.
Sep 29 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session closed for user root
Sep 29 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24742]: pam_unix(cron:session): session closed for user root
Sep 29 05:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24741]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Failed password for root from 162.144.236.216 port 60320 ssh2
Sep 29 05:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Connection closed by 162.144.236.216 port 60320 [preauth]
Sep 29 05:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Failed password for root from 162.144.236.216 port 39178 ssh2
Sep 29 05:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Connection closed by 162.144.236.216 port 39178 [preauth]
Sep 29 05:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23753]: pam_unix(cron:session): session closed for user root
Sep 29 05:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Failed password for root from 162.144.236.216 port 46520 ssh2
Sep 29 05:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Connection closed by 162.144.236.216 port 46520 [preauth]
Sep 29 05:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Failed password for root from 162.144.236.216 port 52646 ssh2
Sep 29 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25177]: Connection closed by 162.144.236.216 port 52646 [preauth]
Sep 29 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25259]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: Successful su for rubyman by root
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: + ??? root:rubyman
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312837 of user rubyman.
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25548]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312837.
Sep 29 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Failed password for root from 162.144.236.216 port 58616 ssh2
Sep 29 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Connection closed by 162.144.236.216 port 58616 [preauth]
Sep 29 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session closed for user root
Sep 29 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Failed password for root from 162.144.236.216 port 37600 ssh2
Sep 29 05:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Connection closed by 162.144.236.216 port 37600 [preauth]
Sep 29 05:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: Failed password for root from 162.144.236.216 port 44932 ssh2
Sep 29 05:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25776]: Connection closed by 162.144.236.216 port 44932 [preauth]
Sep 29 05:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for root from 162.144.236.216 port 51734 ssh2
Sep 29 05:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session closed for user root
Sep 29 05:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Connection closed by 162.144.236.216 port 51734 [preauth]
Sep 29 05:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Failed password for root from 162.144.236.216 port 56832 ssh2
Sep 29 05:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Connection closed by 162.144.236.216 port 56832 [preauth]
Sep 29 05:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: Successful su for rubyman by root
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: + ??? root:rubyman
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312841 of user rubyman.
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26115]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312841.
Sep 29 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Failed password for root from 162.144.236.216 port 34488 ssh2
Sep 29 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Connection closed by 162.144.236.216 port 34488 [preauth]
Sep 29 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22340]: pam_unix(cron:session): session closed for user root
Sep 29 05:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Failed password for root from 162.144.236.216 port 41518 ssh2
Sep 29 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Connection closed by 162.144.236.216 port 41518 [preauth]
Sep 29 05:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Failed password for root from 162.144.236.216 port 47928 ssh2
Sep 29 05:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Connection closed by 12.89.72.118 port 54108 [preauth]
Sep 29 05:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26374]: Connection closed by 162.144.236.216 port 47928 [preauth]
Sep 29 05:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session closed for user root
Sep 29 05:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Failed password for root from 162.144.236.216 port 54468 ssh2
Sep 29 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Connection closed by 162.144.236.216 port 54468 [preauth]
Sep 29 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: Failed password for root from 162.144.236.216 port 60810 ssh2
Sep 29 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: Connection closed by 162.144.236.216 port 60810 [preauth]
Sep 29 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26681]: Successful su for rubyman by root
Sep 29 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26681]: + ??? root:rubyman
Sep 29 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312845 of user rubyman.
Sep 29 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26681]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312845.
Sep 29 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23005]: pam_unix(cron:session): session closed for user root
Sep 29 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: Failed password for root from 162.144.236.216 port 39684 ssh2
Sep 29 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: Connection closed by 162.144.236.216 port 39684 [preauth]
Sep 29 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26971]: Failed password for root from 162.144.236.216 port 45406 ssh2
Sep 29 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26971]: Connection closed by 162.144.236.216 port 45406 [preauth]
Sep 29 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27036]: Failed password for root from 162.144.236.216 port 51792 ssh2
Sep 29 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27036]: Connection closed by 162.144.236.216 port 51792 [preauth]
Sep 29 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25262]: pam_unix(cron:session): session closed for user root
Sep 29 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Invalid user db2inst1 from 46.101.170.54
Sep 29 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: input_userauth_request: invalid user db2inst1 [preauth]
Sep 29 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 29 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Failed password for invalid user db2inst1 from 46.101.170.54 port 36770 ssh2
Sep 29 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Connection closed by 46.101.170.54 port 36770 [preauth]
Sep 29 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Failed password for root from 162.144.236.216 port 58214 ssh2
Sep 29 05:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Connection closed by 162.144.236.216 port 58214 [preauth]
Sep 29 05:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Failed password for root from 162.144.236.216 port 38594 ssh2
Sep 29 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27152]: Connection closed by 162.144.236.216 port 38594 [preauth]
Sep 29 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27255]: Successful su for rubyman by root
Sep 29 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27255]: + ??? root:rubyman
Sep 29 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312851 of user rubyman.
Sep 29 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27255]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312851.
Sep 29 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session closed for user root
Sep 29 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: Failed password for root from 162.144.236.216 port 44666 ssh2
Sep 29 05:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: Connection closed by 162.144.236.216 port 44666 [preauth]
Sep 29 05:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27489]: Failed password for root from 162.144.236.216 port 50700 ssh2
Sep 29 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27489]: Connection closed by 162.144.236.216 port 50700 [preauth]
Sep 29 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Failed password for root from 162.144.236.216 port 58134 ssh2
Sep 29 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Connection closed by 162.144.236.216 port 58134 [preauth]
Sep 29 05:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session closed for user root
Sep 29 05:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Failed password for root from 162.144.236.216 port 36606 ssh2
Sep 29 05:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Connection closed by 162.144.236.216 port 36606 [preauth]
Sep 29 05:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: Invalid user osboxes from 12.89.72.118
Sep 29 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: input_userauth_request: invalid user osboxes [preauth]
Sep 29 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: Failed password for invalid user osboxes from 12.89.72.118 port 55842 ssh2
Sep 29 05:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Failed password for root from 162.144.236.216 port 43732 ssh2
Sep 29 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: Received disconnect from 12.89.72.118 port 55842:11: Bye Bye [preauth]
Sep 29 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: Disconnected from 12.89.72.118 port 55842 [preauth]
Sep 29 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Connection closed by 162.144.236.216 port 43732 [preauth]
Sep 29 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27843]: pam_unix(cron:session): session closed for user root
Sep 29 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27914]: Successful su for rubyman by root
Sep 29 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27914]: + ??? root:rubyman
Sep 29 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312853 of user rubyman.
Sep 29 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27914]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312853.
Sep 29 05:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session closed for user root
Sep 29 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session closed for user root
Sep 29 05:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: Failed password for root from 162.144.236.216 port 48398 ssh2
Sep 29 05:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27831]: Connection closed by 162.144.236.216 port 48398 [preauth]
Sep 29 05:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Failed password for root from 162.144.236.216 port 55258 ssh2
Sep 29 05:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Connection closed by 162.144.236.216 port 55258 [preauth]
Sep 29 05:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for root from 162.144.236.216 port 35544 ssh2
Sep 29 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Connection closed by 162.144.236.216 port 35544 [preauth]
Sep 29 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26609]: pam_unix(cron:session): session closed for user root
Sep 29 05:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: Failed password for root from 162.144.236.216 port 43986 ssh2
Sep 29 05:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28233]: Connection closed by 162.144.236.216 port 43986 [preauth]
Sep 29 05:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.137.255.140  user=root
Sep 29 05:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: Failed password for root from 23.137.255.140 port 61240 ssh2
Sep 29 05:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: Received disconnect from 23.137.255.140 port 61240:11: Bye Bye [preauth]
Sep 29 05:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28303]: Disconnected from 23.137.255.140 port 61240 [preauth]
Sep 29 05:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Failed password for root from 162.144.236.216 port 49016 ssh2
Sep 29 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28415]: Successful su for rubyman by root
Sep 29 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28415]: + ??? root:rubyman
Sep 29 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312859 of user rubyman.
Sep 29 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28415]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312859.
Sep 29 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Connection closed by 162.144.236.216 port 49016 [preauth]
Sep 29 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session closed for user root
Sep 29 05:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Failed password for root from 162.144.236.216 port 56276 ssh2
Sep 29 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Connection closed by 162.144.236.216 port 56276 [preauth]
Sep 29 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Failed password for root from 162.144.236.216 port 34802 ssh2
Sep 29 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Connection closed by 162.144.236.216 port 34802 [preauth]
Sep 29 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user root
Sep 29 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for root from 162.144.236.216 port 45880 ssh2
Sep 29 05:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Connection closed by 162.144.236.216 port 45880 [preauth]
Sep 29 05:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: Successful su for rubyman by root
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: + ??? root:rubyman
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312864 of user rubyman.
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29098]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312864.
Sep 29 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Failed password for root from 162.144.236.216 port 52374 ssh2
Sep 29 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25261]: pam_unix(cron:session): session closed for user root
Sep 29 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Connection closed by 162.144.236.216 port 52374 [preauth]
Sep 29 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Failed password for root from 162.144.236.216 port 59476 ssh2
Sep 29 05:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Connection closed by 162.144.236.216 port 59476 [preauth]
Sep 29 05:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 05:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: Failed password for root from 162.144.236.216 port 38772 ssh2
Sep 29 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for root from 12.89.72.118 port 42744 ssh2
Sep 29 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29359]: Connection closed by 162.144.236.216 port 38772 [preauth]
Sep 29 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Received disconnect from 12.89.72.118 port 42744:11: Bye Bye [preauth]
Sep 29 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Disconnected from 12.89.72.118 port 42744 [preauth]
Sep 29 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27842]: pam_unix(cron:session): session closed for user root
Sep 29 05:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for root from 162.144.236.216 port 45434 ssh2
Sep 29 05:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 162.144.236.216 port 45434 [preauth]
Sep 29 05:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Invalid user prueba from 93.152.230.176
Sep 29 05:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: input_userauth_request: invalid user prueba [preauth]
Sep 29 05:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 05:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Failed password for invalid user prueba from 93.152.230.176 port 19063 ssh2
Sep 29 05:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Received disconnect from 93.152.230.176 port 19063:11: Client disconnecting normally [preauth]
Sep 29 05:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Disconnected from 93.152.230.176 port 19063 [preauth]
Sep 29 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: Failed password for root from 162.144.236.216 port 50968 ssh2
Sep 29 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29512]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29510]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29579]: Successful su for rubyman by root
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29579]: + ??? root:rubyman
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312868 of user rubyman.
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29579]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312868.
Sep 29 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: Connection closed by 162.144.236.216 port 50968 [preauth]
Sep 29 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26049]: pam_unix(cron:session): session closed for user root
Sep 29 05:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29511]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: Failed password for root from 162.144.236.216 port 60494 ssh2
Sep 29 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 29 05:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: Connection closed by 162.144.236.216 port 60494 [preauth]
Sep 29 05:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for root from 213.209.157.9 port 17018 ssh2
Sep 29 05:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Connection closed by 213.209.157.9 port 17018 [preauth]
Sep 29 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: Failed password for root from 162.144.236.216 port 38628 ssh2
Sep 29 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: Connection closed by 162.144.236.216 port 38628 [preauth]
Sep 29 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29849]: Failed password for root from 162.144.236.216 port 44506 ssh2
Sep 29 05:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user root
Sep 29 05:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29849]: Connection closed by 162.144.236.216 port 44506 [preauth]
Sep 29 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: Failed password for root from 162.144.236.216 port 51228 ssh2
Sep 29 05:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: Connection closed by 162.144.236.216 port 51228 [preauth]
Sep 29 05:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: Failed password for root from 162.144.236.216 port 58006 ssh2
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: Successful su for rubyman by root
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: + ??? root:rubyman
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312871 of user rubyman.
Sep 29 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312871.
Sep 29 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29976]: Connection closed by 162.144.236.216 port 58006 [preauth]
Sep 29 05:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session closed for user root
Sep 29 05:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Failed password for root from 162.144.236.216 port 35258 ssh2
Sep 29 05:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Connection closed by 162.144.236.216 port 35258 [preauth]
Sep 29 05:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Failed password for root from 162.144.236.216 port 42588 ssh2
Sep 29 05:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Connection closed by 162.144.236.216 port 42588 [preauth]
Sep 29 05:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: Failed password for root from 162.144.236.216 port 48344 ssh2
Sep 29 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: Connection closed by 162.144.236.216 port 48344 [preauth]
Sep 29 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session closed for user root
Sep 29 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Failed password for root from 162.144.236.216 port 54428 ssh2
Sep 29 05:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Connection closed by 162.144.236.216 port 54428 [preauth]
Sep 29 05:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30441]: Failed password for root from 162.144.236.216 port 60830 ssh2
Sep 29 05:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30441]: Connection closed by 162.144.236.216 port 60830 [preauth]
Sep 29 05:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: Failed password for root from 162.144.236.216 port 38060 ssh2
Sep 29 05:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: Connection closed by 162.144.236.216 port 38060 [preauth]
Sep 29 05:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Invalid user erfan from 12.89.72.118
Sep 29 05:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: input_userauth_request: invalid user erfan [preauth]
Sep 29 05:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for invalid user erfan from 12.89.72.118 port 51356 ssh2
Sep 29 05:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Failed password for root from 162.144.236.216 port 44986 ssh2
Sep 29 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Received disconnect from 12.89.72.118 port 51356:11: Bye Bye [preauth]
Sep 29 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Disconnected from 12.89.72.118 port 51356 [preauth]
Sep 29 05:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Connection closed by 162.144.236.216 port 44986 [preauth]
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30612]: pam_unix(cron:session): session closed for user root
Sep 29 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30599]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: Successful su for rubyman by root
Sep 29 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: + ??? root:rubyman
Sep 29 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312877 of user rubyman.
Sep 29 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30686]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312877.
Sep 29 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user root
Sep 29 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session closed for user root
Sep 29 05:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for root from 162.144.236.216 port 51714 ssh2
Sep 29 05:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Connection closed by 162.144.236.216 port 51714 [preauth]
Sep 29 05:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: Failed password for root from 162.144.236.216 port 57824 ssh2
Sep 29 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: Connection closed by 162.144.236.216 port 57824 [preauth]
Sep 29 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29513]: pam_unix(cron:session): session closed for user root
Sep 29 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Failed password for root from 162.144.236.216 port 37526 ssh2
Sep 29 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Connection closed by 162.144.236.216 port 37526 [preauth]
Sep 29 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: Failed password for root from 162.144.236.216 port 45482 ssh2
Sep 29 05:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: Connection closed by 162.144.236.216 port 45482 [preauth]
Sep 29 05:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: Successful su for rubyman by root
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: + ??? root:rubyman
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312882 of user rubyman.
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31183]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312882.
Sep 29 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: Failed password for root from 162.144.236.216 port 50384 ssh2
Sep 29 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31093]: Connection closed by 162.144.236.216 port 50384 [preauth]
Sep 29 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27841]: pam_unix(cron:session): session closed for user root
Sep 29 05:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Failed password for root from 162.144.236.216 port 56622 ssh2
Sep 29 05:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Connection closed by 162.144.236.216 port 56622 [preauth]
Sep 29 05:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Sep 29 05:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for root from 162.144.236.216 port 35610 ssh2
Sep 29 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Connection closed by 162.144.236.216 port 35610 [preauth]
Sep 29 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Failed password for root from 138.68.58.124 port 45850 ssh2
Sep 29 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Connection closed by 138.68.58.124 port 45850 [preauth]
Sep 29 05:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Failed password for root from 162.144.236.216 port 41226 ssh2
Sep 29 05:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31422]: Connection closed by 162.144.236.216 port 41226 [preauth]
Sep 29 05:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session closed for user root
Sep 29 05:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Failed password for root from 162.144.236.216 port 47300 ssh2
Sep 29 05:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Connection closed by 162.144.236.216 port 47300 [preauth]
Sep 29 05:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Failed password for root from 162.144.236.216 port 54950 ssh2
Sep 29 05:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Connection closed by 162.144.236.216 port 54950 [preauth]
Sep 29 05:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: Failed password for root from 162.144.236.216 port 33730 ssh2
Sep 29 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31576]: Connection closed by 162.144.236.216 port 33730 [preauth]
Sep 29 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: Failed password for root from 162.144.236.216 port 40906 ssh2
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: Connection closed by 162.144.236.216 port 40906 [preauth]
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31619]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31680]: Successful su for rubyman by root
Sep 29 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31680]: + ??? root:rubyman
Sep 29 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312885 of user rubyman.
Sep 29 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31680]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312885.
Sep 29 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session closed for user root
Sep 29 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Failed password for root from 162.144.236.216 port 47288 ssh2
Sep 29 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31620]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Connection closed by 162.144.236.216 port 47288 [preauth]
Sep 29 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Failed password for root from 162.144.236.216 port 52902 ssh2
Sep 29 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Connection closed by 162.144.236.216 port 52902 [preauth]
Sep 29 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Failed password for root from 162.144.236.216 port 59152 ssh2
Sep 29 05:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31917]: Connection closed by 162.144.236.216 port 59152 [preauth]
Sep 29 05:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 05:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Failed password for root from 12.89.72.118 port 52414 ssh2
Sep 29 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Received disconnect from 12.89.72.118 port 52414:11: Bye Bye [preauth]
Sep 29 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Disconnected from 12.89.72.118 port 52414 [preauth]
Sep 29 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: Failed password for root from 162.144.236.216 port 37684 ssh2
Sep 29 05:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session closed for user root
Sep 29 05:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31948]: Connection closed by 162.144.236.216 port 37684 [preauth]
Sep 29 05:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: Failed password for root from 162.144.236.216 port 46232 ssh2
Sep 29 05:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: Connection closed by 162.144.236.216 port 46232 [preauth]
Sep 29 05:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32062]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32130]: Successful su for rubyman by root
Sep 29 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32130]: + ??? root:rubyman
Sep 29 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312892 of user rubyman.
Sep 29 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32130]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312892.
Sep 29 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session closed for user root
Sep 29 05:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32064]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Failed password for root from 162.144.236.216 port 53644 ssh2
Sep 29 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32047]: Connection closed by 162.144.236.216 port 53644 [preauth]
Sep 29 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Failed password for root from 162.144.236.216 port 34132 ssh2
Sep 29 05:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Connection closed by 162.144.236.216 port 34132 [preauth]
Sep 29 05:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Failed password for root from 162.144.236.216 port 41648 ssh2
Sep 29 05:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Connection closed by 162.144.236.216 port 41648 [preauth]
Sep 29 05:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31111]: pam_unix(cron:session): session closed for user root
Sep 29 05:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Failed password for root from 162.144.236.216 port 46576 ssh2
Sep 29 05:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Connection closed by 162.144.236.216 port 46576 [preauth]
Sep 29 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Failed password for root from 162.144.236.216 port 52696 ssh2
Sep 29 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32445]: Connection closed by 162.144.236.216 port 52696 [preauth]
Sep 29 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32499]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: Successful su for rubyman by root
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: + ??? root:rubyman
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312895 of user rubyman.
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312895.
Sep 29 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29512]: pam_unix(cron:session): session closed for user root
Sep 29 05:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32500]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Failed password for root from 162.144.236.216 port 60702 ssh2
Sep 29 05:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Connection closed by 162.144.236.216 port 60702 [preauth]
Sep 29 05:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: Failed password for root from 162.144.236.216 port 39196 ssh2
Sep 29 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[320]: Connection closed by 162.144.236.216 port 39196 [preauth]
Sep 29 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: Failed password for root from 162.144.236.216 port 45172 ssh2
Sep 29 05:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: Connection closed by 162.144.236.216 port 45172 [preauth]
Sep 29 05:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for root from 162.144.236.216 port 50694 ssh2
Sep 29 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31622]: pam_unix(cron:session): session closed for user root
Sep 29 05:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Connection closed by 162.144.236.216 port 50694 [preauth]
Sep 29 05:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: Failed password for root from 162.144.236.216 port 56344 ssh2
Sep 29 05:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: Connection closed by 162.144.236.216 port 56344 [preauth]
Sep 29 05:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: Connection closed by 12.89.72.118 port 56230 [preauth]
Sep 29 05:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Failed password for root from 162.144.236.216 port 35720 ssh2
Sep 29 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Connection closed by 162.144.236.216 port 35720 [preauth]
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[505]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[506]: pam_unix(cron:session): session closed for user root
Sep 29 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[500]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: Successful su for rubyman by root
Sep 29 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: + ??? root:rubyman
Sep 29 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312899 of user rubyman.
Sep 29 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312899.
Sep 29 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session closed for user root
Sep 29 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[502]: pam_unix(cron:session): session closed for user root
Sep 29 05:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Failed password for root from 162.144.236.216 port 42540 ssh2
Sep 29 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Connection closed by 162.144.236.216 port 42540 [preauth]
Sep 29 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Failed password for root from 162.144.236.216 port 47750 ssh2
Sep 29 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: Connection closed by 162.144.236.216 port 47750 [preauth]
Sep 29 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: Failed password for root from 162.144.236.216 port 53614 ssh2
Sep 29 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: Connection closed by 162.144.236.216 port 53614 [preauth]
Sep 29 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session closed for user root
Sep 29 05:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Failed password for root from 162.144.236.216 port 60324 ssh2
Sep 29 05:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Connection closed by 162.144.236.216 port 60324 [preauth]
Sep 29 05:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Failed password for root from 162.144.236.216 port 39244 ssh2
Sep 29 05:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Connection closed by 162.144.236.216 port 39244 [preauth]
Sep 29 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1075]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: Successful su for rubyman by root
Sep 29 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: + ??? root:rubyman
Sep 29 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312903 of user rubyman.
Sep 29 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1146]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312903.
Sep 29 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session closed for user root
Sep 29 05:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1076]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: Failed password for root from 162.144.236.216 port 44492 ssh2
Sep 29 05:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: Connection closed by 162.144.236.216 port 44492 [preauth]
Sep 29 05:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Failed password for root from 162.144.236.216 port 54530 ssh2
Sep 29 05:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1402]: Connection closed by 162.144.236.216 port 54530 [preauth]
Sep 29 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user root
Sep 29 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: Failed password for root from 162.144.236.216 port 60714 ssh2
Sep 29 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: Connection closed by 162.144.236.216 port 60714 [preauth]
Sep 29 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: Failed password for root from 162.144.236.216 port 39106 ssh2
Sep 29 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: Connection closed by 162.144.236.216 port 39106 [preauth]
Sep 29 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: Failed password for root from 162.144.236.216 port 44742 ssh2
Sep 29 05:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: Connection closed by 162.144.236.216 port 44742 [preauth]
Sep 29 05:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Failed password for root from 162.144.236.216 port 52608 ssh2
Sep 29 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1635]: Successful su for rubyman by root
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1635]: + ??? root:rubyman
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312907 of user rubyman.
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1635]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312907.
Sep 29 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Connection closed by 162.144.236.216 port 52608 [preauth]
Sep 29 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session closed for user root
Sep 29 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1568]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1701]: Failed password for root from 162.144.236.216 port 60684 ssh2
Sep 29 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1701]: Connection closed by 162.144.236.216 port 60684 [preauth]
Sep 29 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Failed password for root from 162.144.236.216 port 39346 ssh2
Sep 29 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Invalid user admin from 93.152.230.176
Sep 29 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: input_userauth_request: invalid user admin [preauth]
Sep 29 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 05:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Connection closed by 162.144.236.216 port 39346 [preauth]
Sep 29 05:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Failed password for invalid user admin from 93.152.230.176 port 26038 ssh2
Sep 29 05:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Received disconnect from 93.152.230.176 port 26038:11: Client disconnecting normally [preauth]
Sep 29 05:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1886]: Disconnected from 93.152.230.176 port 26038 [preauth]
Sep 29 05:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: Invalid user ntadmin from 12.89.72.118
Sep 29 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: input_userauth_request: invalid user ntadmin [preauth]
Sep 29 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1897]: Failed password for root from 162.144.236.216 port 46512 ssh2
Sep 29 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: Failed password for invalid user ntadmin from 12.89.72.118 port 60248 ssh2
Sep 29 05:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1897]: Connection closed by 162.144.236.216 port 46512 [preauth]
Sep 29 05:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: Received disconnect from 12.89.72.118 port 60248:11: Bye Bye [preauth]
Sep 29 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1914]: Disconnected from 12.89.72.118 port 60248 [preauth]
Sep 29 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[505]: pam_unix(cron:session): session closed for user root
Sep 29 05:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Failed password for root from 162.144.236.216 port 54266 ssh2
Sep 29 05:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Connection closed by 162.144.236.216 port 54266 [preauth]
Sep 29 05:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Failed password for root from 162.144.236.216 port 60310 ssh2
Sep 29 05:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Connection closed by 162.144.236.216 port 60310 [preauth]
Sep 29 05:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Failed password for root from 162.144.236.216 port 38736 ssh2
Sep 29 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Connection closed by 162.144.236.216 port 38736 [preauth]
Sep 29 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: Successful su for rubyman by root
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: + ??? root:rubyman
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312911 of user rubyman.
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312911.
Sep 29 05:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31621]: pam_unix(cron:session): session closed for user root
Sep 29 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Failed password for root from 162.144.236.216 port 43604 ssh2
Sep 29 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Connection closed by 162.144.236.216 port 43604 [preauth]
Sep 29 05:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: Failed password for root from 162.144.236.216 port 52968 ssh2
Sep 29 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session closed for user root
Sep 29 05:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2345]: Connection closed by 162.144.236.216 port 52968 [preauth]
Sep 29 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Failed password for root from 162.144.236.216 port 58384 ssh2
Sep 29 05:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Connection closed by 162.144.236.216 port 58384 [preauth]
Sep 29 05:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: Successful su for rubyman by root
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: + ??? root:rubyman
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312916 of user rubyman.
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312916.
Sep 29 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2475]: pam_unix(cron:session): session closed for user root
Sep 29 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user root
Sep 29 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for root from 162.144.236.216 port 38410 ssh2
Sep 29 05:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2479]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Connection closed by 162.144.236.216 port 38410 [preauth]
Sep 29 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Failed password for root from 162.144.236.216 port 46972 ssh2
Sep 29 05:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Connection closed by 162.144.236.216 port 46972 [preauth]
Sep 29 05:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Failed password for root from 162.144.236.216 port 53960 ssh2
Sep 29 05:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Connection closed by 162.144.236.216 port 53960 [preauth]
Sep 29 05:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session closed for user root
Sep 29 05:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Failed password for root from 162.144.236.216 port 60482 ssh2
Sep 29 05:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Connection closed by 162.144.236.216 port 60482 [preauth]
Sep 29 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: Failed password for root from 162.144.236.216 port 40382 ssh2
Sep 29 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2956]: Connection closed by 162.144.236.216 port 40382 [preauth]
Sep 29 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for root from 162.144.236.216 port 49880 ssh2
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session closed for user root
Sep 29 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3090]: Successful su for rubyman by root
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3090]: + ??? root:rubyman
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312922 of user rubyman.
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3090]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312922.
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Connection closed by 12.89.72.118 port 49804 [preauth]
Sep 29 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Connection closed by 162.144.236.216 port 49880 [preauth]
Sep 29 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session closed for user root
Sep 29 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session closed for user root
Sep 29 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: Failed password for root from 162.144.236.216 port 57158 ssh2
Sep 29 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: Connection closed by 162.144.236.216 port 57158 [preauth]
Sep 29 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Failed password for root from 162.144.236.216 port 35578 ssh2
Sep 29 05:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2037]: pam_unix(cron:session): session closed for user root
Sep 29 05:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3349]: Connection closed by 162.144.236.216 port 35578 [preauth]
Sep 29 05:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Failed password for root from 162.144.236.216 port 43784 ssh2
Sep 29 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Connection closed by 162.144.236.216 port 43784 [preauth]
Sep 29 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for root from 162.144.236.216 port 49894 ssh2
Sep 29 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Connection closed by 162.144.236.216 port 49894 [preauth]
Sep 29 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3557]: Successful su for rubyman by root
Sep 29 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3557]: + ??? root:rubyman
Sep 29 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312926 of user rubyman.
Sep 29 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3557]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312926.
Sep 29 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[503]: pam_unix(cron:session): session closed for user root
Sep 29 05:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Failed password for root from 162.144.236.216 port 55394 ssh2
Sep 29 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3471]: Connection closed by 162.144.236.216 port 55394 [preauth]
Sep 29 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: Failed password for root from 162.144.236.216 port 33236 ssh2
Sep 29 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: Connection closed by 162.144.236.216 port 33236 [preauth]
Sep 29 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Failed password for root from 162.144.236.216 port 40052 ssh2
Sep 29 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Connection closed by 162.144.236.216 port 40052 [preauth]
Sep 29 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Invalid user admin from 139.19.117.131
Sep 29 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: input_userauth_request: invalid user admin [preauth]
Sep 29 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2481]: pam_unix(cron:session): session closed for user root
Sep 29 05:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Failed password for root from 162.144.236.216 port 46402 ssh2
Sep 29 05:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Connection closed by 162.144.236.216 port 46402 [preauth]
Sep 29 05:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Connection closed by 139.19.117.131 port 60812 [preauth]
Sep 29 05:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: Failed password for root from 162.144.236.216 port 51190 ssh2
Sep 29 05:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3879]: Connection closed by 162.144.236.216 port 51190 [preauth]
Sep 29 05:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3914]: Failed password for root from 162.144.236.216 port 59156 ssh2
Sep 29 05:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3914]: Connection closed by 162.144.236.216 port 59156 [preauth]
Sep 29 05:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4006]: Successful su for rubyman by root
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4006]: + ??? root:rubyman
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312930 of user rubyman.
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4006]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312930.
Sep 29 05:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session closed for user root
Sep 29 05:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Failed password for root from 162.144.236.216 port 37828 ssh2
Sep 29 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Connection closed by 162.144.236.216 port 37828 [preauth]
Sep 29 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Failed password for root from 162.144.236.216 port 45392 ssh2
Sep 29 05:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Connection closed by 162.144.236.216 port 45392 [preauth]
Sep 29 05:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Failed password for root from 162.144.236.216 port 50376 ssh2
Sep 29 05:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4232]: Connection closed by 162.144.236.216 port 50376 [preauth]
Sep 29 05:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4263]: Failed password for root from 162.144.236.216 port 56650 ssh2
Sep 29 05:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4263]: Connection closed by 162.144.236.216 port 56650 [preauth]
Sep 29 05:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: Failed password for root from 162.144.236.216 port 32870 ssh2
Sep 29 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: Invalid user postgres from 12.89.72.118
Sep 29 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: input_userauth_request: invalid user postgres [preauth]
Sep 29 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4293]: Connection closed by 162.144.236.216 port 32870 [preauth]
Sep 29 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session closed for user root
Sep 29 05:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: Failed password for invalid user postgres from 12.89.72.118 port 32846 ssh2
Sep 29 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: Received disconnect from 12.89.72.118 port 32846:11: Bye Bye [preauth]
Sep 29 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4294]: Disconnected from 12.89.72.118 port 32846 [preauth]
Sep 29 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab6@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 05:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: Failed password for root from 162.144.236.216 port 39344 ssh2
Sep 29 05:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: Connection closed by 162.144.236.216 port 39344 [preauth]
Sep 29 05:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 05:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab6 rhost=::ffff:45.142.193.185
Sep 29 05:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4405]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4474]: Successful su for rubyman by root
Sep 29 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4474]: + ??? root:rubyman
Sep 29 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312937 of user rubyman.
Sep 29 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4474]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312937.
Sep 29 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session closed for user root
Sep 29 05:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: Failed password for root from 162.144.236.216 port 49082 ssh2
Sep 29 05:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4406]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: Connection closed by 162.144.236.216 port 49082 [preauth]
Sep 29 05:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for root from 162.144.236.216 port 55612 ssh2
Sep 29 05:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Connection closed by 162.144.236.216 port 55612 [preauth]
Sep 29 05:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for root from 162.144.236.216 port 34834 ssh2
Sep 29 05:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 162.144.236.216 port 34834 [preauth]
Sep 29 05:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session closed for user root
Sep 29 05:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: Failed password for root from 162.144.236.216 port 40066 ssh2
Sep 29 05:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: Connection closed by 162.144.236.216 port 40066 [preauth]
Sep 29 05:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Failed password for root from 162.144.236.216 port 48174 ssh2
Sep 29 05:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Connection closed by 162.144.236.216 port 48174 [preauth]
Sep 29 05:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: Failed password for root from 162.144.236.216 port 53838 ssh2
Sep 29 05:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: Connection closed by 162.144.236.216 port 53838 [preauth]
Sep 29 05:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4855]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4852]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4922]: Successful su for rubyman by root
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4922]: + ??? root:rubyman
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312938 of user rubyman.
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4922]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312938.
Sep 29 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4841]: Failed password for root from 162.144.236.216 port 59824 ssh2
Sep 29 05:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4841]: Connection closed by 162.144.236.216 port 59824 [preauth]
Sep 29 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session closed for user root
Sep 29 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4853]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Failed password for root from 162.144.236.216 port 38140 ssh2
Sep 29 05:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5068]: Connection closed by 162.144.236.216 port 38140 [preauth]
Sep 29 05:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: Failed password for root from 162.144.236.216 port 44740 ssh2
Sep 29 05:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5158]: Connection closed by 162.144.236.216 port 44740 [preauth]
Sep 29 05:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user root
Sep 29 05:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Failed password for root from 162.144.236.216 port 50146 ssh2
Sep 29 05:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Connection closed by 162.144.236.216 port 50146 [preauth]
Sep 29 05:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: Failed password for root from 162.144.236.216 port 56768 ssh2
Sep 29 05:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: Connection closed by 162.144.236.216 port 56768 [preauth]
Sep 29 05:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for root from 162.144.236.216 port 34976 ssh2
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session closed for user root
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5314]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5476]: Successful su for rubyman by root
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5476]: + ??? root:rubyman
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312945 of user rubyman.
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5476]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312945.
Sep 29 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 162.144.236.216 port 34976 [preauth]
Sep 29 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session closed for user root
Sep 29 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2480]: pam_unix(cron:session): session closed for user root
Sep 29 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: Failed password for root from 162.144.236.216 port 42192 ssh2
Sep 29 05:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: Connection closed by 162.144.236.216 port 42192 [preauth]
Sep 29 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for root from 162.144.236.216 port 48282 ssh2
Sep 29 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection closed by 162.144.236.216 port 48282 [preauth]
Sep 29 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Failed password for root from 162.144.236.216 port 54986 ssh2
Sep 29 05:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Connection closed by 162.144.236.216 port 54986 [preauth]
Sep 29 05:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Failed password for root from 162.144.236.216 port 33204 ssh2
Sep 29 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session closed for user root
Sep 29 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Connection closed by 162.144.236.216 port 33204 [preauth]
Sep 29 05:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: Failed password for root from 162.144.236.216 port 40000 ssh2
Sep 29 05:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5825]: Connection closed by 162.144.236.216 port 40000 [preauth]
Sep 29 05:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: Failed password for root from 162.144.236.216 port 46414 ssh2
Sep 29 05:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: Connection closed by 162.144.236.216 port 46414 [preauth]
Sep 29 05:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Failed password for root from 162.144.236.216 port 52926 ssh2
Sep 29 05:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5875]: Connection closed by 162.144.236.216 port 52926 [preauth]
Sep 29 05:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5900]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: Successful su for rubyman by root
Sep 29 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: + ??? root:rubyman
Sep 29 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312950 of user rubyman.
Sep 29 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312950.
Sep 29 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session closed for user root
Sep 29 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Failed password for root from 162.144.236.216 port 59638 ssh2
Sep 29 05:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Connection closed by 162.144.236.216 port 59638 [preauth]
Sep 29 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: Failed password for root from 162.144.236.216 port 38806 ssh2
Sep 29 05:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: Connection closed by 162.144.236.216 port 38806 [preauth]
Sep 29 05:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Invalid user alex from 93.152.230.176
Sep 29 05:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: input_userauth_request: invalid user alex [preauth]
Sep 29 05:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 05:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Failed password for invalid user alex from 93.152.230.176 port 23177 ssh2
Sep 29 05:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Received disconnect from 93.152.230.176 port 23177:11: Client disconnecting normally [preauth]
Sep 29 05:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Disconnected from 93.152.230.176 port 23177 [preauth]
Sep 29 05:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: Failed password for root from 162.144.236.216 port 45638 ssh2
Sep 29 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: Connection closed by 162.144.236.216 port 45638 [preauth]
Sep 29 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Failed password for root from 162.144.236.216 port 51778 ssh2
Sep 29 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6227]: Connection closed by 162.144.236.216 port 51778 [preauth]
Sep 29 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4855]: pam_unix(cron:session): session closed for user root
Sep 29 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Failed password for root from 162.144.236.216 port 58134 ssh2
Sep 29 05:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Connection closed by 162.144.236.216 port 58134 [preauth]
Sep 29 05:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Failed password for root from 162.144.236.216 port 37154 ssh2
Sep 29 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6351]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6415]: Successful su for rubyman by root
Sep 29 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6415]: + ??? root:rubyman
Sep 29 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312954 of user rubyman.
Sep 29 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6415]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312954.
Sep 29 05:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Connection closed by 162.144.236.216 port 37154 [preauth]
Sep 29 05:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session closed for user root
Sep 29 05:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6352]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: Failed password for root from 162.144.236.216 port 47700 ssh2
Sep 29 05:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6598]: Connection closed by 162.144.236.216 port 47700 [preauth]
Sep 29 05:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: Failed password for root from 162.144.236.216 port 54054 ssh2
Sep 29 05:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: Connection closed by 162.144.236.216 port 54054 [preauth]
Sep 29 05:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Invalid user ubuntu from 12.89.72.118
Sep 29 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session closed for user root
Sep 29 05:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Failed password for root from 162.144.236.216 port 59872 ssh2
Sep 29 05:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for invalid user ubuntu from 12.89.72.118 port 41302 ssh2
Sep 29 05:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Received disconnect from 12.89.72.118 port 41302:11: Bye Bye [preauth]
Sep 29 05:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Disconnected from 12.89.72.118 port 41302 [preauth]
Sep 29 05:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Connection closed by 162.144.236.216 port 59872 [preauth]
Sep 29 05:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Failed password for root from 162.144.236.216 port 39130 ssh2
Sep 29 05:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6837]: Connection closed by 162.144.236.216 port 39130 [preauth]
Sep 29 05:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6906]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6900]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: Successful su for rubyman by root
Sep 29 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: + ??? root:rubyman
Sep 29 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312956 of user rubyman.
Sep 29 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312956.
Sep 29 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3940]: pam_unix(cron:session): session closed for user root
Sep 29 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for root from 162.144.236.216 port 46536 ssh2
Sep 29 05:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Connection closed by 162.144.236.216 port 46536 [preauth]
Sep 29 05:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Failed password for root from 162.144.236.216 port 53800 ssh2
Sep 29 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Connection closed by 162.144.236.216 port 53800 [preauth]
Sep 29 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for root from 162.144.236.216 port 34530 ssh2
Sep 29 05:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Connection closed by 162.144.236.216 port 34530 [preauth]
Sep 29 05:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5908]: pam_unix(cron:session): session closed for user root
Sep 29 05:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: Failed password for root from 162.144.236.216 port 41980 ssh2
Sep 29 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7370]: Connection closed by 162.144.236.216 port 41980 [preauth]
Sep 29 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Failed password for root from 162.144.236.216 port 47600 ssh2
Sep 29 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Connection closed by 162.144.236.216 port 47600 [preauth]
Sep 29 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Failed password for root from 162.144.236.216 port 53792 ssh2
Sep 29 05:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Connection closed by 162.144.236.216 port 53792 [preauth]
Sep 29 05:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7513]: Successful su for rubyman by root
Sep 29 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7513]: + ??? root:rubyman
Sep 29 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312961 of user rubyman.
Sep 29 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7513]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312961.
Sep 29 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session closed for user root
Sep 29 05:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Failed password for root from 162.144.236.216 port 33274 ssh2
Sep 29 05:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Connection closed by 162.144.236.216 port 33274 [preauth]
Sep 29 05:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7733]: Failed password for root from 162.144.236.216 port 41804 ssh2
Sep 29 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7733]: Connection closed by 162.144.236.216 port 41804 [preauth]
Sep 29 05:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Failed password for root from 162.144.236.216 port 48450 ssh2
Sep 29 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Connection closed by 162.144.236.216 port 48450 [preauth]
Sep 29 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Failed password for root from 162.144.236.216 port 53202 ssh2
Sep 29 05:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Connection closed by 162.144.236.216 port 53202 [preauth]
Sep 29 05:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session closed for user root
Sep 29 05:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Failed password for root from 162.144.236.216 port 60676 ssh2
Sep 29 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Connection closed by 162.144.236.216 port 60676 [preauth]
Sep 29 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: Failed password for root from 162.144.236.216 port 41180 ssh2
Sep 29 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7887]: Connection closed by 162.144.236.216 port 41180 [preauth]
Sep 29 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Failed password for root from 162.144.236.216 port 47378 ssh2
Sep 29 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Connection closed by 162.144.236.216 port 47378 [preauth]
Sep 29 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session closed for user root
Sep 29 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7925]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8006]: Successful su for rubyman by root
Sep 29 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8006]: + ??? root:rubyman
Sep 29 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312966 of user rubyman.
Sep 29 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8006]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312966.
Sep 29 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7927]: pam_unix(cron:session): session closed for user root
Sep 29 05:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4854]: pam_unix(cron:session): session closed for user root
Sep 29 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for root from 162.144.236.216 port 53210 ssh2
Sep 29 05:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7926]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 162.144.236.216 port 53210 [preauth]
Sep 29 05:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Failed password for root from 162.144.236.216 port 60756 ssh2
Sep 29 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Connection closed by 162.144.236.216 port 60756 [preauth]
Sep 29 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Failed password for root from 162.144.236.216 port 37392 ssh2
Sep 29 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Connection closed by 162.144.236.216 port 37392 [preauth]
Sep 29 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Failed password for root from 162.144.236.216 port 44090 ssh2
Sep 29 05:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8321]: Connection closed by 162.144.236.216 port 44090 [preauth]
Sep 29 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6906]: pam_unix(cron:session): session closed for user root
Sep 29 05:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Failed password for root from 162.144.236.216 port 50110 ssh2
Sep 29 05:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Connection closed by 162.144.236.216 port 50110 [preauth]
Sep 29 05:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Failed password for root from 162.144.236.216 port 58098 ssh2
Sep 29 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Connection closed by 162.144.236.216 port 58098 [preauth]
Sep 29 05:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Failed password for root from 162.144.236.216 port 36428 ssh2
Sep 29 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Connection closed by 162.144.236.216 port 36428 [preauth]
Sep 29 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8542]: Successful su for rubyman by root
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8542]: + ??? root:rubyman
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312971 of user rubyman.
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8542]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312971.
Sep 29 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Failed password for root from 162.144.236.216 port 42664 ssh2
Sep 29 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session closed for user root
Sep 29 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Connection closed by 162.144.236.216 port 42664 [preauth]
Sep 29 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Failed password for root from 162.144.236.216 port 48466 ssh2
Sep 29 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: Connection closed by 162.144.236.216 port 48466 [preauth]
Sep 29 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user root
Sep 29 05:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for root from 162.144.236.216 port 55114 ssh2
Sep 29 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Connection closed by 162.144.236.216 port 55114 [preauth]
Sep 29 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Failed password for root from 162.144.236.216 port 34100 ssh2
Sep 29 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Connection closed by 162.144.236.216 port 34100 [preauth]
Sep 29 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Failed password for root from 162.144.236.216 port 41412 ssh2
Sep 29 05:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Connection closed by 162.144.236.216 port 41412 [preauth]
Sep 29 05:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Failed password for root from 162.144.236.216 port 48140 ssh2
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: Successful su for rubyman by root
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: + ??? root:rubyman
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312974 of user rubyman.
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9110]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312974.
Sep 29 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Connection closed by 162.144.236.216 port 48140 [preauth]
Sep 29 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5907]: pam_unix(cron:session): session closed for user root
Sep 29 05:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 162.144.236.216 port 53724 ssh2
Sep 29 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 162.144.236.216 port 53724 [preauth]
Sep 29 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Failed password for root from 162.144.236.216 port 59968 ssh2
Sep 29 05:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Connection closed by 162.144.236.216 port 59968 [preauth]
Sep 29 05:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9466]: Failed password for root from 162.144.236.216 port 38546 ssh2
Sep 29 05:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9466]: Connection closed by 162.144.236.216 port 38546 [preauth]
Sep 29 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 05:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Failed password for root from 12.89.72.118 port 37188 ssh2
Sep 29 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Received disconnect from 12.89.72.118 port 37188:11: Bye Bye [preauth]
Sep 29 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: Disconnected from 12.89.72.118 port 37188 [preauth]
Sep 29 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Failed password for root from 162.144.236.216 port 44306 ssh2
Sep 29 05:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session closed for user root
Sep 29 05:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Connection closed by 162.144.236.216 port 44306 [preauth]
Sep 29 05:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: Failed password for root from 162.144.236.216 port 52626 ssh2
Sep 29 05:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: Connection closed by 162.144.236.216 port 52626 [preauth]
Sep 29 05:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9604]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9601]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9719]: Successful su for rubyman by root
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9719]: + ??? root:rubyman
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312978 of user rubyman.
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9719]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312978.
Sep 29 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Failed password for root from 162.144.236.216 port 60528 ssh2
Sep 29 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session closed for user root
Sep 29 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9577]: Connection closed by 162.144.236.216 port 60528 [preauth]
Sep 29 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Failed password for root from 162.144.236.216 port 39602 ssh2
Sep 29 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Connection closed by 162.144.236.216 port 39602 [preauth]
Sep 29 05:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Failed password for root from 162.144.236.216 port 44362 ssh2
Sep 29 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Connection closed by 162.144.236.216 port 44362 [preauth]
Sep 29 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for root from 162.144.236.216 port 49920 ssh2
Sep 29 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session closed for user root
Sep 29 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection closed by 162.144.236.216 port 49920 [preauth]
Sep 29 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for root from 162.144.236.216 port 56742 ssh2
Sep 29 05:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Connection closed by 162.144.236.216 port 56742 [preauth]
Sep 29 05:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: Failed password for root from 162.144.236.216 port 34836 ssh2
Sep 29 05:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10130]: Connection closed by 162.144.236.216 port 34836 [preauth]
Sep 29 05:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10184]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10253]: Successful su for rubyman by root
Sep 29 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10253]: + ??? root:rubyman
Sep 29 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312983 of user rubyman.
Sep 29 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10253]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312983.
Sep 29 05:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6905]: pam_unix(cron:session): session closed for user root
Sep 29 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Failed password for root from 162.144.236.216 port 42918 ssh2
Sep 29 05:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10185]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Connection closed by 162.144.236.216 port 42918 [preauth]
Sep 29 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for root from 162.144.236.216 port 50602 ssh2
Sep 29 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Connection closed by 162.144.236.216 port 50602 [preauth]
Sep 29 05:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user root
Sep 29 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10544]: Failed password for root from 162.144.236.216 port 58296 ssh2
Sep 29 05:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10544]: Connection closed by 162.144.236.216 port 58296 [preauth]
Sep 29 05:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user root
Sep 29 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: Successful su for rubyman by root
Sep 29 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: + ??? root:rubyman
Sep 29 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312987 of user rubyman.
Sep 29 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10725]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312987.
Sep 29 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user root
Sep 29 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session closed for user root
Sep 29 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Invalid user minecraft from 12.89.72.118
Sep 29 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Failed password for invalid user minecraft from 12.89.72.118 port 51294 ssh2
Sep 29 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10634]: Failed password for root from 162.144.236.216 port 39634 ssh2
Sep 29 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Received disconnect from 12.89.72.118 port 51294:11: Bye Bye [preauth]
Sep 29 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Disconnected from 12.89.72.118 port 51294 [preauth]
Sep 29 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10634]: Connection closed by 162.144.236.216 port 39634 [preauth]
Sep 29 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Failed password for root from 93.152.230.176 port 54644 ssh2
Sep 29 05:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Received disconnect from 93.152.230.176 port 54644:11: Client disconnecting normally [preauth]
Sep 29 05:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Disconnected from 93.152.230.176 port 54644 [preauth]
Sep 29 05:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Failed password for root from 162.144.236.216 port 46984 ssh2
Sep 29 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Connection closed by 162.144.236.216 port 46984 [preauth]
Sep 29 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Invalid user as-hadoop from 20.163.71.109
Sep 29 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: input_userauth_request: invalid user as-hadoop [preauth]
Sep 29 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 05:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Failed password for invalid user as-hadoop from 20.163.71.109 port 46950 ssh2
Sep 29 05:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Connection closed by 20.163.71.109 port 46950 [preauth]
Sep 29 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Failed password for root from 162.144.236.216 port 51972 ssh2
Sep 29 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Connection closed by 162.144.236.216 port 51972 [preauth]
Sep 29 05:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9604]: pam_unix(cron:session): session closed for user root
Sep 29 05:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Failed password for root from 162.144.236.216 port 60658 ssh2
Sep 29 05:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Connection closed by 162.144.236.216 port 60658 [preauth]
Sep 29 05:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: Failed password for root from 162.144.236.216 port 38890 ssh2
Sep 29 05:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: Connection closed by 162.144.236.216 port 38890 [preauth]
Sep 29 05:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11126]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: Successful su for rubyman by root
Sep 29 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: + ??? root:rubyman
Sep 29 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312993 of user rubyman.
Sep 29 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312993.
Sep 29 05:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: Failed password for root from 162.144.236.216 port 46530 ssh2
Sep 29 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session closed for user root
Sep 29 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11127]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: Connection closed by 162.144.236.216 port 46530 [preauth]
Sep 29 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Failed password for root from 162.144.236.216 port 53306 ssh2
Sep 29 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Connection closed by 162.144.236.216 port 53306 [preauth]
Sep 29 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Failed password for root from 162.144.236.216 port 59182 ssh2
Sep 29 05:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Connection closed by 162.144.236.216 port 59182 [preauth]
Sep 29 05:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10187]: pam_unix(cron:session): session closed for user root
Sep 29 05:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Failed password for root from 162.144.236.216 port 37560 ssh2
Sep 29 05:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Connection closed by 162.144.236.216 port 37560 [preauth]
Sep 29 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: Failed password for root from 162.144.236.216 port 44076 ssh2
Sep 29 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: Connection closed by 162.144.236.216 port 44076 [preauth]
Sep 29 05:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: Failed password for root from 162.144.236.216 port 50518 ssh2
Sep 29 05:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11522]: Connection closed by 162.144.236.216 port 50518 [preauth]
Sep 29 05:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Failed password for root from 162.144.236.216 port 58152 ssh2
Sep 29 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Connection closed by 162.144.236.216 port 58152 [preauth]
Sep 29 05:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: Successful su for rubyman by root
Sep 29 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: + ??? root:rubyman
Sep 29 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 312998 of user rubyman.
Sep 29 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 312998.
Sep 29 05:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user root
Sep 29 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for root from 162.144.236.216 port 35584 ssh2
Sep 29 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Connection closed by 162.144.236.216 port 35584 [preauth]
Sep 29 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Failed password for root from 162.144.236.216 port 41118 ssh2
Sep 29 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Connection closed by 162.144.236.216 port 41118 [preauth]
Sep 29 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for root from 162.144.236.216 port 44944 ssh2
Sep 29 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 162.144.236.216 port 44944 [preauth]
Sep 29 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Failed password for root from 162.144.236.216 port 50378 ssh2
Sep 29 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Connection closed by 162.144.236.216 port 50378 [preauth]
Sep 29 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Failed password for root from 162.144.236.216 port 57070 ssh2
Sep 29 05:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Connection closed by 162.144.236.216 port 57070 [preauth]
Sep 29 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user root
Sep 29 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Invalid user cristian from 12.89.72.118
Sep 29 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: input_userauth_request: invalid user cristian [preauth]
Sep 29 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Failed password for root from 162.144.236.216 port 34556 ssh2
Sep 29 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Failed password for invalid user cristian from 12.89.72.118 port 35696 ssh2
Sep 29 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Received disconnect from 12.89.72.118 port 35696:11: Bye Bye [preauth]
Sep 29 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Disconnected from 12.89.72.118 port 35696 [preauth]
Sep 29 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Connection closed by 162.144.236.216 port 34556 [preauth]
Sep 29 05:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12058]: Failed password for root from 162.144.236.216 port 40472 ssh2
Sep 29 05:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12058]: Connection closed by 162.144.236.216 port 40472 [preauth]
Sep 29 05:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Failed password for root from 162.144.236.216 port 48854 ssh2
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Connection closed by 162.144.236.216 port 48854 [preauth]
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12111]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12176]: Successful su for rubyman by root
Sep 29 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12176]: + ??? root:rubyman
Sep 29 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313000 of user rubyman.
Sep 29 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12176]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313000.
Sep 29 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session closed for user root
Sep 29 05:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Failed password for root from 162.144.236.216 port 56070 ssh2
Sep 29 05:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Connection closed by 162.144.236.216 port 56070 [preauth]
Sep 29 05:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Failed password for root from 162.144.236.216 port 33166 ssh2
Sep 29 05:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12387]: Connection closed by 162.144.236.216 port 33166 [preauth]
Sep 29 05:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Failed password for root from 162.144.236.216 port 40658 ssh2
Sep 29 05:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Connection closed by 162.144.236.216 port 40658 [preauth]
Sep 29 05:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Failed password for root from 162.144.236.216 port 46642 ssh2
Sep 29 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Connection closed by 162.144.236.216 port 46642 [preauth]
Sep 29 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11129]: pam_unix(cron:session): session closed for user root
Sep 29 05:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Failed password for root from 162.144.236.216 port 53116 ssh2
Sep 29 05:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Connection closed by 162.144.236.216 port 53116 [preauth]
Sep 29 05:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: Failed password for root from 162.144.236.216 port 58182 ssh2
Sep 29 05:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: Connection closed by 162.144.236.216 port 58182 [preauth]
Sep 29 05:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Failed password for root from 162.144.236.216 port 36632 ssh2
Sep 29 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user p13x
Sep 29 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12629]: Successful su for rubyman by root
Sep 29 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12629]: + ??? root:rubyman
Sep 29 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313005 of user rubyman.
Sep 29 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12629]: pam_unix(su:session): session closed for user rubyman
Sep 29 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313005.
Sep 29 05:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Connection closed by 162.144.236.216 port 36632 [preauth]
Sep 29 05:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session closed for user root
Sep 29 05:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session closed for user samftp
Sep 29 05:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Failed password for root from 162.144.236.216 port 42998 ssh2
Sep 29 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Connection closed by 162.144.236.216 port 42998 [preauth]
Sep 29 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: Failed password for root from 162.144.236.216 port 49278 ssh2
Sep 29 05:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: Connection closed by 162.144.236.216 port 49278 [preauth]
Sep 29 05:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Invalid user shaw from 80.94.95.112
Sep 29 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: input_userauth_request: invalid user shaw [preauth]
Sep 29 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for root from 162.144.236.216 port 57784 ssh2
Sep 29 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user root
Sep 29 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user shaw from 80.94.95.112 port 64687 ssh2
Sep 29 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Connection closed by 162.144.236.216 port 57784 [preauth]
Sep 29 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user shaw from 80.94.95.112 port 64687 ssh2
Sep 29 05:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user shaw from 80.94.95.112 port 64687 ssh2
Sep 29 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user shaw from 80.94.95.112 port 64687 ssh2
Sep 29 05:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 05:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Failed password for root from 162.144.236.216 port 36400 ssh2
Sep 29 05:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Connection closed by 162.144.236.216 port 36400 [preauth]
Sep 29 05:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user shaw from 80.94.95.112 port 64687 ssh2
Sep 29 05:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Received disconnect from 80.94.95.112 port 64687:11: Bye [preauth]
Sep 29 05:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Disconnected from 80.94.95.112 port 64687 [preauth]
Sep 29 05:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 05:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 05:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: Failed password for root from 162.144.236.216 port 42758 ssh2
Sep 29 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Invalid user  from 62.60.131.157
Sep 29 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: input_userauth_request: invalid user  [preauth]
Sep 29 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Failed none for invalid user  from 62.60.131.157 port 63910 ssh2
Sep 29 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Received disconnect from 62.60.131.157 port 63910:11: Bye [preauth]
Sep 29 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13016]: Disconnected from 62.60.131.157 port 63910 [preauth]
Sep 29 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: Connection closed by 162.144.236.216 port 42758 [preauth]
Sep 29 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 05:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 05:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Bad protocol version identification '\003' from 47.251.166.236 port 60444
Sep 29 05:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Failed password for root from 162.144.236.216 port 50420 ssh2
Sep 29 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Connection closed by 162.144.236.216 port 50420 [preauth]
Sep 29 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13052]: pam_unix(cron:session): session closed for user root
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session closed for user root
Sep 29 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: Successful su for rubyman by root
Sep 29 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: + ??? root:rubyman
Sep 29 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313011 of user rubyman.
Sep 29 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313011.
Sep 29 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13049]: pam_unix(cron:session): session closed for user root
Sep 29 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10186]: pam_unix(cron:session): session closed for user root
Sep 29 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: Failed password for root from 162.144.236.216 port 55712 ssh2
Sep 29 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: Connection closed by 162.144.236.216 port 55712 [preauth]
Sep 29 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13387]: Connection closed by 12.89.72.118 port 45532 [preauth]
Sep 29 06:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Failed password for root from 162.144.236.216 port 33946 ssh2
Sep 29 06:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Connection closed by 162.144.236.216 port 33946 [preauth]
Sep 29 06:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Failed password for root from 162.144.236.216 port 41004 ssh2
Sep 29 06:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13433]: Connection closed by 162.144.236.216 port 41004 [preauth]
Sep 29 06:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: Failed password for root from 162.144.236.216 port 46096 ssh2
Sep 29 06:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: Connection closed by 162.144.236.216 port 46096 [preauth]
Sep 29 06:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12111]: pam_unix(cron:session): session closed for user root
Sep 29 06:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Failed password for root from 162.144.236.216 port 51554 ssh2
Sep 29 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: Connection closed by 162.144.236.216 port 51554 [preauth]
Sep 29 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Failed password for root from 162.144.236.216 port 58366 ssh2
Sep 29 06:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Connection closed by 162.144.236.216 port 58366 [preauth]
Sep 29 06:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Failed password for root from 162.144.236.216 port 36098 ssh2
Sep 29 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Connection closed by 162.144.236.216 port 36098 [preauth]
Sep 29 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13602]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13598]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13666]: Successful su for rubyman by root
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13666]: + ??? root:rubyman
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313016 of user rubyman.
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13666]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313016.
Sep 29 06:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session closed for user root
Sep 29 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Failed password for root from 162.144.236.216 port 44556 ssh2
Sep 29 06:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Connection closed by 162.144.236.216 port 44556 [preauth]
Sep 29 06:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13599]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13871]: Failed password for root from 162.144.236.216 port 52452 ssh2
Sep 29 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13871]: Connection closed by 162.144.236.216 port 52452 [preauth]
Sep 29 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Failed password for root from 162.144.236.216 port 59358 ssh2
Sep 29 06:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Connection closed by 162.144.236.216 port 59358 [preauth]
Sep 29 06:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Failed password for root from 162.144.236.216 port 35742 ssh2
Sep 29 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Connection closed by 162.144.236.216 port 35742 [preauth]
Sep 29 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session closed for user root
Sep 29 06:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Failed password for root from 162.144.236.216 port 44196 ssh2
Sep 29 06:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Connection closed by 162.144.236.216 port 44196 [preauth]
Sep 29 06:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 06:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Failed password for root from 164.68.105.9 port 36774 ssh2
Sep 29 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Connection closed by 164.68.105.9 port 36774 [preauth]
Sep 29 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: Failed password for root from 162.144.236.216 port 52670 ssh2
Sep 29 06:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: Connection closed by 162.144.236.216 port 52670 [preauth]
Sep 29 06:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Failed password for root from 162.144.236.216 port 59674 ssh2
Sep 29 06:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Connection closed by 162.144.236.216 port 59674 [preauth]
Sep 29 06:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14140]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14137]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14210]: Successful su for rubyman by root
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14210]: + ??? root:rubyman
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313021 of user rubyman.
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14210]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313021.
Sep 29 06:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11128]: pam_unix(cron:session): session closed for user root
Sep 29 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Failed password for root from 162.144.236.216 port 37712 ssh2
Sep 29 06:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Connection closed by 162.144.236.216 port 37712 [preauth]
Sep 29 06:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Failed password for root from 162.144.236.216 port 44736 ssh2
Sep 29 06:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Connection closed by 162.144.236.216 port 44736 [preauth]
Sep 29 06:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Failed password for root from 162.144.236.216 port 51624 ssh2
Sep 29 06:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Connection closed by 162.144.236.216 port 51624 [preauth]
Sep 29 06:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Failed password for root from 162.144.236.216 port 58250 ssh2
Sep 29 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Connection closed by 162.144.236.216 port 58250 [preauth]
Sep 29 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13051]: pam_unix(cron:session): session closed for user root
Sep 29 06:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: Failed password for root from 162.144.236.216 port 36660 ssh2
Sep 29 06:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: Connection closed by 162.144.236.216 port 36660 [preauth]
Sep 29 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 06:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Failed password for root from 12.89.72.118 port 50068 ssh2
Sep 29 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Received disconnect from 12.89.72.118 port 50068:11: Bye Bye [preauth]
Sep 29 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Disconnected from 12.89.72.118 port 50068 [preauth]
Sep 29 06:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Failed password for root from 162.144.236.216 port 42904 ssh2
Sep 29 06:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Connection closed by 162.144.236.216 port 42904 [preauth]
Sep 29 06:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 162.144.236.216 port 51608 ssh2
Sep 29 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Connection closed by 162.144.236.216 port 51608 [preauth]
Sep 29 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: Successful su for rubyman by root
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: + ??? root:rubyman
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313024 of user rubyman.
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313024.
Sep 29 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session closed for user root
Sep 29 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Failed password for root from 162.144.236.216 port 56134 ssh2
Sep 29 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Connection closed by 162.144.236.216 port 56134 [preauth]
Sep 29 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Failed password for root from 162.144.236.216 port 36628 ssh2
Sep 29 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Connection closed by 162.144.236.216 port 36628 [preauth]
Sep 29 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: Failed password for root from 162.144.236.216 port 44260 ssh2
Sep 29 06:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: Connection closed by 162.144.236.216 port 44260 [preauth]
Sep 29 06:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for root from 162.144.236.216 port 50000 ssh2
Sep 29 06:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Connection closed by 162.144.236.216 port 50000 [preauth]
Sep 29 06:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13602]: pam_unix(cron:session): session closed for user root
Sep 29 06:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Failed password for root from 162.144.236.216 port 55250 ssh2
Sep 29 06:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Connection closed by 162.144.236.216 port 55250 [preauth]
Sep 29 06:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: Failed password for root from 162.144.236.216 port 33320 ssh2
Sep 29 06:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: Connection closed by 162.144.236.216 port 33320 [preauth]
Sep 29 06:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for root from 162.144.236.216 port 39420 ssh2
Sep 29 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Invalid user supervisor from 93.152.230.176
Sep 29 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: input_userauth_request: invalid user supervisor [preauth]
Sep 29 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Failed password for invalid user supervisor from 93.152.230.176 port 7745 ssh2
Sep 29 06:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Received disconnect from 93.152.230.176 port 7745:11: Client disconnecting normally [preauth]
Sep 29 06:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Disconnected from 93.152.230.176 port 7745 [preauth]
Sep 29 06:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 162.144.236.216 port 39420 [preauth]
Sep 29 06:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15008]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15006]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: Successful su for rubyman by root
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: + ??? root:rubyman
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313027 of user rubyman.
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313027.
Sep 29 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: Failed password for root from 162.144.236.216 port 47264 ssh2
Sep 29 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: Connection closed by 162.144.236.216 port 47264 [preauth]
Sep 29 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session closed for user root
Sep 29 06:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for root from 162.144.236.216 port 53788 ssh2
Sep 29 06:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Connection closed by 162.144.236.216 port 53788 [preauth]
Sep 29 06:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Failed password for root from 162.144.236.216 port 60030 ssh2
Sep 29 06:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Connection closed by 162.144.236.216 port 60030 [preauth]
Sep 29 06:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Failed password for root from 162.144.236.216 port 38764 ssh2
Sep 29 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Connection closed by 162.144.236.216 port 38764 [preauth]
Sep 29 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14140]: pam_unix(cron:session): session closed for user root
Sep 29 06:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Failed password for root from 162.144.236.216 port 44964 ssh2
Sep 29 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Connection closed by 162.144.236.216 port 44964 [preauth]
Sep 29 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Failed password for root from 162.144.236.216 port 50886 ssh2
Sep 29 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Connection closed by 162.144.236.216 port 50886 [preauth]
Sep 29 06:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: Failed password for root from 162.144.236.216 port 58058 ssh2
Sep 29 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: Connection closed by 162.144.236.216 port 58058 [preauth]
Sep 29 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session closed for user root
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for root from 162.144.236.216 port 35816 ssh2
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: Successful su for rubyman by root
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: + ??? root:rubyman
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313034 of user rubyman.
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15509]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313034.
Sep 29 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Connection closed by 162.144.236.216 port 35816 [preauth]
Sep 29 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session closed for user root
Sep 29 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12562]: pam_unix(cron:session): session closed for user root
Sep 29 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Invalid user soporte from 12.89.72.118
Sep 29 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: input_userauth_request: invalid user soporte [preauth]
Sep 29 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 06:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Failed password for root from 162.144.236.216 port 43704 ssh2
Sep 29 06:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Connection closed by 162.144.236.216 port 43704 [preauth]
Sep 29 06:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Failed password for invalid user soporte from 12.89.72.118 port 34400 ssh2
Sep 29 06:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Received disconnect from 12.89.72.118 port 34400:11: Bye Bye [preauth]
Sep 29 06:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Disconnected from 12.89.72.118 port 34400 [preauth]
Sep 29 06:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Failed password for root from 162.144.236.216 port 51300 ssh2
Sep 29 06:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Connection closed by 162.144.236.216 port 51300 [preauth]
Sep 29 06:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Failed password for root from 162.144.236.216 port 59406 ssh2
Sep 29 06:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Connection closed by 162.144.236.216 port 59406 [preauth]
Sep 29 06:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session closed for user root
Sep 29 06:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: Failed password for root from 162.144.236.216 port 36128 ssh2
Sep 29 06:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: Connection closed by 162.144.236.216 port 36128 [preauth]
Sep 29 06:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Failed password for root from 162.144.236.216 port 42702 ssh2
Sep 29 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Connection closed by 162.144.236.216 port 42702 [preauth]
Sep 29 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Failed password for root from 162.144.236.216 port 49852 ssh2
Sep 29 06:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Connection closed by 162.144.236.216 port 49852 [preauth]
Sep 29 06:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for root from 162.144.236.216 port 55374 ssh2
Sep 29 06:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Connection closed by 162.144.236.216 port 55374 [preauth]
Sep 29 06:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15984]: Successful su for rubyman by root
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15984]: + ??? root:rubyman
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313037 of user rubyman.
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15984]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313037.
Sep 29 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13050]: pam_unix(cron:session): session closed for user root
Sep 29 06:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15912]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Failed password for root from 162.144.236.216 port 32902 ssh2
Sep 29 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Connection closed by 162.144.236.216 port 32902 [preauth]
Sep 29 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for root from 162.144.236.216 port 41230 ssh2
Sep 29 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 162.144.236.216 port 41230 [preauth]
Sep 29 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for root from 162.144.236.216 port 48336 ssh2
Sep 29 06:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 162.144.236.216 port 48336 [preauth]
Sep 29 06:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15009]: pam_unix(cron:session): session closed for user root
Sep 29 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Failed password for root from 162.144.236.216 port 54072 ssh2
Sep 29 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Connection closed by 162.144.236.216 port 54072 [preauth]
Sep 29 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Failed password for root from 162.144.236.216 port 60744 ssh2
Sep 29 06:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Connection closed by 162.144.236.216 port 60744 [preauth]
Sep 29 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Failed password for root from 162.144.236.216 port 40214 ssh2
Sep 29 06:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Connection closed by 162.144.236.216 port 40214 [preauth]
Sep 29 06:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for root from 162.144.236.216 port 47092 ssh2
Sep 29 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Connection closed by 162.144.236.216 port 47092 [preauth]
Sep 29 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16431]: Successful su for rubyman by root
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16431]: + ??? root:rubyman
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313043 of user rubyman.
Sep 29 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16431]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313043.
Sep 29 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13600]: pam_unix(cron:session): session closed for user root
Sep 29 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=havanaz@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Failed password for root from 162.144.236.216 port 52556 ssh2
Sep 29 06:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Connection closed by 162.144.236.216 port 52556 [preauth]
Sep 29 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=havanaz rhost=::ffff:45.142.193.185
Sep 29 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for root from 162.144.236.216 port 58748 ssh2
Sep 29 06:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Connection closed by 162.144.236.216 port 58748 [preauth]
Sep 29 06:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Failed password for root from 162.144.236.216 port 37706 ssh2
Sep 29 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Connection closed by 162.144.236.216 port 37706 [preauth]
Sep 29 06:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session closed for user root
Sep 29 06:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Failed password for root from 162.144.236.216 port 45302 ssh2
Sep 29 06:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Connection closed by 162.144.236.216 port 45302 [preauth]
Sep 29 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Failed password for root from 162.144.236.216 port 53754 ssh2
Sep 29 06:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Connection closed by 12.89.72.118 port 40312 [preauth]
Sep 29 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Connection closed by 162.144.236.216 port 53754 [preauth]
Sep 29 06:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: Failed password for root from 162.144.236.216 port 58806 ssh2
Sep 29 06:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16804]: Connection closed by 162.144.236.216 port 58806 [preauth]
Sep 29 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Failed password for root from 162.144.236.216 port 37518 ssh2
Sep 29 06:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Connection closed by 162.144.236.216 port 37518 [preauth]
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: Successful su for rubyman by root
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: + ??? root:rubyman
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313045 of user rubyman.
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313045.
Sep 29 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14139]: pam_unix(cron:session): session closed for user root
Sep 29 06:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Failed password for root from 162.144.236.216 port 43748 ssh2
Sep 29 06:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16836]: Connection closed by 162.144.236.216 port 43748 [preauth]
Sep 29 06:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Failed password for root from 162.144.236.216 port 50806 ssh2
Sep 29 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Connection closed by 162.144.236.216 port 50806 [preauth]
Sep 29 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Failed password for root from 162.144.236.216 port 57170 ssh2
Sep 29 06:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17152]: Connection closed by 162.144.236.216 port 57170 [preauth]
Sep 29 06:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17186]: Failed password for root from 162.144.236.216 port 36146 ssh2
Sep 29 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17186]: Connection closed by 162.144.236.216 port 36146 [preauth]
Sep 29 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session closed for user root
Sep 29 06:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Failed password for root from 162.144.236.216 port 42306 ssh2
Sep 29 06:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Connection closed by 162.144.236.216 port 42306 [preauth]
Sep 29 06:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for root from 162.144.236.216 port 49076 ssh2
Sep 29 06:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Connection closed by 162.144.236.216 port 49076 [preauth]
Sep 29 06:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for root from 162.144.236.216 port 56088 ssh2
Sep 29 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Connection closed by 162.144.236.216 port 56088 [preauth]
Sep 29 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17445]: Successful su for rubyman by root
Sep 29 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17445]: + ??? root:rubyman
Sep 29 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313050 of user rubyman.
Sep 29 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17445]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313050.
Sep 29 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
Sep 29 06:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user root
Sep 29 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Failed password for root from 162.144.236.216 port 33640 ssh2
Sep 29 06:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Connection closed by 162.144.236.216 port 33640 [preauth]
Sep 29 06:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: Failed password for root from 162.144.236.216 port 41392 ssh2
Sep 29 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: Connection closed by 162.144.236.216 port 41392 [preauth]
Sep 29 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Failed password for root from 162.144.236.216 port 48108 ssh2
Sep 29 06:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Connection closed by 162.144.236.216 port 48108 [preauth]
Sep 29 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user root
Sep 29 06:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Failed password for root from 162.144.236.216 port 55522 ssh2
Sep 29 06:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Connection closed by 162.144.236.216 port 55522 [preauth]
Sep 29 06:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Failed password for root from 162.144.236.216 port 33450 ssh2
Sep 29 06:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Connection closed by 162.144.236.216 port 33450 [preauth]
Sep 29 06:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: Failed password for root from 162.144.236.216 port 39700 ssh2
Sep 29 06:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: Connection closed by 162.144.236.216 port 39700 [preauth]
Sep 29 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Failed password for root from 162.144.236.216 port 46532 ssh2
Sep 29 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Connection closed by 162.144.236.216 port 46532 [preauth]
Sep 29 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17946]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session closed for user root
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: Successful su for rubyman by root
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: + ??? root:rubyman
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313056 of user rubyman.
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18025]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313056.
Sep 29 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session closed for user root
Sep 29 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15008]: pam_unix(cron:session): session closed for user root
Sep 29 06:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Failed password for root from 162.144.236.216 port 52906 ssh2
Sep 29 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Connection closed by 162.144.236.216 port 52906 [preauth]
Sep 29 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for root from 162.144.236.216 port 59306 ssh2
Sep 29 06:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Connection closed by 162.144.236.216 port 59306 [preauth]
Sep 29 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: Connection closed by 12.89.72.118 port 33884 [preauth]
Sep 29 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Failed password for root from 162.144.236.216 port 37898 ssh2
Sep 29 06:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Connection closed by 162.144.236.216 port 37898 [preauth]
Sep 29 06:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18555]: Failed password for root from 162.144.236.216 port 44548 ssh2
Sep 29 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18555]: Connection closed by 162.144.236.216 port 44548 [preauth]
Sep 29 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session closed for user root
Sep 29 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: Failed password for root from 162.144.236.216 port 50640 ssh2
Sep 29 06:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18598]: Connection closed by 162.144.236.216 port 50640 [preauth]
Sep 29 06:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Failed password for root from 162.144.236.216 port 57826 ssh2
Sep 29 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Connection closed by 162.144.236.216 port 57826 [preauth]
Sep 29 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: Failed password for root from 162.144.236.216 port 37048 ssh2
Sep 29 06:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: Connection closed by 162.144.236.216 port 37048 [preauth]
Sep 29 06:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: Successful su for rubyman by root
Sep 29 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: + ??? root:rubyman
Sep 29 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313061 of user rubyman.
Sep 29 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313061.
Sep 29 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Failed password for root from 162.144.236.216 port 43132 ssh2
Sep 29 06:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Connection closed by 162.144.236.216 port 43132 [preauth]
Sep 29 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session closed for user root
Sep 29 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: Failed password for root from 162.144.236.216 port 48446 ssh2
Sep 29 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: Connection closed by 162.144.236.216 port 48446 [preauth]
Sep 29 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Failed password for root from 162.144.236.216 port 55944 ssh2
Sep 29 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Connection closed by 162.144.236.216 port 55944 [preauth]
Sep 29 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Failed password for root from 162.144.236.216 port 33234 ssh2
Sep 29 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Connection closed by 162.144.236.216 port 33234 [preauth]
Sep 29 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user root
Sep 29 06:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 162.144.236.216 port 40902 ssh2
Sep 29 06:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Connection closed by 162.144.236.216 port 40902 [preauth]
Sep 29 06:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19130]: Failed password for root from 162.144.236.216 port 46762 ssh2
Sep 29 06:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19130]: Connection closed by 162.144.236.216 port 46762 [preauth]
Sep 29 06:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: Failed password for root from 162.144.236.216 port 52352 ssh2
Sep 29 06:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: Connection closed by 162.144.236.216 port 52352 [preauth]
Sep 29 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Failed password for root from 162.144.236.216 port 57702 ssh2
Sep 29 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Connection closed by 162.144.236.216 port 57702 [preauth]
Sep 29 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19297]: Successful su for rubyman by root
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19297]: + ??? root:rubyman
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313066 of user rubyman.
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19297]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313066.
Sep 29 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15913]: pam_unix(cron:session): session closed for user root
Sep 29 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Failed password for root from 162.144.236.216 port 36600 ssh2
Sep 29 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Connection closed by 162.144.236.216 port 36600 [preauth]
Sep 29 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19795]: Failed password for root from 162.144.236.216 port 43352 ssh2
Sep 29 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19795]: Connection closed by 162.144.236.216 port 43352 [preauth]
Sep 29 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Failed password for root from 162.144.236.216 port 51406 ssh2
Sep 29 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Connection closed by 162.144.236.216 port 51406 [preauth]
Sep 29 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Failed password for root from 162.144.236.216 port 56888 ssh2
Sep 29 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Connection closed by 162.144.236.216 port 56888 [preauth]
Sep 29 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17946]: pam_unix(cron:session): session closed for user root
Sep 29 06:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Failed password for root from 162.144.236.216 port 35520 ssh2
Sep 29 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Connection closed by 162.144.236.216 port 35520 [preauth]
Sep 29 06:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: Invalid user free from 93.152.230.176
Sep 29 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: input_userauth_request: invalid user free [preauth]
Sep 29 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: Failed password for invalid user free from 93.152.230.176 port 47066 ssh2
Sep 29 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: Received disconnect from 93.152.230.176 port 47066:11: Client disconnecting normally [preauth]
Sep 29 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: Disconnected from 93.152.230.176 port 47066 [preauth]
Sep 29 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Invalid user david from 12.89.72.118
Sep 29 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: input_userauth_request: invalid user david [preauth]
Sep 29 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: Failed password for root from 162.144.236.216 port 40592 ssh2
Sep 29 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Failed password for invalid user david from 12.89.72.118 port 43896 ssh2
Sep 29 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19956]: Connection closed by 162.144.236.216 port 40592 [preauth]
Sep 29 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Received disconnect from 12.89.72.118 port 43896:11: Bye Bye [preauth]
Sep 29 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Disconnected from 12.89.72.118 port 43896 [preauth]
Sep 29 06:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Failed password for root from 162.144.236.216 port 49680 ssh2
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Connection closed by 162.144.236.216 port 49680 [preauth]
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: Successful su for rubyman by root
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: + ??? root:rubyman
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313068 of user rubyman.
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20107]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313068.
Sep 29 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user root
Sep 29 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Failed password for root from 162.144.236.216 port 56426 ssh2
Sep 29 06:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20032]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Connection closed by 162.144.236.216 port 56426 [preauth]
Sep 29 06:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Failed password for root from 162.144.236.216 port 34550 ssh2
Sep 29 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Connection closed by 162.144.236.216 port 34550 [preauth]
Sep 29 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: Failed password for root from 162.144.236.216 port 39810 ssh2
Sep 29 06:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20385]: Connection closed by 162.144.236.216 port 39810 [preauth]
Sep 29 06:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Failed password for root from 162.144.236.216 port 47630 ssh2
Sep 29 06:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20421]: Connection closed by 162.144.236.216 port 47630 [preauth]
Sep 29 06:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session closed for user root
Sep 29 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Failed password for root from 162.144.236.216 port 52936 ssh2
Sep 29 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Connection closed by 162.144.236.216 port 52936 [preauth]
Sep 29 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: Failed password for root from 162.144.236.216 port 60162 ssh2
Sep 29 06:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20467]: Connection closed by 162.144.236.216 port 60162 [preauth]
Sep 29 06:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Failed password for root from 162.144.236.216 port 38538 ssh2
Sep 29 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Connection closed by 162.144.236.216 port 38538 [preauth]
Sep 29 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20534]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20530]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20593]: Successful su for rubyman by root
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20593]: + ??? root:rubyman
Sep 29 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313072 of user rubyman.
Sep 29 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20593]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313072.
Sep 29 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session closed for user root
Sep 29 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20532]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Failed password for root from 162.144.236.216 port 47564 ssh2
Sep 29 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Connection closed by 162.144.236.216 port 47564 [preauth]
Sep 29 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20821]: Failed password for root from 162.144.236.216 port 55198 ssh2
Sep 29 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20821]: Connection closed by 162.144.236.216 port 55198 [preauth]
Sep 29 06:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20845]: Failed password for root from 162.144.236.216 port 59668 ssh2
Sep 29 06:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20845]: Connection closed by 162.144.236.216 port 59668 [preauth]
Sep 29 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: Failed password for root from 162.144.236.216 port 38888 ssh2
Sep 29 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: Connection closed by 162.144.236.216 port 38888 [preauth]
Sep 29 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user root
Sep 29 06:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: Failed password for root from 162.144.236.216 port 45352 ssh2
Sep 29 06:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: Connection closed by 162.144.236.216 port 45352 [preauth]
Sep 29 06:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: Failed password for root from 162.144.236.216 port 52030 ssh2
Sep 29 06:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: Connection closed by 162.144.236.216 port 52030 [preauth]
Sep 29 06:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Failed password for root from 162.144.236.216 port 58878 ssh2
Sep 29 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Connection closed by 162.144.236.216 port 58878 [preauth]
Sep 29 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session closed for user root
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20990]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: Successful su for rubyman by root
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: + ??? root:rubyman
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313077 of user rubyman.
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21072]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313077.
Sep 29 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session closed for user root
Sep 29 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session closed for user root
Sep 29 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Failed password for root from 162.144.236.216 port 38226 ssh2
Sep 29 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Connection closed by 162.144.236.216 port 38226 [preauth]
Sep 29 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20991]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: Failed password for root from 162.144.236.216 port 45294 ssh2
Sep 29 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: Connection closed by 162.144.236.216 port 45294 [preauth]
Sep 29 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: Connection closed by 12.89.72.118 port 32782 [preauth]
Sep 29 06:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Failed password for root from 162.144.236.216 port 53058 ssh2
Sep 29 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Connection closed by 162.144.236.216 port 53058 [preauth]
Sep 29 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21334]: Failed password for root from 162.144.236.216 port 57872 ssh2
Sep 29 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20034]: pam_unix(cron:session): session closed for user root
Sep 29 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21334]: Connection closed by 162.144.236.216 port 57872 [preauth]
Sep 29 06:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Failed password for root from 162.144.236.216 port 38814 ssh2
Sep 29 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Connection closed by 162.144.236.216 port 38814 [preauth]
Sep 29 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Failed password for root from 162.144.236.216 port 45912 ssh2
Sep 29 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Connection closed by 162.144.236.216 port 45912 [preauth]
Sep 29 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Failed password for root from 162.144.236.216 port 53302 ssh2
Sep 29 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Connection closed by 162.144.236.216 port 53302 [preauth]
Sep 29 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21472]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21542]: Successful su for rubyman by root
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21542]: + ??? root:rubyman
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313082 of user rubyman.
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21542]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313082.
Sep 29 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session closed for user root
Sep 29 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Failed password for root from 162.144.236.216 port 59224 ssh2
Sep 29 06:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21473]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Connection closed by 162.144.236.216 port 59224 [preauth]
Sep 29 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: Failed password for root from 162.144.236.216 port 37432 ssh2
Sep 29 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21747]: Connection closed by 162.144.236.216 port 37432 [preauth]
Sep 29 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Failed password for root from 162.144.236.216 port 42802 ssh2
Sep 29 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Connection closed by 162.144.236.216 port 42802 [preauth]
Sep 29 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21792]: Failed password for root from 162.144.236.216 port 49546 ssh2
Sep 29 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21792]: Connection closed by 162.144.236.216 port 49546 [preauth]
Sep 29 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20534]: pam_unix(cron:session): session closed for user root
Sep 29 06:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: Failed password for root from 162.144.236.216 port 56482 ssh2
Sep 29 06:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: Connection closed by 162.144.236.216 port 56482 [preauth]
Sep 29 06:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: Failed password for root from 162.144.236.216 port 33708 ssh2
Sep 29 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: Connection closed by 162.144.236.216 port 33708 [preauth]
Sep 29 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: Failed password for root from 162.144.236.216 port 39910 ssh2
Sep 29 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: Connection closed by 162.144.236.216 port 39910 [preauth]
Sep 29 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Connection closed by 71.6.232.23 port 47728 [preauth]
Sep 29 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21937]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session closed for user root
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21934]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Failed password for root from 162.144.236.216 port 45886 ssh2
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: Successful su for rubyman by root
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: + ??? root:rubyman
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313087 of user rubyman.
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22005]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313087.
Sep 29 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Connection closed by 162.144.236.216 port 45886 [preauth]
Sep 29 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session closed for user root
Sep 29 06:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21935]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Failed password for root from 162.144.236.216 port 51748 ssh2
Sep 29 06:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Connection closed by 162.144.236.216 port 51748 [preauth]
Sep 29 06:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Failed password for root from 162.144.236.216 port 57032 ssh2
Sep 29 06:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Connection closed by 162.144.236.216 port 57032 [preauth]
Sep 29 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: Failed password for root from 162.144.236.216 port 34748 ssh2
Sep 29 06:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22255]: Connection closed by 162.144.236.216 port 34748 [preauth]
Sep 29 06:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for root from 162.144.236.216 port 40968 ssh2
Sep 29 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Connection closed by 162.144.236.216 port 40968 [preauth]
Sep 29 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session closed for user root
Sep 29 06:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Failed password for root from 162.144.236.216 port 47138 ssh2
Sep 29 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Connection closed by 162.144.236.216 port 47138 [preauth]
Sep 29 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: Failed password for root from 162.144.236.216 port 52958 ssh2
Sep 29 06:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: Connection closed by 162.144.236.216 port 52958 [preauth]
Sep 29 06:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Connection closed by 12.89.72.118 port 41512 [preauth]
Sep 29 06:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: Failed password for root from 162.144.236.216 port 60308 ssh2
Sep 29 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: Connection closed by 162.144.236.216 port 60308 [preauth]
Sep 29 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22400]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22474]: Successful su for rubyman by root
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22474]: + ??? root:rubyman
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313092 of user rubyman.
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22474]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313092.
Sep 29 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Failed password for root from 162.144.236.216 port 38432 ssh2
Sep 29 06:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Connection closed by 162.144.236.216 port 38432 [preauth]
Sep 29 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session closed for user root
Sep 29 06:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22401]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Failed password for root from 162.144.236.216 port 43970 ssh2
Sep 29 06:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Connection closed by 162.144.236.216 port 43970 [preauth]
Sep 29 06:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: Failed password for root from 162.144.236.216 port 50614 ssh2
Sep 29 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: Connection closed by 162.144.236.216 port 50614 [preauth]
Sep 29 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22921]: Failed password for root from 162.144.236.216 port 57506 ssh2
Sep 29 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22921]: Connection closed by 162.144.236.216 port 57506 [preauth]
Sep 29 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21475]: pam_unix(cron:session): session closed for user root
Sep 29 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Failed password for root from 162.144.236.216 port 35678 ssh2
Sep 29 06:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Connection closed by 162.144.236.216 port 35678 [preauth]
Sep 29 06:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Failed password for root from 162.144.236.216 port 43226 ssh2
Sep 29 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Connection closed by 162.144.236.216 port 43226 [preauth]
Sep 29 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: Failed password for root from 162.144.236.216 port 49766 ssh2
Sep 29 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: Connection closed by 162.144.236.216 port 49766 [preauth]
Sep 29 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23079]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23175]: Successful su for rubyman by root
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23175]: + ??? root:rubyman
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313095 of user rubyman.
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23175]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313095.
Sep 29 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20033]: pam_unix(cron:session): session closed for user root
Sep 29 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Failed password for root from 162.144.236.216 port 57424 ssh2
Sep 29 06:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Connection closed by 162.144.236.216 port 57424 [preauth]
Sep 29 06:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Failed password for root from 162.144.236.216 port 37058 ssh2
Sep 29 06:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Connection closed by 162.144.236.216 port 37058 [preauth]
Sep 29 06:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: Failed password for root from 162.144.236.216 port 42538 ssh2
Sep 29 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: Connection closed by 162.144.236.216 port 42538 [preauth]
Sep 29 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Failed password for root from 162.144.236.216 port 49036 ssh2
Sep 29 06:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23466]: Connection closed by 162.144.236.216 port 49036 [preauth]
Sep 29 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21937]: pam_unix(cron:session): session closed for user root
Sep 29 06:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for root from 162.144.236.216 port 55392 ssh2
Sep 29 06:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Connection closed by 162.144.236.216 port 55392 [preauth]
Sep 29 06:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: Failed password for root from 162.144.236.216 port 33474 ssh2
Sep 29 06:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: Connection closed by 162.144.236.216 port 33474 [preauth]
Sep 29 06:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23780]: Failed password for root from 162.144.236.216 port 40028 ssh2
Sep 29 06:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23780]: Connection closed by 162.144.236.216 port 40028 [preauth]
Sep 29 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session closed for user root
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23814]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: Successful su for rubyman by root
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: + ??? root:rubyman
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313101 of user rubyman.
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313101.
Sep 29 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Failed password for root from 162.144.236.216 port 47440 ssh2
Sep 29 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23816]: pam_unix(cron:session): session closed for user root
Sep 29 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Connection closed by 162.144.236.216 port 47440 [preauth]
Sep 29 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20533]: pam_unix(cron:session): session closed for user root
Sep 29 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23815]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: Failed password for root from 162.144.236.216 port 54676 ssh2
Sep 29 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: Connection closed by 162.144.236.216 port 54676 [preauth]
Sep 29 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: Connection closed by 12.89.72.118 port 45174 [preauth]
Sep 29 06:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Failed password for root from 162.144.236.216 port 34542 ssh2
Sep 29 06:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Connection closed by 162.144.236.216 port 34542 [preauth]
Sep 29 06:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for root from 162.144.236.216 port 40824 ssh2
Sep 29 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Connection closed by 162.144.236.216 port 40824 [preauth]
Sep 29 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session closed for user root
Sep 29 06:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Failed password for root from 162.144.236.216 port 46750 ssh2
Sep 29 06:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Connection closed by 162.144.236.216 port 46750 [preauth]
Sep 29 06:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: Failed password for root from 162.144.236.216 port 54728 ssh2
Sep 29 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: Connection closed by 162.144.236.216 port 54728 [preauth]
Sep 29 06:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for root from 162.144.236.216 port 33070 ssh2
Sep 29 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Connection closed by 162.144.236.216 port 33070 [preauth]
Sep 29 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24346]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24439]: Successful su for rubyman by root
Sep 29 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24439]: + ??? root:rubyman
Sep 29 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313105 of user rubyman.
Sep 29 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24439]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313105.
Sep 29 06:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: Failed password for root from 162.144.236.216 port 40904 ssh2
Sep 29 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24342]: Connection closed by 162.144.236.216 port 40904 [preauth]
Sep 29 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session closed for user root
Sep 29 06:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Invalid user user from 62.60.131.157
Sep 29 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: input_userauth_request: invalid user user [preauth]
Sep 29 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 06:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: Failed password for root from 162.144.236.216 port 45946 ssh2
Sep 29 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: Connection closed by 162.144.236.216 port 45946 [preauth]
Sep 29 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for invalid user user from 62.60.131.157 port 28269 ssh2
Sep 29 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for invalid user user from 62.60.131.157 port 28269 ssh2
Sep 29 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for invalid user user from 62.60.131.157 port 28269 ssh2
Sep 29 06:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Failed password for root from 162.144.236.216 port 51746 ssh2
Sep 29 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Connection closed by 162.144.236.216 port 51746 [preauth]
Sep 29 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for invalid user user from 62.60.131.157 port 28269 ssh2
Sep 29 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Invalid user demo from 93.152.230.176
Sep 29 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: input_userauth_request: invalid user demo [preauth]
Sep 29 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Failed password for invalid user user from 62.60.131.157 port 28269 ssh2
Sep 29 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Received disconnect from 62.60.131.157 port 28269:11: Bye [preauth]
Sep 29 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: Disconnected from 62.60.131.157 port 28269 [preauth]
Sep 29 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24653]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 06:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for invalid user demo from 93.152.230.176 port 11857 ssh2
Sep 29 06:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Received disconnect from 93.152.230.176 port 11857:11: Client disconnecting normally [preauth]
Sep 29 06:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Disconnected from 93.152.230.176 port 11857 [preauth]
Sep 29 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Failed password for root from 162.144.236.216 port 57308 ssh2
Sep 29 06:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Connection closed by 162.144.236.216 port 57308 [preauth]
Sep 29 06:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session closed for user root
Sep 29 06:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Failed password for root from 162.144.236.216 port 35362 ssh2
Sep 29 06:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Connection closed by 162.144.236.216 port 35362 [preauth]
Sep 29 06:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Failed password for root from 162.144.236.216 port 41662 ssh2
Sep 29 06:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Connection closed by 162.144.236.216 port 41662 [preauth]
Sep 29 06:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: Failed password for root from 162.144.236.216 port 48826 ssh2
Sep 29 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24804]: Connection closed by 162.144.236.216 port 48826 [preauth]
Sep 29 06:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Failed password for root from 162.144.236.216 port 55376 ssh2
Sep 29 06:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Connection closed by 162.144.236.216 port 55376 [preauth]
Sep 29 06:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: Successful su for rubyman by root
Sep 29 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: + ??? root:rubyman
Sep 29 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313109 of user rubyman.
Sep 29 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24904]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313109.
Sep 29 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21474]: pam_unix(cron:session): session closed for user root
Sep 29 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: Failed password for root from 162.144.236.216 port 34842 ssh2
Sep 29 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24842]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: Connection closed by 162.144.236.216 port 34842 [preauth]
Sep 29 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Failed password for root from 162.144.236.216 port 40552 ssh2
Sep 29 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Connection closed by 162.144.236.216 port 40552 [preauth]
Sep 29 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Failed password for root from 162.144.236.216 port 47058 ssh2
Sep 29 06:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25164]: Connection closed by 162.144.236.216 port 47058 [preauth]
Sep 29 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Failed password for root from 162.144.236.216 port 52640 ssh2
Sep 29 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23818]: pam_unix(cron:session): session closed for user root
Sep 29 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Connection closed by 162.144.236.216 port 52640 [preauth]
Sep 29 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25258]: Failed password for root from 162.144.236.216 port 33242 ssh2
Sep 29 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25258]: Connection closed by 162.144.236.216 port 33242 [preauth]
Sep 29 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25296]: Failed password for root from 12.89.72.118 port 60614 ssh2
Sep 29 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25296]: Received disconnect from 12.89.72.118 port 60614:11: Bye Bye [preauth]
Sep 29 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25296]: Disconnected from 12.89.72.118 port 60614 [preauth]
Sep 29 06:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Failed password for root from 162.144.236.216 port 40624 ssh2
Sep 29 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Connection closed by 162.144.236.216 port 40624 [preauth]
Sep 29 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25610]: Successful su for rubyman by root
Sep 29 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25610]: + ??? root:rubyman
Sep 29 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313113 of user rubyman.
Sep 29 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25610]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313113.
Sep 29 06:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Failed password for root from 162.144.236.216 port 49392 ssh2
Sep 29 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25530]: Connection closed by 162.144.236.216 port 49392 [preauth]
Sep 29 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session closed for user root
Sep 29 06:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25546]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25710]: Failed password for root from 162.144.236.216 port 55950 ssh2
Sep 29 06:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25710]: Connection closed by 162.144.236.216 port 55950 [preauth]
Sep 29 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Failed password for root from 162.144.236.216 port 35264 ssh2
Sep 29 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Connection closed by 162.144.236.216 port 35264 [preauth]
Sep 29 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Failed password for root from 162.144.236.216 port 41158 ssh2
Sep 29 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Connection closed by 162.144.236.216 port 41158 [preauth]
Sep 29 06:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: Failed password for root from 162.144.236.216 port 46122 ssh2
Sep 29 06:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: Connection closed by 162.144.236.216 port 46122 [preauth]
Sep 29 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session closed for user root
Sep 29 06:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Failed password for root from 162.144.236.216 port 51962 ssh2
Sep 29 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Connection closed by 162.144.236.216 port 51962 [preauth]
Sep 29 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Bad protocol version identification '\026\003\001' from 64.62.197.137 port 11198
Sep 29 06:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Failed password for root from 162.144.236.216 port 57756 ssh2
Sep 29 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Connection closed by 162.144.236.216 port 57756 [preauth]
Sep 29 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for root from 162.144.236.216 port 36436 ssh2
Sep 29 06:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Connection closed by 162.144.236.216 port 36436 [preauth]
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26117]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26185]: Successful su for rubyman by root
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26185]: + ??? root:rubyman
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313117 of user rubyman.
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26185]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313117.
Sep 29 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session closed for user root
Sep 29 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Failed password for root from 162.144.236.216 port 44174 ssh2
Sep 29 06:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Connection closed by 162.144.236.216 port 44174 [preauth]
Sep 29 06:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: Failed password for root from 162.144.236.216 port 51192 ssh2
Sep 29 06:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26513]: Connection closed by 162.144.236.216 port 51192 [preauth]
Sep 29 06:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Failed password for root from 162.144.236.216 port 59240 ssh2
Sep 29 06:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Connection closed by 162.144.236.216 port 59240 [preauth]
Sep 29 06:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24844]: pam_unix(cron:session): session closed for user root
Sep 29 06:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Failed password for root from 162.144.236.216 port 38660 ssh2
Sep 29 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Connection closed by 162.144.236.216 port 38660 [preauth]
Sep 29 06:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Failed password for root from 162.144.236.216 port 44662 ssh2
Sep 29 06:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Connection closed by 162.144.236.216 port 44662 [preauth]
Sep 29 06:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Failed password for root from 162.144.236.216 port 51416 ssh2
Sep 29 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26647]: Connection closed by 162.144.236.216 port 51416 [preauth]
Sep 29 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session closed for user root
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26687]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Failed password for root from 162.144.236.216 port 57766 ssh2
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Connection closed by 162.144.236.216 port 57766 [preauth]
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: Successful su for rubyman by root
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: + ??? root:rubyman
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313124 of user rubyman.
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313124.
Sep 29 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session closed for user root
Sep 29 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session closed for user root
Sep 29 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Failed password for root from 162.144.236.216 port 36624 ssh2
Sep 29 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Connection closed by 162.144.236.216 port 36624 [preauth]
Sep 29 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26688]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118  user=root
Sep 29 06:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Failed password for root from 12.89.72.118 port 59710 ssh2
Sep 29 06:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Failed password for root from 162.144.236.216 port 42574 ssh2
Sep 29 06:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Connection closed by 162.144.236.216 port 42574 [preauth]
Sep 29 06:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Received disconnect from 12.89.72.118 port 59710:11: Bye Bye [preauth]
Sep 29 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27139]: Disconnected from 12.89.72.118 port 59710 [preauth]
Sep 29 06:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for root from 162.144.236.216 port 49228 ssh2
Sep 29 06:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Connection closed by 162.144.236.216 port 49228 [preauth]
Sep 29 06:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp.com@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 06:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25548]: pam_unix(cron:session): session closed for user root
Sep 29 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp.com rhost=::ffff:45.142.193.185
Sep 29 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Failed password for root from 162.144.236.216 port 57188 ssh2
Sep 29 06:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Connection closed by 162.144.236.216 port 57188 [preauth]
Sep 29 06:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Failed password for root from 162.144.236.216 port 35814 ssh2
Sep 29 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Connection closed by 162.144.236.216 port 35814 [preauth]
Sep 29 06:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Failed password for root from 162.144.236.216 port 41514 ssh2
Sep 29 06:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Connection closed by 162.144.236.216 port 41514 [preauth]
Sep 29 06:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Failed password for root from 162.144.236.216 port 48176 ssh2
Sep 29 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Connection closed by 162.144.236.216 port 48176 [preauth]
Sep 29 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27341]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27342]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27339]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27426]: Successful su for rubyman by root
Sep 29 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27426]: + ??? root:rubyman
Sep 29 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313128 of user rubyman.
Sep 29 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27426]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313128.
Sep 29 06:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session closed for user root
Sep 29 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Failed password for root from 162.144.236.216 port 53752 ssh2
Sep 29 06:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Connection closed by 162.144.236.216 port 53752 [preauth]
Sep 29 06:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27340]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for root from 162.144.236.216 port 57990 ssh2
Sep 29 06:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Connection closed by 162.144.236.216 port 57990 [preauth]
Sep 29 06:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27849]: Failed password for root from 162.144.236.216 port 37442 ssh2
Sep 29 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27849]: Connection closed by 162.144.236.216 port 37442 [preauth]
Sep 29 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for root from 162.144.236.216 port 44342 ssh2
Sep 29 06:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Connection closed by 162.144.236.216 port 44342 [preauth]
Sep 29 06:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user root
Sep 29 06:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Failed password for root from 162.144.236.216 port 49738 ssh2
Sep 29 06:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Connection closed by 162.144.236.216 port 49738 [preauth]
Sep 29 06:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for root from 162.144.236.216 port 57382 ssh2
Sep 29 06:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Connection closed by 162.144.236.216 port 57382 [preauth]
Sep 29 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Failed password for root from 162.144.236.216 port 36000 ssh2
Sep 29 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Connection closed by 162.144.236.216 port 36000 [preauth]
Sep 29 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28022]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28089]: Successful su for rubyman by root
Sep 29 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28089]: + ??? root:rubyman
Sep 29 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313133 of user rubyman.
Sep 29 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28089]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313133.
Sep 29 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Failed password for root from 162.144.236.216 port 43350 ssh2
Sep 29 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user root
Sep 29 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28005]: Connection closed by 162.144.236.216 port 43350 [preauth]
Sep 29 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for root from 162.144.236.216 port 49846 ssh2
Sep 29 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Connection closed by 162.144.236.216 port 49846 [preauth]
Sep 29 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Failed password for root from 162.144.236.216 port 55518 ssh2
Sep 29 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Connection closed by 162.144.236.216 port 55518 [preauth]
Sep 29 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Failed password for root from 162.144.236.216 port 33878 ssh2
Sep 29 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Connection closed by 162.144.236.216 port 33878 [preauth]
Sep 29 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session closed for user root
Sep 29 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Failed password for root from 162.144.236.216 port 41644 ssh2
Sep 29 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28376]: Connection closed by 162.144.236.216 port 41644 [preauth]
Sep 29 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Failed password for root from 162.144.236.216 port 47912 ssh2
Sep 29 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Connection closed by 162.144.236.216 port 47912 [preauth]
Sep 29 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Connection closed by 12.89.72.118 port 57378 [preauth]
Sep 29 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Failed password for root from 162.144.236.216 port 55334 ssh2
Sep 29 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Connection closed by 162.144.236.216 port 55334 [preauth]
Sep 29 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28603]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28602]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28498]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: Successful su for rubyman by root
Sep 29 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: + ??? root:rubyman
Sep 29 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313137 of user rubyman.
Sep 29 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313137.
Sep 29 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24843]: pam_unix(cron:session): session closed for user root
Sep 29 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28485]: Failed password for root from 162.144.236.216 port 34802 ssh2
Sep 29 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28485]: Connection closed by 162.144.236.216 port 34802 [preauth]
Sep 29 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: Failed password for root from 162.144.236.216 port 43720 ssh2
Sep 29 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28902]: Connection closed by 162.144.236.216 port 43720 [preauth]
Sep 29 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user root
Sep 29 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Failed password for root from 162.144.236.216 port 49860 ssh2
Sep 29 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Connection closed by 162.144.236.216 port 49860 [preauth]
Sep 29 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Failed password for root from 162.144.236.216 port 55730 ssh2
Sep 29 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Connection closed by 162.144.236.216 port 55730 [preauth]
Sep 29 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27342]: pam_unix(cron:session): session closed for user root
Sep 29 06:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Failed password for root from 162.144.236.216 port 34774 ssh2
Sep 29 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Connection closed by 162.144.236.216 port 34774 [preauth]
Sep 29 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for root from 162.144.236.216 port 42808 ssh2
Sep 29 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Connection closed by 162.144.236.216 port 42808 [preauth]
Sep 29 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Failed password for root from 162.144.236.216 port 48196 ssh2
Sep 29 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Connection closed by 162.144.236.216 port 48196 [preauth]
Sep 29 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29418]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29417]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: Successful su for rubyman by root
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: + ??? root:rubyman
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313141 of user rubyman.
Sep 29 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313141.
Sep 29 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Failed password for root from 162.144.236.216 port 53740 ssh2
Sep 29 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session closed for user root
Sep 29 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Connection closed by 162.144.236.216 port 53740 [preauth]
Sep 29 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: Failed password for root from 162.144.236.216 port 32866 ssh2
Sep 29 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: Connection closed by 162.144.236.216 port 32866 [preauth]
Sep 29 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29720]: Failed password for root from 162.144.236.216 port 39106 ssh2
Sep 29 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29720]: Connection closed by 162.144.236.216 port 39106 [preauth]
Sep 29 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Failed password for root from 162.144.236.216 port 45430 ssh2
Sep 29 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Connection closed by 162.144.236.216 port 45430 [preauth]
Sep 29 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Failed password for root from 162.144.236.216 port 49562 ssh2
Sep 29 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28022]: pam_unix(cron:session): session closed for user root
Sep 29 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Connection closed by 162.144.236.216 port 49562 [preauth]
Sep 29 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Failed password for root from 162.144.236.216 port 55746 ssh2
Sep 29 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Connection closed by 162.144.236.216 port 55746 [preauth]
Sep 29 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Failed password for root from 162.144.236.216 port 34888 ssh2
Sep 29 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Connection closed by 162.144.236.216 port 34888 [preauth]
Sep 29 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Invalid user adrian from 93.152.230.176
Sep 29 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: input_userauth_request: invalid user adrian [preauth]
Sep 29 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Failed password for invalid user adrian from 93.152.230.176 port 4672 ssh2
Sep 29 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Received disconnect from 93.152.230.176 port 4672:11: Client disconnecting normally [preauth]
Sep 29 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29887]: Disconnected from 93.152.230.176 port 4672 [preauth]
Sep 29 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Failed password for root from 162.144.236.216 port 40340 ssh2
Sep 29 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Connection closed by 162.144.236.216 port 40340 [preauth]
Sep 29 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session closed for user root
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: Successful su for rubyman by root
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: + ??? root:rubyman
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313148 of user rubyman.
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313148.
Sep 29 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session closed for user root
Sep 29 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user root
Sep 29 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for root from 162.144.236.216 port 47554 ssh2
Sep 29 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29903]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Connection closed by 162.144.236.216 port 47554 [preauth]
Sep 29 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Invalid user pi from 138.204.81.106
Sep 29 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: input_userauth_request: invalid user pi [preauth]
Sep 29 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Invalid user pi from 138.204.81.106
Sep 29 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: input_userauth_request: invalid user pi [preauth]
Sep 29 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.81.106
Sep 29 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.81.106
Sep 29 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for invalid user pi from 138.204.81.106 port 35376 ssh2
Sep 29 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Failed password for invalid user pi from 138.204.81.106 port 35392 ssh2
Sep 29 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Connection closed by 138.204.81.106 port 35376 [preauth]
Sep 29 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Connection closed by 138.204.81.106 port 35392 [preauth]
Sep 29 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Failed password for root from 162.144.236.216 port 55066 ssh2
Sep 29 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Connection closed by 162.144.236.216 port 55066 [preauth]
Sep 29 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Invalid user vlado from 12.89.72.118
Sep 29 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: input_userauth_request: invalid user vlado [preauth]
Sep 29 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.89.72.118
Sep 29 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Failed password for invalid user vlado from 12.89.72.118 port 45076 ssh2
Sep 29 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Failed password for root from 162.144.236.216 port 33736 ssh2
Sep 29 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Connection closed by 162.144.236.216 port 33736 [preauth]
Sep 29 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Received disconnect from 12.89.72.118 port 45076:11: Bye Bye [preauth]
Sep 29 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Disconnected from 12.89.72.118 port 45076 [preauth]
Sep 29 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: Failed password for root from 162.144.236.216 port 40774 ssh2
Sep 29 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: Connection closed by 162.144.236.216 port 40774 [preauth]
Sep 29 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28603]: pam_unix(cron:session): session closed for user root
Sep 29 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Failed password for root from 162.144.236.216 port 46188 ssh2
Sep 29 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Connection closed by 162.144.236.216 port 46188 [preauth]
Sep 29 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Failed password for root from 162.144.236.216 port 53526 ssh2
Sep 29 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Connection closed by 162.144.236.216 port 53526 [preauth]
Sep 29 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: Failed password for root from 162.144.236.216 port 59982 ssh2
Sep 29 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30462]: Connection closed by 162.144.236.216 port 59982 [preauth]
Sep 29 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: Successful su for rubyman by root
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: + ??? root:rubyman
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313150 of user rubyman.
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30644]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313150.
Sep 29 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Failed password for root from 162.144.236.216 port 36808 ssh2
Sep 29 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Connection closed by 162.144.236.216 port 36808 [preauth]
Sep 29 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26691]: pam_unix(cron:session): session closed for user root
Sep 29 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: Failed password for root from 162.144.236.216 port 41924 ssh2
Sep 29 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: Connection closed by 162.144.236.216 port 41924 [preauth]
Sep 29 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Failed password for root from 162.144.236.216 port 47786 ssh2
Sep 29 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Connection closed by 162.144.236.216 port 47786 [preauth]
Sep 29 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Failed password for root from 162.144.236.216 port 54588 ssh2
Sep 29 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Connection closed by 162.144.236.216 port 54588 [preauth]
Sep 29 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29418]: pam_unix(cron:session): session closed for user root
Sep 29 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Failed password for root from 162.144.236.216 port 33348 ssh2
Sep 29 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Connection closed by 162.144.236.216 port 33348 [preauth]
Sep 29 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Failed password for root from 162.144.236.216 port 40200 ssh2
Sep 29 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Connection closed by 162.144.236.216 port 40200 [preauth]
Sep 29 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Failed password for root from 162.144.236.216 port 46278 ssh2
Sep 29 06:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Connection closed by 162.144.236.216 port 46278 [preauth]
Sep 29 06:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Failed password for root from 162.144.236.216 port 53226 ssh2
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31113]: Successful su for rubyman by root
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31113]: + ??? root:rubyman
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313155 of user rubyman.
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31113]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313155.
Sep 29 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Connection closed by 162.144.236.216 port 53226 [preauth]
Sep 29 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27341]: pam_unix(cron:session): session closed for user root
Sep 29 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Failed password for root from 162.144.236.216 port 60258 ssh2
Sep 29 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Connection closed by 162.144.236.216 port 60258 [preauth]
Sep 29 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: Failed password for root from 162.144.236.216 port 37924 ssh2
Sep 29 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31323]: Connection closed by 162.144.236.216 port 37924 [preauth]
Sep 29 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Failed password for root from 162.144.236.216 port 46614 ssh2
Sep 29 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31356]: Connection closed by 162.144.236.216 port 46614 [preauth]
Sep 29 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session closed for user root
Sep 29 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Failed password for root from 162.144.236.216 port 52516 ssh2
Sep 29 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Connection closed by 162.144.236.216 port 52516 [preauth]
Sep 29 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31447]: Failed password for root from 162.144.236.216 port 60702 ssh2
Sep 29 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31447]: Connection closed by 162.144.236.216 port 60702 [preauth]
Sep 29 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Connection closed by 12.89.72.118 port 35070 [preauth]
Sep 29 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Failed password for root from 162.144.236.216 port 37754 ssh2
Sep 29 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Connection closed by 162.144.236.216 port 37754 [preauth]
Sep 29 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31544]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31536]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31615]: Successful su for rubyman by root
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31615]: + ??? root:rubyman
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313158 of user rubyman.
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31615]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313158.
Sep 29 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Failed password for root from 162.144.236.216 port 43782 ssh2
Sep 29 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31520]: Connection closed by 162.144.236.216 port 43782 [preauth]
Sep 29 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user root
Sep 29 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Failed password for root from 162.144.236.216 port 50294 ssh2
Sep 29 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31537]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31679]: Connection closed by 162.144.236.216 port 50294 [preauth]
Sep 29 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Failed password for root from 162.144.236.216 port 54338 ssh2
Sep 29 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Connection closed by 162.144.236.216 port 54338 [preauth]
Sep 29 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31846]: Failed password for root from 162.144.236.216 port 60018 ssh2
Sep 29 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31846]: Connection closed by 162.144.236.216 port 60018 [preauth]
Sep 29 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Failed password for root from 162.144.236.216 port 37008 ssh2
Sep 29 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Connection closed by 162.144.236.216 port 37008 [preauth]
Sep 29 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user root
Sep 29 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Failed password for root from 162.144.236.216 port 43504 ssh2
Sep 29 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Connection closed by 162.144.236.216 port 43504 [preauth]
Sep 29 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Failed password for root from 162.144.236.216 port 51044 ssh2
Sep 29 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Connection closed by 162.144.236.216 port 51044 [preauth]
Sep 29 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Failed password for root from 162.144.236.216 port 58206 ssh2
Sep 29 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Connection closed by 162.144.236.216 port 58206 [preauth]
Sep 29 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Failed password for root from 162.144.236.216 port 36214 ssh2
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31994]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Connection closed by 162.144.236.216 port 36214 [preauth]
Sep 29 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: Successful su for rubyman by root
Sep 29 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: + ??? root:rubyman
Sep 29 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313164 of user rubyman.
Sep 29 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313164.
Sep 29 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28602]: pam_unix(cron:session): session closed for user root
Sep 29 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: Failed password for root from 162.144.236.216 port 41084 ssh2
Sep 29 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31995]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32051]: Connection closed by 162.144.236.216 port 41084 [preauth]
Sep 29 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for root from 162.144.236.216 port 46268 ssh2
Sep 29 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Connection closed by 162.144.236.216 port 46268 [preauth]
Sep 29 06:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: Failed password for root from 162.144.236.216 port 55882 ssh2
Sep 29 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: Connection closed by 162.144.236.216 port 55882 [preauth]
Sep 29 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for root from 162.144.236.216 port 60540 ssh2
Sep 29 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Connection closed by 162.144.236.216 port 60540 [preauth]
Sep 29 06:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session closed for user root
Sep 29 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Failed password for root from 162.144.236.216 port 37446 ssh2
Sep 29 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Connection closed by 162.144.236.216 port 37446 [preauth]
Sep 29 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Failed password for root from 162.144.236.216 port 43796 ssh2
Sep 29 06:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Connection closed by 162.144.236.216 port 43796 [preauth]
Sep 29 06:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Failed password for root from 162.144.236.216 port 50034 ssh2
Sep 29 06:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Connection closed by 162.144.236.216 port 50034 [preauth]
Sep 29 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32454]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32454]: pam_unix(cron:session): session closed for user root
Sep 29 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32447]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32524]: Successful su for rubyman by root
Sep 29 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32524]: + ??? root:rubyman
Sep 29 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313168 of user rubyman.
Sep 29 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32524]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313168.
Sep 29 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32450]: pam_unix(cron:session): session closed for user root
Sep 29 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Failed password for root from 162.144.236.216 port 57408 ssh2
Sep 29 06:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29417]: pam_unix(cron:session): session closed for user root
Sep 29 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Connection closed by 162.144.236.216 port 57408 [preauth]
Sep 29 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32449]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Failed password for root from 162.144.236.216 port 36394 ssh2
Sep 29 06:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Connection closed by 162.144.236.216 port 36394 [preauth]
Sep 29 06:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Failed password for root from 162.144.236.216 port 42008 ssh2
Sep 29 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Connection closed by 162.144.236.216 port 42008 [preauth]
Sep 29 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Connection closed by 12.89.72.118 port 50416 [preauth]
Sep 29 06:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[331]: Failed password for root from 162.144.236.216 port 46190 ssh2
Sep 29 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[331]: Connection closed by 162.144.236.216 port 46190 [preauth]
Sep 29 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31544]: pam_unix(cron:session): session closed for user root
Sep 29 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for root from 162.144.236.216 port 53706 ssh2
Sep 29 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Connection closed by 162.144.236.216 port 53706 [preauth]
Sep 29 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: Failed password for root from 162.144.236.216 port 59016 ssh2
Sep 29 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[418]: Connection closed by 162.144.236.216 port 59016 [preauth]
Sep 29 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: Failed password for root from 162.144.236.216 port 37504 ssh2
Sep 29 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[455]: Connection closed by 162.144.236.216 port 37504 [preauth]
Sep 29 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: Failed password for root from 162.144.236.216 port 44328 ssh2
Sep 29 06:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: Connection closed by 162.144.236.216 port 44328 [preauth]
Sep 29 06:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[505]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: Successful su for rubyman by root
Sep 29 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: + ??? root:rubyman
Sep 29 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313174 of user rubyman.
Sep 29 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[575]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313174.
Sep 29 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session closed for user root
Sep 29 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Failed password for root from 162.144.236.216 port 49904 ssh2
Sep 29 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[502]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Connection closed by 162.144.236.216 port 49904 [preauth]
Sep 29 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Failed password for root from 162.144.236.216 port 56316 ssh2
Sep 29 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Connection closed by 162.144.236.216 port 56316 [preauth]
Sep 29 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Failed password for root from 162.144.236.216 port 34872 ssh2
Sep 29 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Connection closed by 162.144.236.216 port 34872 [preauth]
Sep 29 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[864]: Failed password for root from 162.144.236.216 port 40392 ssh2
Sep 29 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[864]: Connection closed by 162.144.236.216 port 40392 [preauth]
Sep 29 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31997]: pam_unix(cron:session): session closed for user root
Sep 29 06:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Failed password for root from 162.144.236.216 port 47054 ssh2
Sep 29 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Connection closed by 162.144.236.216 port 47054 [preauth]
Sep 29 06:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Failed password for root from 162.144.236.216 port 52478 ssh2
Sep 29 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Connection closed by 162.144.236.216 port 52478 [preauth]
Sep 29 06:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Failed password for root from 162.144.236.216 port 58796 ssh2
Sep 29 06:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Connection closed by 162.144.236.216 port 58796 [preauth]
Sep 29 06:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1054]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: Successful su for rubyman by root
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: + ??? root:rubyman
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313176 of user rubyman.
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1121]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313176.
Sep 29 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for root from 162.144.236.216 port 37652 ssh2
Sep 29 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Connection closed by 162.144.236.216 port 37652 [preauth]
Sep 29 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user root
Sep 29 06:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1055]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Failed password for root from 162.144.236.216 port 44440 ssh2
Sep 29 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Connection closed by 162.144.236.216 port 44440 [preauth]
Sep 29 06:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Failed password for root from 162.144.236.216 port 50836 ssh2
Sep 29 06:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Connection closed by 162.144.236.216 port 50836 [preauth]
Sep 29 06:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Failed password for root from 162.144.236.216 port 57722 ssh2
Sep 29 06:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Connection closed by 162.144.236.216 port 57722 [preauth]
Sep 29 06:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32453]: pam_unix(cron:session): session closed for user root
Sep 29 06:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for root from 162.144.236.216 port 35820 ssh2
Sep 29 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Connection closed by 162.144.236.216 port 35820 [preauth]
Sep 29 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Failed password for root from 162.144.236.216 port 44588 ssh2
Sep 29 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Connection closed by 162.144.236.216 port 44588 [preauth]
Sep 29 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: Connection closed by 12.89.72.118 port 33568 [preauth]
Sep 29 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Failed password for root from 162.144.236.216 port 50460 ssh2
Sep 29 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Connection closed by 162.144.236.216 port 50460 [preauth]
Sep 29 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1549]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1543]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Failed password for root from 162.144.236.216 port 57218 ssh2
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1610]: Successful su for rubyman by root
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1610]: + ??? root:rubyman
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313182 of user rubyman.
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1610]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313182.
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Connection closed by 162.144.236.216 port 57218 [preauth]
Sep 29 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31041]: pam_unix(cron:session): session closed for user root
Sep 29 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1544]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Failed password for root from 162.144.236.216 port 34204 ssh2
Sep 29 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Connection closed by 162.144.236.216 port 34204 [preauth]
Sep 29 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Failed password for root from 162.144.236.216 port 41130 ssh2
Sep 29 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Connection closed by 162.144.236.216 port 41130 [preauth]
Sep 29 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Failed password for root from 162.144.236.216 port 47868 ssh2
Sep 29 06:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Connection closed by 162.144.236.216 port 47868 [preauth]
Sep 29 06:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[505]: pam_unix(cron:session): session closed for user root
Sep 29 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: Invalid user david from 93.152.230.176
Sep 29 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: input_userauth_request: invalid user david [preauth]
Sep 29 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: Failed password for invalid user david from 93.152.230.176 port 46022 ssh2
Sep 29 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: Received disconnect from 93.152.230.176 port 46022:11: Client disconnecting normally [preauth]
Sep 29 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1938]: Disconnected from 93.152.230.176 port 46022 [preauth]
Sep 29 06:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1898]: Failed password for root from 162.144.236.216 port 55094 ssh2
Sep 29 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1898]: Connection closed by 162.144.236.216 port 55094 [preauth]
Sep 29 06:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: Failed password for root from 162.144.236.216 port 33540 ssh2
Sep 29 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1967]: Connection closed by 162.144.236.216 port 33540 [preauth]
Sep 29 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2160]: Successful su for rubyman by root
Sep 29 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2160]: + ??? root:rubyman
Sep 29 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313186 of user rubyman.
Sep 29 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2160]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313186.
Sep 29 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session closed for user root
Sep 29 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31543]: pam_unix(cron:session): session closed for user root
Sep 29 06:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2005]: Failed password for root from 162.144.236.216 port 40830 ssh2
Sep 29 06:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2005]: Connection closed by 162.144.236.216 port 40830 [preauth]
Sep 29 06:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2379]: Failed password for root from 162.144.236.216 port 47970 ssh2
Sep 29 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2379]: Connection closed by 162.144.236.216 port 47970 [preauth]
Sep 29 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Failed password for root from 162.144.236.216 port 55470 ssh2
Sep 29 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Connection closed by 162.144.236.216 port 55470 [preauth]
Sep 29 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1057]: pam_unix(cron:session): session closed for user root
Sep 29 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Failed password for root from 162.144.236.216 port 33322 ssh2
Sep 29 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Connection closed by 162.144.236.216 port 33322 [preauth]
Sep 29 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Failed password for root from 164.68.105.9 port 58756 ssh2
Sep 29 06:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2503]: Connection closed by 164.68.105.9 port 58756 [preauth]
Sep 29 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Failed password for root from 162.144.236.216 port 39838 ssh2
Sep 29 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Connection closed by 162.144.236.216 port 39838 [preauth]
Sep 29 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: Failed password for root from 162.144.236.216 port 44260 ssh2
Sep 29 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: Connection closed by 162.144.236.216 port 44260 [preauth]
Sep 29 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Failed password for root from 162.144.236.216 port 50410 ssh2
Sep 29 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Connection closed by 162.144.236.216 port 50410 [preauth]
Sep 29 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2573]: pam_unix(cron:session): session closed for user root
Sep 29 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2566]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: Successful su for rubyman by root
Sep 29 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: + ??? root:rubyman
Sep 29 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313189 of user rubyman.
Sep 29 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313189.
Sep 29 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session closed for user root
Sep 29 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31996]: pam_unix(cron:session): session closed for user root
Sep 29 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Failed password for root from 162.144.236.216 port 56996 ssh2
Sep 29 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Connection closed by 162.144.236.216 port 56996 [preauth]
Sep 29 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Failed password for root from 162.144.236.216 port 34682 ssh2
Sep 29 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Connection closed by 162.144.236.216 port 34682 [preauth]
Sep 29 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: Failed password for root from 162.144.236.216 port 41250 ssh2
Sep 29 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: Connection closed by 162.144.236.216 port 41250 [preauth]
Sep 29 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Failed password for root from 162.144.236.216 port 46574 ssh2
Sep 29 06:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2898]: Connection closed by 162.144.236.216 port 46574 [preauth]
Sep 29 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Invalid user admin from 139.19.117.131
Sep 29 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: input_userauth_request: invalid user admin [preauth]
Sep 29 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1549]: pam_unix(cron:session): session closed for user root
Sep 29 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Failed password for root from 162.144.236.216 port 52210 ssh2
Sep 29 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2935]: Connection closed by 162.144.236.216 port 52210 [preauth]
Sep 29 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Connection closed by 139.19.117.131 port 34760 [preauth]
Sep 29 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Failed password for root from 162.144.236.216 port 58804 ssh2
Sep 29 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2968]: Connection closed by 162.144.236.216 port 58804 [preauth]
Sep 29 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: Failed password for root from 162.144.236.216 port 34906 ssh2
Sep 29 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2980]: Connection closed by 162.144.236.216 port 34906 [preauth]
Sep 29 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Failed password for root from 162.144.236.216 port 41780 ssh2
Sep 29 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Connection closed by 162.144.236.216 port 41780 [preauth]
Sep 29 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3039]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3113]: Successful su for rubyman by root
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3113]: + ??? root:rubyman
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313196 of user rubyman.
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3113]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313196.
Sep 29 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session closed for user root
Sep 29 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Failed password for root from 162.144.236.216 port 49584 ssh2
Sep 29 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Connection closed by 162.144.236.216 port 49584 [preauth]
Sep 29 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 162.144.236.216 port 55824 ssh2
Sep 29 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Connection closed by 162.144.236.216 port 55824 [preauth]
Sep 29 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: Failed password for root from 162.144.236.216 port 33540 ssh2
Sep 29 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: Connection closed by 162.144.236.216 port 33540 [preauth]
Sep 29 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: Failed password for root from 162.144.236.216 port 39102 ssh2
Sep 29 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: Connection closed by 162.144.236.216 port 39102 [preauth]
Sep 29 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for root from 162.144.236.216 port 44724 ssh2
Sep 29 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Connection closed by 162.144.236.216 port 44724 [preauth]
Sep 29 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session closed for user root
Sep 29 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3408]: Failed password for root from 162.144.236.216 port 49102 ssh2
Sep 29 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3408]: Connection closed by 162.144.236.216 port 49102 [preauth]
Sep 29 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: Failed password for root from 162.144.236.216 port 53690 ssh2
Sep 29 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3428]: Connection closed by 162.144.236.216 port 53690 [preauth]
Sep 29 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Failed password for root from 162.144.236.216 port 60134 ssh2
Sep 29 06:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Connection closed by 162.144.236.216 port 60134 [preauth]
Sep 29 06:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3493]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3554]: Successful su for rubyman by root
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3554]: + ??? root:rubyman
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313200 of user rubyman.
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3554]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313200.
Sep 29 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Failed password for root from 162.144.236.216 port 39432 ssh2
Sep 29 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Connection closed by 162.144.236.216 port 39432 [preauth]
Sep 29 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[503]: pam_unix(cron:session): session closed for user root
Sep 29 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3492]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Failed password for root from 162.144.236.216 port 44434 ssh2
Sep 29 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Connection closed by 162.144.236.216 port 44434 [preauth]
Sep 29 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Failed password for root from 162.144.236.216 port 50740 ssh2
Sep 29 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session closed for user root
Sep 29 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Connection closed by 162.144.236.216 port 50740 [preauth]
Sep 29 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Failed password for root from 162.144.236.216 port 59848 ssh2
Sep 29 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3872]: Connection closed by 162.144.236.216 port 59848 [preauth]
Sep 29 06:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: Successful su for rubyman by root
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: + ??? root:rubyman
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313205 of user rubyman.
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313205.
Sep 29 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: Failed password for root from 162.144.236.216 port 38820 ssh2
Sep 29 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1056]: pam_unix(cron:session): session closed for user root
Sep 29 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: Connection closed by 162.144.236.216 port 38820 [preauth]
Sep 29 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for root from 162.144.236.216 port 44360 ssh2
Sep 29 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Connection closed by 162.144.236.216 port 44360 [preauth]
Sep 29 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4253]: Failed password for root from 162.144.236.216 port 50644 ssh2
Sep 29 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4253]: Connection closed by 162.144.236.216 port 50644 [preauth]
Sep 29 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session closed for user root
Sep 29 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for root from 162.144.236.216 port 56176 ssh2
Sep 29 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Connection closed by 162.144.236.216 port 56176 [preauth]
Sep 29 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: Failed password for root from 162.144.236.216 port 34868 ssh2
Sep 29 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4323]: Connection closed by 162.144.236.216 port 34868 [preauth]
Sep 29 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4379]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4380]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4377]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: Successful su for rubyman by root
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: + ??? root:rubyman
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313207 of user rubyman.
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313207.
Sep 29 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4365]: Failed password for root from 162.144.236.216 port 42288 ssh2
Sep 29 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1547]: pam_unix(cron:session): session closed for user root
Sep 29 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4365]: Connection closed by 162.144.236.216 port 42288 [preauth]
Sep 29 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4378]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4648]: Failed password for root from 162.144.236.216 port 48408 ssh2
Sep 29 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4648]: Connection closed by 162.144.236.216 port 48408 [preauth]
Sep 29 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Failed password for root from 162.144.236.216 port 56390 ssh2
Sep 29 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Connection closed by 162.144.236.216 port 56390 [preauth]
Sep 29 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session closed for user root
Sep 29 06:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Failed password for root from 162.144.236.216 port 35174 ssh2
Sep 29 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Connection closed by 162.144.236.216 port 35174 [preauth]
Sep 29 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Failed password for root from 162.144.236.216 port 40190 ssh2
Sep 29 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Connection closed by 162.144.236.216 port 40190 [preauth]
Sep 29 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: Failed password for root from 162.144.236.216 port 48908 ssh2
Sep 29 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: Connection closed by 162.144.236.216 port 48908 [preauth]
Sep 29 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user root
Sep 29 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: Successful su for rubyman by root
Sep 29 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: + ??? root:rubyman
Sep 29 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313215 of user rubyman.
Sep 29 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313215.
Sep 29 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user root
Sep 29 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2013]: pam_unix(cron:session): session closed for user root
Sep 29 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Failed password for root from 162.144.236.216 port 55668 ssh2
Sep 29 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Connection closed by 162.144.236.216 port 55668 [preauth]
Sep 29 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4791]: Did not receive identification string from 165.16.112.134
Sep 29 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: Invalid user wqmarlduiqkmgs from 165.16.112.134
Sep 29 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: input_userauth_request: invalid user wqmarlduiqkmgs [preauth]
Sep 29 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5155]: fatal: ssh_packet_get_string: incomplete message [preauth]
Sep 29 06:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: Failed password for root from 162.144.236.216 port 60568 ssh2
Sep 29 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5145]: Connection closed by 162.144.236.216 port 60568 [preauth]
Sep 29 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: Failed password for root from 162.144.236.216 port 35970 ssh2
Sep 29 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session closed for user root
Sep 29 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5180]: Connection closed by 162.144.236.216 port 35970 [preauth]
Sep 29 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Failed password for root from 162.144.236.216 port 43526 ssh2
Sep 29 06:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Connection closed by 162.144.236.216 port 43526 [preauth]
Sep 29 06:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Failed password for root from 90.15.121.102 port 57044 ssh2
Sep 29 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for root from 162.144.236.216 port 50480 ssh2
Sep 29 06:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 162.144.236.216 port 50480 [preauth]
Sep 29 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Connection closed by 90.15.121.102 port 57044 [preauth]
Sep 29 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5416]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: Successful su for rubyman by root
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: + ??? root:rubyman
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313217 of user rubyman.
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313217.
Sep 29 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session closed for user root
Sep 29 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: Invalid user admin from 90.15.121.102
Sep 29 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: input_userauth_request: invalid user admin [preauth]
Sep 29 06:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5417]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: Failed password for invalid user admin from 90.15.121.102 port 34482 ssh2
Sep 29 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Failed password for root from 162.144.236.216 port 58066 ssh2
Sep 29 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5314]: Connection closed by 90.15.121.102 port 34482 [preauth]
Sep 29 06:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Connection closed by 162.144.236.216 port 58066 [preauth]
Sep 29 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Invalid user pi from 90.15.121.102
Sep 29 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: input_userauth_request: invalid user pi [preauth]
Sep 29 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Failed password for root from 162.144.236.216 port 38642 ssh2
Sep 29 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Connection closed by 162.144.236.216 port 38642 [preauth]
Sep 29 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Failed password for invalid user pi from 90.15.121.102 port 40624 ssh2
Sep 29 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4380]: pam_unix(cron:session): session closed for user root
Sep 29 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5714]: Connection closed by 90.15.121.102 port 40624 [preauth]
Sep 29 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for root from 162.144.236.216 port 44712 ssh2
Sep 29 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection closed by 162.144.236.216 port 44712 [preauth]
Sep 29 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: Failed password for root from 162.144.236.216 port 52692 ssh2
Sep 29 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5821]: Connection closed by 162.144.236.216 port 52692 [preauth]
Sep 29 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Invalid user admin from 90.15.121.102
Sep 29 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: input_userauth_request: invalid user admin [preauth]
Sep 29 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Failed password for invalid user admin from 90.15.121.102 port 52630 ssh2
Sep 29 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: Failed password for root from 162.144.236.216 port 60026 ssh2
Sep 29 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Connection closed by 90.15.121.102 port 52630 [preauth]
Sep 29 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5860]: Connection closed by 162.144.236.216 port 60026 [preauth]
Sep 29 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5887]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5885]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5956]: Successful su for rubyman by root
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5956]: + ??? root:rubyman
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313221 of user rubyman.
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5956]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313221.
Sep 29 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session closed for user root
Sep 29 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5886]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: Failed password for root from 162.144.236.216 port 38708 ssh2
Sep 29 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: Connection closed by 162.144.236.216 port 38708 [preauth]
Sep 29 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: Invalid user ftpuser from 93.152.230.176
Sep 29 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Failed password for root from 90.15.121.102 port 47200 ssh2
Sep 29 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: Failed password for invalid user ftpuser from 93.152.230.176 port 59352 ssh2
Sep 29 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: Received disconnect from 93.152.230.176 port 59352:11: Client disconnecting normally [preauth]
Sep 29 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6167]: Disconnected from 93.152.230.176 port 59352 [preauth]
Sep 29 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Connection closed by 90.15.121.102 port 47200 [preauth]
Sep 29 06:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for root from 162.144.236.216 port 47370 ssh2
Sep 29 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 162.144.236.216 port 47370 [preauth]
Sep 29 06:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Invalid user ftpuser from 90.15.121.102
Sep 29 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Failed password for invalid user ftpuser from 90.15.121.102 port 56994 ssh2
Sep 29 06:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for root from 162.144.236.216 port 53742 ssh2
Sep 29 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 162.144.236.216 port 53742 [preauth]
Sep 29 06:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user root
Sep 29 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Connection closed by 90.15.121.102 port 56994 [preauth]
Sep 29 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: Invalid user dspace from 90.15.121.102
Sep 29 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: input_userauth_request: invalid user dspace [preauth]
Sep 29 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Failed password for root from 162.144.236.216 port 59686 ssh2
Sep 29 06:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: Failed password for invalid user dspace from 90.15.121.102 port 40144 ssh2
Sep 29 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Connection closed by 162.144.236.216 port 59686 [preauth]
Sep 29 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6257]: Connection closed by 90.15.121.102 port 40144 [preauth]
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6400]: Successful su for rubyman by root
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6400]: + ??? root:rubyman
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313227 of user rubyman.
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6400]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313227.
Sep 29 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: Failed password for root from 162.144.236.216 port 39442 ssh2
Sep 29 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6308]: Connection closed by 162.144.236.216 port 39442 [preauth]
Sep 29 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3493]: pam_unix(cron:session): session closed for user root
Sep 29 06:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Failed password for root from 162.144.236.216 port 46466 ssh2
Sep 29 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Invalid user web from 90.15.121.102
Sep 29 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: input_userauth_request: invalid user web [preauth]
Sep 29 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Connection closed by 162.144.236.216 port 46466 [preauth]
Sep 29 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for invalid user web from 90.15.121.102 port 53046 ssh2
Sep 29 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection closed by 90.15.121.102 port 53046 [preauth]
Sep 29 06:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for root from 162.144.236.216 port 54446 ssh2
Sep 29 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Connection closed by 162.144.236.216 port 54446 [preauth]
Sep 29 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Failed password for root from 162.144.236.216 port 60960 ssh2
Sep 29 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6757]: Connection closed by 162.144.236.216 port 60960 [preauth]
Sep 29 06:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: Invalid user centos from 90.15.121.102
Sep 29 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: input_userauth_request: invalid user centos [preauth]
Sep 29 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session closed for user root
Sep 29 06:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Failed password for root from 162.144.236.216 port 39260 ssh2
Sep 29 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Connection closed by 162.144.236.216 port 39260 [preauth]
Sep 29 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: Failed password for invalid user centos from 90.15.121.102 port 33440 ssh2
Sep 29 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6744]: Connection closed by 90.15.121.102 port 33440 [preauth]
Sep 29 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for root from 162.144.236.216 port 44912 ssh2
Sep 29 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Invalid user vmadmin from 90.15.121.102
Sep 29 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: input_userauth_request: invalid user vmadmin [preauth]
Sep 29 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Connection closed by 162.144.236.216 port 44912 [preauth]
Sep 29 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Failed password for invalid user vmadmin from 90.15.121.102 port 60606 ssh2
Sep 29 06:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6889]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: Successful su for rubyman by root
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: + ??? root:rubyman
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313229 of user rubyman.
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313229.
Sep 29 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Connection closed by 90.15.121.102 port 60606 [preauth]
Sep 29 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user root
Sep 29 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Did not receive identification string from 90.15.121.102
Sep 29 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6893]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Failed password for root from 162.144.236.216 port 52802 ssh2
Sep 29 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Connection closed by 162.144.236.216 port 52802 [preauth]
Sep 29 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Invalid user minecraft from 90.15.121.102
Sep 29 06:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Failed password for invalid user minecraft from 90.15.121.102 port 57262 ssh2
Sep 29 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Connection closed by 90.15.121.102 port 57262 [preauth]
Sep 29 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Failed password for root from 162.144.236.216 port 60394 ssh2
Sep 29 06:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Connection closed by 162.144.236.216 port 60394 [preauth]
Sep 29 06:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Failed password for root from 162.144.236.216 port 39948 ssh2
Sep 29 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5889]: pam_unix(cron:session): session closed for user root
Sep 29 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Connection closed by 162.144.236.216 port 39948 [preauth]
Sep 29 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Invalid user cassandra from 90.15.121.102
Sep 29 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: input_userauth_request: invalid user cassandra [preauth]
Sep 29 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Failed password for invalid user cassandra from 90.15.121.102 port 48870 ssh2
Sep 29 06:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7302]: Connection closed by 90.15.121.102 port 48870 [preauth]
Sep 29 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Failed password for root from 162.144.236.216 port 46804 ssh2
Sep 29 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Connection closed by 162.144.236.216 port 46804 [preauth]
Sep 29 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Invalid user guest from 90.15.121.102
Sep 29 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: input_userauth_request: invalid user guest [preauth]
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7443]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session closed for user root
Sep 29 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: Successful su for rubyman by root
Sep 29 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: + ??? root:rubyman
Sep 29 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313237 of user rubyman.
Sep 29 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313237.
Sep 29 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Failed password for invalid user guest from 90.15.121.102 port 58866 ssh2
Sep 29 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4379]: pam_unix(cron:session): session closed for user root
Sep 29 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7443]: pam_unix(cron:session): session closed for user root
Sep 29 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7442]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7409]: Connection closed by 90.15.121.102 port 58866 [preauth]
Sep 29 06:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Failed password for root from 162.144.236.216 port 57750 ssh2
Sep 29 06:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Connection closed by 162.144.236.216 port 57750 [preauth]
Sep 29 06:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Failed password for root from 90.15.121.102 port 39284 ssh2
Sep 29 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Failed password for root from 162.144.236.216 port 36898 ssh2
Sep 29 06:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Connection closed by 90.15.121.102 port 39284 [preauth]
Sep 29 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Connection closed by 162.144.236.216 port 36898 [preauth]
Sep 29 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6334]: pam_unix(cron:session): session closed for user root
Sep 29 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Invalid user jira from 90.15.121.102
Sep 29 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: input_userauth_request: invalid user jira [preauth]
Sep 29 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: Failed password for root from 162.144.236.216 port 44134 ssh2
Sep 29 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Failed password for invalid user jira from 90.15.121.102 port 33244 ssh2
Sep 29 06:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Connection closed by 90.15.121.102 port 33244 [preauth]
Sep 29 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7837]: Connection closed by 162.144.236.216 port 44134 [preauth]
Sep 29 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: Did not receive identification string from 90.15.121.102
Sep 29 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: Failed password for root from 162.144.236.216 port 51906 ssh2
Sep 29 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7925]: Connection closed by 162.144.236.216 port 51906 [preauth]
Sep 29 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7955]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: Successful su for rubyman by root
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: + ??? root:rubyman
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313240 of user rubyman.
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8043]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313240.
Sep 29 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Failed password for root from 162.144.236.216 port 57398 ssh2
Sep 29 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Connection closed by 162.144.236.216 port 57398 [preauth]
Sep 29 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session closed for user root
Sep 29 06:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 29 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Invalid user kali from 90.15.121.102
Sep 29 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: input_userauth_request: invalid user kali [preauth]
Sep 29 06:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8216]: Failed password for root from 162.144.236.216 port 34628 ssh2
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Failed password for root from 46.101.170.54 port 47552 ssh2
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Connection closed by 46.101.170.54 port 47552 [preauth]
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8216]: Connection closed by 162.144.236.216 port 34628 [preauth]
Sep 29 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Failed password for invalid user kali from 90.15.121.102 port 39174 ssh2
Sep 29 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Failed password for root from 162.144.236.216 port 42148 ssh2
Sep 29 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Connection closed by 162.144.236.216 port 42148 [preauth]
Sep 29 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7941]: Connection closed by 90.15.121.102 port 39174 [preauth]
Sep 29 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Invalid user deploy from 90.15.121.102
Sep 29 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: input_userauth_request: invalid user deploy [preauth]
Sep 29 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Failed password for root from 162.144.236.216 port 49020 ssh2
Sep 29 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Connection closed by 162.144.236.216 port 49020 [preauth]
Sep 29 06:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Failed password for invalid user deploy from 90.15.121.102 port 59124 ssh2
Sep 29 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Connection closed by 90.15.121.102 port 59124 [preauth]
Sep 29 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session closed for user root
Sep 29 06:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Failed password for root from 162.144.236.216 port 54856 ssh2
Sep 29 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8357]: Connection closed by 162.144.236.216 port 54856 [preauth]
Sep 29 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: Failed password for root from 162.144.236.216 port 33310 ssh2
Sep 29 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8413]: Connection closed by 162.144.236.216 port 33310 [preauth]
Sep 29 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Invalid user zabbix from 90.15.121.102
Sep 29 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: input_userauth_request: invalid user zabbix [preauth]
Sep 29 06:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8472]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: Successful su for rubyman by root
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: + ??? root:rubyman
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313245 of user rubyman.
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313245.
Sep 29 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user zabbix from 90.15.121.102 port 34236 ssh2
Sep 29 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session closed for user root
Sep 29 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 90.15.121.102 port 34236 [preauth]
Sep 29 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: Invalid user postgres from 90.15.121.102
Sep 29 06:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: input_userauth_request: invalid user postgres [preauth]
Sep 29 06:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Failed password for root from 162.144.236.216 port 40212 ssh2
Sep 29 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: Failed password for invalid user postgres from 90.15.121.102 port 48834 ssh2
Sep 29 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8456]: Connection closed by 162.144.236.216 port 40212 [preauth]
Sep 29 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8457]: Connection closed by 90.15.121.102 port 48834 [preauth]
Sep 29 06:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Failed password for root from 162.144.236.216 port 52208 ssh2
Sep 29 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session closed for user root
Sep 29 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8911]: Connection closed by 162.144.236.216 port 52208 [preauth]
Sep 29 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: User mysql from 90.15.121.102 not allowed because not listed in AllowUsers
Sep 29 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: input_userauth_request: invalid user mysql [preauth]
Sep 29 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=mysql
Sep 29 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: Failed password for invalid user mysql from 90.15.121.102 port 47822 ssh2
Sep 29 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: Connection closed by 90.15.121.102 port 47822 [preauth]
Sep 29 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Failed password for root from 162.144.236.216 port 60456 ssh2
Sep 29 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Connection closed by 162.144.236.216 port 60456 [preauth]
Sep 29 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8967]: Failed password for root from 90.15.121.102 port 36544 ssh2
Sep 29 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8967]: Connection closed by 90.15.121.102 port 36544 [preauth]
Sep 29 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9111]: Successful su for rubyman by root
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9111]: + ??? root:rubyman
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313248 of user rubyman.
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9111]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313248.
Sep 29 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Failed password for root from 162.144.236.216 port 41474 ssh2
Sep 29 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5887]: pam_unix(cron:session): session closed for user root
Sep 29 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Connection closed by 162.144.236.216 port 41474 [preauth]
Sep 29 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Invalid user postgres from 90.15.121.102
Sep 29 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: input_userauth_request: invalid user postgres [preauth]
Sep 29 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Failed password for root from 162.144.236.216 port 47980 ssh2
Sep 29 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Failed password for invalid user postgres from 90.15.121.102 port 60686 ssh2
Sep 29 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Connection closed by 162.144.236.216 port 47980 [preauth]
Sep 29 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9030]: Connection closed by 90.15.121.102 port 60686 [preauth]
Sep 29 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Failed password for root from 162.144.236.216 port 54178 ssh2
Sep 29 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Connection closed by 162.144.236.216 port 54178 [preauth]
Sep 29 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Failed password for root from 162.144.236.216 port 60284 ssh2
Sep 29 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Invalid user user from 90.15.121.102
Sep 29 06:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: input_userauth_request: invalid user user [preauth]
Sep 29 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Connection closed by 162.144.236.216 port 60284 [preauth]
Sep 29 06:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7960]: pam_unix(cron:session): session closed for user root
Sep 29 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Failed password for invalid user user from 90.15.121.102 port 47340 ssh2
Sep 29 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Connection closed by 90.15.121.102 port 47340 [preauth]
Sep 29 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Failed password for root from 162.144.236.216 port 38742 ssh2
Sep 29 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Connection closed by 162.144.236.216 port 38742 [preauth]
Sep 29 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9604]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: Successful su for rubyman by root
Sep 29 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: + ??? root:rubyman
Sep 29 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313252 of user rubyman.
Sep 29 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313252.
Sep 29 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session closed for user root
Sep 29 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9544]: Failed password for root from 90.15.121.102 port 48384 ssh2
Sep 29 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Failed password for root from 162.144.236.216 port 47618 ssh2
Sep 29 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Connection closed by 162.144.236.216 port 47618 [preauth]
Sep 29 06:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Invalid user certconfigtmp from 20.163.71.109
Sep 29 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: input_userauth_request: invalid user certconfigtmp [preauth]
Sep 29 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9544]: Connection closed by 90.15.121.102 port 48384 [preauth]
Sep 29 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Failed password for invalid user certconfigtmp from 20.163.71.109 port 35446 ssh2
Sep 29 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Connection closed by 20.163.71.109 port 35446 [preauth]
Sep 29 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Failed password for root from 162.144.236.216 port 54692 ssh2
Sep 29 06:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Connection closed by 162.144.236.216 port 54692 [preauth]
Sep 29 06:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Failed password for root from 90.15.121.102 port 38736 ssh2
Sep 29 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Failed password for root from 162.144.236.216 port 32958 ssh2
Sep 29 06:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Connection closed by 162.144.236.216 port 32958 [preauth]
Sep 29 06:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Connection closed by 90.15.121.102 port 38736 [preauth]
Sep 29 06:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session closed for user root
Sep 29 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Failed password for root from 162.144.236.216 port 39350 ssh2
Sep 29 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Connection closed by 162.144.236.216 port 39350 [preauth]
Sep 29 06:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Invalid user cs2 from 90.15.121.102
Sep 29 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: input_userauth_request: invalid user cs2 [preauth]
Sep 29 06:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Failed password for invalid user cs2 from 90.15.121.102 port 50242 ssh2
Sep 29 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Connection closed by 90.15.121.102 port 50242 [preauth]
Sep 29 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Failed password for root from 162.144.236.216 port 45366 ssh2
Sep 29 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Connection closed by 162.144.236.216 port 45366 [preauth]
Sep 29 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session closed for user root
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10192]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10275]: Successful su for rubyman by root
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10275]: + ??? root:rubyman
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313256 of user rubyman.
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10275]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313256.
Sep 29 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Invalid user pi from 90.15.121.102
Sep 29 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: input_userauth_request: invalid user pi [preauth]
Sep 29 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session closed for user root
Sep 29 06:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session closed for user root
Sep 29 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10193]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Failed password for root from 162.144.236.216 port 52626 ssh2
Sep 29 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Connection closed by 162.144.236.216 port 52626 [preauth]
Sep 29 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Failed password for invalid user pi from 90.15.121.102 port 42932 ssh2
Sep 29 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Connection closed by 90.15.121.102 port 42932 [preauth]
Sep 29 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Failed password for root from 162.144.236.216 port 58980 ssh2
Sep 29 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Connection closed by 162.144.236.216 port 58980 [preauth]
Sep 29 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Invalid user admin from 90.15.121.102
Sep 29 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: input_userauth_request: invalid user admin [preauth]
Sep 29 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Failed password for invalid user admin from 90.15.121.102 port 42168 ssh2
Sep 29 06:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Failed password for root from 162.144.236.216 port 37766 ssh2
Sep 29 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Connection closed by 162.144.236.216 port 37766 [preauth]
Sep 29 06:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Connection closed by 90.15.121.102 port 42168 [preauth]
Sep 29 06:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session closed for user root
Sep 29 06:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: Failed password for root from 162.144.236.216 port 44352 ssh2
Sep 29 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: Connection closed by 162.144.236.216 port 44352 [preauth]
Sep 29 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Invalid user dietpi from 93.152.230.176
Sep 29 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: input_userauth_request: invalid user dietpi [preauth]
Sep 29 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Failed password for root from 162.144.236.216 port 53732 ssh2
Sep 29 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Failed password for invalid user dietpi from 93.152.230.176 port 19803 ssh2
Sep 29 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Received disconnect from 93.152.230.176 port 19803:11: Client disconnecting normally [preauth]
Sep 29 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Disconnected from 93.152.230.176 port 19803 [preauth]
Sep 29 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Connection closed by 162.144.236.216 port 53732 [preauth]
Sep 29 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: Invalid user cloud from 90.15.121.102
Sep 29 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: input_userauth_request: invalid user cloud [preauth]
Sep 29 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: User ftp from 90.15.121.102 not allowed because not listed in AllowUsers
Sep 29 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: input_userauth_request: invalid user ftp [preauth]
Sep 29 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: Failed password for invalid user cloud from 90.15.121.102 port 49908 ssh2
Sep 29 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Failed password for root from 162.144.236.216 port 33308 ssh2
Sep 29 06:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=ftp
Sep 29 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Connection closed by 162.144.236.216 port 33308 [preauth]
Sep 29 06:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: Failed password for invalid user ftp from 90.15.121.102 port 49116 ssh2
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: Connection closed by 90.15.121.102 port 49908 [preauth]
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10708]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: Successful su for rubyman by root
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: + ??? root:rubyman
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313262 of user rubyman.
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10781]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313262.
Sep 29 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: Connection closed by 90.15.121.102 port 49116 [preauth]
Sep 29 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7444]: pam_unix(cron:session): session closed for user root
Sep 29 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: Failed password for root from 162.144.236.216 port 39660 ssh2
Sep 29 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10706]: Connection closed by 162.144.236.216 port 39660 [preauth]
Sep 29 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Invalid user teamspeak3 from 90.15.121.102
Sep 29 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: input_userauth_request: invalid user teamspeak3 [preauth]
Sep 29 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for invalid user teamspeak3 from 90.15.121.102 port 35614 ssh2
Sep 29 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Connection closed by 90.15.121.102 port 35614 [preauth]
Sep 29 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Failed password for root from 162.144.236.216 port 45578 ssh2
Sep 29 06:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Connection closed by 162.144.236.216 port 45578 [preauth]
Sep 29 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session closed for user root
Sep 29 06:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=root
Sep 29 06:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Failed password for root from 90.15.121.102 port 54946 ssh2
Sep 29 06:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: Failed password for root from 162.144.236.216 port 51832 ssh2
Sep 29 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Connection closed by 90.15.121.102 port 54946 [preauth]
Sep 29 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11054]: Connection closed by 162.144.236.216 port 51832 [preauth]
Sep 29 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11150]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: Invalid user craft from 90.15.121.102
Sep 29 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: input_userauth_request: invalid user craft [preauth]
Sep 29 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: Successful su for rubyman by root
Sep 29 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: + ??? root:rubyman
Sep 29 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313266 of user rubyman.
Sep 29 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313266.
Sep 29 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session closed for user root
Sep 29 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Failed password for root from 162.144.236.216 port 59436 ssh2
Sep 29 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11151]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: Failed password for invalid user craft from 90.15.121.102 port 46184 ssh2
Sep 29 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Connection closed by 162.144.236.216 port 59436 [preauth]
Sep 29 06:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11103]: Connection closed by 90.15.121.102 port 46184 [preauth]
Sep 29 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: Failed password for root from 162.144.236.216 port 39662 ssh2
Sep 29 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11429]: Connection closed by 162.144.236.216 port 39662 [preauth]
Sep 29 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Invalid user cs2server from 90.15.121.102
Sep 29 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: input_userauth_request: invalid user cs2server [preauth]
Sep 29 06:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Failed password for root from 162.144.236.216 port 46056 ssh2
Sep 29 06:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: Connection closed by 162.144.236.216 port 46056 [preauth]
Sep 29 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Did not receive identification string from 90.15.121.102
Sep 29 06:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user root
Sep 29 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Failed password for root from 162.144.236.216 port 53246 ssh2
Sep 29 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Connection closed by 162.144.236.216 port 53246 [preauth]
Sep 29 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for invalid user cs2server from 90.15.121.102 port 43240 ssh2
Sep 29 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Connection closed by 90.15.121.102 port 43240 [preauth]
Sep 29 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Did not receive identification string from 90.15.121.102
Sep 29 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Failed password for root from 162.144.236.216 port 60606 ssh2
Sep 29 06:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Connection closed by 162.144.236.216 port 60606 [preauth]
Sep 29 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Failed password for root from 162.144.236.216 port 39592 ssh2
Sep 29 06:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Connection closed by 162.144.236.216 port 39592 [preauth]
Sep 29 06:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: Successful su for rubyman by root
Sep 29 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: + ??? root:rubyman
Sep 29 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313270 of user rubyman.
Sep 29 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313270.
Sep 29 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session closed for user root
Sep 29 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Failed password for root from 162.144.236.216 port 47240 ssh2
Sep 29 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: Invalid user steam from 90.15.121.102
Sep 29 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: input_userauth_request: invalid user steam [preauth]
Sep 29 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11579]: Connection closed by 162.144.236.216 port 47240 [preauth]
Sep 29 06:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11593]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: Failed password for invalid user steam from 90.15.121.102 port 42354 ssh2
Sep 29 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11544]: Connection closed by 90.15.121.102 port 42354 [preauth]
Sep 29 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Invalid user postgres from 90.15.121.102
Sep 29 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: input_userauth_request: invalid user postgres [preauth]
Sep 29 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Failed password for root from 162.144.236.216 port 51716 ssh2
Sep 29 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Connection closed by 162.144.236.216 port 51716 [preauth]
Sep 29 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Failed password for invalid user postgres from 90.15.121.102 port 42666 ssh2
Sep 29 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session closed for user root
Sep 29 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11816]: Connection closed by 90.15.121.102 port 42666 [preauth]
Sep 29 06:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Failed password for root from 162.144.236.216 port 33784 ssh2
Sep 29 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Connection closed by 162.144.236.216 port 33784 [preauth]
Sep 29 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: User backup from 90.15.121.102 not allowed because not listed in AllowUsers
Sep 29 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: input_userauth_request: invalid user backup [preauth]
Sep 29 06:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102  user=backup
Sep 29 06:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user backup from 90.15.121.102 port 40046 ssh2
Sep 29 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Failed password for root from 162.144.236.216 port 38666 ssh2
Sep 29 06:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Connection closed by 162.144.236.216 port 38666 [preauth]
Sep 29 06:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Connection closed by 90.15.121.102 port 40046 [preauth]
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12133]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user p13x
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: Successful su for rubyman by root
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: + ??? root:rubyman
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313274 of user rubyman.
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12198]: pam_unix(su:session): session closed for user rubyman
Sep 29 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313274.
Sep 29 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Invalid user guest from 90.15.121.102
Sep 29 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: input_userauth_request: invalid user guest [preauth]
Sep 29 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user root
Sep 29 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user samftp
Sep 29 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Failed password for invalid user guest from 90.15.121.102 port 57636 ssh2
Sep 29 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for root from 162.144.236.216 port 43864 ssh2
Sep 29 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12278]: Did not receive identification string from 90.15.121.102
Sep 29 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Connection closed by 162.144.236.216 port 43864 [preauth]
Sep 29 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12080]: Connection closed by 90.15.121.102 port 57636 [preauth]
Sep 29 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for root from 162.144.236.216 port 51558 ssh2
Sep 29 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Connection closed by 162.144.236.216 port 51558 [preauth]
Sep 29 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: Invalid user admin from 78.128.112.74
Sep 29 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: input_userauth_request: invalid user admin [preauth]
Sep 29 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Failed password for root from 162.144.236.216 port 58004 ssh2
Sep 29 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: Failed password for invalid user admin from 78.128.112.74 port 33400 ssh2
Sep 29 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12475]: Connection closed by 78.128.112.74 port 33400 [preauth]
Sep 29 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Connection closed by 162.144.236.216 port 58004 [preauth]
Sep 29 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Invalid user test from 90.15.121.102
Sep 29 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: input_userauth_request: invalid user test [preauth]
Sep 29 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11153]: pam_unix(cron:session): session closed for user root
Sep 29 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Failed password for invalid user test from 90.15.121.102 port 59550 ssh2
Sep 29 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Did not receive identification string from 90.15.121.102
Sep 29 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Connection closed by 90.15.121.102 port 59550 [preauth]
Sep 29 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 06:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Failed password for root from 162.144.236.216 port 35520 ssh2
Sep 29 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Connection closed by 162.144.236.216 port 35520 [preauth]
Sep 29 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Invalid user wordpress from 90.15.121.102
Sep 29 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: input_userauth_request: invalid user wordpress [preauth]
Sep 29 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user wordpress from 90.15.121.102 port 50548 ssh2
Sep 29 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Invalid user  from 62.60.131.157
Sep 29 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: input_userauth_request: invalid user  [preauth]
Sep 29 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Failed none for invalid user  from 62.60.131.157 port 63358 ssh2
Sep 29 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Received disconnect from 62.60.131.157 port 63358:11: Bye [preauth]
Sep 29 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Disconnected from 62.60.131.157 port 63358 [preauth]
Sep 29 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Connection closed by 90.15.121.102 port 50548 [preauth]
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12591]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session closed for user root
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session closed for user root
Sep 29 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Bad protocol version identification '\003' from 47.251.166.236 port 54971
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12718]: Successful su for rubyman by root
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12718]: + ??? root:rubyman
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313280 of user rubyman.
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12718]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313280.
Sep 29 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Failed password for root from 162.144.236.216 port 42826 ssh2
Sep 29 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12577]: Did not receive identification string from 90.15.121.102
Sep 29 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session closed for user root
Sep 29 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12590]: pam_unix(cron:session): session closed for user root
Sep 29 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Connection closed by 162.144.236.216 port 42826 [preauth]
Sep 29 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Failed password for root from 162.144.236.216 port 51256 ssh2
Sep 29 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12933]: Connection closed by 162.144.236.216 port 51256 [preauth]
Sep 29 07:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Invalid user deployer from 90.15.121.102
Sep 29 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: input_userauth_request: invalid user deployer [preauth]
Sep 29 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Failed password for invalid user deployer from 90.15.121.102 port 37190 ssh2
Sep 29 07:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Failed password for root from 162.144.236.216 port 59432 ssh2
Sep 29 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Connection closed by 162.144.236.216 port 59432 [preauth]
Sep 29 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Connection closed by 90.15.121.102 port 37190 [preauth]
Sep 29 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Failed password for root from 162.144.236.216 port 37798 ssh2
Sep 29 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13028]: Did not receive identification string from 90.15.121.102
Sep 29 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Connection closed by 162.144.236.216 port 37798 [preauth]
Sep 29 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user root
Sep 29 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Failed password for root from 162.144.236.216 port 43834 ssh2
Sep 29 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Connection closed by 162.144.236.216 port 43834 [preauth]
Sep 29 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Invalid user openhabian from 90.15.121.102
Sep 29 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: input_userauth_request: invalid user openhabian [preauth]
Sep 29 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 07:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Failed password for invalid user openhabian from 90.15.121.102 port 35746 ssh2
Sep 29 07:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13051]: Connection closed by 90.15.121.102 port 35746 [preauth]
Sep 29 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13177]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13174]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13248]: Successful su for rubyman by root
Sep 29 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13248]: + ??? root:rubyman
Sep 29 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313285 of user rubyman.
Sep 29 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13248]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313285.
Sep 29 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13142]: Failed password for root from 162.144.236.216 port 51484 ssh2
Sep 29 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Invalid user fa from 90.15.121.102
Sep 29 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: input_userauth_request: invalid user fa [preauth]
Sep 29 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13142]: Connection closed by 162.144.236.216 port 51484 [preauth]
Sep 29 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session closed for user root
Sep 29 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13176]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Failed password for invalid user fa from 90.15.121.102 port 34508 ssh2
Sep 29 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Connection closed by 90.15.121.102 port 34508 [preauth]
Sep 29 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Failed password for root from 162.144.236.216 port 58734 ssh2
Sep 29 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Connection closed by 162.144.236.216 port 58734 [preauth]
Sep 29 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: Invalid user admin from 90.15.121.102
Sep 29 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: input_userauth_request: invalid user admin [preauth]
Sep 29 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.15.121.102
Sep 29 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: Failed password for invalid user admin from 90.15.121.102 port 39896 ssh2
Sep 29 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13510]: Failed password for root from 162.144.236.216 port 37708 ssh2
Sep 29 07:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: Connection closed by 90.15.121.102 port 39896 [preauth]
Sep 29 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13510]: Connection closed by 162.144.236.216 port 37708 [preauth]
Sep 29 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12133]: pam_unix(cron:session): session closed for user root
Sep 29 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Failed password for root from 162.144.236.216 port 42904 ssh2
Sep 29 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13545]: Connection closed by 162.144.236.216 port 42904 [preauth]
Sep 29 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Failed password for root from 162.144.236.216 port 49150 ssh2
Sep 29 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Connection closed by 162.144.236.216 port 49150 [preauth]
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13690]: Successful su for rubyman by root
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13690]: + ??? root:rubyman
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313288 of user rubyman.
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13690]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313288.
Sep 29 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session closed for user root
Sep 29 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for root from 162.144.236.216 port 56408 ssh2
Sep 29 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 162.144.236.216 port 56408 [preauth]
Sep 29 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: Failed password for root from 162.144.236.216 port 35728 ssh2
Sep 29 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13908]: Connection closed by 162.144.236.216 port 35728 [preauth]
Sep 29 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session closed for user root
Sep 29 07:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Failed password for root from 162.144.236.216 port 42788 ssh2
Sep 29 07:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Connection closed by 162.144.236.216 port 42788 [preauth]
Sep 29 07:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Failed password for root from 162.144.236.216 port 50954 ssh2
Sep 29 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Connection closed by 162.144.236.216 port 50954 [preauth]
Sep 29 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14159]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: Successful su for rubyman by root
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: + ??? root:rubyman
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313293 of user rubyman.
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14225]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313293.
Sep 29 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11152]: pam_unix(cron:session): session closed for user root
Sep 29 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Failed password for root from 162.144.236.216 port 57048 ssh2
Sep 29 07:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Connection closed by 162.144.236.216 port 57048 [preauth]
Sep 29 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Invalid user ericadmin from 190.103.202.7
Sep 29 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: input_userauth_request: invalid user ericadmin [preauth]
Sep 29 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Failed password for invalid user ericadmin from 190.103.202.7 port 49146 ssh2
Sep 29 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14421]: Connection closed by 190.103.202.7 port 49146 [preauth]
Sep 29 07:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Failed password for root from 162.144.236.216 port 37238 ssh2
Sep 29 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Connection closed by 162.144.236.216 port 37238 [preauth]
Sep 29 07:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: Failed password for root from 162.144.236.216 port 44360 ssh2
Sep 29 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14443]: Connection closed by 162.144.236.216 port 44360 [preauth]
Sep 29 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13178]: pam_unix(cron:session): session closed for user root
Sep 29 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Failed password for root from 162.144.236.216 port 51612 ssh2
Sep 29 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Connection closed by 162.144.236.216 port 51612 [preauth]
Sep 29 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14521]: Failed password for root from 162.144.236.216 port 59744 ssh2
Sep 29 07:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14521]: Connection closed by 162.144.236.216 port 59744 [preauth]
Sep 29 07:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14646]: Successful su for rubyman by root
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14646]: + ??? root:rubyman
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313296 of user rubyman.
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14646]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313296.
Sep 29 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user root
Sep 29 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for root from 162.144.236.216 port 37288 ssh2
Sep 29 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 162.144.236.216 port 37288 [preauth]
Sep 29 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Failed password for root from 162.144.236.216 port 43290 ssh2
Sep 29 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Connection closed by 162.144.236.216 port 43290 [preauth]
Sep 29 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Invalid user administrator from 93.152.230.176
Sep 29 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: input_userauth_request: invalid user administrator [preauth]
Sep 29 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Failed password for invalid user administrator from 93.152.230.176 port 52565 ssh2
Sep 29 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Received disconnect from 93.152.230.176 port 52565:11: Client disconnecting normally [preauth]
Sep 29 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Disconnected from 93.152.230.176 port 52565 [preauth]
Sep 29 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Failed password for root from 162.144.236.216 port 51324 ssh2
Sep 29 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Connection closed by 162.144.236.216 port 51324 [preauth]
Sep 29 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session closed for user root
Sep 29 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Failed password for root from 162.144.236.216 port 57386 ssh2
Sep 29 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Connection closed by 162.144.236.216 port 57386 [preauth]
Sep 29 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Failed password for root from 162.144.236.216 port 35236 ssh2
Sep 29 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Connection closed by 162.144.236.216 port 35236 [preauth]
Sep 29 07:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user root
Sep 29 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15009]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: Successful su for rubyman by root
Sep 29 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: + ??? root:rubyman
Sep 29 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313302 of user rubyman.
Sep 29 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313302.
Sep 29 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session closed for user root
Sep 29 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12132]: pam_unix(cron:session): session closed for user root
Sep 29 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15010]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Failed password for root from 162.144.236.216 port 41220 ssh2
Sep 29 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Connection closed by 162.144.236.216 port 41220 [preauth]
Sep 29 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Failed password for root from 162.144.236.216 port 47380 ssh2
Sep 29 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Connection closed by 162.144.236.216 port 47380 [preauth]
Sep 29 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14159]: pam_unix(cron:session): session closed for user root
Sep 29 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Failed password for root from 162.144.236.216 port 53656 ssh2
Sep 29 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Connection closed by 162.144.236.216 port 53656 [preauth]
Sep 29 07:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 162.144.236.216 port 33740 ssh2
Sep 29 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 162.144.236.216 port 33740 [preauth]
Sep 29 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15473]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 162.144.236.216 port 38904 ssh2
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15539]: Successful su for rubyman by root
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15539]: + ??? root:rubyman
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313307 of user rubyman.
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15539]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313307.
Sep 29 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Connection closed by 162.144.236.216 port 38904 [preauth]
Sep 29 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12591]: pam_unix(cron:session): session closed for user root
Sep 29 07:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15474]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Failed password for root from 162.144.236.216 port 46146 ssh2
Sep 29 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Connection closed by 162.144.236.216 port 46146 [preauth]
Sep 29 07:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: Failed password for root from 162.144.236.216 port 53206 ssh2
Sep 29 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: Connection closed by 162.144.236.216 port 53206 [preauth]
Sep 29 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session closed for user root
Sep 29 07:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Failed password for root from 162.144.236.216 port 59962 ssh2
Sep 29 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Connection closed by 162.144.236.216 port 59962 [preauth]
Sep 29 07:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15876]: Did not receive identification string from 162.144.236.216
Sep 29 07:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15909]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: Successful su for rubyman by root
Sep 29 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: + ??? root:rubyman
Sep 29 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313312 of user rubyman.
Sep 29 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313312.
Sep 29 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13177]: pam_unix(cron:session): session closed for user root
Sep 29 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Failed password for root from 162.144.236.216 port 43728 ssh2
Sep 29 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15910]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15887]: Connection closed by 162.144.236.216 port 43728 [preauth]
Sep 29 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Failed password for root from 162.144.236.216 port 51916 ssh2
Sep 29 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Connection closed by 162.144.236.216 port 51916 [preauth]
Sep 29 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Failed password for root from 162.144.236.216 port 59300 ssh2
Sep 29 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16208]: Connection closed by 162.144.236.216 port 59300 [preauth]
Sep 29 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Failed password for root from 162.144.236.216 port 37218 ssh2
Sep 29 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Connection closed by 162.144.236.216 port 37218 [preauth]
Sep 29 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session closed for user root
Sep 29 07:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for root from 162.144.236.216 port 42700 ssh2
Sep 29 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Connection closed by 162.144.236.216 port 42700 [preauth]
Sep 29 07:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 162.144.236.216 port 51778 ssh2
Sep 29 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Connection closed by 162.144.236.216 port 51778 [preauth]
Sep 29 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16356]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16352]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16418]: Successful su for rubyman by root
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16418]: + ??? root:rubyman
Sep 29 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313314 of user rubyman.
Sep 29 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16418]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313314.
Sep 29 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: Failed password for root from 162.144.236.216 port 57814 ssh2
Sep 29 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user root
Sep 29 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16339]: Connection closed by 162.144.236.216 port 57814 [preauth]
Sep 29 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16354]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Failed password for root from 162.144.236.216 port 36414 ssh2
Sep 29 07:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Connection closed by 162.144.236.216 port 36414 [preauth]
Sep 29 07:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Failed password for root from 162.144.236.216 port 43746 ssh2
Sep 29 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Connection closed by 162.144.236.216 port 43746 [preauth]
Sep 29 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Failed password for root from 162.144.236.216 port 48436 ssh2
Sep 29 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Connection closed by 162.144.236.216 port 48436 [preauth]
Sep 29 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15476]: pam_unix(cron:session): session closed for user root
Sep 29 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Failed password for root from 162.144.236.216 port 55068 ssh2
Sep 29 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Connection closed by 162.144.236.216 port 55068 [preauth]
Sep 29 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Failed password for root from 162.144.236.216 port 33380 ssh2
Sep 29 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16759]: Connection closed by 162.144.236.216 port 33380 [preauth]
Sep 29 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16787]: Failed password for root from 162.144.236.216 port 39770 ssh2
Sep 29 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16787]: Connection closed by 162.144.236.216 port 39770 [preauth]
Sep 29 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16814]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16812]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16951]: Successful su for rubyman by root
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16951]: + ??? root:rubyman
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313320 of user rubyman.
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16951]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313320.
Sep 29 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16810]: pam_unix(cron:session): session closed for user root
Sep 29 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user root
Sep 29 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for root from 162.144.236.216 port 45474 ssh2
Sep 29 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 162.144.236.216 port 45474 [preauth]
Sep 29 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16813]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17198]: Did not receive identification string from 196.251.71.24
Sep 29 07:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Failed password for root from 162.144.236.216 port 51634 ssh2
Sep 29 07:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Connection closed by 162.144.236.216 port 51634 [preauth]
Sep 29 07:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Failed password for root from 162.144.236.216 port 58288 ssh2
Sep 29 07:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Connection closed by 162.144.236.216 port 58288 [preauth]
Sep 29 07:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: Failed password for root from 162.144.236.216 port 37792 ssh2
Sep 29 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: Connection closed by 162.144.236.216 port 37792 [preauth]
Sep 29 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15912]: pam_unix(cron:session): session closed for user root
Sep 29 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Failed password for root from 162.144.236.216 port 44434 ssh2
Sep 29 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Connection closed by 162.144.236.216 port 44434 [preauth]
Sep 29 07:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Failed password for root from 162.144.236.216 port 51972 ssh2
Sep 29 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17309]: Connection closed by 162.144.236.216 port 51972 [preauth]
Sep 29 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: Failed password for root from 162.144.236.216 port 56474 ssh2
Sep 29 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: Connection closed by 162.144.236.216 port 56474 [preauth]
Sep 29 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session closed for user root
Sep 29 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17444]: Successful su for rubyman by root
Sep 29 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17444]: + ??? root:rubyman
Sep 29 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313324 of user rubyman.
Sep 29 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17444]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313324.
Sep 29 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Failed password for root from 162.144.236.216 port 34508 ssh2
Sep 29 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Connection closed by 162.144.236.216 port 34508 [preauth]
Sep 29 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session closed for user root
Sep 29 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14583]: pam_unix(cron:session): session closed for user root
Sep 29 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Failed password for root from 162.144.236.216 port 41730 ssh2
Sep 29 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Connection closed by 162.144.236.216 port 41730 [preauth]
Sep 29 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: Failed password for root from 162.144.236.216 port 47734 ssh2
Sep 29 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17693]: Connection closed by 162.144.236.216 port 47734 [preauth]
Sep 29 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Failed password for root from 162.144.236.216 port 53568 ssh2
Sep 29 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17734]: Connection closed by 162.144.236.216 port 53568 [preauth]
Sep 29 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16356]: pam_unix(cron:session): session closed for user root
Sep 29 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17787]: Failed password for root from 162.144.236.216 port 60926 ssh2
Sep 29 07:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17787]: Connection closed by 162.144.236.216 port 60926 [preauth]
Sep 29 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17881]: Failed password for root from 162.144.236.216 port 40508 ssh2
Sep 29 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17881]: Connection closed by 162.144.236.216 port 40508 [preauth]
Sep 29 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Failed password for root from 162.144.236.216 port 46972 ssh2
Sep 29 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Connection closed by 162.144.236.216 port 46972 [preauth]
Sep 29 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17950]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: Successful su for rubyman by root
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: + ??? root:rubyman
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313329 of user rubyman.
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313329.
Sep 29 07:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: Failed password for root from 162.144.236.216 port 52512 ssh2
Sep 29 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: Connection closed by 162.144.236.216 port 52512 [preauth]
Sep 29 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user root
Sep 29 07:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17951]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: Failed password for root from 162.144.236.216 port 60120 ssh2
Sep 29 07:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18401]: Connection closed by 162.144.236.216 port 60120 [preauth]
Sep 29 07:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Failed password for root from 162.144.236.216 port 38270 ssh2
Sep 29 07:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Connection closed by 162.144.236.216 port 38270 [preauth]
Sep 29 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Failed password for root from 162.144.236.216 port 45388 ssh2
Sep 29 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Connection closed by 162.144.236.216 port 45388 [preauth]
Sep 29 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session closed for user root
Sep 29 07:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Failed password for root from 162.144.236.216 port 50550 ssh2
Sep 29 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Connection closed by 162.144.236.216 port 50550 [preauth]
Sep 29 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for root from 162.144.236.216 port 56794 ssh2
Sep 29 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Connection closed by 162.144.236.216 port 56794 [preauth]
Sep 29 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: Failed password for root from 162.144.236.216 port 35250 ssh2
Sep 29 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: Connection closed by 162.144.236.216 port 35250 [preauth]
Sep 29 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for root from 196.251.71.24 port 34806 ssh2
Sep 29 07:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Connection closed by 196.251.71.24 port 34806 [preauth]
Sep 29 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: Successful su for rubyman by root
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: + ??? root:rubyman
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313334 of user rubyman.
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18754]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313334.
Sep 29 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Failed password for root from 162.144.236.216 port 41508 ssh2
Sep 29 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18667]: Connection closed by 162.144.236.216 port 41508 [preauth]
Sep 29 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15475]: pam_unix(cron:session): session closed for user root
Sep 29 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: Failed password for root from 162.144.236.216 port 48808 ssh2
Sep 29 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: Connection closed by 162.144.236.216 port 48808 [preauth]
Sep 29 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Failed password for root from 162.144.236.216 port 54044 ssh2
Sep 29 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Connection closed by 162.144.236.216 port 54044 [preauth]
Sep 29 07:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: Failed password for root from 162.144.236.216 port 60638 ssh2
Sep 29 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: Connection closed by 162.144.236.216 port 60638 [preauth]
Sep 29 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Failed password for root from 162.144.236.216 port 38636 ssh2
Sep 29 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17373]: pam_unix(cron:session): session closed for user root
Sep 29 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Connection closed by 162.144.236.216 port 38636 [preauth]
Sep 29 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Failed password for root from 162.144.236.216 port 45422 ssh2
Sep 29 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Connection closed by 162.144.236.216 port 45422 [preauth]
Sep 29 07:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Failed password for root from 162.144.236.216 port 52140 ssh2
Sep 29 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Connection closed by 162.144.236.216 port 52140 [preauth]
Sep 29 07:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Invalid user minecraft from 93.152.230.176
Sep 29 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Failed password for invalid user minecraft from 93.152.230.176 port 50034 ssh2
Sep 29 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Received disconnect from 93.152.230.176 port 50034:11: Client disconnecting normally [preauth]
Sep 29 07:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Disconnected from 93.152.230.176 port 50034 [preauth]
Sep 29 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: Successful su for rubyman by root
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: + ??? root:rubyman
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313339 of user rubyman.
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19248]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313339.
Sep 29 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: Failed password for root from 162.144.236.216 port 58264 ssh2
Sep 29 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: Connection closed by 162.144.236.216 port 58264 [preauth]
Sep 29 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session closed for user root
Sep 29 07:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Failed password for root from 162.144.236.216 port 37650 ssh2
Sep 29 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Connection closed by 162.144.236.216 port 37650 [preauth]
Sep 29 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Failed password for root from 162.144.236.216 port 45420 ssh2
Sep 29 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Connection closed by 162.144.236.216 port 45420 [preauth]
Sep 29 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Failed password for root from 162.144.236.216 port 51652 ssh2
Sep 29 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Connection closed by 162.144.236.216 port 51652 [preauth]
Sep 29 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17953]: pam_unix(cron:session): session closed for user root
Sep 29 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for root from 162.144.236.216 port 58784 ssh2
Sep 29 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Connection closed by 162.144.236.216 port 58784 [preauth]
Sep 29 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Failed password for root from 162.144.236.216 port 36246 ssh2
Sep 29 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Connection closed by 162.144.236.216 port 36246 [preauth]
Sep 29 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: Failed password for root from 162.144.236.216 port 42546 ssh2
Sep 29 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19954]: Connection closed by 162.144.236.216 port 42546 [preauth]
Sep 29 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19999]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20077]: Successful su for rubyman by root
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20077]: + ??? root:rubyman
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313341 of user rubyman.
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20077]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313341.
Sep 29 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Failed password for root from 196.251.71.24 port 41224 ssh2
Sep 29 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: Failed password for root from 162.144.236.216 port 50534 ssh2
Sep 29 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19978]: Connection closed by 162.144.236.216 port 50534 [preauth]
Sep 29 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Connection closed by 196.251.71.24 port 41224 [preauth]
Sep 29 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16355]: pam_unix(cron:session): session closed for user root
Sep 29 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20000]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Failed password for root from 162.144.236.216 port 56220 ssh2
Sep 29 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Connection closed by 162.144.236.216 port 56220 [preauth]
Sep 29 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Failed password for root from 162.144.236.216 port 34002 ssh2
Sep 29 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Connection closed by 162.144.236.216 port 34002 [preauth]
Sep 29 07:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Failed password for root from 162.144.236.216 port 42230 ssh2
Sep 29 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Connection closed by 162.144.236.216 port 42230 [preauth]
Sep 29 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user root
Sep 29 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: Failed password for root from 162.144.236.216 port 48668 ssh2
Sep 29 07:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: Connection closed by 162.144.236.216 port 48668 [preauth]
Sep 29 07:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Failed password for root from 162.144.236.216 port 56498 ssh2
Sep 29 07:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Connection closed by 162.144.236.216 port 56498 [preauth]
Sep 29 07:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: Failed password for root from 162.144.236.216 port 35984 ssh2
Sep 29 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: Connection closed by 162.144.236.216 port 35984 [preauth]
Sep 29 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session closed for user root
Sep 29 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20571]: Successful su for rubyman by root
Sep 29 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20571]: + ??? root:rubyman
Sep 29 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313346 of user rubyman.
Sep 29 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20571]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313346.
Sep 29 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session closed for user root
Sep 29 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16814]: pam_unix(cron:session): session closed for user root
Sep 29 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Failed password for root from 162.144.236.216 port 41048 ssh2
Sep 29 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20486]: Connection closed by 162.144.236.216 port 41048 [preauth]
Sep 29 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: Failed password for root from 162.144.236.216 port 48386 ssh2
Sep 29 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: Connection closed by 162.144.236.216 port 48386 [preauth]
Sep 29 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Failed password for root from 162.144.236.216 port 56158 ssh2
Sep 29 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Connection closed by 162.144.236.216 port 56158 [preauth]
Sep 29 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session closed for user root
Sep 29 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20885]: Failed password for root from 162.144.236.216 port 34482 ssh2
Sep 29 07:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20885]: Connection closed by 162.144.236.216 port 34482 [preauth]
Sep 29 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Failed password for root from 162.144.236.216 port 41992 ssh2
Sep 29 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Connection closed by 162.144.236.216 port 41992 [preauth]
Sep 29 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: Failed password for root from 162.144.236.216 port 47772 ssh2
Sep 29 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: Connection closed by 162.144.236.216 port 47772 [preauth]
Sep 29 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: Failed password for root from 162.144.236.216 port 53302 ssh2
Sep 29 07:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: Connection closed by 162.144.236.216 port 53302 [preauth]
Sep 29 07:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: Successful su for rubyman by root
Sep 29 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: + ??? root:rubyman
Sep 29 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313352 of user rubyman.
Sep 29 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313352.
Sep 29 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session closed for user root
Sep 29 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Failed password for root from 162.144.236.216 port 60584 ssh2
Sep 29 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Connection closed by 162.144.236.216 port 60584 [preauth]
Sep 29 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21048]: Failed password for root from 196.251.71.24 port 44776 ssh2
Sep 29 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21048]: Connection closed by 196.251.71.24 port 44776 [preauth]
Sep 29 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Failed password for root from 162.144.236.216 port 39340 ssh2
Sep 29 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Connection closed by 162.144.236.216 port 39340 [preauth]
Sep 29 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Failed password for root from 162.144.236.216 port 45902 ssh2
Sep 29 07:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Connection closed by 162.144.236.216 port 45902 [preauth]
Sep 29 07:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20002]: pam_unix(cron:session): session closed for user root
Sep 29 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: Failed password for root from 162.144.236.216 port 52036 ssh2
Sep 29 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: Connection closed by 162.144.236.216 port 52036 [preauth]
Sep 29 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Failed password for root from 162.144.236.216 port 59308 ssh2
Sep 29 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Connection closed by 162.144.236.216 port 59308 [preauth]
Sep 29 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Failed password for root from 162.144.236.216 port 37096 ssh2
Sep 29 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Connection closed by 162.144.236.216 port 37096 [preauth]
Sep 29 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Failed password for root from 162.144.236.216 port 44988 ssh2
Sep 29 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Connection closed by 162.144.236.216 port 44988 [preauth]
Sep 29 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Invalid user user from 80.94.95.112
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: input_userauth_request: invalid user user [preauth]
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21444]: pam_unix(cron:session): session closed for user root
Sep 29 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21519]: Successful su for rubyman by root
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21519]: + ??? root:rubyman
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313358 of user rubyman.
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21519]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313358.
Sep 29 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user user from 80.94.95.112 port 63321 ssh2
Sep 29 07:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17952]: pam_unix(cron:session): session closed for user root
Sep 29 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user user from 80.94.95.112 port 63321 ssh2
Sep 29 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: Failed password for root from 162.144.236.216 port 49732 ssh2
Sep 29 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: Connection closed by 162.144.236.216 port 49732 [preauth]
Sep 29 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user user from 80.94.95.112 port 63321 ssh2
Sep 29 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user user from 80.94.95.112 port 63321 ssh2
Sep 29 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user user from 80.94.95.112 port 63321 ssh2
Sep 29 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Received disconnect from 80.94.95.112 port 63321:11: Bye [preauth]
Sep 29 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Disconnected from 80.94.95.112 port 63321 [preauth]
Sep 29 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 07:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Failed password for root from 162.144.236.216 port 57282 ssh2
Sep 29 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Connection closed by 162.144.236.216 port 57282 [preauth]
Sep 29 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21756]: Failed password for root from 162.144.236.216 port 35760 ssh2
Sep 29 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21756]: Connection closed by 162.144.236.216 port 35760 [preauth]
Sep 29 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: Failed password for root from 162.144.236.216 port 40402 ssh2
Sep 29 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: Connection closed by 162.144.236.216 port 40402 [preauth]
Sep 29 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session closed for user root
Sep 29 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Failed password for root from 162.144.236.216 port 46694 ssh2
Sep 29 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Connection closed by 162.144.236.216 port 46694 [preauth]
Sep 29 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for root from 162.144.236.216 port 53640 ssh2
Sep 29 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Connection closed by 162.144.236.216 port 53640 [preauth]
Sep 29 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21877]: Failed password for root from 162.144.236.216 port 58298 ssh2
Sep 29 07:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21877]: Connection closed by 162.144.236.216 port 58298 [preauth]
Sep 29 07:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: Failed password for root from 162.144.236.216 port 37402 ssh2
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: Successful su for rubyman by root
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: + ??? root:rubyman
Sep 29 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313363 of user rubyman.
Sep 29 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313363.
Sep 29 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21897]: Connection closed by 162.144.236.216 port 37402 [preauth]
Sep 29 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user root
Sep 29 07:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Failed password for root from 162.144.236.216 port 44268 ssh2
Sep 29 07:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Connection closed by 162.144.236.216 port 44268 [preauth]
Sep 29 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: Failed password for root from 196.251.71.24 port 46558 ssh2
Sep 29 07:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: Connection closed by 196.251.71.24 port 46558 [preauth]
Sep 29 07:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: Failed password for root from 162.144.236.216 port 50714 ssh2
Sep 29 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: Connection closed by 162.144.236.216 port 50714 [preauth]
Sep 29 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Failed password for root from 162.144.236.216 port 56336 ssh2
Sep 29 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Connection closed by 162.144.236.216 port 56336 [preauth]
Sep 29 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20996]: pam_unix(cron:session): session closed for user root
Sep 29 07:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Failed password for root from 162.144.236.216 port 36254 ssh2
Sep 29 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Connection closed by 162.144.236.216 port 36254 [preauth]
Sep 29 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: Failed password for root from 162.144.236.216 port 42494 ssh2
Sep 29 07:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: Connection closed by 162.144.236.216 port 42494 [preauth]
Sep 29 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Failed password for root from 162.144.236.216 port 47758 ssh2
Sep 29 07:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Connection closed by 162.144.236.216 port 47758 [preauth]
Sep 29 07:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Failed password for root from 162.144.236.216 port 54018 ssh2
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Connection closed by 162.144.236.216 port 54018 [preauth]
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22371]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22445]: Successful su for rubyman by root
Sep 29 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22445]: + ??? root:rubyman
Sep 29 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313366 of user rubyman.
Sep 29 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22445]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313366.
Sep 29 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session closed for user root
Sep 29 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for root from 162.144.236.216 port 60668 ssh2
Sep 29 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Connection closed by 162.144.236.216 port 60668 [preauth]
Sep 29 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22372]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Failed password for root from 162.144.236.216 port 35974 ssh2
Sep 29 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Connection closed by 162.144.236.216 port 35974 [preauth]
Sep 29 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Failed password for root from 162.144.236.216 port 40722 ssh2
Sep 29 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Connection closed by 162.144.236.216 port 40722 [preauth]
Sep 29 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Failed password for root from 162.144.236.216 port 48354 ssh2
Sep 29 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Connection closed by 162.144.236.216 port 48354 [preauth]
Sep 29 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user root
Sep 29 07:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Failed password for root from 162.144.236.216 port 55840 ssh2
Sep 29 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Connection closed by 162.144.236.216 port 55840 [preauth]
Sep 29 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Failed password for root from 162.144.236.216 port 32782 ssh2
Sep 29 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Connection closed by 162.144.236.216 port 32782 [preauth]
Sep 29 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Failed password for root from 162.144.236.216 port 38460 ssh2
Sep 29 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Connection closed by 162.144.236.216 port 38460 [preauth]
Sep 29 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23045]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23043]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23042]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23045]: pam_unix(cron:session): session closed for user root
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: Successful su for rubyman by root
Sep 29 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: + ??? root:rubyman
Sep 29 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313371 of user rubyman.
Sep 29 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313371.
Sep 29 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Failed password for root from 162.144.236.216 port 45642 ssh2
Sep 29 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23042]: pam_unix(cron:session): session closed for user root
Sep 29 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23019]: Connection closed by 162.144.236.216 port 45642 [preauth]
Sep 29 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20001]: pam_unix(cron:session): session closed for user root
Sep 29 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23041]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Failed password for root from 162.144.236.216 port 52404 ssh2
Sep 29 07:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23362]: Connection closed by 162.144.236.216 port 52404 [preauth]
Sep 29 07:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23422]: Failed password for root from 196.251.71.24 port 46814 ssh2
Sep 29 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23422]: Connection closed by 196.251.71.24 port 46814 [preauth]
Sep 29 07:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Failed password for root from 162.144.236.216 port 58430 ssh2
Sep 29 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23436]: Connection closed by 162.144.236.216 port 58430 [preauth]
Sep 29 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23475]: Failed password for root from 162.144.236.216 port 37686 ssh2
Sep 29 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23475]: Connection closed by 162.144.236.216 port 37686 [preauth]
Sep 29 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21913]: pam_unix(cron:session): session closed for user root
Sep 29 07:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for root from 162.144.236.216 port 44444 ssh2
Sep 29 07:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Connection closed by 162.144.236.216 port 44444 [preauth]
Sep 29 07:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Failed password for root from 162.144.236.216 port 50182 ssh2
Sep 29 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Connection closed by 162.144.236.216 port 50182 [preauth]
Sep 29 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Failed password for root from 162.144.236.216 port 57524 ssh2
Sep 29 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Connection closed by 162.144.236.216 port 57524 [preauth]
Sep 29 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23821]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23822]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23819]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23888]: Successful su for rubyman by root
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23888]: + ??? root:rubyman
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313374 of user rubyman.
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23888]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313374.
Sep 29 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Failed password for root from 162.144.236.216 port 35924 ssh2
Sep 29 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session closed for user root
Sep 29 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Connection closed by 162.144.236.216 port 35924 [preauth]
Sep 29 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Failed password for root from 162.144.236.216 port 42940 ssh2
Sep 29 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Connection closed by 162.144.236.216 port 42940 [preauth]
Sep 29 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: Failed password for root from 162.144.236.216 port 49452 ssh2
Sep 29 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24152]: Connection closed by 162.144.236.216 port 49452 [preauth]
Sep 29 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: Failed password for root from 162.144.236.216 port 57454 ssh2
Sep 29 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: Connection closed by 162.144.236.216 port 57454 [preauth]
Sep 29 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session closed for user root
Sep 29 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Failed password for root from 93.152.230.176 port 39753 ssh2
Sep 29 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Received disconnect from 93.152.230.176 port 39753:11: Client disconnecting normally [preauth]
Sep 29 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24217]: Disconnected from 93.152.230.176 port 39753 [preauth]
Sep 29 07:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Failed password for root from 162.144.236.216 port 34652 ssh2
Sep 29 07:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Connection closed by 162.144.236.216 port 34652 [preauth]
Sep 29 07:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: Failed password for root from 162.144.236.216 port 40988 ssh2
Sep 29 07:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: Connection closed by 162.144.236.216 port 40988 [preauth]
Sep 29 07:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for root from 162.144.236.216 port 48702 ssh2
Sep 29 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 162.144.236.216 port 48702 [preauth]
Sep 29 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24396]: Successful su for rubyman by root
Sep 29 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24396]: + ??? root:rubyman
Sep 29 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313380 of user rubyman.
Sep 29 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24396]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313380.
Sep 29 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session closed for user root
Sep 29 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Failed password for root from 162.144.236.216 port 55376 ssh2
Sep 29 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Connection closed by 162.144.236.216 port 55376 [preauth]
Sep 29 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Failed password for root from 162.144.236.216 port 33062 ssh2
Sep 29 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Connection closed by 162.144.236.216 port 33062 [preauth]
Sep 29 07:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for root from 196.251.71.24 port 46054 ssh2
Sep 29 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Connection closed by 196.251.71.24 port 46054 [preauth]
Sep 29 07:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: Failed password for root from 162.144.236.216 port 39238 ssh2
Sep 29 07:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: Connection closed by 162.144.236.216 port 39238 [preauth]
Sep 29 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Failed password for root from 162.144.236.216 port 45838 ssh2
Sep 29 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24679]: Connection closed by 162.144.236.216 port 45838 [preauth]
Sep 29 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23044]: pam_unix(cron:session): session closed for user root
Sep 29 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Failed password for root from 162.144.236.216 port 53532 ssh2
Sep 29 07:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Connection closed by 162.144.236.216 port 53532 [preauth]
Sep 29 07:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Failed password for root from 162.144.236.216 port 59416 ssh2
Sep 29 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24741]: Connection closed by 162.144.236.216 port 59416 [preauth]
Sep 29 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Failed password for root from 162.144.236.216 port 38068 ssh2
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: Successful su for rubyman by root
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: + ??? root:rubyman
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313383 of user rubyman.
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313383.
Sep 29 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Connection closed by 162.144.236.216 port 38068 [preauth]
Sep 29 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user root
Sep 29 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: Failed password for root from 162.144.236.216 port 45684 ssh2
Sep 29 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: Connection closed by 162.144.236.216 port 45684 [preauth]
Sep 29 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: Failed password for root from 162.144.236.216 port 54178 ssh2
Sep 29 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25084]: Connection closed by 162.144.236.216 port 54178 [preauth]
Sep 29 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25143]: Failed password for root from 162.144.236.216 port 35556 ssh2
Sep 29 07:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25143]: Connection closed by 162.144.236.216 port 35556 [preauth]
Sep 29 07:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23822]: pam_unix(cron:session): session closed for user root
Sep 29 07:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Failed password for root from 162.144.236.216 port 41388 ssh2
Sep 29 07:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Connection closed by 162.144.236.216 port 41388 [preauth]
Sep 29 07:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: Failed password for root from 162.144.236.216 port 48220 ssh2
Sep 29 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: Connection closed by 162.144.236.216 port 48220 [preauth]
Sep 29 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Failed password for root from 162.144.236.216 port 56204 ssh2
Sep 29 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Connection closed by 162.144.236.216 port 56204 [preauth]
Sep 29 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: Successful su for rubyman by root
Sep 29 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: + ??? root:rubyman
Sep 29 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313387 of user rubyman.
Sep 29 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313387.
Sep 29 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21912]: pam_unix(cron:session): session closed for user root
Sep 29 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: Failed password for root from 162.144.236.216 port 34248 ssh2
Sep 29 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: Connection closed by 162.144.236.216 port 34248 [preauth]
Sep 29 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25743]: Failed password for root from 196.251.71.24 port 44536 ssh2
Sep 29 07:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25743]: Connection closed by 196.251.71.24 port 44536 [preauth]
Sep 29 07:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Failed password for root from 162.144.236.216 port 40228 ssh2
Sep 29 07:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Connection closed by 162.144.236.216 port 40228 [preauth]
Sep 29 07:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: Failed password for root from 162.144.236.216 port 47392 ssh2
Sep 29 07:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: Connection closed by 162.144.236.216 port 47392 [preauth]
Sep 29 07:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 162.144.236.216 port 53750 ssh2
Sep 29 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session closed for user root
Sep 29 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Connection closed by 162.144.236.216 port 53750 [preauth]
Sep 29 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Failed password for root from 162.144.236.216 port 60050 ssh2
Sep 29 07:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Connection closed by 162.144.236.216 port 60050 [preauth]
Sep 29 07:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for root from 162.144.236.216 port 38140 ssh2
Sep 29 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Connection closed by 162.144.236.216 port 38140 [preauth]
Sep 29 07:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Failed password for root from 162.144.236.216 port 46040 ssh2
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session closed for user root
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26068]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Connection closed by 162.144.236.216 port 46040 [preauth]
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: Successful su for rubyman by root
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: + ??? root:rubyman
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313392 of user rubyman.
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26146]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313392.
Sep 29 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22373]: pam_unix(cron:session): session closed for user root
Sep 29 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26070]: pam_unix(cron:session): session closed for user root
Sep 29 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Failed password for root from 162.144.236.216 port 51812 ssh2
Sep 29 07:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26069]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Connection closed by 162.144.236.216 port 51812 [preauth]
Sep 29 07:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Failed password for root from 162.144.236.216 port 59842 ssh2
Sep 29 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Connection closed by 162.144.236.216 port 59842 [preauth]
Sep 29 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Failed password for root from 162.144.236.216 port 37968 ssh2
Sep 29 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Connection closed by 162.144.236.216 port 37968 [preauth]
Sep 29 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user root
Sep 29 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Failed password for root from 162.144.236.216 port 44212 ssh2
Sep 29 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Connection closed by 162.144.236.216 port 44212 [preauth]
Sep 29 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Failed password for root from 162.144.236.216 port 50150 ssh2
Sep 29 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26589]: Connection closed by 162.144.236.216 port 50150 [preauth]
Sep 29 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for root from 162.144.236.216 port 55272 ssh2
Sep 29 07:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Connection closed by 162.144.236.216 port 55272 [preauth]
Sep 29 07:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: Successful su for rubyman by root
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: + ??? root:rubyman
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313397 of user rubyman.
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313397.
Sep 29 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26659]: Failed password for root from 162.144.236.216 port 36120 ssh2
Sep 29 07:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26659]: Connection closed by 162.144.236.216 port 36120 [preauth]
Sep 29 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23043]: pam_unix(cron:session): session closed for user root
Sep 29 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: Failed password for root from 196.251.71.24 port 42782 ssh2
Sep 29 07:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Failed password for root from 162.144.236.216 port 42188 ssh2
Sep 29 07:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: Connection closed by 196.251.71.24 port 42782 [preauth]
Sep 29 07:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Connection closed by 162.144.236.216 port 42188 [preauth]
Sep 29 07:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Invalid user admin from 80.94.95.112
Sep 29 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: input_userauth_request: invalid user admin [preauth]
Sep 29 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: Failed password for root from 162.144.236.216 port 49490 ssh2
Sep 29 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Failed password for invalid user admin from 80.94.95.112 port 27293 ssh2
Sep 29 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: Connection closed by 162.144.236.216 port 49490 [preauth]
Sep 29 07:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Failed password for invalid user admin from 80.94.95.112 port 27293 ssh2
Sep 29 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Failed password for invalid user admin from 80.94.95.112 port 27293 ssh2
Sep 29 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Failed password for invalid user admin from 80.94.95.112 port 27293 ssh2
Sep 29 07:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Failed password for root from 162.144.236.216 port 57464 ssh2
Sep 29 07:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Connection closed by 162.144.236.216 port 57464 [preauth]
Sep 29 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Failed password for invalid user admin from 80.94.95.112 port 27293 ssh2
Sep 29 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Received disconnect from 80.94.95.112 port 27293:11: Bye [preauth]
Sep 29 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: Disconnected from 80.94.95.112 port 27293 [preauth]
Sep 29 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27099]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25306]: pam_unix(cron:session): session closed for user root
Sep 29 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: Failed password for root from 162.144.236.216 port 35812 ssh2
Sep 29 07:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: Connection closed by 162.144.236.216 port 35812 [preauth]
Sep 29 07:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Failed password for root from 162.144.236.216 port 42024 ssh2
Sep 29 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Connection closed by 162.144.236.216 port 42024 [preauth]
Sep 29 07:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Failed password for root from 162.144.236.216 port 49474 ssh2
Sep 29 07:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27239]: Connection closed by 162.144.236.216 port 49474 [preauth]
Sep 29 07:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27267]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: Successful su for rubyman by root
Sep 29 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: + ??? root:rubyman
Sep 29 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313402 of user rubyman.
Sep 29 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313402.
Sep 29 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23821]: pam_unix(cron:session): session closed for user root
Sep 29 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Failed password for root from 162.144.236.216 port 55936 ssh2
Sep 29 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27268]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Connection closed by 162.144.236.216 port 55936 [preauth]
Sep 29 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Failed password for root from 162.144.236.216 port 34642 ssh2
Sep 29 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27733]: Connection closed by 162.144.236.216 port 34642 [preauth]
Sep 29 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: Failed password for root from 162.144.236.216 port 41718 ssh2
Sep 29 07:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27769]: Connection closed by 162.144.236.216 port 41718 [preauth]
Sep 29 07:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: Failed password for root from 162.144.236.216 port 48684 ssh2
Sep 29 07:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27802]: Connection closed by 162.144.236.216 port 48684 [preauth]
Sep 29 07:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session closed for user root
Sep 29 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: Failed password for root from 162.144.236.216 port 54998 ssh2
Sep 29 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27837]: Connection closed by 162.144.236.216 port 54998 [preauth]
Sep 29 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Failed password for root from 162.144.236.216 port 33376 ssh2
Sep 29 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Connection closed by 162.144.236.216 port 33376 [preauth]
Sep 29 07:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Failed password for root from 162.144.236.216 port 38788 ssh2
Sep 29 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Connection closed by 162.144.236.216 port 38788 [preauth]
Sep 29 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27985]: Successful su for rubyman by root
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27985]: + ??? root:rubyman
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313404 of user rubyman.
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27985]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313404.
Sep 29 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session closed for user root
Sep 29 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27918]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Failed password for root from 162.144.236.216 port 45938 ssh2
Sep 29 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Connection closed by 162.144.236.216 port 45938 [preauth]
Sep 29 07:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: Failed password for root from 196.251.71.24 port 41122 ssh2
Sep 29 07:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28131]: Connection closed by 196.251.71.24 port 41122 [preauth]
Sep 29 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: Failed password for root from 162.144.236.216 port 52750 ssh2
Sep 29 07:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: Connection closed by 162.144.236.216 port 52750 [preauth]
Sep 29 07:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Failed password for root from 162.144.236.216 port 60228 ssh2
Sep 29 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Connection closed by 162.144.236.216 port 60228 [preauth]
Sep 29 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user root
Sep 29 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Failed password for root from 162.144.236.216 port 39132 ssh2
Sep 29 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Connection closed by 162.144.236.216 port 39132 [preauth]
Sep 29 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: Failed password for root from 162.144.236.216 port 46206 ssh2
Sep 29 07:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28299]: Connection closed by 162.144.236.216 port 46206 [preauth]
Sep 29 07:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Invalid user user from 62.60.131.157
Sep 29 07:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: input_userauth_request: invalid user user [preauth]
Sep 29 07:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Failed password for root from 162.144.236.216 port 51376 ssh2
Sep 29 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Connection closed by 162.144.236.216 port 51376 [preauth]
Sep 29 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for invalid user user from 62.60.131.157 port 22740 ssh2
Sep 29 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for invalid user user from 62.60.131.157 port 22740 ssh2
Sep 29 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for invalid user user from 62.60.131.157 port 22740 ssh2
Sep 29 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Failed password for root from 162.144.236.216 port 58686 ssh2
Sep 29 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Connection closed by 162.144.236.216 port 58686 [preauth]
Sep 29 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28393]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for invalid user user from 62.60.131.157 port 22740 ssh2
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28472]: Successful su for rubyman by root
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28472]: + ??? root:rubyman
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313409 of user rubyman.
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28472]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313409.
Sep 29 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for invalid user user from 62.60.131.157 port 22740 ssh2
Sep 29 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Received disconnect from 62.60.131.157 port 22740:11: Bye [preauth]
Sep 29 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Disconnected from 62.60.131.157 port 22740 [preauth]
Sep 29 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user root
Sep 29 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for root from 162.144.236.216 port 36306 ssh2
Sep 29 07:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Connection closed by 162.144.236.216 port 36306 [preauth]
Sep 29 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Failed password for root from 162.144.236.216 port 42452 ssh2
Sep 29 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Connection closed by 162.144.236.216 port 42452 [preauth]
Sep 29 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Failed password for root from 162.144.236.216 port 52032 ssh2
Sep 29 07:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Connection closed by 162.144.236.216 port 52032 [preauth]
Sep 29 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27270]: pam_unix(cron:session): session closed for user root
Sep 29 07:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for root from 162.144.236.216 port 58336 ssh2
Sep 29 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Connection closed by 162.144.236.216 port 58336 [preauth]
Sep 29 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Failed password for root from 162.144.236.216 port 36538 ssh2
Sep 29 07:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Connection closed by 162.144.236.216 port 36538 [preauth]
Sep 29 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Failed password for root from 162.144.236.216 port 43582 ssh2
Sep 29 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Connection closed by 162.144.236.216 port 43582 [preauth]
Sep 29 07:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29087]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29090]: pam_unix(cron:session): session closed for user root
Sep 29 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29085]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: Successful su for rubyman by root
Sep 29 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: + ??? root:rubyman
Sep 29 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313417 of user rubyman.
Sep 29 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313417.
Sep 29 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Failed password for root from 162.144.236.216 port 49102 ssh2
Sep 29 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29087]: pam_unix(cron:session): session closed for user root
Sep 29 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29073]: Connection closed by 162.144.236.216 port 49102 [preauth]
Sep 29 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25305]: pam_unix(cron:session): session closed for user root
Sep 29 07:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29086]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Failed password for root from 196.251.71.24 port 39186 ssh2
Sep 29 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Connection closed by 196.251.71.24 port 39186 [preauth]
Sep 29 07:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Invalid user user1 from 93.152.230.176
Sep 29 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: input_userauth_request: invalid user user1 [preauth]
Sep 29 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: Failed password for root from 162.144.236.216 port 56146 ssh2
Sep 29 07:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: Connection closed by 162.144.236.216 port 56146 [preauth]
Sep 29 07:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Failed password for invalid user user1 from 93.152.230.176 port 55131 ssh2
Sep 29 07:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Received disconnect from 93.152.230.176 port 55131:11: Client disconnecting normally [preauth]
Sep 29 07:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Disconnected from 93.152.230.176 port 55131 [preauth]
Sep 29 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Failed password for root from 162.144.236.216 port 35688 ssh2
Sep 29 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Connection closed by 162.144.236.216 port 35688 [preauth]
Sep 29 07:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Failed password for root from 162.144.236.216 port 41050 ssh2
Sep 29 07:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Connection closed by 162.144.236.216 port 41050 [preauth]
Sep 29 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27920]: pam_unix(cron:session): session closed for user root
Sep 29 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: Failed password for root from 162.144.236.216 port 47786 ssh2
Sep 29 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: Connection closed by 162.144.236.216 port 47786 [preauth]
Sep 29 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29565]: Failed password for root from 162.144.236.216 port 54316 ssh2
Sep 29 07:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29565]: Connection closed by 162.144.236.216 port 54316 [preauth]
Sep 29 07:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Failed password for root from 162.144.236.216 port 60212 ssh2
Sep 29 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Connection closed by 162.144.236.216 port 60212 [preauth]
Sep 29 07:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29640]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: Successful su for rubyman by root
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: + ??? root:rubyman
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313418 of user rubyman.
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313418.
Sep 29 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Failed password for root from 162.144.236.216 port 38176 ssh2
Sep 29 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Connection closed by 162.144.236.216 port 38176 [preauth]
Sep 29 07:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session closed for user root
Sep 29 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for root from 162.144.236.216 port 44804 ssh2
Sep 29 07:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Connection closed by 162.144.236.216 port 44804 [preauth]
Sep 29 07:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Failed password for root from 162.144.236.216 port 50300 ssh2
Sep 29 07:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Connection closed by 162.144.236.216 port 50300 [preauth]
Sep 29 07:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9  user=root
Sep 29 07:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29975]: Failed password for root from 213.209.157.9 port 60432 ssh2
Sep 29 07:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29975]: Connection closed by 213.209.157.9 port 60432 [preauth]
Sep 29 07:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Failed password for root from 162.144.236.216 port 57422 ssh2
Sep 29 07:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Connection closed by 162.144.236.216 port 57422 [preauth]
Sep 29 07:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28393]: pam_unix(cron:session): session closed for user root
Sep 29 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: Failed password for root from 162.144.236.216 port 35766 ssh2
Sep 29 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30024]: Connection closed by 162.144.236.216 port 35766 [preauth]
Sep 29 07:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Failed password for root from 162.144.236.216 port 42282 ssh2
Sep 29 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Connection closed by 162.144.236.216 port 42282 [preauth]
Sep 29 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Failed password for root from 162.144.236.216 port 50100 ssh2
Sep 29 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Connection closed by 162.144.236.216 port 50100 [preauth]
Sep 29 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: Successful su for rubyman by root
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: + ??? root:rubyman
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313422 of user rubyman.
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313422.
Sep 29 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Failed password for root from 162.144.236.216 port 57008 ssh2
Sep 29 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session closed for user root
Sep 29 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Connection closed by 162.144.236.216 port 57008 [preauth]
Sep 29 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30387]: Failed password for root from 196.251.71.24 port 36726 ssh2
Sep 29 07:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30387]: Connection closed by 196.251.71.24 port 36726 [preauth]
Sep 29 07:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for root from 162.144.236.216 port 35846 ssh2
Sep 29 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 162.144.236.216 port 35846 [preauth]
Sep 29 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30590]: Failed password for root from 162.144.236.216 port 42728 ssh2
Sep 29 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30590]: Connection closed by 162.144.236.216 port 42728 [preauth]
Sep 29 07:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Failed password for root from 162.144.236.216 port 49774 ssh2
Sep 29 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Connection closed by 162.144.236.216 port 49774 [preauth]
Sep 29 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29089]: pam_unix(cron:session): session closed for user root
Sep 29 07:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Failed password for root from 162.144.236.216 port 56088 ssh2
Sep 29 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Connection closed by 162.144.236.216 port 56088 [preauth]
Sep 29 07:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Failed password for root from 162.144.236.216 port 34432 ssh2
Sep 29 07:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Connection closed by 162.144.236.216 port 34432 [preauth]
Sep 29 07:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for root from 162.144.236.216 port 40032 ssh2
Sep 29 07:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Connection closed by 162.144.236.216 port 40032 [preauth]
Sep 29 07:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30810]: Successful su for rubyman by root
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30810]: + ??? root:rubyman
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313427 of user rubyman.
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30810]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313427.
Sep 29 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Failed password for root from 162.144.236.216 port 47290 ssh2
Sep 29 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27269]: pam_unix(cron:session): session closed for user root
Sep 29 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Connection closed by 162.144.236.216 port 47290 [preauth]
Sep 29 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: Failed password for root from 162.144.236.216 port 53972 ssh2
Sep 29 07:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: Connection closed by 162.144.236.216 port 53972 [preauth]
Sep 29 07:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: Failed password for root from 162.144.236.216 port 60792 ssh2
Sep 29 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31066]: Connection closed by 162.144.236.216 port 60792 [preauth]
Sep 29 07:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session closed for user root
Sep 29 07:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: Failed password for root from 162.144.236.216 port 40760 ssh2
Sep 29 07:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31108]: Connection closed by 162.144.236.216 port 40760 [preauth]
Sep 29 07:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for root from 162.144.236.216 port 49012 ssh2
Sep 29 07:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Connection closed by 162.144.236.216 port 49012 [preauth]
Sep 29 07:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Failed password for root from 162.144.236.216 port 56304 ssh2
Sep 29 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Connection closed by 162.144.236.216 port 56304 [preauth]
Sep 29 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31281]: Successful su for rubyman by root
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31281]: + ??? root:rubyman
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313431 of user rubyman.
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31281]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313431.
Sep 29 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Failed password for root from 162.144.236.216 port 34496 ssh2
Sep 29 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session closed for user root
Sep 29 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Connection closed by 162.144.236.216 port 34496 [preauth]
Sep 29 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Failed password for root from 196.251.71.24 port 60750 ssh2
Sep 29 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Connection closed by 196.251.71.24 port 60750 [preauth]
Sep 29 07:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Failed password for root from 162.144.236.216 port 41882 ssh2
Sep 29 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Connection closed by 162.144.236.216 port 41882 [preauth]
Sep 29 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Failed password for root from 162.144.236.216 port 49766 ssh2
Sep 29 07:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Connection closed by 162.144.236.216 port 49766 [preauth]
Sep 29 07:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30150]: pam_unix(cron:session): session closed for user root
Sep 29 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: Failed password for root from 162.144.236.216 port 56368 ssh2
Sep 29 07:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: Connection closed by 162.144.236.216 port 56368 [preauth]
Sep 29 07:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Failed password for root from 162.144.236.216 port 35528 ssh2
Sep 29 07:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Connection closed by 162.144.236.216 port 35528 [preauth]
Sep 29 07:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for root from 162.144.236.216 port 42564 ssh2
Sep 29 07:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Connection closed by 162.144.236.216 port 42564 [preauth]
Sep 29 07:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Failed password for root from 162.144.236.216 port 48276 ssh2
Sep 29 07:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Connection closed by 162.144.236.216 port 48276 [preauth]
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session closed for user root
Sep 29 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31705]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31782]: Successful su for rubyman by root
Sep 29 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31782]: + ??? root:rubyman
Sep 29 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313434 of user rubyman.
Sep 29 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31782]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313434.
Sep 29 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31707]: pam_unix(cron:session): session closed for user root
Sep 29 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session closed for user root
Sep 29 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31706]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Failed password for root from 162.144.236.216 port 55196 ssh2
Sep 29 07:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Connection closed by 162.144.236.216 port 55196 [preauth]
Sep 29 07:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Failed password for root from 162.144.236.216 port 32848 ssh2
Sep 29 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Connection closed by 162.144.236.216 port 32848 [preauth]
Sep 29 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session closed for user root
Sep 29 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Failed password for root from 162.144.236.216 port 40156 ssh2
Sep 29 07:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Connection closed by 162.144.236.216 port 40156 [preauth]
Sep 29 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Failed password for root from 162.144.236.216 port 48656 ssh2
Sep 29 07:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Connection closed by 162.144.236.216 port 48656 [preauth]
Sep 29 07:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32199]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32271]: Successful su for rubyman by root
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32271]: + ??? root:rubyman
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313440 of user rubyman.
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32271]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313440.
Sep 29 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29088]: pam_unix(cron:session): session closed for user root
Sep 29 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Failed password for root from 162.144.236.216 port 58030 ssh2
Sep 29 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Failed password for root from 196.251.71.24 port 55720 ssh2
Sep 29 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32200]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32192]: Connection closed by 162.144.236.216 port 58030 [preauth]
Sep 29 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32195]: Connection closed by 196.251.71.24 port 55720 [preauth]
Sep 29 07:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Failed password for root from 162.144.236.216 port 36412 ssh2
Sep 29 07:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Connection closed by 162.144.236.216 port 36412 [preauth]
Sep 29 07:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Failed password for root from 162.144.236.216 port 43244 ssh2
Sep 29 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Invalid user cftest from 46.101.170.54
Sep 29 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: input_userauth_request: invalid user cftest [preauth]
Sep 29 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 29 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Failed password for invalid user cftest from 46.101.170.54 port 36376 ssh2
Sep 29 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Connection closed by 46.101.170.54 port 36376 [preauth]
Sep 29 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32500]: Connection closed by 162.144.236.216 port 43244 [preauth]
Sep 29 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session closed for user root
Sep 29 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Failed password for root from 162.144.236.216 port 49748 ssh2
Sep 29 07:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Connection closed by 162.144.236.216 port 49748 [preauth]
Sep 29 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32644]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32709]: Successful su for rubyman by root
Sep 29 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32709]: + ??? root:rubyman
Sep 29 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313445 of user rubyman.
Sep 29 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32709]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313445.
Sep 29 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29642]: pam_unix(cron:session): session closed for user root
Sep 29 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Failed password for root from 162.144.236.216 port 59392 ssh2
Sep 29 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Connection closed by 162.144.236.216 port 59392 [preauth]
Sep 29 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: Failed password for root from 162.144.236.216 port 37828 ssh2
Sep 29 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: Connection closed by 162.144.236.216 port 37828 [preauth]
Sep 29 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: Failed password for root from 162.144.236.216 port 44120 ssh2
Sep 29 07:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: Connection closed by 162.144.236.216 port 44120 [preauth]
Sep 29 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session closed for user root
Sep 29 07:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Failed password for root from 162.144.236.216 port 52754 ssh2
Sep 29 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Connection closed by 162.144.236.216 port 52754 [preauth]
Sep 29 07:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[698]: Successful su for rubyman by root
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[698]: + ??? root:rubyman
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313448 of user rubyman.
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[698]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313448.
Sep 29 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Failed password for root from 162.144.236.216 port 33198 ssh2
Sep 29 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Connection closed by 162.144.236.216 port 33198 [preauth]
Sep 29 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session closed for user root
Sep 29 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Failed password for root from 196.251.71.24 port 50870 ssh2
Sep 29 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Connection closed by 196.251.71.24 port 50870 [preauth]
Sep 29 07:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Failed password for root from 162.144.236.216 port 39298 ssh2
Sep 29 07:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Connection closed by 162.144.236.216 port 39298 [preauth]
Sep 29 07:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for root from 162.144.236.216 port 47224 ssh2
Sep 29 07:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Connection closed by 162.144.236.216 port 47224 [preauth]
Sep 29 07:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: Failed password for root from 162.144.236.216 port 54050 ssh2
Sep 29 07:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1055]: Connection closed by 162.144.236.216 port 54050 [preauth]
Sep 29 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32202]: pam_unix(cron:session): session closed for user root
Sep 29 07:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Invalid user test1 from 93.152.230.176
Sep 29 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: input_userauth_request: invalid user test1 [preauth]
Sep 29 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Failed password for invalid user test1 from 93.152.230.176 port 53905 ssh2
Sep 29 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Received disconnect from 93.152.230.176 port 53905:11: Client disconnecting normally [preauth]
Sep 29 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Disconnected from 93.152.230.176 port 53905 [preauth]
Sep 29 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Failed password for root from 162.144.236.216 port 60780 ssh2
Sep 29 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Connection closed by 162.144.236.216 port 60780 [preauth]
Sep 29 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1180]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1341]: Successful su for rubyman by root
Sep 29 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1341]: + ??? root:rubyman
Sep 29 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313452 of user rubyman.
Sep 29 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1341]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313452.
Sep 29 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1178]: pam_unix(cron:session): session closed for user root
Sep 29 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: Failed password for root from 162.144.236.216 port 40384 ssh2
Sep 29 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session closed for user root
Sep 29 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: Connection closed by 162.144.236.216 port 40384 [preauth]
Sep 29 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1181]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for root from 162.144.236.216 port 47916 ssh2
Sep 29 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Connection closed by 162.144.236.216 port 47916 [preauth]
Sep 29 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Failed password for root from 162.144.236.216 port 53642 ssh2
Sep 29 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session closed for user root
Sep 29 07:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Connection closed by 162.144.236.216 port 53642 [preauth]
Sep 29 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Failed password for root from 162.144.236.216 port 33834 ssh2
Sep 29 07:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1715]: Connection closed by 162.144.236.216 port 33834 [preauth]
Sep 29 07:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session closed for user root
Sep 29 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1776]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1853]: Successful su for rubyman by root
Sep 29 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1853]: + ??? root:rubyman
Sep 29 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313459 of user rubyman.
Sep 29 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1853]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313459.
Sep 29 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Failed password for root from 162.144.236.216 port 39924 ssh2
Sep 29 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Connection closed by 162.144.236.216 port 39924 [preauth]
Sep 29 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Failed password for root from 196.251.71.24 port 45548 ssh2
Sep 29 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session closed for user root
Sep 29 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session closed for user root
Sep 29 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Connection closed by 196.251.71.24 port 45548 [preauth]
Sep 29 07:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Failed password for root from 162.144.236.216 port 47388 ssh2
Sep 29 07:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1974]: Connection closed by 162.144.236.216 port 47388 [preauth]
Sep 29 07:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Failed password for root from 162.144.236.216 port 53538 ssh2
Sep 29 07:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Connection closed by 162.144.236.216 port 53538 [preauth]
Sep 29 07:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2172]: Invalid user admin from 139.19.117.131
Sep 29 07:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2172]: input_userauth_request: invalid user admin [preauth]
Sep 29 07:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session closed for user root
Sep 29 07:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Failed password for root from 162.144.236.216 port 59252 ssh2
Sep 29 07:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Connection closed by 162.144.236.216 port 59252 [preauth]
Sep 29 07:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2172]: Connection closed by 139.19.117.131 port 49686 [preauth]
Sep 29 07:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Failed password for root from 162.144.236.216 port 37748 ssh2
Sep 29 07:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Connection closed by 162.144.236.216 port 37748 [preauth]
Sep 29 07:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2336]: Successful su for rubyman by root
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2336]: + ??? root:rubyman
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313463 of user rubyman.
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2336]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313463.
Sep 29 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Failed password for root from 162.144.236.216 port 44952 ssh2
Sep 29 07:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2256]: Connection closed by 162.144.236.216 port 44952 [preauth]
Sep 29 07:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31709]: pam_unix(cron:session): session closed for user root
Sep 29 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2269]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Failed password for root from 162.144.236.216 port 51070 ssh2
Sep 29 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Connection closed by 162.144.236.216 port 51070 [preauth]
Sep 29 07:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Failed password for root from 162.144.236.216 port 58378 ssh2
Sep 29 07:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Connection closed by 162.144.236.216 port 58378 [preauth]
Sep 29 07:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1183]: pam_unix(cron:session): session closed for user root
Sep 29 07:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for root from 162.144.236.216 port 36760 ssh2
Sep 29 07:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Connection closed by 162.144.236.216 port 36760 [preauth]
Sep 29 07:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Failed password for root from 162.144.236.216 port 42374 ssh2
Sep 29 07:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Connection closed by 162.144.236.216 port 42374 [preauth]
Sep 29 07:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Failed password for root from 196.251.71.24 port 40318 ssh2
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: Successful su for rubyman by root
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: + ??? root:rubyman
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313468 of user rubyman.
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313468.
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Connection closed by 196.251.71.24 port 40318 [preauth]
Sep 29 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Failed password for root from 162.144.236.216 port 50500 ssh2
Sep 29 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session closed for user root
Sep 29 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Connection closed by 162.144.236.216 port 50500 [preauth]
Sep 29 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2717]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Failed password for root from 162.144.236.216 port 57084 ssh2
Sep 29 07:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Connection closed by 162.144.236.216 port 57084 [preauth]
Sep 29 07:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Failed password for root from 162.144.236.216 port 35204 ssh2
Sep 29 07:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Connection closed by 162.144.236.216 port 35204 [preauth]
Sep 29 07:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session closed for user root
Sep 29 07:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3050]: Failed password for root from 162.144.236.216 port 42004 ssh2
Sep 29 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3050]: Connection closed by 162.144.236.216 port 42004 [preauth]
Sep 29 07:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3144]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3207]: Successful su for rubyman by root
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3207]: + ??? root:rubyman
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313472 of user rubyman.
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3207]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313472.
Sep 29 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: Failed password for root from 162.144.236.216 port 51338 ssh2
Sep 29 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: Connection closed by 162.144.236.216 port 51338 [preauth]
Sep 29 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session closed for user root
Sep 29 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Failed password for root from 162.144.236.216 port 57850 ssh2
Sep 29 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Connection closed by 162.144.236.216 port 57850 [preauth]
Sep 29 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Failed password for root from 162.144.236.216 port 34868 ssh2
Sep 29 07:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3423]: Connection closed by 162.144.236.216 port 34868 [preauth]
Sep 29 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2271]: pam_unix(cron:session): session closed for user root
Sep 29 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Failed password for root from 162.144.236.216 port 42192 ssh2
Sep 29 07:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Connection closed by 162.144.236.216 port 42192 [preauth]
Sep 29 07:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Failed password for root from 196.251.71.24 port 34806 ssh2
Sep 29 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Connection closed by 196.251.71.24 port 34806 [preauth]
Sep 29 07:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3580]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: Failed password for root from 162.144.236.216 port 50522 ssh2
Sep 29 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3642]: Successful su for rubyman by root
Sep 29 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3642]: + ??? root:rubyman
Sep 29 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313475 of user rubyman.
Sep 29 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3642]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313475.
Sep 29 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: Connection closed by 162.144.236.216 port 50522 [preauth]
Sep 29 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session closed for user root
Sep 29 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3581]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Failed password for root from 162.144.236.216 port 60380 ssh2
Sep 29 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Connection closed by 162.144.236.216 port 60380 [preauth]
Sep 29 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Failed password for root from 162.144.236.216 port 40108 ssh2
Sep 29 07:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Connection closed by 162.144.236.216 port 40108 [preauth]
Sep 29 07:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session closed for user root
Sep 29 07:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: Failed password for root from 162.144.236.216 port 49554 ssh2
Sep 29 07:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: Connection closed by 162.144.236.216 port 49554 [preauth]
Sep 29 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4024]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session closed for user root
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4022]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: Successful su for rubyman by root
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: + ??? root:rubyman
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313480 of user rubyman.
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4096]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313480.
Sep 29 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4024]: pam_unix(cron:session): session closed for user root
Sep 29 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1182]: pam_unix(cron:session): session closed for user root
Sep 29 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4023]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: Failed password for root from 162.144.236.216 port 58584 ssh2
Sep 29 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4010]: Connection closed by 162.144.236.216 port 58584 [preauth]
Sep 29 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Failed password for root from 162.144.236.216 port 38944 ssh2
Sep 29 07:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4347]: Connection closed by 162.144.236.216 port 38944 [preauth]
Sep 29 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for root from 162.144.236.216 port 44340 ssh2
Sep 29 07:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Connection closed by 162.144.236.216 port 44340 [preauth]
Sep 29 07:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: Failed password for root from 162.144.236.216 port 50516 ssh2
Sep 29 07:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: Connection closed by 162.144.236.216 port 50516 [preauth]
Sep 29 07:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session closed for user root
Sep 29 07:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for root from 162.144.236.216 port 56626 ssh2
Sep 29 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Connection closed by 162.144.236.216 port 56626 [preauth]
Sep 29 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Failed password for root from 162.144.236.216 port 34504 ssh2
Sep 29 07:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Connection closed by 162.144.236.216 port 34504 [preauth]
Sep 29 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Failed password for root from 196.251.71.24 port 57218 ssh2
Sep 29 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Connection closed by 196.251.71.24 port 57218 [preauth]
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: Successful su for rubyman by root
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: + ??? root:rubyman
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313487 of user rubyman.
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313487.
Sep 29 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for root from 162.144.236.216 port 41532 ssh2
Sep 29 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Connection closed by 162.144.236.216 port 41532 [preauth]
Sep 29 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session closed for user root
Sep 29 07:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4508]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Failed password for root from 162.144.236.216 port 46352 ssh2
Sep 29 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4741]: Connection closed by 162.144.236.216 port 46352 [preauth]
Sep 29 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4829]: Failed password for root from 162.144.236.216 port 51244 ssh2
Sep 29 07:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4829]: Connection closed by 162.144.236.216 port 51244 [preauth]
Sep 29 07:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3583]: pam_unix(cron:session): session closed for user root
Sep 29 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Failed password for root from 162.144.236.216 port 57548 ssh2
Sep 29 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Connection closed by 162.144.236.216 port 57548 [preauth]
Sep 29 07:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5037]: Successful su for rubyman by root
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5037]: + ??? root:rubyman
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313491 of user rubyman.
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5037]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313491.
Sep 29 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Failed password for root from 162.144.236.216 port 36186 ssh2
Sep 29 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Connection closed by 162.144.236.216 port 36186 [preauth]
Sep 29 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session closed for user root
Sep 29 07:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Failed password for root from 162.144.236.216 port 43264 ssh2
Sep 29 07:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5186]: Connection closed by 162.144.236.216 port 43264 [preauth]
Sep 29 07:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Failed password for root from 93.152.230.176 port 39135 ssh2
Sep 29 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Received disconnect from 93.152.230.176 port 39135:11: Client disconnecting normally [preauth]
Sep 29 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Disconnected from 93.152.230.176 port 39135 [preauth]
Sep 29 07:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Failed password for root from 162.144.236.216 port 50732 ssh2
Sep 29 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Connection closed by 162.144.236.216 port 50732 [preauth]
Sep 29 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Failed password for root from 162.144.236.216 port 58438 ssh2
Sep 29 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session closed for user root
Sep 29 07:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Connection closed by 162.144.236.216 port 58438 [preauth]
Sep 29 07:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Failed password for root from 196.251.71.24 port 51398 ssh2
Sep 29 07:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Connection closed by 196.251.71.24 port 51398 [preauth]
Sep 29 07:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: Failed password for root from 162.144.236.216 port 36296 ssh2
Sep 29 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: Connection closed by 162.144.236.216 port 36296 [preauth]
Sep 29 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5512]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5582]: Successful su for rubyman by root
Sep 29 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5582]: + ??? root:rubyman
Sep 29 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313493 of user rubyman.
Sep 29 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5582]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313493.
Sep 29 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: Failed password for root from 162.144.236.216 port 43232 ssh2
Sep 29 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2718]: pam_unix(cron:session): session closed for user root
Sep 29 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5491]: Connection closed by 162.144.236.216 port 43232 [preauth]
Sep 29 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: Failed password for root from 162.144.236.216 port 49558 ssh2
Sep 29 07:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: Connection closed by 162.144.236.216 port 49558 [preauth]
Sep 29 07:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Failed password for root from 162.144.236.216 port 57568 ssh2
Sep 29 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Connection closed by 162.144.236.216 port 57568 [preauth]
Sep 29 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session closed for user root
Sep 29 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5879]: Failed password for root from 162.144.236.216 port 37316 ssh2
Sep 29 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5879]: Connection closed by 162.144.236.216 port 37316 [preauth]
Sep 29 07:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5973]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: Successful su for rubyman by root
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: + ??? root:rubyman
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313498 of user rubyman.
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313498.
Sep 29 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Failed password for root from 162.144.236.216 port 45376 ssh2
Sep 29 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection closed by 162.144.236.216 port 45376 [preauth]
Sep 29 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session closed for user root
Sep 29 07:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for root from 162.144.236.216 port 52362 ssh2
Sep 29 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Connection closed by 162.144.236.216 port 52362 [preauth]
Sep 29 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Failed password for root from 162.144.236.216 port 59660 ssh2
Sep 29 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Connection closed by 162.144.236.216 port 59660 [preauth]
Sep 29 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for root from 162.144.236.216 port 36656 ssh2
Sep 29 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Connection closed by 162.144.236.216 port 36656 [preauth]
Sep 29 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4967]: pam_unix(cron:session): session closed for user root
Sep 29 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for root from 196.251.71.24 port 45520 ssh2
Sep 29 07:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Connection closed by 196.251.71.24 port 45520 [preauth]
Sep 29 07:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: Failed password for root from 162.144.236.216 port 42598 ssh2
Sep 29 07:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6317]: Connection closed by 162.144.236.216 port 42598 [preauth]
Sep 29 07:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for root from 162.144.236.216 port 48550 ssh2
Sep 29 07:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Connection closed by 162.144.236.216 port 48550 [preauth]
Sep 29 07:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user root
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: Successful su for rubyman by root
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: + ??? root:rubyman
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313503 of user rubyman.
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313503.
Sep 29 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user root
Sep 29 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3582]: pam_unix(cron:session): session closed for user root
Sep 29 07:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Failed password for root from 162.144.236.216 port 54644 ssh2
Sep 29 07:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Connection closed by 162.144.236.216 port 54644 [preauth]
Sep 29 07:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for root from 162.144.236.216 port 34578 ssh2
Sep 29 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Connection closed by 162.144.236.216 port 34578 [preauth]
Sep 29 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Failed password for root from 162.144.236.216 port 40996 ssh2
Sep 29 07:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6862]: Connection closed by 162.144.236.216 port 40996 [preauth]
Sep 29 07:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5515]: pam_unix(cron:session): session closed for user root
Sep 29 07:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Failed password for root from 162.144.236.216 port 48166 ssh2
Sep 29 07:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Connection closed by 162.144.236.216 port 48166 [preauth]
Sep 29 07:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Failed password for root from 162.144.236.216 port 54414 ssh2
Sep 29 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7090]: Successful su for rubyman by root
Sep 29 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7090]: + ??? root:rubyman
Sep 29 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313507 of user rubyman.
Sep 29 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7090]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313507.
Sep 29 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Connection closed by 162.144.236.216 port 54414 [preauth]
Sep 29 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4025]: pam_unix(cron:session): session closed for user root
Sep 29 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for root from 162.144.236.216 port 35328 ssh2
Sep 29 07:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Connection closed by 162.144.236.216 port 35328 [preauth]
Sep 29 07:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Failed password for root from 162.144.236.216 port 41252 ssh2
Sep 29 07:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7412]: Connection closed by 162.144.236.216 port 41252 [preauth]
Sep 29 07:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5973]: pam_unix(cron:session): session closed for user root
Sep 29 07:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for root from 196.251.71.24 port 39274 ssh2
Sep 29 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 196.251.71.24 port 39274 [preauth]
Sep 29 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Invalid user deploy from 164.68.105.9
Sep 29 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: input_userauth_request: invalid user deploy [preauth]
Sep 29 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Failed password for invalid user deploy from 164.68.105.9 port 58026 ssh2
Sep 29 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Connection closed by 164.68.105.9 port 58026 [preauth]
Sep 29 07:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Failed password for root from 162.144.236.216 port 49296 ssh2
Sep 29 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7458]: Connection closed by 162.144.236.216 port 49296 [preauth]
Sep 29 07:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7552]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7551]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: Successful su for rubyman by root
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: + ??? root:rubyman
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313511 of user rubyman.
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313511.
Sep 29 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7525]: Failed password for root from 162.144.236.216 port 56576 ssh2
Sep 29 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7525]: Connection closed by 162.144.236.216 port 56576 [preauth]
Sep 29 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session closed for user root
Sep 29 07:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7550]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: Failed password for root from 162.144.236.216 port 34994 ssh2
Sep 29 07:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7700]: Connection closed by 162.144.236.216 port 34994 [preauth]
Sep 29 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Failed password for root from 162.144.236.216 port 44050 ssh2
Sep 29 07:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Connection closed by 162.144.236.216 port 44050 [preauth]
Sep 29 07:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Did not receive identification string from 47.251.166.236
Sep 29 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user root
Sep 29 07:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Failed password for root from 162.144.236.216 port 52180 ssh2
Sep 29 07:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Connection closed by 162.144.236.216 port 52180 [preauth]
Sep 29 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: Failed password for root from 162.144.236.216 port 59420 ssh2
Sep 29 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8003]: Connection closed by 162.144.236.216 port 59420 [preauth]
Sep 29 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8117]: Successful su for rubyman by root
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8117]: + ??? root:rubyman
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313515 of user rubyman.
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8117]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313515.
Sep 29 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session closed for user root
Sep 29 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Failed password for root from 162.144.236.216 port 36732 ssh2
Sep 29 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Connection closed by 162.144.236.216 port 36732 [preauth]
Sep 29 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Failed password for root from 162.144.236.216 port 41882 ssh2
Sep 29 07:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Connection closed by 162.144.236.216 port 41882 [preauth]
Sep 29 07:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: Failed password for root from 162.144.236.216 port 51380 ssh2
Sep 29 07:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: Connection closed by 162.144.236.216 port 51380 [preauth]
Sep 29 07:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6998]: pam_unix(cron:session): session closed for user root
Sep 29 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 196.251.71.24 port 33302 ssh2
Sep 29 07:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Connection closed by 196.251.71.24 port 33302 [preauth]
Sep 29 07:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Failed password for root from 162.144.236.216 port 57046 ssh2
Sep 29 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Connection closed by 162.144.236.216 port 57046 [preauth]
Sep 29 07:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Failed password for root from 162.144.236.216 port 36370 ssh2
Sep 29 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Connection closed by 162.144.236.216 port 36370 [preauth]
Sep 29 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8529]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: Successful su for rubyman by root
Sep 29 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: + ??? root:rubyman
Sep 29 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313519 of user rubyman.
Sep 29 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313519.
Sep 29 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5514]: pam_unix(cron:session): session closed for user root
Sep 29 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8528]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Failed password for root from 162.144.236.216 port 42006 ssh2
Sep 29 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Connection closed by 162.144.236.216 port 42006 [preauth]
Sep 29 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for root from 162.144.236.216 port 50118 ssh2
Sep 29 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Connection closed by 162.144.236.216 port 50118 [preauth]
Sep 29 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7552]: pam_unix(cron:session): session closed for user root
Sep 29 07:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Failed password for root from 162.144.236.216 port 57338 ssh2
Sep 29 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8993]: Connection closed by 162.144.236.216 port 57338 [preauth]
Sep 29 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Failed password for root from 162.144.236.216 port 35564 ssh2
Sep 29 07:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Connection closed by 162.144.236.216 port 35564 [preauth]
Sep 29 07:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session closed for user root
Sep 29 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9265]: Successful su for rubyman by root
Sep 29 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9265]: + ??? root:rubyman
Sep 29 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313523 of user rubyman.
Sep 29 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9265]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313523.
Sep 29 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session closed for user root
Sep 29 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session closed for user root
Sep 29 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Failed password for root from 162.144.236.216 port 43028 ssh2
Sep 29 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9088]: Connection closed by 162.144.236.216 port 43028 [preauth]
Sep 29 07:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Failed password for root from 162.144.236.216 port 48986 ssh2
Sep 29 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9510]: Connection closed by 162.144.236.216 port 48986 [preauth]
Sep 29 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Failed password for root from 196.251.71.24 port 55200 ssh2
Sep 29 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Connection closed by 196.251.71.24 port 55200 [preauth]
Sep 29 07:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Failed password for root from 162.144.236.216 port 56196 ssh2
Sep 29 07:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8040]: pam_unix(cron:session): session closed for user root
Sep 29 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Connection closed by 162.144.236.216 port 56196 [preauth]
Sep 29 07:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Invalid user admin from 93.152.230.176
Sep 29 07:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: input_userauth_request: invalid user admin [preauth]
Sep 29 07:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 07:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for invalid user admin from 93.152.230.176 port 35024 ssh2
Sep 29 07:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Received disconnect from 93.152.230.176 port 35024:11: Client disconnecting normally [preauth]
Sep 29 07:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Disconnected from 93.152.230.176 port 35024 [preauth]
Sep 29 07:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Failed password for root from 162.144.236.216 port 35608 ssh2
Sep 29 07:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Connection closed by 162.144.236.216 port 35608 [preauth]
Sep 29 07:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: Successful su for rubyman by root
Sep 29 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: + ??? root:rubyman
Sep 29 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313530 of user rubyman.
Sep 29 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313530.
Sep 29 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user root
Sep 29 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 162.144.236.216 port 44016 ssh2
Sep 29 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Connection closed by 162.144.236.216 port 44016 [preauth]
Sep 29 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Failed password for root from 162.144.236.216 port 51236 ssh2
Sep 29 07:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Connection closed by 162.144.236.216 port 51236 [preauth]
Sep 29 07:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Failed password for root from 162.144.236.216 port 57292 ssh2
Sep 29 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Connection closed by 162.144.236.216 port 57292 [preauth]
Sep 29 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Failed password for root from 162.144.236.216 port 36978 ssh2
Sep 29 07:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session closed for user root
Sep 29 07:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Connection closed by 162.144.236.216 port 36978 [preauth]
Sep 29 07:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: Failed password for root from 162.144.236.216 port 44764 ssh2
Sep 29 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: Connection closed by 162.144.236.216 port 44764 [preauth]
Sep 29 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Invalid user support from 62.60.131.157
Sep 29 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: input_userauth_request: invalid user support [preauth]
Sep 29 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 07:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Failed password for invalid user support from 62.60.131.157 port 63532 ssh2
Sep 29 07:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Failed password for invalid user support from 62.60.131.157 port 63532 ssh2
Sep 29 07:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Failed password for root from 162.144.236.216 port 52238 ssh2
Sep 29 07:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Failed password for invalid user support from 62.60.131.157 port 63532 ssh2
Sep 29 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Connection closed by 162.144.236.216 port 52238 [preauth]
Sep 29 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Failed password for invalid user support from 62.60.131.157 port 63532 ssh2
Sep 29 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Failed password for invalid user support from 62.60.131.157 port 63532 ssh2
Sep 29 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Received disconnect from 62.60.131.157 port 63532:11: Bye [preauth]
Sep 29 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: Disconnected from 62.60.131.157 port 63532 [preauth]
Sep 29 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 07:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10244]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10283]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10358]: Successful su for rubyman by root
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10358]: + ??? root:rubyman
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313535 of user rubyman.
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10358]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313535.
Sep 29 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10269]: Failed password for root from 162.144.236.216 port 59534 ssh2
Sep 29 07:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6997]: pam_unix(cron:session): session closed for user root
Sep 29 07:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10269]: Connection closed by 162.144.236.216 port 59534 [preauth]
Sep 29 07:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Failed password for root from 162.144.236.216 port 39276 ssh2
Sep 29 07:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Connection closed by 162.144.236.216 port 39276 [preauth]
Sep 29 07:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Failed password for root from 196.251.71.24 port 48890 ssh2
Sep 29 07:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10608]: Connection closed by 196.251.71.24 port 48890 [preauth]
Sep 29 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session closed for user root
Sep 29 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Failed password for root from 162.144.236.216 port 47548 ssh2
Sep 29 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Connection closed by 162.144.236.216 port 47548 [preauth]
Sep 29 07:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Failed password for root from 162.144.236.216 port 54968 ssh2
Sep 29 07:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Connection closed by 162.144.236.216 port 54968 [preauth]
Sep 29 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10747]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: Successful su for rubyman by root
Sep 29 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: + ??? root:rubyman
Sep 29 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313538 of user rubyman.
Sep 29 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10808]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313538.
Sep 29 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7551]: pam_unix(cron:session): session closed for user root
Sep 29 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for root from 162.144.236.216 port 34690 ssh2
Sep 29 07:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Connection closed by 162.144.236.216 port 34690 [preauth]
Sep 29 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: Failed password for root from 162.144.236.216 port 42982 ssh2
Sep 29 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11047]: Connection closed by 162.144.236.216 port 42982 [preauth]
Sep 29 07:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session closed for user root
Sep 29 07:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: Failed password for root from 162.144.236.216 port 49588 ssh2
Sep 29 07:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11081]: Connection closed by 162.144.236.216 port 49588 [preauth]
Sep 29 07:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Failed password for root from 162.144.236.216 port 56844 ssh2
Sep 29 07:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Connection closed by 162.144.236.216 port 56844 [preauth]
Sep 29 07:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session closed for user p13x
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: Successful su for rubyman by root
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: + ??? root:rubyman
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313542 of user rubyman.
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11241]: pam_unix(su:session): session closed for user rubyman
Sep 29 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313542.
Sep 29 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session closed for user root
Sep 29 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session closed for user samftp
Sep 29 07:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Failed password for root from 162.144.236.216 port 36120 ssh2
Sep 29 07:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Connection closed by 162.144.236.216 port 36120 [preauth]
Sep 29 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: Failed password for root from 196.251.71.24 port 41652 ssh2
Sep 29 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11452]: Failed password for root from 162.144.236.216 port 45410 ssh2
Sep 29 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: Connection closed by 196.251.71.24 port 41652 [preauth]
Sep 29 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11452]: Connection closed by 162.144.236.216 port 45410 [preauth]
Sep 29 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10286]: pam_unix(cron:session): session closed for user root
Sep 29 07:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Failed password for root from 162.144.236.216 port 52534 ssh2
Sep 29 07:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Connection closed by 162.144.236.216 port 52534 [preauth]
Sep 29 07:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 07:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 07:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: Failed password for root from 162.144.236.216 port 33864 ssh2
Sep 29 07:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: Connection closed by 162.144.236.216 port 33864 [preauth]
Sep 29 07:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session closed for user root
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user root
Sep 29 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: Successful su for rubyman by root
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: + ??? root:rubyman
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313545 of user rubyman.
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11841]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313545.
Sep 29 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Failed password for root from 162.144.236.216 port 41720 ssh2
Sep 29 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8529]: pam_unix(cron:session): session closed for user root
Sep 29 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user root
Sep 29 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Connection closed by 162.144.236.216 port 41720 [preauth]
Sep 29 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Failed password for root from 162.144.236.216 port 50040 ssh2
Sep 29 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12039]: Connection closed by 162.144.236.216 port 50040 [preauth]
Sep 29 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session closed for user root
Sep 29 08:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Failed password for root from 162.144.236.216 port 57966 ssh2
Sep 29 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Connection closed by 162.144.236.216 port 57966 [preauth]
Sep 29 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12207]: Failed password for root from 162.144.236.216 port 37690 ssh2
Sep 29 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12207]: Connection closed by 162.144.236.216 port 37690 [preauth]
Sep 29 08:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12277]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12276]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12274]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: Successful su for rubyman by root
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: + ??? root:rubyman
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313554 of user rubyman.
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313554.
Sep 29 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Failed password for root from 162.144.236.216 port 45516 ssh2
Sep 29 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Connection closed by 162.144.236.216 port 45516 [preauth]
Sep 29 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session closed for user root
Sep 29 08:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12275]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for root from 162.144.236.216 port 53240 ssh2
Sep 29 08:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 162.144.236.216 port 53240 [preauth]
Sep 29 08:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Failed password for root from 196.251.71.24 port 35672 ssh2
Sep 29 08:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Connection closed by 196.251.71.24 port 35672 [preauth]
Sep 29 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Failed password for root from 162.144.236.216 port 59612 ssh2
Sep 29 08:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Connection closed by 162.144.236.216 port 59612 [preauth]
Sep 29 08:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session closed for user root
Sep 29 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Failed password for root from 162.144.236.216 port 36596 ssh2
Sep 29 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Connection closed by 162.144.236.216 port 36596 [preauth]
Sep 29 08:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for root from 162.144.236.216 port 42884 ssh2
Sep 29 08:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Connection closed by 162.144.236.216 port 42884 [preauth]
Sep 29 08:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Failed password for root from 162.144.236.216 port 50190 ssh2
Sep 29 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Connection closed by 162.144.236.216 port 50190 [preauth]
Sep 29 08:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12804]: Successful su for rubyman by root
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12804]: + ??? root:rubyman
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313556 of user rubyman.
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12804]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313556.
Sep 29 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Failed password for root from 162.144.236.216 port 57386 ssh2
Sep 29 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session closed for user root
Sep 29 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Connection closed by 162.144.236.216 port 57386 [preauth]
Sep 29 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: Failed password for root from 162.144.236.216 port 35608 ssh2
Sep 29 08:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12995]: Connection closed by 162.144.236.216 port 35608 [preauth]
Sep 29 08:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Failed password for root from 162.144.236.216 port 41660 ssh2
Sep 29 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Connection closed by 162.144.236.216 port 41660 [preauth]
Sep 29 08:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Failed password for root from 162.144.236.216 port 47844 ssh2
Sep 29 08:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Connection closed by 162.144.236.216 port 47844 [preauth]
Sep 29 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user root
Sep 29 08:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for root from 162.144.236.216 port 52918 ssh2
Sep 29 08:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 162.144.236.216 port 52918 [preauth]
Sep 29 08:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Failed password for root from 162.144.236.216 port 32920 ssh2
Sep 29 08:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Connection closed by 162.144.236.216 port 32920 [preauth]
Sep 29 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Failed password for root from 162.144.236.216 port 39042 ssh2
Sep 29 08:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13160]: Connection closed by 162.144.236.216 port 39042 [preauth]
Sep 29 08:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Failed password for root from 162.144.236.216 port 45852 ssh2
Sep 29 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13263]: Successful su for rubyman by root
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13263]: + ??? root:rubyman
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313561 of user rubyman.
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13263]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313561.
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13178]: Connection closed by 162.144.236.216 port 45852 [preauth]
Sep 29 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session closed for user root
Sep 29 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Failed password for root from 162.144.236.216 port 52806 ssh2
Sep 29 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Connection closed by 162.144.236.216 port 52806 [preauth]
Sep 29 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for root from 196.251.71.24 port 57342 ssh2
Sep 29 08:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Failed password for root from 162.144.236.216 port 58384 ssh2
Sep 29 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Connection closed by 196.251.71.24 port 57342 [preauth]
Sep 29 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Connection closed by 162.144.236.216 port 58384 [preauth]
Sep 29 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: Failed password for root from 162.144.236.216 port 35890 ssh2
Sep 29 08:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13515]: Connection closed by 162.144.236.216 port 35890 [preauth]
Sep 29 08:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Failed password for root from 162.144.236.216 port 43272 ssh2
Sep 29 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12277]: pam_unix(cron:session): session closed for user root
Sep 29 08:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13540]: Connection closed by 162.144.236.216 port 43272 [preauth]
Sep 29 08:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: Failed password for root from 162.144.236.216 port 49748 ssh2
Sep 29 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: Connection closed by 162.144.236.216 port 49748 [preauth]
Sep 29 08:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: Successful su for rubyman by root
Sep 29 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: + ??? root:rubyman
Sep 29 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313565 of user rubyman.
Sep 29 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313565.
Sep 29 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session closed for user root
Sep 29 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Failed password for root from 162.144.236.216 port 57070 ssh2
Sep 29 08:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Connection closed by 162.144.236.216 port 57070 [preauth]
Sep 29 08:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13923]: Failed password for root from 162.144.236.216 port 36804 ssh2
Sep 29 08:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13923]: Connection closed by 162.144.236.216 port 36804 [preauth]
Sep 29 08:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Failed password for root from 162.144.236.216 port 43692 ssh2
Sep 29 08:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Connection closed by 162.144.236.216 port 43692 [preauth]
Sep 29 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session closed for user root
Sep 29 08:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Failed password for root from 162.144.236.216 port 51476 ssh2
Sep 29 08:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Connection closed by 162.144.236.216 port 51476 [preauth]
Sep 29 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Failed password for root from 162.144.236.216 port 33068 ssh2
Sep 29 08:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Connection closed by 162.144.236.216 port 33068 [preauth]
Sep 29 08:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Failed password for root from 162.144.236.216 port 39584 ssh2
Sep 29 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Connection closed by 162.144.236.216 port 39584 [preauth]
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14177]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user root
Sep 29 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: Successful su for rubyman by root
Sep 29 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: + ??? root:rubyman
Sep 29 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313569 of user rubyman.
Sep 29 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14256]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313569.
Sep 29 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session closed for user root
Sep 29 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14177]: pam_unix(cron:session): session closed for user root
Sep 29 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Failed password for root from 162.144.236.216 port 46522 ssh2
Sep 29 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Connection closed by 162.144.236.216 port 46522 [preauth]
Sep 29 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Failed password for root from 196.251.71.24 port 50530 ssh2
Sep 29 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14176]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Connection closed by 196.251.71.24 port 50530 [preauth]
Sep 29 08:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for root from 162.144.236.216 port 53060 ssh2
Sep 29 08:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Connection closed by 162.144.236.216 port 53060 [preauth]
Sep 29 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for root from 162.144.236.216 port 58432 ssh2
Sep 29 08:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Connection closed by 162.144.236.216 port 58432 [preauth]
Sep 29 08:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Failed password for root from 162.144.236.216 port 38508 ssh2
Sep 29 08:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session closed for user root
Sep 29 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Connection closed by 162.144.236.216 port 38508 [preauth]
Sep 29 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for root from 162.144.236.216 port 46052 ssh2
Sep 29 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 162.144.236.216 port 46052 [preauth]
Sep 29 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: Failed password for root from 162.144.236.216 port 52264 ssh2
Sep 29 08:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: Connection closed by 162.144.236.216 port 52264 [preauth]
Sep 29 08:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Failed password for root from 162.144.236.216 port 59524 ssh2
Sep 29 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Connection closed by 162.144.236.216 port 59524 [preauth]
Sep 29 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: Successful su for rubyman by root
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: + ??? root:rubyman
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313574 of user rubyman.
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14704]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313574.
Sep 29 08:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session closed for user root
Sep 29 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: Failed password for root from 162.144.236.216 port 36994 ssh2
Sep 29 08:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: Connection closed by 162.144.236.216 port 36994 [preauth]
Sep 29 08:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Failed password for root from 162.144.236.216 port 43350 ssh2
Sep 29 08:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14904]: Connection closed by 162.144.236.216 port 43350 [preauth]
Sep 29 08:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Failed password for root from 162.144.236.216 port 49704 ssh2
Sep 29 08:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14938]: Connection closed by 162.144.236.216 port 49704 [preauth]
Sep 29 08:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Failed password for root from 162.144.236.216 port 55864 ssh2
Sep 29 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Connection closed by 162.144.236.216 port 55864 [preauth]
Sep 29 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session closed for user root
Sep 29 08:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Failed password for root from 162.144.236.216 port 33230 ssh2
Sep 29 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Connection closed by 162.144.236.216 port 33230 [preauth]
Sep 29 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: Failed password for root from 162.144.236.216 port 40220 ssh2
Sep 29 08:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15019]: Connection closed by 162.144.236.216 port 40220 [preauth]
Sep 29 08:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: Failed password for root from 162.144.236.216 port 47520 ssh2
Sep 29 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15053]: Connection closed by 162.144.236.216 port 47520 [preauth]
Sep 29 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15142]: Successful su for rubyman by root
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15142]: + ??? root:rubyman
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313578 of user rubyman.
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15142]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313578.
Sep 29 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: Failed password for root from 196.251.71.24 port 43786 ssh2
Sep 29 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15064]: Connection closed by 196.251.71.24 port 43786 [preauth]
Sep 29 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12276]: pam_unix(cron:session): session closed for user root
Sep 29 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: Failed password for root from 162.144.236.216 port 55562 ssh2
Sep 29 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15074]: Connection closed by 162.144.236.216 port 55562 [preauth]
Sep 29 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Failed password for root from 162.144.236.216 port 35184 ssh2
Sep 29 08:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Connection closed by 162.144.236.216 port 35184 [preauth]
Sep 29 08:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Failed password for root from 162.144.236.216 port 41984 ssh2
Sep 29 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Connection closed by 162.144.236.216 port 41984 [preauth]
Sep 29 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session closed for user root
Sep 29 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Failed password for root from 162.144.236.216 port 50318 ssh2
Sep 29 08:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Connection closed by 162.144.236.216 port 50318 [preauth]
Sep 29 08:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for root from 162.144.236.216 port 57248 ssh2
Sep 29 08:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Connection closed by 162.144.236.216 port 57248 [preauth]
Sep 29 08:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: Successful su for rubyman by root
Sep 29 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: + ??? root:rubyman
Sep 29 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313583 of user rubyman.
Sep 29 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15571]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313583.
Sep 29 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session closed for user root
Sep 29 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Failed password for root from 162.144.236.216 port 33382 ssh2
Sep 29 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15502]: Connection closed by 162.144.236.216 port 33382 [preauth]
Sep 29 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Failed password for root from 162.144.236.216 port 39246 ssh2
Sep 29 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15780]: Connection closed by 162.144.236.216 port 39246 [preauth]
Sep 29 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: Failed password for root from 162.144.236.216 port 45360 ssh2
Sep 29 08:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: Connection closed by 162.144.236.216 port 45360 [preauth]
Sep 29 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session closed for user root
Sep 29 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Invalid user testftp from 20.163.71.109
Sep 29 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: input_userauth_request: invalid user testftp [preauth]
Sep 29 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Failed password for invalid user testftp from 20.163.71.109 port 48012 ssh2
Sep 29 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Connection closed by 20.163.71.109 port 48012 [preauth]
Sep 29 08:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Failed password for root from 162.144.236.216 port 52190 ssh2
Sep 29 08:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Connection closed by 162.144.236.216 port 52190 [preauth]
Sep 29 08:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Invalid user simcha from 80.94.95.112
Sep 29 08:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: input_userauth_request: invalid user simcha [preauth]
Sep 29 08:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 08:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user simcha from 80.94.95.112 port 63979 ssh2
Sep 29 08:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Failed password for root from 196.251.71.24 port 34286 ssh2
Sep 29 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Connection closed by 196.251.71.24 port 34286 [preauth]
Sep 29 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user simcha from 80.94.95.112 port 63979 ssh2
Sep 29 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Failed password for root from 162.144.236.216 port 33112 ssh2
Sep 29 08:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Connection closed by 162.144.236.216 port 33112 [preauth]
Sep 29 08:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user simcha from 80.94.95.112 port 63979 ssh2
Sep 29 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user simcha from 80.94.95.112 port 63979 ssh2
Sep 29 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16088]: Successful su for rubyman by root
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16088]: + ??? root:rubyman
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313586 of user rubyman.
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16088]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313586.
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user simcha from 80.94.95.112 port 63979 ssh2
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Received disconnect from 80.94.95.112 port 63979:11: Bye [preauth]
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Disconnected from 80.94.95.112 port 63979 [preauth]
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session closed for user root
Sep 29 08:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13195]: pam_unix(cron:session): session closed for user root
Sep 29 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Failed password for root from 162.144.236.216 port 38926 ssh2
Sep 29 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Connection closed by 162.144.236.216 port 38926 [preauth]
Sep 29 08:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Failed password for root from 162.144.236.216 port 45586 ssh2
Sep 29 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Connection closed by 162.144.236.216 port 45586 [preauth]
Sep 29 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for root from 162.144.236.216 port 55458 ssh2
Sep 29 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Connection closed by 162.144.236.216 port 55458 [preauth]
Sep 29 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15081]: pam_unix(cron:session): session closed for user root
Sep 29 08:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Failed password for root from 162.144.236.216 port 34494 ssh2
Sep 29 08:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Connection closed by 162.144.236.216 port 34494 [preauth]
Sep 29 08:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Failed password for root from 162.144.236.216 port 40252 ssh2
Sep 29 08:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Connection closed by 162.144.236.216 port 40252 [preauth]
Sep 29 08:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Failed password for root from 162.144.236.216 port 47824 ssh2
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16490]: pam_unix(cron:session): session closed for user root
Sep 29 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Connection closed by 162.144.236.216 port 47824 [preauth]
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16562]: Successful su for rubyman by root
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16562]: + ??? root:rubyman
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313592 of user rubyman.
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16562]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313592.
Sep 29 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session closed for user root
Sep 29 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session closed for user root
Sep 29 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for root from 162.144.236.216 port 56756 ssh2
Sep 29 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Connection closed by 162.144.236.216 port 56756 [preauth]
Sep 29 08:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Failed password for root from 162.144.236.216 port 37238 ssh2
Sep 29 08:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Connection closed by 162.144.236.216 port 37238 [preauth]
Sep 29 08:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for root from 162.144.236.216 port 42220 ssh2
Sep 29 08:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 162.144.236.216 port 42220 [preauth]
Sep 29 08:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for root from 162.144.236.216 port 48512 ssh2
Sep 29 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Connection closed by 162.144.236.216 port 48512 [preauth]
Sep 29 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15508]: pam_unix(cron:session): session closed for user root
Sep 29 08:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: Failed password for root from 162.144.236.216 port 54990 ssh2
Sep 29 08:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16908]: Connection closed by 162.144.236.216 port 54990 [preauth]
Sep 29 08:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Failed password for root from 196.251.71.24 port 51750 ssh2
Sep 29 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Connection closed by 196.251.71.24 port 51750 [preauth]
Sep 29 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Failed password for root from 162.144.236.216 port 60186 ssh2
Sep 29 08:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Connection closed by 162.144.236.216 port 60186 [preauth]
Sep 29 08:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Failed password for root from 162.144.236.216 port 38694 ssh2
Sep 29 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Connection closed by 162.144.236.216 port 38694 [preauth]
Sep 29 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16982]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: Successful su for rubyman by root
Sep 29 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: + ??? root:rubyman
Sep 29 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313597 of user rubyman.
Sep 29 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313597.
Sep 29 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: Failed password for root from 162.144.236.216 port 44256 ssh2
Sep 29 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16967]: Connection closed by 162.144.236.216 port 44256 [preauth]
Sep 29 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session closed for user root
Sep 29 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16983]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Failed password for root from 162.144.236.216 port 49446 ssh2
Sep 29 08:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Connection closed by 162.144.236.216 port 49446 [preauth]
Sep 29 08:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17285]: Failed password for root from 162.144.236.216 port 57002 ssh2
Sep 29 08:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17285]: Connection closed by 162.144.236.216 port 57002 [preauth]
Sep 29 08:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Failed password for root from 162.144.236.216 port 36068 ssh2
Sep 29 08:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Connection closed by 162.144.236.216 port 36068 [preauth]
Sep 29 08:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session closed for user root
Sep 29 08:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: Failed password for root from 162.144.236.216 port 40804 ssh2
Sep 29 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17347]: Connection closed by 162.144.236.216 port 40804 [preauth]
Sep 29 08:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Failed password for root from 162.144.236.216 port 49304 ssh2
Sep 29 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Connection closed by 162.144.236.216 port 49304 [preauth]
Sep 29 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Failed password for root from 162.144.236.216 port 55690 ssh2
Sep 29 08:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17418]: Connection closed by 162.144.236.216 port 55690 [preauth]
Sep 29 08:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: Successful su for rubyman by root
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: + ??? root:rubyman
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313602 of user rubyman.
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313602.
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Invalid user admin from 80.94.95.25
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: input_userauth_request: invalid user admin [preauth]
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: Failed password for root from 162.144.236.216 port 34010 ssh2
Sep 29 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user admin from 80.94.95.25 port 10856 ssh2
Sep 29 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17436]: Connection closed by 162.144.236.216 port 34010 [preauth]
Sep 29 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user root
Sep 29 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user admin from 80.94.95.25 port 10856 ssh2
Sep 29 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user admin from 80.94.95.25 port 10856 ssh2
Sep 29 08:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user admin from 80.94.95.25 port 10856 ssh2
Sep 29 08:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user admin from 80.94.95.25 port 10856 ssh2
Sep 29 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Received disconnect from 80.94.95.25 port 10856:11: Bye [preauth]
Sep 29 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Disconnected from 80.94.95.25 port 10856 [preauth]
Sep 29 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 08:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Failed password for root from 162.144.236.216 port 41228 ssh2
Sep 29 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Connection closed by 162.144.236.216 port 41228 [preauth]
Sep 29 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Failed password for root from 162.144.236.216 port 49710 ssh2
Sep 29 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Connection closed by 162.144.236.216 port 49710 [preauth]
Sep 29 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: Failed password for root from 162.144.236.216 port 57220 ssh2
Sep 29 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17872]: Connection closed by 162.144.236.216 port 57220 [preauth]
Sep 29 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16488]: pam_unix(cron:session): session closed for user root
Sep 29 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Failed password for root from 196.251.71.24 port 40694 ssh2
Sep 29 08:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Connection closed by 196.251.71.24 port 40694 [preauth]
Sep 29 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Failed password for root from 162.144.236.216 port 36736 ssh2
Sep 29 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Connection closed by 162.144.236.216 port 36736 [preauth]
Sep 29 08:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Failed password for root from 162.144.236.216 port 43606 ssh2
Sep 29 08:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Connection closed by 162.144.236.216 port 43606 [preauth]
Sep 29 08:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Failed password for root from 162.144.236.216 port 50288 ssh2
Sep 29 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17973]: Connection closed by 162.144.236.216 port 50288 [preauth]
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18076]: Successful su for rubyman by root
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18076]: + ??? root:rubyman
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313605 of user rubyman.
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18076]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313605.
Sep 29 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15079]: pam_unix(cron:session): session closed for user root
Sep 29 08:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 162.144.236.216 port 58114 ssh2
Sep 29 08:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Connection closed by 162.144.236.216 port 58114 [preauth]
Sep 29 08:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Failed password for root from 162.144.236.216 port 37512 ssh2
Sep 29 08:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Connection closed by 162.144.236.216 port 37512 [preauth]
Sep 29 08:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Failed password for root from 162.144.236.216 port 44578 ssh2
Sep 29 08:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Connection closed by 162.144.236.216 port 44578 [preauth]
Sep 29 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session closed for user root
Sep 29 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Failed password for root from 162.144.236.216 port 52348 ssh2
Sep 29 08:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Connection closed by 162.144.236.216 port 52348 [preauth]
Sep 29 08:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Failed password for root from 162.144.236.216 port 60598 ssh2
Sep 29 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Connection closed by 162.144.236.216 port 60598 [preauth]
Sep 29 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: Failed password for root from 162.144.236.216 port 39386 ssh2
Sep 29 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: Connection closed by 162.144.236.216 port 39386 [preauth]
Sep 29 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18789]: Successful su for rubyman by root
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18789]: + ??? root:rubyman
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313609 of user rubyman.
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18789]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313609.
Sep 29 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: Failed password for root from 162.144.236.216 port 44882 ssh2
Sep 29 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session closed for user root
Sep 29 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: Connection closed by 162.144.236.216 port 44882 [preauth]
Sep 29 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Failed password for root from 162.144.236.216 port 51958 ssh2
Sep 29 08:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Connection closed by 162.144.236.216 port 51958 [preauth]
Sep 29 08:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Failed password for root from 162.144.236.216 port 58636 ssh2
Sep 29 08:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19033]: Connection closed by 162.144.236.216 port 58636 [preauth]
Sep 29 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Failed password for root from 196.251.71.24 port 56470 ssh2
Sep 29 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=havanaz@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Connection closed by 196.251.71.24 port 56470 [preauth]
Sep 29 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=havanaz rhost=::ffff:79.124.49.146
Sep 29 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for root from 162.144.236.216 port 38424 ssh2
Sep 29 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Connection closed by 162.144.236.216 port 38424 [preauth]
Sep 29 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session closed for user root
Sep 29 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Failed password for root from 162.144.236.216 port 45808 ssh2
Sep 29 08:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Connection closed by 162.144.236.216 port 45808 [preauth]
Sep 29 08:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19172]: Failed password for root from 162.144.236.216 port 53370 ssh2
Sep 29 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19172]: Connection closed by 162.144.236.216 port 53370 [preauth]
Sep 29 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Failed password for root from 162.144.236.216 port 60250 ssh2
Sep 29 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Connection closed by 162.144.236.216 port 60250 [preauth]
Sep 29 08:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19235]: pam_unix(cron:session): session closed for user root
Sep 29 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: Successful su for rubyman by root
Sep 29 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: + ??? root:rubyman
Sep 29 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313614 of user rubyman.
Sep 29 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313614.
Sep 29 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session closed for user root
Sep 29 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session closed for user root
Sep 29 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Failed password for root from 162.144.236.216 port 38946 ssh2
Sep 29 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Connection closed by 162.144.236.216 port 38946 [preauth]
Sep 29 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Failed password for root from 162.144.236.216 port 43694 ssh2
Sep 29 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Connection closed by 162.144.236.216 port 43694 [preauth]
Sep 29 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Failed password for root from 162.144.236.216 port 48182 ssh2
Sep 29 08:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Connection closed by 162.144.236.216 port 48182 [preauth]
Sep 29 08:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Failed password for root from 162.144.236.216 port 53816 ssh2
Sep 29 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19937]: Connection closed by 162.144.236.216 port 53816 [preauth]
Sep 29 08:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session closed for user root
Sep 29 08:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Failed password for root from 162.144.236.216 port 60830 ssh2
Sep 29 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Connection closed by 162.144.236.216 port 60830 [preauth]
Sep 29 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20091]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: Successful su for rubyman by root
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: + ??? root:rubyman
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313619 of user rubyman.
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313619.
Sep 29 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session closed for user root
Sep 29 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20092]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Failed password for root from 162.144.236.216 port 43652 ssh2
Sep 29 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Connection closed by 162.144.236.216 port 43652 [preauth]
Sep 29 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Failed password for root from 162.144.236.216 port 51116 ssh2
Sep 29 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Connection closed by 162.144.236.216 port 51116 [preauth]
Sep 29 08:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: Failed password for root from 196.251.71.24 port 43588 ssh2
Sep 29 08:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: Connection closed by 196.251.71.24 port 43588 [preauth]
Sep 29 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: Failed password for root from 162.144.236.216 port 57340 ssh2
Sep 29 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: Connection closed by 162.144.236.216 port 57340 [preauth]
Sep 29 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user root
Sep 29 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Failed password for root from 162.144.236.216 port 37816 ssh2
Sep 29 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Connection closed by 162.144.236.216 port 37816 [preauth]
Sep 29 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Failed password for root from 162.144.236.216 port 43514 ssh2
Sep 29 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Connection closed by 162.144.236.216 port 43514 [preauth]
Sep 29 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20543]: Failed password for root from 162.144.236.216 port 50336 ssh2
Sep 29 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20543]: Connection closed by 162.144.236.216 port 50336 [preauth]
Sep 29 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session closed for user root
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20655]: Successful su for rubyman by root
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20655]: + ??? root:rubyman
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313626 of user rubyman.
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20655]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313626.
Sep 29 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for root from 162.144.236.216 port 58866 ssh2
Sep 29 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Connection closed by 162.144.236.216 port 58866 [preauth]
Sep 29 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16984]: pam_unix(cron:session): session closed for user root
Sep 29 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Failed password for root from 162.144.236.216 port 37268 ssh2
Sep 29 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Connection closed by 162.144.236.216 port 37268 [preauth]
Sep 29 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Failed password for root from 162.144.236.216 port 41872 ssh2
Sep 29 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20883]: Connection closed by 162.144.236.216 port 41872 [preauth]
Sep 29 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for root from 162.144.236.216 port 47958 ssh2
Sep 29 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Connection closed by 162.144.236.216 port 47958 [preauth]
Sep 29 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Failed password for root from 162.144.236.216 port 55502 ssh2
Sep 29 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Connection closed by 162.144.236.216 port 55502 [preauth]
Sep 29 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19234]: pam_unix(cron:session): session closed for user root
Sep 29 08:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Failed password for root from 162.144.236.216 port 32886 ssh2
Sep 29 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Connection closed by 162.144.236.216 port 32886 [preauth]
Sep 29 08:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Failed password for root from 162.144.236.216 port 39006 ssh2
Sep 29 08:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Connection closed by 162.144.236.216 port 39006 [preauth]
Sep 29 08:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: Successful su for rubyman by root
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: + ??? root:rubyman
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313628 of user rubyman.
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21124]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313628.
Sep 29 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session closed for user root
Sep 29 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Failed password for root from 196.251.71.24 port 59112 ssh2
Sep 29 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Connection closed by 196.251.71.24 port 59112 [preauth]
Sep 29 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: Failed password for root from 162.144.236.216 port 46096 ssh2
Sep 29 08:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: Connection closed by 162.144.236.216 port 46096 [preauth]
Sep 29 08:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Failed password for root from 162.144.236.216 port 53460 ssh2
Sep 29 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21345]: Connection closed by 162.144.236.216 port 53460 [preauth]
Sep 29 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20095]: pam_unix(cron:session): session closed for user root
Sep 29 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Failed password for root from 162.144.236.216 port 32772 ssh2
Sep 29 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21384]: Connection closed by 162.144.236.216 port 32772 [preauth]
Sep 29 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for root from 162.144.236.216 port 39838 ssh2
Sep 29 08:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Connection closed by 162.144.236.216 port 39838 [preauth]
Sep 29 08:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Failed password for root from 162.144.236.216 port 46004 ssh2
Sep 29 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Connection closed by 162.144.236.216 port 46004 [preauth]
Sep 29 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Failed password for root from 162.144.236.216 port 51670 ssh2
Sep 29 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21493]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21490]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21557]: Successful su for rubyman by root
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21557]: + ??? root:rubyman
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313634 of user rubyman.
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21557]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313634.
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Connection closed by 162.144.236.216 port 51670 [preauth]
Sep 29 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session closed for user root
Sep 29 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21491]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Failed password for root from 162.144.236.216 port 59106 ssh2
Sep 29 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Connection closed by 162.144.236.216 port 59106 [preauth]
Sep 29 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21768]: Failed password for root from 162.144.236.216 port 37092 ssh2
Sep 29 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21768]: Connection closed by 162.144.236.216 port 37092 [preauth]
Sep 29 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21804]: Failed password for root from 162.144.236.216 port 45352 ssh2
Sep 29 08:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21804]: Connection closed by 162.144.236.216 port 45352 [preauth]
Sep 29 08:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session closed for user root
Sep 29 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Failed password for root from 162.144.236.216 port 51052 ssh2
Sep 29 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Connection closed by 162.144.236.216 port 51052 [preauth]
Sep 29 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: Failed password for root from 162.144.236.216 port 57042 ssh2
Sep 29 08:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: Connection closed by 162.144.236.216 port 57042 [preauth]
Sep 29 08:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Failed password for root from 162.144.236.216 port 35194 ssh2
Sep 29 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Connection closed by 162.144.236.216 port 35194 [preauth]
Sep 29 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Failed password for root from 196.251.71.24 port 46016 ssh2
Sep 29 08:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Connection closed by 196.251.71.24 port 46016 [preauth]
Sep 29 08:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Failed password for root from 162.144.236.216 port 41630 ssh2
Sep 29 08:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Connection closed by 162.144.236.216 port 41630 [preauth]
Sep 29 08:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21952]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session closed for user root
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22029]: Successful su for rubyman by root
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22029]: + ??? root:rubyman
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313638 of user rubyman.
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22029]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313638.
Sep 29 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18725]: pam_unix(cron:session): session closed for user root
Sep 29 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21949]: pam_unix(cron:session): session closed for user root
Sep 29 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Failed password for root from 162.144.236.216 port 47724 ssh2
Sep 29 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21942]: Connection closed by 162.144.236.216 port 47724 [preauth]
Sep 29 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21948]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Failed password for root from 162.144.236.216 port 55460 ssh2
Sep 29 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22268]: Connection closed by 162.144.236.216 port 55460 [preauth]
Sep 29 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Failed password for root from 162.144.236.216 port 33418 ssh2
Sep 29 08:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Connection closed by 162.144.236.216 port 33418 [preauth]
Sep 29 08:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: Failed password for root from 162.144.236.216 port 38478 ssh2
Sep 29 08:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: Connection closed by 162.144.236.216 port 38478 [preauth]
Sep 29 08:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session closed for user root
Sep 29 08:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Failed password for root from 162.144.236.216 port 45624 ssh2
Sep 29 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Connection closed by 162.144.236.216 port 45624 [preauth]
Sep 29 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Failed password for root from 162.144.236.216 port 52662 ssh2
Sep 29 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Connection closed by 162.144.236.216 port 52662 [preauth]
Sep 29 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Failed password for root from 162.144.236.216 port 60328 ssh2
Sep 29 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Connection closed by 162.144.236.216 port 60328 [preauth]
Sep 29 08:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.137.255.140  user=root
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22521]: Successful su for rubyman by root
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22521]: + ??? root:rubyman
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313642 of user rubyman.
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22521]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313642.
Sep 29 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Failed password for root from 23.137.255.140 port 28738 ssh2
Sep 29 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Received disconnect from 23.137.255.140 port 28738:11: Bye Bye [preauth]
Sep 29 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Disconnected from 23.137.255.140 port 28738 [preauth]
Sep 29 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Failed password for root from 162.144.236.216 port 37310 ssh2
Sep 29 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user root
Sep 29 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Connection closed by 162.144.236.216 port 37310 [preauth]
Sep 29 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Failed password for root from 162.144.236.216 port 45340 ssh2
Sep 29 08:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Connection closed by 162.144.236.216 port 45340 [preauth]
Sep 29 08:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Failed password for root from 162.144.236.216 port 52204 ssh2
Sep 29 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Connection closed by 162.144.236.216 port 52204 [preauth]
Sep 29 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: Failed password for root from 162.144.236.216 port 57994 ssh2
Sep 29 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22980]: Connection closed by 162.144.236.216 port 57994 [preauth]
Sep 29 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21493]: pam_unix(cron:session): session closed for user root
Sep 29 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Failed password for root from 162.144.236.216 port 35810 ssh2
Sep 29 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Connection closed by 162.144.236.216 port 35810 [preauth]
Sep 29 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Failed password for root from 196.251.71.24 port 33004 ssh2
Sep 29 08:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Connection closed by 196.251.71.24 port 33004 [preauth]
Sep 29 08:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Failed password for root from 162.144.236.216 port 41840 ssh2
Sep 29 08:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Connection closed by 162.144.236.216 port 41840 [preauth]
Sep 29 08:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Failed password for root from 162.144.236.216 port 48870 ssh2
Sep 29 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Connection closed by 162.144.236.216 port 48870 [preauth]
Sep 29 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: Successful su for rubyman by root
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: + ??? root:rubyman
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313646 of user rubyman.
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: Failed password for root from 162.144.236.216 port 54584 ssh2
Sep 29 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313646.
Sep 29 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: Connection closed by 162.144.236.216 port 54584 [preauth]
Sep 29 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session closed for user root
Sep 29 08:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Failed password for root from 162.144.236.216 port 33290 ssh2
Sep 29 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Connection closed by 162.144.236.216 port 33290 [preauth]
Sep 29 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for root from 162.144.236.216 port 41096 ssh2
Sep 29 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Connection closed by 162.144.236.216 port 41096 [preauth]
Sep 29 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21952]: pam_unix(cron:session): session closed for user root
Sep 29 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for root from 162.144.236.216 port 47936 ssh2
Sep 29 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Connection closed by 162.144.236.216 port 47936 [preauth]
Sep 29 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: Failed password for root from 162.144.236.216 port 53358 ssh2
Sep 29 08:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: Connection closed by 162.144.236.216 port 53358 [preauth]
Sep 29 08:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23856]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: Successful su for rubyman by root
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: + ??? root:rubyman
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313651 of user rubyman.
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313651.
Sep 29 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session closed for user root
Sep 29 08:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23853]: Failed password for root from 162.144.236.216 port 59880 ssh2
Sep 29 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23853]: Connection closed by 162.144.236.216 port 59880 [preauth]
Sep 29 08:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Failed password for root from 196.251.71.24 port 47970 ssh2
Sep 29 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Connection closed by 196.251.71.24 port 47970 [preauth]
Sep 29 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Failed password for root from 162.144.236.216 port 41826 ssh2
Sep 29 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Connection closed by 162.144.236.216 port 41826 [preauth]
Sep 29 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user root
Sep 29 08:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: Failed password for root from 162.144.236.216 port 48446 ssh2
Sep 29 08:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: Connection closed by 162.144.236.216 port 48446 [preauth]
Sep 29 08:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Failed password for root from 162.144.236.216 port 54370 ssh2
Sep 29 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Connection closed by 162.144.236.216 port 54370 [preauth]
Sep 29 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Failed password for root from 162.144.236.216 port 33212 ssh2
Sep 29 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24324]: Connection closed by 162.144.236.216 port 33212 [preauth]
Sep 29 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24359]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Failed password for root from 162.144.236.216 port 39926 ssh2
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: Successful su for rubyman by root
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: + ??? root:rubyman
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313654 of user rubyman.
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313654.
Sep 29 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Connection closed by 162.144.236.216 port 39926 [preauth]
Sep 29 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user root
Sep 29 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Failed password for root from 162.144.236.216 port 46286 ssh2
Sep 29 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Connection closed by 162.144.236.216 port 46286 [preauth]
Sep 29 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for root from 162.144.236.216 port 52676 ssh2
Sep 29 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Connection closed by 162.144.236.216 port 52676 [preauth]
Sep 29 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for root from 162.144.236.216 port 59732 ssh2
Sep 29 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Connection closed by 162.144.236.216 port 59732 [preauth]
Sep 29 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23160]: pam_unix(cron:session): session closed for user root
Sep 29 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for root from 162.144.236.216 port 38420 ssh2
Sep 29 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Connection closed by 162.144.236.216 port 38420 [preauth]
Sep 29 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for root from 162.144.236.216 port 45356 ssh2
Sep 29 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 162.144.236.216 port 45356 [preauth]
Sep 29 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Failed password for root from 162.144.236.216 port 50210 ssh2
Sep 29 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Connection closed by 162.144.236.216 port 50210 [preauth]
Sep 29 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: Failed password for root from 162.144.236.216 port 56882 ssh2
Sep 29 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24810]: Connection closed by 162.144.236.216 port 56882 [preauth]
Sep 29 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session closed for user root
Sep 29 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: Successful su for rubyman by root
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: + ??? root:rubyman
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313660 of user rubyman.
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24902]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313660.
Sep 29 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Failed password for root from 162.144.236.216 port 34546 ssh2
Sep 29 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Connection closed by 162.144.236.216 port 34546 [preauth]
Sep 29 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21492]: pam_unix(cron:session): session closed for user root
Sep 29 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session closed for user root
Sep 29 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Failed password for root from 196.251.71.24 port 34610 ssh2
Sep 29 08:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Connection closed by 196.251.71.24 port 34610 [preauth]
Sep 29 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Failed password for root from 162.144.236.216 port 40928 ssh2
Sep 29 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Connection closed by 162.144.236.216 port 40928 [preauth]
Sep 29 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Failed password for root from 162.144.236.216 port 48440 ssh2
Sep 29 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Connection closed by 162.144.236.216 port 48440 [preauth]
Sep 29 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: Failed password for root from 162.144.236.216 port 54980 ssh2
Sep 29 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25214]: Connection closed by 162.144.236.216 port 54980 [preauth]
Sep 29 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session closed for user root
Sep 29 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for root from 162.144.236.216 port 33406 ssh2
Sep 29 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Connection closed by 162.144.236.216 port 33406 [preauth]
Sep 29 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Failed password for root from 162.144.236.216 port 40576 ssh2
Sep 29 08:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Connection closed by 162.144.236.216 port 40576 [preauth]
Sep 29 08:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Failed password for root from 162.144.236.216 port 47020 ssh2
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25564]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25544]: Connection closed by 162.144.236.216 port 47020 [preauth]
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: Successful su for rubyman by root
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: + ??? root:rubyman
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313664 of user rubyman.
Sep 29 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25643]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313664.
Sep 29 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Failed password for root from 162.144.236.216 port 55864 ssh2
Sep 29 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21951]: pam_unix(cron:session): session closed for user root
Sep 29 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25565]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Connection closed by 162.144.236.216 port 55864 [preauth]
Sep 29 08:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: Failed password for root from 162.144.236.216 port 34698 ssh2
Sep 29 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25957]: Connection closed by 162.144.236.216 port 34698 [preauth]
Sep 29 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Failed password for root from 162.144.236.216 port 39198 ssh2
Sep 29 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Connection closed by 162.144.236.216 port 39198 [preauth]
Sep 29 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Failed password for root from 162.144.236.216 port 46748 ssh2
Sep 29 08:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Connection closed by 162.144.236.216 port 46748 [preauth]
Sep 29 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24359]: pam_unix(cron:session): session closed for user root
Sep 29 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Failed password for root from 162.144.236.216 port 53044 ssh2
Sep 29 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Connection closed by 162.144.236.216 port 53044 [preauth]
Sep 29 08:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Failed password for root from 162.144.236.216 port 58658 ssh2
Sep 29 08:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Connection closed by 162.144.236.216 port 58658 [preauth]
Sep 29 08:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Failed password for root from 196.251.71.24 port 49486 ssh2
Sep 29 08:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Connection closed by 196.251.71.24 port 49486 [preauth]
Sep 29 08:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Failed password for root from 162.144.236.216 port 39412 ssh2
Sep 29 08:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Connection closed by 162.144.236.216 port 39412 [preauth]
Sep 29 08:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26149]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26147]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26221]: Successful su for rubyman by root
Sep 29 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26221]: + ??? root:rubyman
Sep 29 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313670 of user rubyman.
Sep 29 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26221]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313670.
Sep 29 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
Sep 29 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Failed password for root from 162.144.236.216 port 46366 ssh2
Sep 29 08:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Connection closed by 162.144.236.216 port 46366 [preauth]
Sep 29 08:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Failed password for root from 162.144.236.216 port 51758 ssh2
Sep 29 08:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Connection closed by 162.144.236.216 port 51758 [preauth]
Sep 29 08:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: Failed password for root from 162.144.236.216 port 59488 ssh2
Sep 29 08:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: Connection closed by 162.144.236.216 port 59488 [preauth]
Sep 29 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session closed for user root
Sep 29 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Failed password for root from 162.144.236.216 port 40410 ssh2
Sep 29 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Connection closed by 162.144.236.216 port 40410 [preauth]
Sep 29 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 162.144.236.216 port 46898 ssh2
Sep 29 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26722]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26720]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26815]: Successful su for rubyman by root
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26815]: + ??? root:rubyman
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313673 of user rubyman.
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26815]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313673.
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Connection closed by 162.144.236.216 port 46898 [preauth]
Sep 29 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session closed for user root
Sep 29 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26721]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Failed password for root from 162.144.236.216 port 53022 ssh2
Sep 29 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Connection closed by 162.144.236.216 port 53022 [preauth]
Sep 29 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Failed password for root from 162.144.236.216 port 59330 ssh2
Sep 29 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Connection closed by 162.144.236.216 port 59330 [preauth]
Sep 29 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: Failed password for root from 162.144.236.216 port 37322 ssh2
Sep 29 08:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27134]: Connection closed by 162.144.236.216 port 37322 [preauth]
Sep 29 08:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Failed password for root from 162.144.236.216 port 43730 ssh2
Sep 29 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Connection closed by 162.144.236.216 port 43730 [preauth]
Sep 29 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25567]: pam_unix(cron:session): session closed for user root
Sep 29 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: Failed password for root from 162.144.236.216 port 49584 ssh2
Sep 29 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27199]: Connection closed by 162.144.236.216 port 49584 [preauth]
Sep 29 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: Failed password for root from 196.251.71.24 port 36020 ssh2
Sep 29 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: Connection closed by 196.251.71.24 port 36020 [preauth]
Sep 29 08:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Failed password for root from 162.144.236.216 port 58360 ssh2
Sep 29 08:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Connection closed by 162.144.236.216 port 58360 [preauth]
Sep 29 08:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Failed password for root from 162.144.236.216 port 36722 ssh2
Sep 29 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27268]: Connection closed by 162.144.236.216 port 36722 [preauth]
Sep 29 08:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27292]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27382]: Successful su for rubyman by root
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27382]: + ??? root:rubyman
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313677 of user rubyman.
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27382]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313677.
Sep 29 08:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session closed for user root
Sep 29 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Failed password for root from 162.144.236.216 port 41754 ssh2
Sep 29 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Connection closed by 162.144.236.216 port 41754 [preauth]
Sep 29 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27293]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Failed password for root from 162.144.236.216 port 47644 ssh2
Sep 29 08:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Connection closed by 162.144.236.216 port 47644 [preauth]
Sep 29 08:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: Failed password for root from 162.144.236.216 port 54626 ssh2
Sep 29 08:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27780]: Connection closed by 162.144.236.216 port 54626 [preauth]
Sep 29 08:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Failed password for root from 162.144.236.216 port 33124 ssh2
Sep 29 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Connection closed by 162.144.236.216 port 33124 [preauth]
Sep 29 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
Sep 29 08:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: Failed password for root from 162.144.236.216 port 38090 ssh2
Sep 29 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27841]: Connection closed by 162.144.236.216 port 38090 [preauth]
Sep 29 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Failed password for root from 162.144.236.216 port 43824 ssh2
Sep 29 08:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Connection closed by 162.144.236.216 port 43824 [preauth]
Sep 29 08:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for root from 162.144.236.216 port 51844 ssh2
Sep 29 08:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Connection closed by 162.144.236.216 port 51844 [preauth]
Sep 29 08:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27950]: pam_unix(cron:session): session closed for user root
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28026]: Successful su for rubyman by root
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28026]: + ??? root:rubyman
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313680 of user rubyman.
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28026]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313680.
Sep 29 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Failed password for root from 162.144.236.216 port 59096 ssh2
Sep 29 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Connection closed by 162.144.236.216 port 59096 [preauth]
Sep 29 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27947]: pam_unix(cron:session): session closed for user root
Sep 29 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session closed for user root
Sep 29 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27945]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: Failed password for root from 162.144.236.216 port 36536 ssh2
Sep 29 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: Connection closed by 162.144.236.216 port 36536 [preauth]
Sep 29 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Failed password for root from 162.144.236.216 port 42462 ssh2
Sep 29 08:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Connection closed by 162.144.236.216 port 42462 [preauth]
Sep 29 08:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for root from 162.144.236.216 port 49274 ssh2
Sep 29 08:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Connection closed by 162.144.236.216 port 49274 [preauth]
Sep 29 08:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Sep 29 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Failed password for root from 196.251.71.24 port 50618 ssh2
Sep 29 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session closed for user root
Sep 29 08:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Connection closed by 196.251.71.24 port 50618 [preauth]
Sep 29 08:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Failed password for root from 162.144.236.216 port 56380 ssh2
Sep 29 08:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Connection closed by 162.144.236.216 port 56380 [preauth]
Sep 29 08:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for root from 162.144.236.216 port 35110 ssh2
Sep 29 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 162.144.236.216 port 35110 [preauth]
Sep 29 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Failed password for root from 162.144.236.216 port 42686 ssh2
Sep 29 08:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Connection closed by 162.144.236.216 port 42686 [preauth]
Sep 29 08:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28465]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28646]: Successful su for rubyman by root
Sep 29 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28646]: + ??? root:rubyman
Sep 29 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313686 of user rubyman.
Sep 29 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28646]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313686.
Sep 29 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28447]: Failed password for root from 162.144.236.216 port 50032 ssh2
Sep 29 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28447]: Connection closed by 162.144.236.216 port 50032 [preauth]
Sep 29 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session closed for user root
Sep 29 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Failed password for root from 162.144.236.216 port 56506 ssh2
Sep 29 08:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Connection closed by 162.144.236.216 port 56506 [preauth]
Sep 29 08:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Failed password for root from 162.144.236.216 port 34866 ssh2
Sep 29 08:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Connection closed by 162.144.236.216 port 34866 [preauth]
Sep 29 08:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session closed for user root
Sep 29 08:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Failed password for root from 162.144.236.216 port 42042 ssh2
Sep 29 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Connection closed by 162.144.236.216 port 42042 [preauth]
Sep 29 08:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Failed password for root from 162.144.236.216 port 50642 ssh2
Sep 29 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Connection closed by 162.144.236.216 port 50642 [preauth]
Sep 29 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: Successful su for rubyman by root
Sep 29 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: + ??? root:rubyman
Sep 29 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313692 of user rubyman.
Sep 29 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313692.
Sep 29 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25566]: pam_unix(cron:session): session closed for user root
Sep 29 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29149]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Failed password for root from 162.144.236.216 port 59242 ssh2
Sep 29 08:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Connection closed by 162.144.236.216 port 59242 [preauth]
Sep 29 08:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29460]: Failed password for root from 162.144.236.216 port 36158 ssh2
Sep 29 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29460]: Connection closed by 162.144.236.216 port 36158 [preauth]
Sep 29 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29491]: Failed password for root from 162.144.236.216 port 42368 ssh2
Sep 29 08:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29491]: Connection closed by 162.144.236.216 port 42368 [preauth]
Sep 29 08:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27949]: pam_unix(cron:session): session closed for user root
Sep 29 08:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Failed password for root from 162.144.236.216 port 50644 ssh2
Sep 29 08:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Connection closed by 162.144.236.216 port 50644 [preauth]
Sep 29 08:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Failed password for root from 162.144.236.216 port 56452 ssh2
Sep 29 08:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Connection closed by 162.144.236.216 port 56452 [preauth]
Sep 29 08:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 08:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 08:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 08:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp.com rhost=::ffff:79.124.49.146
Sep 29 08:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Invalid user teamspeak3 from 190.103.202.7
Sep 29 08:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: input_userauth_request: invalid user teamspeak3 [preauth]
Sep 29 08:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29722]: Successful su for rubyman by root
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29722]: + ??? root:rubyman
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313694 of user rubyman.
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29722]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313694.
Sep 29 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Failed password for invalid user teamspeak3 from 190.103.202.7 port 40660 ssh2
Sep 29 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Connection closed by 190.103.202.7 port 40660 [preauth]
Sep 29 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Failed password for root from 162.144.236.216 port 33984 ssh2
Sep 29 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Connection closed by 162.144.236.216 port 33984 [preauth]
Sep 29 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26149]: pam_unix(cron:session): session closed for user root
Sep 29 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Failed password for root from 162.144.236.216 port 40596 ssh2
Sep 29 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Connection closed by 162.144.236.216 port 40596 [preauth]
Sep 29 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: Failed password for root from 162.144.236.216 port 45822 ssh2
Sep 29 08:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: Connection closed by 162.144.236.216 port 45822 [preauth]
Sep 29 08:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30016]: Failed password for root from 162.144.236.216 port 53146 ssh2
Sep 29 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28468]: pam_unix(cron:session): session closed for user root
Sep 29 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30016]: Connection closed by 162.144.236.216 port 53146 [preauth]
Sep 29 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Failed password for root from 162.144.236.216 port 59900 ssh2
Sep 29 08:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Connection closed by 162.144.236.216 port 59900 [preauth]
Sep 29 08:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: Failed password for root from 162.144.236.216 port 38712 ssh2
Sep 29 08:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: Connection closed by 162.144.236.216 port 38712 [preauth]
Sep 29 08:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Failed password for root from 162.144.236.216 port 43850 ssh2
Sep 29 08:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Connection closed by 162.144.236.216 port 43850 [preauth]
Sep 29 08:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30238]: Successful su for rubyman by root
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30238]: + ??? root:rubyman
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313699 of user rubyman.
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30238]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313699.
Sep 29 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26722]: pam_unix(cron:session): session closed for user root
Sep 29 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Failed password for root from 162.144.236.216 port 51562 ssh2
Sep 29 08:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30149]: Connection closed by 162.144.236.216 port 51562 [preauth]
Sep 29 08:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Failed password for root from 162.144.236.216 port 59688 ssh2
Sep 29 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Connection closed by 162.144.236.216 port 59688 [preauth]
Sep 29 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for root from 162.144.236.216 port 38492 ssh2
Sep 29 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Connection closed by 162.144.236.216 port 38492 [preauth]
Sep 29 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session closed for user root
Sep 29 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Failed password for root from 162.144.236.216 port 45524 ssh2
Sep 29 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Connection closed by 162.144.236.216 port 45524 [preauth]
Sep 29 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Failed password for root from 162.144.236.216 port 51962 ssh2
Sep 29 08:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30677]: Connection closed by 162.144.236.216 port 51962 [preauth]
Sep 29 08:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Failed password for root from 162.144.236.216 port 57522 ssh2
Sep 29 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: Connection closed by 162.144.236.216 port 57522 [preauth]
Sep 29 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Failed password for root from 162.144.236.216 port 35986 ssh2
Sep 29 08:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Connection closed by 162.144.236.216 port 35986 [preauth]
Sep 29 08:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30754]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30754]: pam_unix(cron:session): session closed for user root
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: Successful su for rubyman by root
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: + ??? root:rubyman
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313702 of user rubyman.
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313702.
Sep 29 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session closed for user root
Sep 29 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session closed for user root
Sep 29 08:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Failed password for root from 162.144.236.216 port 42490 ssh2
Sep 29 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Connection closed by 162.144.236.216 port 42490 [preauth]
Sep 29 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: Failed password for root from 162.144.236.216 port 48620 ssh2
Sep 29 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: Connection closed by 162.144.236.216 port 48620 [preauth]
Sep 29 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Failed password for root from 162.144.236.216 port 53742 ssh2
Sep 29 08:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Connection closed by 162.144.236.216 port 53742 [preauth]
Sep 29 08:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Failed password for root from 162.144.236.216 port 59000 ssh2
Sep 29 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Connection closed by 162.144.236.216 port 59000 [preauth]
Sep 29 08:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session closed for user root
Sep 29 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Invalid user user from 62.60.131.157
Sep 29 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: input_userauth_request: invalid user user [preauth]
Sep 29 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 08:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user user from 62.60.131.157 port 22734 ssh2
Sep 29 08:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Failed password for root from 162.144.236.216 port 37780 ssh2
Sep 29 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user user from 62.60.131.157 port 22734 ssh2
Sep 29 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Connection closed by 162.144.236.216 port 37780 [preauth]
Sep 29 08:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user user from 62.60.131.157 port 22734 ssh2
Sep 29 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user user from 62.60.131.157 port 22734 ssh2
Sep 29 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user user from 62.60.131.157 port 22734 ssh2
Sep 29 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Received disconnect from 62.60.131.157 port 22734:11: Bye [preauth]
Sep 29 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Disconnected from 62.60.131.157 port 22734 [preauth]
Sep 29 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Failed password for root from 162.144.236.216 port 44954 ssh2
Sep 29 08:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Connection closed by 162.144.236.216 port 44954 [preauth]
Sep 29 08:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 162.144.236.216 port 52820 ssh2
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Connection closed by 162.144.236.216 port 52820 [preauth]
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31327]: Successful su for rubyman by root
Sep 29 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31327]: + ??? root:rubyman
Sep 29 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313710 of user rubyman.
Sep 29 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31327]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313710.
Sep 29 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27948]: pam_unix(cron:session): session closed for user root
Sep 29 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31257]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco rhost=::ffff:45.142.193.185
Sep 29 08:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Failed password for root from 162.144.236.216 port 59914 ssh2
Sep 29 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31254]: Connection closed by 162.144.236.216 port 59914 [preauth]
Sep 29 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Failed password for root from 162.144.236.216 port 40912 ssh2
Sep 29 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30157]: pam_unix(cron:session): session closed for user root
Sep 29 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Connection closed by 162.144.236.216 port 40912 [preauth]
Sep 29 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31706]: Failed password for root from 162.144.236.216 port 47872 ssh2
Sep 29 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31706]: Connection closed by 162.144.236.216 port 47872 [preauth]
Sep 29 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: Failed password for root from 162.144.236.216 port 56734 ssh2
Sep 29 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31742]: Connection closed by 162.144.236.216 port 56734 [preauth]
Sep 29 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31780]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31781]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: Successful su for rubyman by root
Sep 29 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: + ??? root:rubyman
Sep 29 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313715 of user rubyman.
Sep 29 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313715.
Sep 29 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Failed password for root from 162.144.236.216 port 35444 ssh2
Sep 29 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Connection closed by 162.144.236.216 port 35444 [preauth]
Sep 29 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28467]: pam_unix(cron:session): session closed for user root
Sep 29 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Failed password for root from 162.144.236.216 port 44216 ssh2
Sep 29 08:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Connection closed by 162.144.236.216 port 44216 [preauth]
Sep 29 08:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32064]: Failed password for root from 162.144.236.216 port 50140 ssh2
Sep 29 08:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32064]: Connection closed by 162.144.236.216 port 50140 [preauth]
Sep 29 08:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32090]: Failed password for root from 162.144.236.216 port 56086 ssh2
Sep 29 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32090]: Connection closed by 162.144.236.216 port 56086 [preauth]
Sep 29 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32125]: Failed password for root from 162.144.236.216 port 33916 ssh2
Sep 29 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32125]: Connection closed by 162.144.236.216 port 33916 [preauth]
Sep 29 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session closed for user root
Sep 29 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: Failed password for root from 162.144.236.216 port 39868 ssh2
Sep 29 08:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: Connection closed by 162.144.236.216 port 39868 [preauth]
Sep 29 08:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: Failed password for root from 162.144.236.216 port 48298 ssh2
Sep 29 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32202]: Connection closed by 162.144.236.216 port 48298 [preauth]
Sep 29 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32297]: Successful su for rubyman by root
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32297]: + ??? root:rubyman
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313716 of user rubyman.
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32297]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313716.
Sep 29 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Failed password for root from 162.144.236.216 port 54954 ssh2
Sep 29 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Connection closed by 162.144.236.216 port 54954 [preauth]
Sep 29 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29150]: pam_unix(cron:session): session closed for user root
Sep 29 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for root from 162.144.236.216 port 34110 ssh2
Sep 29 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 162.144.236.216 port 34110 [preauth]
Sep 29 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: Failed password for root from 162.144.236.216 port 39852 ssh2
Sep 29 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: Connection closed by 162.144.236.216 port 39852 [preauth]
Sep 29 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Failed password for root from 162.144.236.216 port 46340 ssh2
Sep 29 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Connection closed by 162.144.236.216 port 46340 [preauth]
Sep 29 08:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Failed password for root from 162.144.236.216 port 53108 ssh2
Sep 29 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Connection closed by 162.144.236.216 port 53108 [preauth]
Sep 29 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session closed for user root
Sep 29 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Failed password for root from 162.144.236.216 port 58392 ssh2
Sep 29 08:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Connection closed by 162.144.236.216 port 58392 [preauth]
Sep 29 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: Failed password for root from 162.144.236.216 port 35906 ssh2
Sep 29 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: Connection closed by 162.144.236.216 port 35906 [preauth]
Sep 29 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: Failed password for root from 162.144.236.216 port 44178 ssh2
Sep 29 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: Connection closed by 162.144.236.216 port 44178 [preauth]
Sep 29 08:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32684]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: Successful su for rubyman by root
Sep 29 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: + ??? root:rubyman
Sep 29 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313720 of user rubyman.
Sep 29 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313720.
Sep 29 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session closed for user root
Sep 29 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session closed for user root
Sep 29 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Failed password for root from 162.144.236.216 port 50636 ssh2
Sep 29 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Connection closed by 162.144.236.216 port 50636 [preauth]
Sep 29 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Failed password for root from 162.144.236.216 port 56432 ssh2
Sep 29 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Connection closed by 162.144.236.216 port 56432 [preauth]
Sep 29 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Failed password for root from 162.144.236.216 port 34756 ssh2
Sep 29 08:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Connection closed by 162.144.236.216 port 34756 [preauth]
Sep 29 08:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Failed password for root from 162.144.236.216 port 41238 ssh2
Sep 29 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Connection closed by 162.144.236.216 port 41238 [preauth]
Sep 29 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31781]: pam_unix(cron:session): session closed for user root
Sep 29 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: Failed password for root from 162.144.236.216 port 46836 ssh2
Sep 29 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[668]: Connection closed by 162.144.236.216 port 46836 [preauth]
Sep 29 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: Failed password for root from 162.144.236.216 port 53152 ssh2
Sep 29 08:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: Connection closed by 162.144.236.216 port 53152 [preauth]
Sep 29 08:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Failed password for root from 162.144.236.216 port 60676 ssh2
Sep 29 08:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Connection closed by 162.144.236.216 port 60676 [preauth]
Sep 29 08:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session closed for user root
Sep 29 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[898]: Successful su for rubyman by root
Sep 29 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[898]: + ??? root:rubyman
Sep 29 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313730 of user rubyman.
Sep 29 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[898]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313730.
Sep 29 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: Failed password for root from 162.144.236.216 port 39360 ssh2
Sep 29 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session closed for user root
Sep 29 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[782]: pam_unix(cron:session): session closed for user root
Sep 29 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: Connection closed by 162.144.236.216 port 39360 [preauth]
Sep 29 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Failed password for root from 162.144.236.216 port 47104 ssh2
Sep 29 08:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Connection closed by 162.144.236.216 port 47104 [preauth]
Sep 29 08:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for root from 162.144.236.216 port 53062 ssh2
Sep 29 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 162.144.236.216 port 53062 [preauth]
Sep 29 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Failed password for root from 162.144.236.216 port 32944 ssh2
Sep 29 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session closed for user root
Sep 29 08:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Connection closed by 162.144.236.216 port 32944 [preauth]
Sep 29 08:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Failed password for root from 162.144.236.216 port 40280 ssh2
Sep 29 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Connection closed by 162.144.236.216 port 40280 [preauth]
Sep 29 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1308]: Failed password for root from 162.144.236.216 port 46210 ssh2
Sep 29 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1308]: Connection closed by 162.144.236.216 port 46210 [preauth]
Sep 29 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Failed password for root from 162.144.236.216 port 52942 ssh2
Sep 29 08:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Connection closed by 162.144.236.216 port 52942 [preauth]
Sep 29 08:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: Successful su for rubyman by root
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: + ??? root:rubyman
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313733 of user rubyman.
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313733.
Sep 29 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for root from 162.144.236.216 port 58900 ssh2
Sep 29 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Connection closed by 162.144.236.216 port 58900 [preauth]
Sep 29 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session closed for user root
Sep 29 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Failed password for root from 162.144.236.216 port 37488 ssh2
Sep 29 08:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Connection closed by 162.144.236.216 port 37488 [preauth]
Sep 29 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1725]: Failed password for root from 162.144.236.216 port 44188 ssh2
Sep 29 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1725]: Connection closed by 162.144.236.216 port 44188 [preauth]
Sep 29 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user root
Sep 29 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Failed password for root from 162.144.236.216 port 52886 ssh2
Sep 29 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Connection closed by 162.144.236.216 port 52886 [preauth]
Sep 29 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Failed password for root from 162.144.236.216 port 58716 ssh2
Sep 29 08:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Connection closed by 162.144.236.216 port 58716 [preauth]
Sep 29 08:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1869]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1868]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1866]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1938]: Successful su for rubyman by root
Sep 29 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1938]: + ??? root:rubyman
Sep 29 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313736 of user rubyman.
Sep 29 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1938]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313736.
Sep 29 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session closed for user root
Sep 29 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1867]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Failed password for root from 162.144.236.216 port 37892 ssh2
Sep 29 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Connection closed by 162.144.236.216 port 37892 [preauth]
Sep 29 08:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: Failed password for root from 162.144.236.216 port 44892 ssh2
Sep 29 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: Connection closed by 162.144.236.216 port 44892 [preauth]
Sep 29 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for root from 162.144.236.216 port 51704 ssh2
Sep 29 08:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 162.144.236.216 port 51704 [preauth]
Sep 29 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Failed password for root from 162.144.236.216 port 57256 ssh2
Sep 29 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Connection closed by 162.144.236.216 port 57256 [preauth]
Sep 29 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user root
Sep 29 08:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Failed password for root from 162.144.236.216 port 35012 ssh2
Sep 29 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Connection closed by 162.144.236.216 port 35012 [preauth]
Sep 29 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Failed password for root from 162.144.236.216 port 40820 ssh2
Sep 29 08:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Connection closed by 162.144.236.216 port 40820 [preauth]
Sep 29 08:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for root from 162.144.236.216 port 47516 ssh2
Sep 29 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Connection closed by 162.144.236.216 port 47516 [preauth]
Sep 29 08:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2318]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2378]: Successful su for rubyman by root
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2378]: + ??? root:rubyman
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313741 of user rubyman.
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2378]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313741.
Sep 29 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31780]: pam_unix(cron:session): session closed for user root
Sep 29 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2319]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2307]: Failed password for root from 162.144.236.216 port 52608 ssh2
Sep 29 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2307]: Connection closed by 162.144.236.216 port 52608 [preauth]
Sep 29 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for root from 162.144.236.216 port 60612 ssh2
Sep 29 08:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Connection closed by 162.144.236.216 port 60612 [preauth]
Sep 29 08:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session closed for user root
Sep 29 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: Failed password for root from 162.144.236.216 port 39816 ssh2
Sep 29 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2659]: Connection closed by 162.144.236.216 port 39816 [preauth]
Sep 29 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Failed password for root from 162.144.236.216 port 47152 ssh2
Sep 29 08:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Connection closed by 162.144.236.216 port 47152 [preauth]
Sep 29 08:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Failed password for root from 162.144.236.216 port 55000 ssh2
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: Successful su for rubyman by root
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: + ??? root:rubyman
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313744 of user rubyman.
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313744.
Sep 29 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Connection closed by 162.144.236.216 port 55000 [preauth]
Sep 29 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user root
Sep 29 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Failed password for root from 162.144.236.216 port 33806 ssh2
Sep 29 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Connection closed by 162.144.236.216 port 33806 [preauth]
Sep 29 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: Failed password for root from 162.144.236.216 port 40072 ssh2
Sep 29 08:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: Connection closed by 162.144.236.216 port 40072 [preauth]
Sep 29 08:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3068]: Failed password for root from 162.144.236.216 port 49008 ssh2
Sep 29 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3068]: Connection closed by 162.144.236.216 port 49008 [preauth]
Sep 29 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1869]: pam_unix(cron:session): session closed for user root
Sep 29 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3112]: Failed password for root from 162.144.236.216 port 58414 ssh2
Sep 29 08:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3112]: Connection closed by 162.144.236.216 port 58414 [preauth]
Sep 29 08:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Invalid user snort from 185.213.175.140
Sep 29 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: input_userauth_request: invalid user snort [preauth]
Sep 29 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Failed password for invalid user snort from 185.213.175.140 port 33502 ssh2
Sep 29 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Received disconnect from 185.213.175.140 port 33502:11: Bye Bye [preauth]
Sep 29 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Disconnected from 185.213.175.140 port 33502 [preauth]
Sep 29 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Failed password for root from 162.144.236.216 port 36740 ssh2
Sep 29 08:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Connection closed by 162.144.236.216 port 36740 [preauth]
Sep 29 08:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Failed password for root from 162.144.236.216 port 43672 ssh2
Sep 29 08:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Connection closed by 162.144.236.216 port 43672 [preauth]
Sep 29 08:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user root
Sep 29 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3270]: Successful su for rubyman by root
Sep 29 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3270]: + ??? root:rubyman
Sep 29 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313749 of user rubyman.
Sep 29 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3270]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313749.
Sep 29 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user root
Sep 29 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user root
Sep 29 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Failed password for root from 162.144.236.216 port 50480 ssh2
Sep 29 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3189]: Connection closed by 162.144.236.216 port 50480 [preauth]
Sep 29 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Failed password for root from 162.144.236.216 port 55968 ssh2
Sep 29 08:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3470]: Connection closed by 162.144.236.216 port 55968 [preauth]
Sep 29 08:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: Failed password for root from 162.144.236.216 port 35346 ssh2
Sep 29 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3534]: Connection closed by 162.144.236.216 port 35346 [preauth]
Sep 29 08:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session closed for user root
Sep 29 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3547]: Failed password for root from 162.144.236.216 port 43602 ssh2
Sep 29 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3547]: Connection closed by 162.144.236.216 port 43602 [preauth]
Sep 29 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Failed password for root from 162.144.236.216 port 50634 ssh2
Sep 29 08:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Connection closed by 162.144.236.216 port 50634 [preauth]
Sep 29 08:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3630]: Failed password for root from 162.144.236.216 port 56516 ssh2
Sep 29 08:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3630]: Connection closed by 162.144.236.216 port 56516 [preauth]
Sep 29 08:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for root from 162.144.236.216 port 35810 ssh2
Sep 29 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Connection closed by 162.144.236.216 port 35810 [preauth]
Sep 29 08:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: Successful su for rubyman by root
Sep 29 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: + ??? root:rubyman
Sep 29 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313755 of user rubyman.
Sep 29 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313755.
Sep 29 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session closed for user root
Sep 29 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 08:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3664]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Failed password for root from 103.67.78.51 port 60682 ssh2
Sep 29 08:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Failed password for root from 162.144.236.216 port 42228 ssh2
Sep 29 08:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Received disconnect from 103.67.78.51 port 60682:11: Bye Bye [preauth]
Sep 29 08:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Disconnected from 103.67.78.51 port 60682 [preauth]
Sep 29 08:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Connection closed by 162.144.236.216 port 42228 [preauth]
Sep 29 08:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Failed password for root from 185.213.175.140 port 6316 ssh2
Sep 29 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Received disconnect from 185.213.175.140 port 6316:11: Bye Bye [preauth]
Sep 29 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Disconnected from 185.213.175.140 port 6316 [preauth]
Sep 29 08:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Invalid user snort from 107.172.50.151
Sep 29 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: input_userauth_request: invalid user snort [preauth]
Sep 29 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 08:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Failed password for root from 162.144.236.216 port 50686 ssh2
Sep 29 08:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Connection closed by 162.144.236.216 port 50686 [preauth]
Sep 29 08:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Failed password for invalid user snort from 107.172.50.151 port 33506 ssh2
Sep 29 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Received disconnect from 107.172.50.151 port 33506:11: Bye Bye [preauth]
Sep 29 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Disconnected from 107.172.50.151 port 33506 [preauth]
Sep 29 08:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3996]: Failed password for root from 162.144.236.216 port 57286 ssh2
Sep 29 08:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3996]: Connection closed by 162.144.236.216 port 57286 [preauth]
Sep 29 08:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session closed for user root
Sep 29 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4030]: Failed password for root from 162.144.236.216 port 37722 ssh2
Sep 29 08:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4030]: Connection closed by 162.144.236.216 port 37722 [preauth]
Sep 29 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for root from 162.144.236.216 port 43460 ssh2
Sep 29 08:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Connection closed by 162.144.236.216 port 43460 [preauth]
Sep 29 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 162.144.236.216 port 50338 ssh2
Sep 29 08:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Connection closed by 162.144.236.216 port 50338 [preauth]
Sep 29 08:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Failed password for root from 162.144.236.216 port 56510 ssh2
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4142]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4143]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4140]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Connection closed by 162.144.236.216 port 56510 [preauth]
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4216]: Successful su for rubyman by root
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4216]: + ??? root:rubyman
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313757 of user rubyman.
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4216]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313757.
Sep 29 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session closed for user root
Sep 29 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4210]: Failed password for root from 162.144.236.216 port 34118 ssh2
Sep 29 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4210]: Connection closed by 162.144.236.216 port 34118 [preauth]
Sep 29 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Invalid user uftp from 185.213.175.140
Sep 29 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: input_userauth_request: invalid user uftp [preauth]
Sep 29 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user uftp from 185.213.175.140 port 29864 ssh2
Sep 29 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Received disconnect from 185.213.175.140 port 29864:11: Bye Bye [preauth]
Sep 29 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Disconnected from 185.213.175.140 port 29864 [preauth]
Sep 29 08:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 08:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Failed password for root from 185.255.90.135 port 45498 ssh2
Sep 29 08:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Received disconnect from 185.255.90.135 port 45498:11: Bye Bye [preauth]
Sep 29 08:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Disconnected from 185.255.90.135 port 45498 [preauth]
Sep 29 08:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Failed password for root from 162.144.236.216 port 39526 ssh2
Sep 29 08:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Connection closed by 162.144.236.216 port 39526 [preauth]
Sep 29 08:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Failed password for root from 162.144.236.216 port 46896 ssh2
Sep 29 08:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4459]: Connection closed by 162.144.236.216 port 46896 [preauth]
Sep 29 08:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session closed for user root
Sep 29 08:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: Failed password for root from 162.144.236.216 port 53566 ssh2
Sep 29 08:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4490]: Connection closed by 162.144.236.216 port 53566 [preauth]
Sep 29 08:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Failed password for root from 162.144.236.216 port 33436 ssh2
Sep 29 08:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Connection closed by 162.144.236.216 port 33436 [preauth]
Sep 29 08:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Failed password for root from 162.144.236.216 port 41172 ssh2
Sep 29 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Connection closed by 162.144.236.216 port 41172 [preauth]
Sep 29 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for root from 162.144.236.216 port 45952 ssh2
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4599]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: Successful su for rubyman by root
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: + ??? root:rubyman
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313762 of user rubyman.
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4671]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313762.
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 162.144.236.216 port 45952 [preauth]
Sep 29 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Invalid user user from 185.213.175.140
Sep 29 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: input_userauth_request: invalid user user [preauth]
Sep 29 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Failed password for invalid user user from 185.213.175.140 port 53520 ssh2
Sep 29 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Received disconnect from 185.213.175.140 port 53520:11: Bye Bye [preauth]
Sep 29 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Disconnected from 185.213.175.140 port 53520 [preauth]
Sep 29 08:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1868]: pam_unix(cron:session): session closed for user root
Sep 29 08:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for root from 162.144.236.216 port 53834 ssh2
Sep 29 08:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Connection closed by 162.144.236.216 port 53834 [preauth]
Sep 29 08:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: Failed password for root from 162.144.236.216 port 33570 ssh2
Sep 29 08:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: Connection closed by 162.144.236.216 port 33570 [preauth]
Sep 29 08:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Failed password for root from 162.144.236.216 port 42692 ssh2
Sep 29 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4919]: Connection closed by 162.144.236.216 port 42692 [preauth]
Sep 29 08:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: Invalid user sdn from 103.159.132.217
Sep 29 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: input_userauth_request: invalid user sdn [preauth]
Sep 29 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: Failed password for invalid user sdn from 103.159.132.217 port 46570 ssh2
Sep 29 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3666]: pam_unix(cron:session): session closed for user root
Sep 29 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: Received disconnect from 103.159.132.217 port 46570:11: Bye Bye [preauth]
Sep 29 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4944]: Disconnected from 103.159.132.217 port 46570 [preauth]
Sep 29 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 08:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Failed password for root from 185.255.90.135 port 54546 ssh2
Sep 29 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Received disconnect from 185.255.90.135 port 54546:11: Bye Bye [preauth]
Sep 29 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Disconnected from 185.255.90.135 port 54546 [preauth]
Sep 29 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Invalid user estest from 103.67.78.51
Sep 29 08:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: input_userauth_request: invalid user estest [preauth]
Sep 29 08:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: Failed password for root from 162.144.236.216 port 48512 ssh2
Sep 29 08:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Failed password for invalid user estest from 103.67.78.51 port 35344 ssh2
Sep 29 08:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: Connection closed by 162.144.236.216 port 48512 [preauth]
Sep 29 08:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Received disconnect from 103.67.78.51 port 35344:11: Bye Bye [preauth]
Sep 29 08:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Disconnected from 103.67.78.51 port 35344 [preauth]
Sep 29 08:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Failed password for root from 162.144.236.216 port 55324 ssh2
Sep 29 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Connection closed by 162.144.236.216 port 55324 [preauth]
Sep 29 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: Failed password for root from 162.144.236.216 port 60714 ssh2
Sep 29 08:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5029]: Connection closed by 162.144.236.216 port 60714 [preauth]
Sep 29 08:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Invalid user foundry from 185.213.175.140
Sep 29 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: input_userauth_request: invalid user foundry [preauth]
Sep 29 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Failed password for invalid user foundry from 185.213.175.140 port 13132 ssh2
Sep 29 08:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Received disconnect from 185.213.175.140 port 13132:11: Bye Bye [preauth]
Sep 29 08:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Disconnected from 185.213.175.140 port 13132 [preauth]
Sep 29 08:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5141]: Successful su for rubyman by root
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5141]: + ??? root:rubyman
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313766 of user rubyman.
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5141]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313766.
Sep 29 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: Failed password for root from 162.144.236.216 port 38576 ssh2
Sep 29 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5054]: Connection closed by 162.144.236.216 port 38576 [preauth]
Sep 29 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2320]: pam_unix(cron:session): session closed for user root
Sep 29 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: Invalid user mssql from 107.172.50.151
Sep 29 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: input_userauth_request: invalid user mssql [preauth]
Sep 29 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 08:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5070]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: Failed password for invalid user mssql from 107.172.50.151 port 59290 ssh2
Sep 29 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: Received disconnect from 107.172.50.151 port 59290:11: Bye Bye [preauth]
Sep 29 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5417]: Disconnected from 107.172.50.151 port 59290 [preauth]
Sep 29 08:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Failed password for root from 162.144.236.216 port 46194 ssh2
Sep 29 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Connection closed by 162.144.236.216 port 46194 [preauth]
Sep 29 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Failed password for root from 162.144.236.216 port 51776 ssh2
Sep 29 08:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Connection closed by 162.144.236.216 port 51776 [preauth]
Sep 29 08:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Failed password for root from 162.144.236.216 port 59076 ssh2
Sep 29 08:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Connection closed by 162.144.236.216 port 59076 [preauth]
Sep 29 08:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for root from 162.144.236.216 port 37030 ssh2
Sep 29 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4143]: pam_unix(cron:session): session closed for user root
Sep 29 08:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Connection closed by 162.144.236.216 port 37030 [preauth]
Sep 29 08:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Invalid user userftp from 185.255.90.135
Sep 29 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: input_userauth_request: invalid user userftp [preauth]
Sep 29 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 08:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Failed password for invalid user userftp from 185.255.90.135 port 36620 ssh2
Sep 29 08:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Received disconnect from 185.255.90.135 port 36620:11: Bye Bye [preauth]
Sep 29 08:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5555]: Disconnected from 185.255.90.135 port 36620 [preauth]
Sep 29 08:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: Failed password for root from 162.144.236.216 port 43668 ssh2
Sep 29 08:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5543]: Connection closed by 162.144.236.216 port 43668 [preauth]
Sep 29 08:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 08:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Failed password for root from 185.213.175.140 port 36796 ssh2
Sep 29 08:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Received disconnect from 185.213.175.140 port 36796:11: Bye Bye [preauth]
Sep 29 08:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Disconnected from 185.213.175.140 port 36796 [preauth]
Sep 29 08:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Failed password for root from 103.67.78.51 port 55484 ssh2
Sep 29 08:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Received disconnect from 103.67.78.51 port 55484:11: Bye Bye [preauth]
Sep 29 08:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Disconnected from 103.67.78.51 port 55484 [preauth]
Sep 29 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: Failed password for root from 162.144.236.216 port 51346 ssh2
Sep 29 08:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5580]: Connection closed by 162.144.236.216 port 51346 [preauth]
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user root
Sep 29 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: Successful su for rubyman by root
Sep 29 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: + ??? root:rubyman
Sep 29 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313772 of user rubyman.
Sep 29 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5693]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313772.
Sep 29 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session closed for user root
Sep 29 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session closed for user root
Sep 29 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Failed password for root from 162.144.236.216 port 58866 ssh2
Sep 29 08:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Connection closed by 162.144.236.216 port 58866 [preauth]
Sep 29 08:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Failed password for root from 162.144.236.216 port 39310 ssh2
Sep 29 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5972]: Connection closed by 162.144.236.216 port 39310 [preauth]
Sep 29 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session closed for user root
Sep 29 08:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Failed password for root from 162.144.236.216 port 46262 ssh2
Sep 29 08:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Connection closed by 162.144.236.216 port 46262 [preauth]
Sep 29 08:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Invalid user tabata from 185.213.175.140
Sep 29 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: input_userauth_request: invalid user tabata [preauth]
Sep 29 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Failed password for invalid user tabata from 185.213.175.140 port 60452 ssh2
Sep 29 08:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Received disconnect from 185.213.175.140 port 60452:11: Bye Bye [preauth]
Sep 29 08:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6075]: Disconnected from 185.213.175.140 port 60452 [preauth]
Sep 29 08:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Failed password for root from 185.255.90.135 port 46770 ssh2
Sep 29 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Received disconnect from 185.255.90.135 port 46770:11: Bye Bye [preauth]
Sep 29 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Disconnected from 185.255.90.135 port 46770 [preauth]
Sep 29 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6059]: Failed password for root from 162.144.236.216 port 54280 ssh2
Sep 29 08:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6059]: Connection closed by 162.144.236.216 port 54280 [preauth]
Sep 29 08:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Invalid user tabata from 107.172.50.151
Sep 29 08:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: input_userauth_request: invalid user tabata [preauth]
Sep 29 08:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 08:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Failed password for invalid user tabata from 107.172.50.151 port 32872 ssh2
Sep 29 08:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Received disconnect from 107.172.50.151 port 32872:11: Bye Bye [preauth]
Sep 29 08:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Disconnected from 107.172.50.151 port 32872 [preauth]
Sep 29 08:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: Failed password for root from 162.144.236.216 port 59382 ssh2
Sep 29 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6088]: Connection closed by 162.144.236.216 port 59382 [preauth]
Sep 29 08:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: Successful su for rubyman by root
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: + ??? root:rubyman
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313775 of user rubyman.
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313775.
Sep 29 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user root
Sep 29 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Failed password for root from 162.144.236.216 port 38124 ssh2
Sep 29 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Invalid user proxyuser from 103.67.78.51
Sep 29 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: input_userauth_request: invalid user proxyuser [preauth]
Sep 29 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Connection closed by 162.144.236.216 port 38124 [preauth]
Sep 29 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for invalid user proxyuser from 103.67.78.51 port 53588 ssh2
Sep 29 08:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Received disconnect from 103.67.78.51 port 53588:11: Bye Bye [preauth]
Sep 29 08:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Disconnected from 103.67.78.51 port 53588 [preauth]
Sep 29 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Failed password for root from 162.144.236.216 port 47022 ssh2
Sep 29 08:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Connection closed by 162.144.236.216 port 47022 [preauth]
Sep 29 08:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6395]: Connection closed by 175.136.3.9 port 51883 [preauth]
Sep 29 08:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: Failed password for root from 162.144.236.216 port 54918 ssh2
Sep 29 08:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: Connection closed by 162.144.236.216 port 54918 [preauth]
Sep 29 08:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5072]: pam_unix(cron:session): session closed for user root
Sep 29 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Failed password for root from 162.144.236.216 port 33522 ssh2
Sep 29 08:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: Invalid user oguz from 185.213.175.140
Sep 29 08:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: input_userauth_request: invalid user oguz [preauth]
Sep 29 08:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Connection closed by 162.144.236.216 port 33522 [preauth]
Sep 29 08:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: Failed password for invalid user oguz from 185.213.175.140 port 20144 ssh2
Sep 29 08:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: Received disconnect from 185.213.175.140 port 20144:11: Bye Bye [preauth]
Sep 29 08:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6501]: Disconnected from 185.213.175.140 port 20144 [preauth]
Sep 29 08:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Failed password for root from 162.144.236.216 port 40164 ssh2
Sep 29 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Connection closed by 162.144.236.216 port 40164 [preauth]
Sep 29 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Invalid user adam from 185.255.90.135
Sep 29 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: input_userauth_request: invalid user adam [preauth]
Sep 29 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 08:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Failed password for invalid user adam from 185.255.90.135 port 47234 ssh2
Sep 29 08:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Received disconnect from 185.255.90.135 port 47234:11: Bye Bye [preauth]
Sep 29 08:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Disconnected from 185.255.90.135 port 47234 [preauth]
Sep 29 08:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Failed password for root from 162.144.236.216 port 45396 ssh2
Sep 29 08:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Connection closed by 162.144.236.216 port 45396 [preauth]
Sep 29 08:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Failed password for root from 162.144.236.216 port 53250 ssh2
Sep 29 08:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6569]: Connection closed by 162.144.236.216 port 53250 [preauth]
Sep 29 08:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: Successful su for rubyman by root
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: + ??? root:rubyman
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313779 of user rubyman.
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6750]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313779.
Sep 29 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3665]: pam_unix(cron:session): session closed for user root
Sep 29 08:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: Failed password for root from 162.144.236.216 port 59248 ssh2
Sep 29 08:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6597]: Connection closed by 162.144.236.216 port 59248 [preauth]
Sep 29 08:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6955]: Failed password for root from 162.144.236.216 port 36804 ssh2
Sep 29 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6955]: Connection closed by 162.144.236.216 port 36804 [preauth]
Sep 29 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Invalid user adam from 103.67.78.51
Sep 29 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: input_userauth_request: invalid user adam [preauth]
Sep 29 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Failed password for root from 162.144.236.216 port 43966 ssh2
Sep 29 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Failed password for invalid user adam from 103.67.78.51 port 41994 ssh2
Sep 29 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Received disconnect from 103.67.78.51 port 41994:11: Bye Bye [preauth]
Sep 29 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Disconnected from 103.67.78.51 port 41994 [preauth]
Sep 29 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6992]: Connection closed by 162.144.236.216 port 43966 [preauth]
Sep 29 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for root from 185.213.175.140 port 43758 ssh2
Sep 29 08:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Received disconnect from 185.213.175.140 port 43758:11: Bye Bye [preauth]
Sep 29 08:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Disconnected from 185.213.175.140 port 43758 [preauth]
Sep 29 08:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Failed password for root from 162.144.236.216 port 50266 ssh2
Sep 29 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Connection closed by 162.144.236.216 port 50266 [preauth]
Sep 29 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session closed for user root
Sep 29 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Invalid user ceshi from 107.172.50.151
Sep 29 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: input_userauth_request: invalid user ceshi [preauth]
Sep 29 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Failed password for invalid user ceshi from 107.172.50.151 port 37726 ssh2
Sep 29 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Received disconnect from 107.172.50.151 port 37726:11: Bye Bye [preauth]
Sep 29 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Disconnected from 107.172.50.151 port 37726 [preauth]
Sep 29 08:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Failed password for root from 162.144.236.216 port 58860 ssh2
Sep 29 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Connection closed by 162.144.236.216 port 58860 [preauth]
Sep 29 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Invalid user bot2 from 185.255.90.135
Sep 29 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: input_userauth_request: invalid user bot2 [preauth]
Sep 29 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Failed password for invalid user bot2 from 185.255.90.135 port 39300 ssh2
Sep 29 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Received disconnect from 185.255.90.135 port 39300:11: Bye Bye [preauth]
Sep 29 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Disconnected from 185.255.90.135 port 39300 [preauth]
Sep 29 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: Failed password for root from 162.144.236.216 port 37078 ssh2
Sep 29 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: Connection closed by 162.144.236.216 port 37078 [preauth]
Sep 29 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Failed password for root from 162.144.236.216 port 42900 ssh2
Sep 29 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7303]: Successful su for rubyman by root
Sep 29 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7303]: + ??? root:rubyman
Sep 29 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313784 of user rubyman.
Sep 29 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7303]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313784.
Sep 29 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Connection closed by 162.144.236.216 port 42900 [preauth]
Sep 29 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4142]: pam_unix(cron:session): session closed for user root
Sep 29 08:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Invalid user lava from 103.159.132.217
Sep 29 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: input_userauth_request: invalid user lava [preauth]
Sep 29 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 08:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Failed password for invalid user lava from 103.159.132.217 port 45322 ssh2
Sep 29 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Received disconnect from 103.159.132.217 port 45322:11: Bye Bye [preauth]
Sep 29 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Disconnected from 103.159.132.217 port 45322 [preauth]
Sep 29 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Failed password for root from 162.144.236.216 port 50010 ssh2
Sep 29 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Failed password for root from 185.213.175.140 port 3438 ssh2
Sep 29 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Received disconnect from 185.213.175.140 port 3438:11: Bye Bye [preauth]
Sep 29 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7550]: Disconnected from 185.213.175.140 port 3438 [preauth]
Sep 29 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Connection closed by 162.144.236.216 port 50010 [preauth]
Sep 29 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Invalid user user from 62.60.131.157
Sep 29 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: input_userauth_request: invalid user user [preauth]
Sep 29 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for invalid user user from 62.60.131.157 port 62693 ssh2
Sep 29 08:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for invalid user user from 62.60.131.157 port 62693 ssh2
Sep 29 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for invalid user user from 62.60.131.157 port 62693 ssh2
Sep 29 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Failed password for root from 103.67.78.51 port 47730 ssh2
Sep 29 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Received disconnect from 103.67.78.51 port 47730:11: Bye Bye [preauth]
Sep 29 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7583]: Disconnected from 103.67.78.51 port 47730 [preauth]
Sep 29 08:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for invalid user user from 62.60.131.157 port 62693 ssh2
Sep 29 08:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for invalid user user from 62.60.131.157 port 62693 ssh2
Sep 29 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Received disconnect from 62.60.131.157 port 62693:11: Bye [preauth]
Sep 29 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Disconnected from 62.60.131.157 port 62693 [preauth]
Sep 29 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session closed for user root
Sep 29 08:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Failed password for root from 162.144.236.216 port 57694 ssh2
Sep 29 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Invalid user nagios from 20.163.71.109
Sep 29 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: input_userauth_request: invalid user nagios [preauth]
Sep 29 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Failed password for invalid user nagios from 20.163.71.109 port 46532 ssh2
Sep 29 08:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Connection closed by 20.163.71.109 port 46532 [preauth]
Sep 29 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Connection closed by 162.144.236.216 port 57694 [preauth]
Sep 29 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: Invalid user salim from 185.255.90.135
Sep 29 08:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: input_userauth_request: invalid user salim [preauth]
Sep 29 08:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: Failed password for invalid user salim from 185.255.90.135 port 54240 ssh2
Sep 29 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: Received disconnect from 185.255.90.135 port 54240:11: Bye Bye [preauth]
Sep 29 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7663]: Disconnected from 185.255.90.135 port 54240 [preauth]
Sep 29 08:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7700]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: Successful su for rubyman by root
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: + ??? root:rubyman
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313787 of user rubyman.
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313787.
Sep 29 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Failed password for root from 162.144.236.216 port 37374 ssh2
Sep 29 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Connection closed by 162.144.236.216 port 37374 [preauth]
Sep 29 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4599]: pam_unix(cron:session): session closed for user root
Sep 29 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7701]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Failed password for root from 185.213.175.140 port 26984 ssh2
Sep 29 08:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Received disconnect from 185.213.175.140 port 26984:11: Bye Bye [preauth]
Sep 29 08:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Disconnected from 185.213.175.140 port 26984 [preauth]
Sep 29 08:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Failed password for root from 162.144.236.216 port 47586 ssh2
Sep 29 08:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7943]: Connection closed by 162.144.236.216 port 47586 [preauth]
Sep 29 08:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Invalid user test1234 from 107.172.50.151
Sep 29 08:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: input_userauth_request: invalid user test1234 [preauth]
Sep 29 08:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 08:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Failed password for invalid user test1234 from 107.172.50.151 port 50304 ssh2
Sep 29 08:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Received disconnect from 107.172.50.151 port 50304:11: Bye Bye [preauth]
Sep 29 08:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8050]: Disconnected from 107.172.50.151 port 50304 [preauth]
Sep 29 08:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Failed password for root from 162.144.236.216 port 54394 ssh2
Sep 29 08:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Connection closed by 162.144.236.216 port 54394 [preauth]
Sep 29 08:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Failed password for root from 162.144.236.216 port 60682 ssh2
Sep 29 08:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Connection closed by 162.144.236.216 port 60682 [preauth]
Sep 29 08:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
Sep 29 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: Invalid user oguz from 103.67.78.51
Sep 29 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: input_userauth_request: invalid user oguz [preauth]
Sep 29 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Failed password for root from 162.144.236.216 port 37858 ssh2
Sep 29 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Connection closed by 162.144.236.216 port 37858 [preauth]
Sep 29 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: Failed password for invalid user oguz from 103.67.78.51 port 40876 ssh2
Sep 29 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: Received disconnect from 103.67.78.51 port 40876:11: Bye Bye [preauth]
Sep 29 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8107]: Disconnected from 103.67.78.51 port 40876 [preauth]
Sep 29 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Failed password for root from 162.144.236.216 port 45542 ssh2
Sep 29 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: Failed password for root from 185.255.90.135 port 59606 ssh2
Sep 29 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: Received disconnect from 185.255.90.135 port 59606:11: Bye Bye [preauth]
Sep 29 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8168]: Disconnected from 185.255.90.135 port 59606 [preauth]
Sep 29 08:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Connection closed by 162.144.236.216 port 45542 [preauth]
Sep 29 08:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Failed password for root from 162.144.236.216 port 52246 ssh2
Sep 29 08:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Connection closed by 162.144.236.216 port 52246 [preauth]
Sep 29 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session closed for user root
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8225]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: Successful su for rubyman by root
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: + ??? root:rubyman
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313791 of user rubyman.
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8302]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313791.
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Invalid user minecraft from 185.213.175.140
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Failed password for root from 162.144.236.216 port 59496 ssh2
Sep 29 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Failed password for invalid user minecraft from 185.213.175.140 port 50630 ssh2
Sep 29 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Received disconnect from 185.213.175.140 port 50630:11: Bye Bye [preauth]
Sep 29 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8271]: Disconnected from 185.213.175.140 port 50630 [preauth]
Sep 29 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8213]: Connection closed by 162.144.236.216 port 59496 [preauth]
Sep 29 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session closed for user root
Sep 29 08:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5071]: pam_unix(cron:session): session closed for user root
Sep 29 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8226]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Failed password for root from 162.144.236.216 port 38432 ssh2
Sep 29 08:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Connection closed by 162.144.236.216 port 38432 [preauth]
Sep 29 08:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: Failed password for root from 162.144.236.216 port 44398 ssh2
Sep 29 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: Connection closed by 162.144.236.216 port 44398 [preauth]
Sep 29 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Failed password for root from 162.144.236.216 port 50096 ssh2
Sep 29 08:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Connection closed by 162.144.236.216 port 50096 [preauth]
Sep 29 08:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Failed password for root from 162.144.236.216 port 56984 ssh2
Sep 29 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7240]: pam_unix(cron:session): session closed for user root
Sep 29 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Connection closed by 162.144.236.216 port 56984 [preauth]
Sep 29 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: Failed password for root from 162.144.236.216 port 34762 ssh2
Sep 29 08:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Invalid user git from 103.67.78.51
Sep 29 08:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: input_userauth_request: invalid user git [preauth]
Sep 29 08:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8677]: Connection closed by 162.144.236.216 port 34762 [preauth]
Sep 29 08:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Failed password for invalid user git from 103.67.78.51 port 43376 ssh2
Sep 29 08:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Received disconnect from 103.67.78.51 port 43376:11: Bye Bye [preauth]
Sep 29 08:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Disconnected from 103.67.78.51 port 43376 [preauth]
Sep 29 08:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Failed password for root from 185.255.90.135 port 46800 ssh2
Sep 29 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Received disconnect from 185.255.90.135 port 46800:11: Bye Bye [preauth]
Sep 29 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Disconnected from 185.255.90.135 port 46800 [preauth]
Sep 29 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Failed password for root from 162.144.236.216 port 42028 ssh2
Sep 29 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Connection closed by 162.144.236.216 port 42028 [preauth]
Sep 29 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Connection closed by 175.136.3.9 port 51965 [preauth]
Sep 29 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Failed password for root from 185.213.175.140 port 10244 ssh2
Sep 29 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Received disconnect from 185.213.175.140 port 10244:11: Bye Bye [preauth]
Sep 29 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Disconnected from 185.213.175.140 port 10244 [preauth]
Sep 29 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Failed password for root from 162.144.236.216 port 48548 ssh2
Sep 29 08:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Connection closed by 162.144.236.216 port 48548 [preauth]
Sep 29 08:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: Successful su for rubyman by root
Sep 29 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: + ??? root:rubyman
Sep 29 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313798 of user rubyman.
Sep 29 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313798.
Sep 29 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Failed password for root from 162.144.236.216 port 54342 ssh2
Sep 29 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5620]: pam_unix(cron:session): session closed for user root
Sep 29 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Connection closed by 162.144.236.216 port 54342 [preauth]
Sep 29 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9134]: Failed password for root from 162.144.236.216 port 60000 ssh2
Sep 29 08:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9134]: Connection closed by 162.144.236.216 port 60000 [preauth]
Sep 29 08:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Failed password for root from 162.144.236.216 port 39828 ssh2
Sep 29 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Connection closed by 162.144.236.216 port 39828 [preauth]
Sep 29 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Invalid user abbas from 103.159.132.217
Sep 29 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: input_userauth_request: invalid user abbas [preauth]
Sep 29 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 08:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Failed password for invalid user abbas from 103.159.132.217 port 37292 ssh2
Sep 29 08:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Received disconnect from 103.159.132.217 port 37292:11: Bye Bye [preauth]
Sep 29 08:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Disconnected from 103.159.132.217 port 37292 [preauth]
Sep 29 08:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Invalid user user from 80.94.95.112
Sep 29 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: input_userauth_request: invalid user user [preauth]
Sep 29 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 162.144.236.216 port 46464 ssh2
Sep 29 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Connection closed by 162.144.236.216 port 46464 [preauth]
Sep 29 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for invalid user user from 80.94.95.112 port 64465 ssh2
Sep 29 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session closed for user root
Sep 29 08:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for invalid user user from 80.94.95.112 port 64465 ssh2
Sep 29 08:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for invalid user user from 80.94.95.112 port 64465 ssh2
Sep 29 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for invalid user user from 80.94.95.112 port 64465 ssh2
Sep 29 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for root from 162.144.236.216 port 52968 ssh2
Sep 29 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Connection closed by 162.144.236.216 port 52968 [preauth]
Sep 29 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for invalid user user from 80.94.95.112 port 64465 ssh2
Sep 29 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Received disconnect from 80.94.95.112 port 64465:11: Bye [preauth]
Sep 29 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Disconnected from 80.94.95.112 port 64465 [preauth]
Sep 29 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: Failed password for root from 162.144.236.216 port 59506 ssh2
Sep 29 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9392]: Connection closed by 162.144.236.216 port 59506 [preauth]
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Invalid user test from 185.213.175.140
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: input_userauth_request: invalid user test [preauth]
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Failed password for invalid user test from 185.213.175.140 port 33906 ssh2
Sep 29 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Failed password for root from 185.255.90.135 port 57398 ssh2
Sep 29 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Received disconnect from 185.213.175.140 port 33906:11: Bye Bye [preauth]
Sep 29 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Disconnected from 185.213.175.140 port 33906 [preauth]
Sep 29 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Received disconnect from 185.255.90.135 port 57398:11: Bye Bye [preauth]
Sep 29 08:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Disconnected from 185.255.90.135 port 57398 [preauth]
Sep 29 08:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Failed password for root from 162.144.236.216 port 38460 ssh2
Sep 29 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Connection closed by 162.144.236.216 port 38460 [preauth]
Sep 29 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Failed password for root from 103.67.78.51 port 55456 ssh2
Sep 29 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Received disconnect from 103.67.78.51 port 55456:11: Bye Bye [preauth]
Sep 29 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Disconnected from 103.67.78.51 port 55456 [preauth]
Sep 29 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: Successful su for rubyman by root
Sep 29 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: + ??? root:rubyman
Sep 29 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313803 of user rubyman.
Sep 29 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313803.
Sep 29 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Failed password for root from 162.144.236.216 port 45560 ssh2
Sep 29 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6118]: pam_unix(cron:session): session closed for user root
Sep 29 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Connection closed by 162.144.236.216 port 45560 [preauth]
Sep 29 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Failed password for root from 162.144.236.216 port 51188 ssh2
Sep 29 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Connection closed by 162.144.236.216 port 51188 [preauth]
Sep 29 08:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Failed password for root from 162.144.236.216 port 57206 ssh2
Sep 29 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9868]: Connection closed by 162.144.236.216 port 57206 [preauth]
Sep 29 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Failed password for root from 162.144.236.216 port 35576 ssh2
Sep 29 08:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Connection closed by 162.144.236.216 port 35576 [preauth]
Sep 29 08:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: Invalid user admin from 78.128.112.74
Sep 29 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: input_userauth_request: invalid user admin [preauth]
Sep 29 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: Failed password for invalid user admin from 78.128.112.74 port 44504 ssh2
Sep 29 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9919]: Connection closed by 78.128.112.74 port 44504 [preauth]
Sep 29 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session closed for user root
Sep 29 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9918]: Failed password for root from 162.144.236.216 port 41666 ssh2
Sep 29 08:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Invalid user ops from 107.172.50.151
Sep 29 08:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: input_userauth_request: invalid user ops [preauth]
Sep 29 08:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9918]: Connection closed by 162.144.236.216 port 41666 [preauth]
Sep 29 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Failed password for invalid user ops from 107.172.50.151 port 34274 ssh2
Sep 29 08:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Received disconnect from 107.172.50.151 port 34274:11: Bye Bye [preauth]
Sep 29 08:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Disconnected from 107.172.50.151 port 34274 [preauth]
Sep 29 08:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Failed password for root from 162.144.236.216 port 49222 ssh2
Sep 29 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Invalid user lava from 185.213.175.140
Sep 29 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: input_userauth_request: invalid user lava [preauth]
Sep 29 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Connection closed by 162.144.236.216 port 49222 [preauth]
Sep 29 08:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for invalid user lava from 185.213.175.140 port 57550 ssh2
Sep 29 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Received disconnect from 185.213.175.140 port 57550:11: Bye Bye [preauth]
Sep 29 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Disconnected from 185.213.175.140 port 57550 [preauth]
Sep 29 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Failed password for root from 162.144.236.216 port 55354 ssh2
Sep 29 08:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Invalid user emc from 185.255.90.135
Sep 29 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: input_userauth_request: invalid user emc [preauth]
Sep 29 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 08:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Connection closed by 162.144.236.216 port 55354 [preauth]
Sep 29 08:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Failed password for invalid user emc from 185.255.90.135 port 60986 ssh2
Sep 29 08:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Received disconnect from 185.255.90.135 port 60986:11: Bye Bye [preauth]
Sep 29 08:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10020]: Disconnected from 185.255.90.135 port 60986 [preauth]
Sep 29 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10038]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10107]: Successful su for rubyman by root
Sep 29 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10107]: + ??? root:rubyman
Sep 29 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313806 of user rubyman.
Sep 29 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10107]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313806.
Sep 29 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Failed password for root from 162.144.236.216 port 35032 ssh2
Sep 29 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session closed for user root
Sep 29 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Connection closed by 162.144.236.216 port 35032 [preauth]
Sep 29 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10039]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Invalid user foundry from 103.67.78.51
Sep 29 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: input_userauth_request: invalid user foundry [preauth]
Sep 29 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for invalid user foundry from 103.67.78.51 port 51360 ssh2
Sep 29 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Received disconnect from 103.67.78.51 port 51360:11: Bye Bye [preauth]
Sep 29 08:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Disconnected from 103.67.78.51 port 51360 [preauth]
Sep 29 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Failed password for root from 162.144.236.216 port 40362 ssh2
Sep 29 08:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Connection closed by 162.144.236.216 port 40362 [preauth]
Sep 29 08:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user root
Sep 29 08:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Invalid user ops from 185.213.175.140
Sep 29 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: input_userauth_request: invalid user ops [preauth]
Sep 29 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: Failed password for root from 162.144.236.216 port 49270 ssh2
Sep 29 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for invalid user ops from 185.213.175.140 port 17232 ssh2
Sep 29 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Received disconnect from 185.213.175.140 port 17232:11: Bye Bye [preauth]
Sep 29 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Disconnected from 185.213.175.140 port 17232 [preauth]
Sep 29 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10406]: Connection closed by 162.144.236.216 port 49270 [preauth]
Sep 29 08:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Failed password for root from 162.144.236.216 port 59108 ssh2
Sep 29 08:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Connection closed by 162.144.236.216 port 59108 [preauth]
Sep 29 08:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Invalid user oracle from 185.255.90.135
Sep 29 08:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: input_userauth_request: invalid user oracle [preauth]
Sep 29 08:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Failed password for root from 162.144.236.216 port 38556 ssh2
Sep 29 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Failed password for invalid user oracle from 185.255.90.135 port 50644 ssh2
Sep 29 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Received disconnect from 185.255.90.135 port 50644:11: Bye Bye [preauth]
Sep 29 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10506]: Disconnected from 185.255.90.135 port 50644 [preauth]
Sep 29 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Connection closed by 162.144.236.216 port 38556 [preauth]
Sep 29 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session closed for user p13x
Sep 29 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10590]: Successful su for rubyman by root
Sep 29 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10590]: + ??? root:rubyman
Sep 29 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313810 of user rubyman.
Sep 29 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10590]: pam_unix(su:session): session closed for user rubyman
Sep 29 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313810.
Sep 29 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7239]: pam_unix(cron:session): session closed for user root
Sep 29 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Failed password for root from 162.144.236.216 port 43506 ssh2
Sep 29 08:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Connection closed by 162.144.236.216 port 43506 [preauth]
Sep 29 08:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10521]: pam_unix(cron:session): session closed for user samftp
Sep 29 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Failed password for root from 162.144.236.216 port 48970 ssh2
Sep 29 08:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Connection closed by 162.144.236.216 port 48970 [preauth]
Sep 29 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Invalid user temp from 103.67.78.51
Sep 29 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: input_userauth_request: invalid user temp [preauth]
Sep 29 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 08:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user temp from 103.67.78.51 port 36794 ssh2
Sep 29 08:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Received disconnect from 103.67.78.51 port 36794:11: Bye Bye [preauth]
Sep 29 08:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Disconnected from 103.67.78.51 port 36794 [preauth]
Sep 29 08:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 08:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: Failed password for root from 162.144.236.216 port 56202 ssh2
Sep 29 08:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: Connection closed by 162.144.236.216 port 56202 [preauth]
Sep 29 08:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 107.172.50.151 port 60466 ssh2
Sep 29 08:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Received disconnect from 107.172.50.151 port 60466:11: Bye Bye [preauth]
Sep 29 08:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Disconnected from 107.172.50.151 port 60466 [preauth]
Sep 29 08:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Failed password for root from 162.144.236.216 port 35700 ssh2
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Connection closed by 162.144.236.216 port 35700 [preauth]
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session closed for user root
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: Invalid user test from 103.159.132.217
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: input_userauth_request: invalid user test [preauth]
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 08:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: Failed password for invalid user test from 103.159.132.217 port 54860 ssh2
Sep 29 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: Received disconnect from 103.159.132.217 port 54860:11: Bye Bye [preauth]
Sep 29 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10883]: Disconnected from 103.159.132.217 port 54860 [preauth]
Sep 29 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for root from 185.213.175.140 port 40890 ssh2
Sep 29 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Received disconnect from 185.213.175.140 port 40890:11: Bye Bye [preauth]
Sep 29 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Disconnected from 185.213.175.140 port 40890 [preauth]
Sep 29 08:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: Failed password for root from 162.144.236.216 port 42770 ssh2
Sep 29 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10909]: Connection closed by 162.144.236.216 port 42770 [preauth]
Sep 29 08:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 29 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Failed password for root from 162.144.236.216 port 48668 ssh2
Sep 29 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Connection closed by 162.144.236.216 port 48668 [preauth]
Sep 29 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 46.101.170.54 port 38962 ssh2
Sep 29 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Connection closed by 46.101.170.54 port 38962 [preauth]
Sep 29 08:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Failed password for root from 162.144.236.216 port 57268 ssh2
Sep 29 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Connection closed by 162.144.236.216 port 57268 [preauth]
Sep 29 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Invalid user eis from 185.255.90.135
Sep 29 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: input_userauth_request: invalid user eis [preauth]
Sep 29 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10990]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user root
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10990]: pam_unix(cron:session): session closed for user root
Sep 29 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10988]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Failed password for invalid user eis from 185.255.90.135 port 47116 ssh2
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Received disconnect from 185.255.90.135 port 47116:11: Bye Bye [preauth]
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Disconnected from 185.255.90.135 port 47116 [preauth]
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11097]: Successful su for rubyman by root
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11097]: + ??? root:rubyman
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313817 of user rubyman.
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11097]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313817.
Sep 29 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session closed for user root
Sep 29 09:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session closed for user root
Sep 29 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Failed password for root from 162.144.236.216 port 35960 ssh2
Sep 29 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Connection closed by 162.144.236.216 port 35960 [preauth]
Sep 29 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10989]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: Failed password for root from 162.144.236.216 port 41108 ssh2
Sep 29 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11302]: Connection closed by 162.144.236.216 port 41108 [preauth]
Sep 29 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Failed password for root from 162.144.236.216 port 47088 ssh2
Sep 29 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Connection closed by 162.144.236.216 port 47088 [preauth]
Sep 29 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for root from 103.67.78.51 port 59006 ssh2
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Invalid user abbas from 185.213.175.140
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: input_userauth_request: invalid user abbas [preauth]
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Received disconnect from 103.67.78.51 port 59006:11: Bye Bye [preauth]
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Disconnected from 103.67.78.51 port 59006 [preauth]
Sep 29 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed password for root from 162.144.236.216 port 53588 ssh2
Sep 29 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Failed password for invalid user abbas from 185.213.175.140 port 64548 ssh2
Sep 29 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Received disconnect from 185.213.175.140 port 64548:11: Bye Bye [preauth]
Sep 29 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Disconnected from 185.213.175.140 port 64548 [preauth]
Sep 29 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Connection closed by 162.144.236.216 port 53588 [preauth]
Sep 29 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session closed for user root
Sep 29 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Failed password for root from 162.144.236.216 port 32812 ssh2
Sep 29 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Connection closed by 162.144.236.216 port 32812 [preauth]
Sep 29 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: Failed password for root from 162.144.236.216 port 37904 ssh2
Sep 29 09:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: Connection closed by 162.144.236.216 port 37904 [preauth]
Sep 29 09:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11503]: Failed password for root from 162.144.236.216 port 44522 ssh2
Sep 29 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11503]: Connection closed by 162.144.236.216 port 44522 [preauth]
Sep 29 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11605]: Successful su for rubyman by root
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11605]: + ??? root:rubyman
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313821 of user rubyman.
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11605]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313821.
Sep 29 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Failed password for root from 162.144.236.216 port 52032 ssh2
Sep 29 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Connection closed by 162.144.236.216 port 52032 [preauth]
Sep 29 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session closed for user root
Sep 29 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Invalid user estest from 185.255.90.135
Sep 29 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: input_userauth_request: invalid user estest [preauth]
Sep 29 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Failed password for invalid user estest from 185.255.90.135 port 50674 ssh2
Sep 29 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Received disconnect from 185.255.90.135 port 50674:11: Bye Bye [preauth]
Sep 29 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11913]: Disconnected from 185.255.90.135 port 50674 [preauth]
Sep 29 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Failed password for root from 162.144.236.216 port 58246 ssh2
Sep 29 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Connection closed by 162.144.236.216 port 58246 [preauth]
Sep 29 09:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: Failed password for root from 162.144.236.216 port 37286 ssh2
Sep 29 09:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11933]: Connection closed by 162.144.236.216 port 37286 [preauth]
Sep 29 09:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Failed password for root from 185.213.175.140 port 24206 ssh2
Sep 29 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Received disconnect from 185.213.175.140 port 24206:11: Bye Bye [preauth]
Sep 29 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Disconnected from 185.213.175.140 port 24206 [preauth]
Sep 29 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Failed password for root from 162.144.236.216 port 44330 ssh2
Sep 29 09:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Connection closed by 162.144.236.216 port 44330 [preauth]
Sep 29 09:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10523]: pam_unix(cron:session): session closed for user root
Sep 29 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Failed password for root from 162.144.236.216 port 51870 ssh2
Sep 29 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Connection closed by 162.144.236.216 port 51870 [preauth]
Sep 29 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Failed password for root from 103.67.78.51 port 42908 ssh2
Sep 29 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Received disconnect from 103.67.78.51 port 42908:11: Bye Bye [preauth]
Sep 29 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Disconnected from 103.67.78.51 port 42908 [preauth]
Sep 29 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Failed password for root from 162.144.236.216 port 57954 ssh2
Sep 29 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Connection closed by 162.144.236.216 port 57954 [preauth]
Sep 29 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Failed password for root from 162.144.236.216 port 37180 ssh2
Sep 29 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Connection closed by 162.144.236.216 port 37180 [preauth]
Sep 29 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: Successful su for rubyman by root
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: + ??? root:rubyman
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313825 of user rubyman.
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313825.
Sep 29 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Failed password for root from 162.144.236.216 port 43932 ssh2
Sep 29 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Connection closed by 162.144.236.216 port 43932 [preauth]
Sep 29 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user root
Sep 29 09:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Connection closed by 175.136.3.9 port 52002 [preauth]
Sep 29 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Failed password for root from 162.144.236.216 port 49966 ssh2
Sep 29 09:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Connection closed by 162.144.236.216 port 49966 [preauth]
Sep 29 09:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Invalid user ceshi from 185.213.175.140
Sep 29 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: input_userauth_request: invalid user ceshi [preauth]
Sep 29 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Failed password for invalid user ceshi from 185.213.175.140 port 47876 ssh2
Sep 29 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Received disconnect from 185.213.175.140 port 47876:11: Bye Bye [preauth]
Sep 29 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Disconnected from 185.213.175.140 port 47876 [preauth]
Sep 29 09:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Failed password for root from 162.144.236.216 port 55832 ssh2
Sep 29 09:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Connection closed by 162.144.236.216 port 55832 [preauth]
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Invalid user matic from 185.255.90.135
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: input_userauth_request: invalid user matic [preauth]
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Invalid user video from 222.107.251.147
Sep 29 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: input_userauth_request: invalid user video [preauth]
Sep 29 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Failed password for invalid user matic from 185.255.90.135 port 53950 ssh2
Sep 29 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Received disconnect from 185.255.90.135 port 53950:11: Bye Bye [preauth]
Sep 29 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Disconnected from 185.255.90.135 port 53950 [preauth]
Sep 29 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Failed password for invalid user video from 222.107.251.147 port 20703 ssh2
Sep 29 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Received disconnect from 222.107.251.147 port 20703:11: Bye Bye [preauth]
Sep 29 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Disconnected from 222.107.251.147 port 20703 [preauth]
Sep 29 09:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for root from 103.159.132.217 port 49780 ssh2
Sep 29 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Failed password for root from 162.144.236.216 port 33240 ssh2
Sep 29 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Received disconnect from 103.159.132.217 port 49780:11: Bye Bye [preauth]
Sep 29 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Disconnected from 103.159.132.217 port 49780 [preauth]
Sep 29 09:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Connection closed by 162.144.236.216 port 33240 [preauth]
Sep 29 09:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Invalid user minecraft from 45.190.24.67
Sep 29 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Failed password for invalid user minecraft from 45.190.24.67 port 34134 ssh2
Sep 29 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Received disconnect from 45.190.24.67 port 34134:11: Bye Bye [preauth]
Sep 29 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Disconnected from 45.190.24.67 port 34134 [preauth]
Sep 29 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session closed for user root
Sep 29 09:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Failed password for root from 162.144.236.216 port 39644 ssh2
Sep 29 09:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12447]: Connection closed by 162.144.236.216 port 39644 [preauth]
Sep 29 09:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Failed password for root from 162.144.236.216 port 47748 ssh2
Sep 29 09:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Connection closed by 162.144.236.216 port 47748 [preauth]
Sep 29 09:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12529]: Failed password for root from 107.172.50.151 port 33754 ssh2
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12529]: Received disconnect from 107.172.50.151 port 33754:11: Bye Bye [preauth]
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12529]: Disconnected from 107.172.50.151 port 33754 [preauth]
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Invalid user minecraft from 103.67.78.51
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Failed password for invalid user minecraft from 103.67.78.51 port 39118 ssh2
Sep 29 09:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Received disconnect from 103.67.78.51 port 39118:11: Bye Bye [preauth]
Sep 29 09:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Disconnected from 103.67.78.51 port 39118 [preauth]
Sep 29 09:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Failed password for root from 162.144.236.216 port 53670 ssh2
Sep 29 09:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Connection closed by 162.144.236.216 port 53670 [preauth]
Sep 29 09:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12624]: Successful su for rubyman by root
Sep 29 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12624]: + ??? root:rubyman
Sep 29 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313830 of user rubyman.
Sep 29 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12624]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313830.
Sep 29 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session closed for user root
Sep 29 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Failed password for root from 185.213.175.140 port 7468 ssh2
Sep 29 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Received disconnect from 185.213.175.140 port 7468:11: Bye Bye [preauth]
Sep 29 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Disconnected from 185.213.175.140 port 7468 [preauth]
Sep 29 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Failed password for root from 162.144.236.216 port 32790 ssh2
Sep 29 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Connection closed by 162.144.236.216 port 32790 [preauth]
Sep 29 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Invalid user dev from 49.206.243.162
Sep 29 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: input_userauth_request: invalid user dev [preauth]
Sep 29 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.206.243.162
Sep 29 09:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Failed password for invalid user dev from 49.206.243.162 port 62934 ssh2
Sep 29 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Received disconnect from 49.206.243.162 port 62934:11: Bye Bye [preauth]
Sep 29 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Disconnected from 49.206.243.162 port 62934 [preauth]
Sep 29 09:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Failed password for root from 162.144.236.216 port 39298 ssh2
Sep 29 09:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Connection closed by 162.144.236.216 port 39298 [preauth]
Sep 29 09:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Invalid user caldera from 185.255.90.135
Sep 29 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: input_userauth_request: invalid user caldera [preauth]
Sep 29 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session closed for user root
Sep 29 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for invalid user caldera from 185.255.90.135 port 57558 ssh2
Sep 29 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Received disconnect from 185.255.90.135 port 57558:11: Bye Bye [preauth]
Sep 29 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Disconnected from 185.255.90.135 port 57558 [preauth]
Sep 29 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: Failed password for root from 162.144.236.216 port 44460 ssh2
Sep 29 09:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12916]: Connection closed by 162.144.236.216 port 44460 [preauth]
Sep 29 09:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Failed password for root from 162.144.236.216 port 53956 ssh2
Sep 29 09:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Connection closed by 162.144.236.216 port 53956 [preauth]
Sep 29 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Failed password for root from 162.144.236.216 port 60992 ssh2
Sep 29 09:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Connection closed by 162.144.236.216 port 60992 [preauth]
Sep 29 09:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: Successful su for rubyman by root
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: + ??? root:rubyman
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313832 of user rubyman.
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313832.
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Invalid user mssql from 185.213.175.140
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: input_userauth_request: invalid user mssql [preauth]
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Failed password for root from 162.144.236.216 port 38676 ssh2
Sep 29 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Failed password for invalid user mssql from 185.213.175.140 port 31108 ssh2
Sep 29 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Received disconnect from 185.213.175.140 port 31108:11: Bye Bye [preauth]
Sep 29 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Disconnected from 185.213.175.140 port 31108 [preauth]
Sep 29 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Connection closed by 162.144.236.216 port 38676 [preauth]
Sep 29 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10040]: pam_unix(cron:session): session closed for user root
Sep 29 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13038]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Invalid user salim from 103.67.78.51
Sep 29 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: input_userauth_request: invalid user salim [preauth]
Sep 29 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: Failed password for root from 162.144.236.216 port 45440 ssh2
Sep 29 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Failed password for invalid user salim from 103.67.78.51 port 60612 ssh2
Sep 29 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: Connection closed by 162.144.236.216 port 45440 [preauth]
Sep 29 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Received disconnect from 103.67.78.51 port 60612:11: Bye Bye [preauth]
Sep 29 09:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13316]: Disconnected from 103.67.78.51 port 60612 [preauth]
Sep 29 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Failed password for root from 162.144.236.216 port 51084 ssh2
Sep 29 09:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Connection closed by 162.144.236.216 port 51084 [preauth]
Sep 29 09:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Failed password for root from 162.144.236.216 port 57248 ssh2
Sep 29 09:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Connection closed by 162.144.236.216 port 57248 [preauth]
Sep 29 09:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session closed for user root
Sep 29 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Failed password for root from 107.172.50.151 port 42658 ssh2
Sep 29 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Received disconnect from 107.172.50.151 port 42658:11: Bye Bye [preauth]
Sep 29 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Disconnected from 107.172.50.151 port 42658 [preauth]
Sep 29 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Failed password for root from 162.144.236.216 port 36562 ssh2
Sep 29 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Connection closed by 162.144.236.216 port 36562 [preauth]
Sep 29 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Failed password for root from 185.255.90.135 port 57202 ssh2
Sep 29 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Received disconnect from 185.255.90.135 port 57202:11: Bye Bye [preauth]
Sep 29 09:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Disconnected from 185.255.90.135 port 57202 [preauth]
Sep 29 09:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for root from 162.144.236.216 port 43394 ssh2
Sep 29 09:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Connection closed by 162.144.236.216 port 43394 [preauth]
Sep 29 09:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Failed password for root from 162.144.236.216 port 49398 ssh2
Sep 29 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13464]: Connection closed by 162.144.236.216 port 49398 [preauth]
Sep 29 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Invalid user sdn from 185.213.175.140
Sep 29 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: input_userauth_request: invalid user sdn [preauth]
Sep 29 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Failed password for invalid user sdn from 185.213.175.140 port 54680 ssh2
Sep 29 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Received disconnect from 185.213.175.140 port 54680:11: Bye Bye [preauth]
Sep 29 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Disconnected from 185.213.175.140 port 54680 [preauth]
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13503]: pam_unix(cron:session): session closed for user root
Sep 29 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13497]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13573]: Successful su for rubyman by root
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13573]: + ??? root:rubyman
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313836 of user rubyman.
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13573]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313836.
Sep 29 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Failed password for root from 162.144.236.216 port 55518 ssh2
Sep 29 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Connection closed by 162.144.236.216 port 55518 [preauth]
Sep 29 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10522]: pam_unix(cron:session): session closed for user root
Sep 29 09:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13499]: pam_unix(cron:session): session closed for user root
Sep 29 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13498]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: Failed password for root from 162.144.236.216 port 36002 ssh2
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: Invalid user ops from 103.159.132.217
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: input_userauth_request: invalid user ops [preauth]
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13674]: Connection closed by 162.144.236.216 port 36002 [preauth]
Sep 29 09:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: Failed password for invalid user ops from 103.159.132.217 port 44322 ssh2
Sep 29 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: Received disconnect from 103.159.132.217 port 44322:11: Bye Bye [preauth]
Sep 29 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13815]: Disconnected from 103.159.132.217 port 44322 [preauth]
Sep 29 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Failed password for root from 162.144.236.216 port 42420 ssh2
Sep 29 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Connection closed by 162.144.236.216 port 42420 [preauth]
Sep 29 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Invalid user liyang from 222.107.251.147
Sep 29 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: input_userauth_request: invalid user liyang [preauth]
Sep 29 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Invalid user caja2 from 103.67.78.51
Sep 29 09:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: input_userauth_request: invalid user caja2 [preauth]
Sep 29 09:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Failed password for invalid user caja2 from 103.67.78.51 port 41098 ssh2
Sep 29 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Failed password for invalid user liyang from 222.107.251.147 port 44033 ssh2
Sep 29 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Received disconnect from 222.107.251.147 port 44033:11: Bye Bye [preauth]
Sep 29 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13841]: Disconnected from 222.107.251.147 port 44033 [preauth]
Sep 29 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Received disconnect from 103.67.78.51 port 41098:11: Bye Bye [preauth]
Sep 29 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13843]: Disconnected from 103.67.78.51 port 41098 [preauth]
Sep 29 09:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: Failed password for root from 162.144.236.216 port 48560 ssh2
Sep 29 09:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: Connection closed by 162.144.236.216 port 48560 [preauth]
Sep 29 09:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user root
Sep 29 09:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for root from 162.144.236.216 port 55964 ssh2
Sep 29 09:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Connection closed by 162.144.236.216 port 55964 [preauth]
Sep 29 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Received disconnect from 80.94.93.176 port 53160:11:  [preauth]
Sep 29 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Disconnected from 80.94.93.176 port 53160 [preauth]
Sep 29 09:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for root from 162.144.236.216 port 33098 ssh2
Sep 29 09:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Invalid user mass from 45.190.24.67
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: input_userauth_request: invalid user mass [preauth]
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Connection closed by 162.144.236.216 port 33098 [preauth]
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Failed password for invalid user mass from 45.190.24.67 port 50934 ssh2
Sep 29 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Received disconnect from 45.190.24.67 port 50934:11: Bye Bye [preauth]
Sep 29 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Disconnected from 45.190.24.67 port 50934 [preauth]
Sep 29 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13929]: Failed password for root from 185.255.90.135 port 42422 ssh2
Sep 29 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13929]: Received disconnect from 185.255.90.135 port 42422:11: Bye Bye [preauth]
Sep 29 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13929]: Disconnected from 185.255.90.135 port 42422 [preauth]
Sep 29 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Failed password for root from 185.213.175.140 port 14364 ssh2
Sep 29 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Received disconnect from 185.213.175.140 port 14364:11: Bye Bye [preauth]
Sep 29 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Disconnected from 185.213.175.140 port 14364 [preauth]
Sep 29 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: Failed password for root from 162.144.236.216 port 39542 ssh2
Sep 29 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: Connection closed by 162.144.236.216 port 39542 [preauth]
Sep 29 09:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Failed password for root from 162.144.236.216 port 46834 ssh2
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13987]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14150]: Successful su for rubyman by root
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14150]: + ??? root:rubyman
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313843 of user rubyman.
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14150]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313843.
Sep 29 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Connection closed by 162.144.236.216 port 46834 [preauth]
Sep 29 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session closed for user root
Sep 29 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13986]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Failed password for root from 162.144.236.216 port 54632 ssh2
Sep 29 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Invalid user lava from 107.172.50.151
Sep 29 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: input_userauth_request: invalid user lava [preauth]
Sep 29 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Connection closed by 162.144.236.216 port 54632 [preauth]
Sep 29 09:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Failed password for invalid user lava from 107.172.50.151 port 42822 ssh2
Sep 29 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Received disconnect from 107.172.50.151 port 42822:11: Bye Bye [preauth]
Sep 29 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Disconnected from 107.172.50.151 port 42822 [preauth]
Sep 29 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Failed password for root from 162.144.236.216 port 60520 ssh2
Sep 29 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14358]: Connection closed by 162.144.236.216 port 60520 [preauth]
Sep 29 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Invalid user eis from 103.67.78.51
Sep 29 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: input_userauth_request: invalid user eis [preauth]
Sep 29 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Failed password for root from 162.144.236.216 port 40388 ssh2
Sep 29 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Failed password for invalid user eis from 103.67.78.51 port 32976 ssh2
Sep 29 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Received disconnect from 103.67.78.51 port 32976:11: Bye Bye [preauth]
Sep 29 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Disconnected from 103.67.78.51 port 32976 [preauth]
Sep 29 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Connection closed by 162.144.236.216 port 40388 [preauth]
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Invalid user admin from 93.152.230.176
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: input_userauth_request: invalid user admin [preauth]
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Invalid user qiyuesuo from 222.107.251.147
Sep 29 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: input_userauth_request: invalid user qiyuesuo [preauth]
Sep 29 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Failed password for root from 164.68.105.9 port 56008 ssh2
Sep 29 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Failed password for invalid user admin from 93.152.230.176 port 40693 ssh2
Sep 29 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Received disconnect from 93.152.230.176 port 40693:11: Client disconnecting normally [preauth]
Sep 29 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Disconnected from 93.152.230.176 port 40693 [preauth]
Sep 29 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14417]: Connection closed by 164.68.105.9 port 56008 [preauth]
Sep 29 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Failed password for invalid user qiyuesuo from 222.107.251.147 port 62630 ssh2
Sep 29 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Received disconnect from 222.107.251.147 port 62630:11: Bye Bye [preauth]
Sep 29 09:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Disconnected from 222.107.251.147 port 62630 [preauth]
Sep 29 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13040]: pam_unix(cron:session): session closed for user root
Sep 29 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Failed password for root from 162.144.236.216 port 47170 ssh2
Sep 29 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14419]: Connection closed by 162.144.236.216 port 47170 [preauth]
Sep 29 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Invalid user anas from 185.213.175.140
Sep 29 09:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: input_userauth_request: invalid user anas [preauth]
Sep 29 09:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Failed password for invalid user anas from 185.213.175.140 port 38016 ssh2
Sep 29 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Received disconnect from 185.213.175.140 port 38016:11: Bye Bye [preauth]
Sep 29 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Disconnected from 185.213.175.140 port 38016 [preauth]
Sep 29 09:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Failed password for root from 162.144.236.216 port 54380 ssh2
Sep 29 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Connection closed by 162.144.236.216 port 54380 [preauth]
Sep 29 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Invalid user proxyuser from 185.255.90.135
Sep 29 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: input_userauth_request: invalid user proxyuser [preauth]
Sep 29 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Failed password for invalid user proxyuser from 185.255.90.135 port 40682 ssh2
Sep 29 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Received disconnect from 185.255.90.135 port 40682:11: Bye Bye [preauth]
Sep 29 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Disconnected from 185.255.90.135 port 40682 [preauth]
Sep 29 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Failed password for root from 45.190.24.67 port 46258 ssh2
Sep 29 09:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Received disconnect from 45.190.24.67 port 46258:11: Bye Bye [preauth]
Sep 29 09:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Disconnected from 45.190.24.67 port 46258 [preauth]
Sep 29 09:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Failed password for root from 162.144.236.216 port 33498 ssh2
Sep 29 09:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14492]: Connection closed by 162.144.236.216 port 33498 [preauth]
Sep 29 09:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: Failed password for root from 162.144.236.216 port 39156 ssh2
Sep 29 09:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: Connection closed by 162.144.236.216 port 39156 [preauth]
Sep 29 09:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: Successful su for rubyman by root
Sep 29 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: + ??? root:rubyman
Sep 29 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313846 of user rubyman.
Sep 29 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313846.
Sep 29 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session closed for user root
Sep 29 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: Failed password for root from 162.144.236.216 port 45054 ssh2
Sep 29 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: Connection closed by 162.144.236.216 port 45054 [preauth]
Sep 29 09:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: Failed password for root from 162.144.236.216 port 50916 ssh2
Sep 29 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14791]: Connection closed by 162.144.236.216 port 50916 [preauth]
Sep 29 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for root from 162.144.236.216 port 57664 ssh2
Sep 29 09:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Connection closed by 162.144.236.216 port 57664 [preauth]
Sep 29 09:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14838]: Failed password for root from 162.144.236.216 port 34890 ssh2
Sep 29 09:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14838]: Connection closed by 162.144.236.216 port 34890 [preauth]
Sep 29 09:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Invalid user master from 185.213.175.140
Sep 29 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: input_userauth_request: invalid user master [preauth]
Sep 29 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Failed password for invalid user master from 185.213.175.140 port 61672 ssh2
Sep 29 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Received disconnect from 185.213.175.140 port 61672:11: Bye Bye [preauth]
Sep 29 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: Disconnected from 185.213.175.140 port 61672 [preauth]
Sep 29 09:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session closed for user root
Sep 29 09:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Failed password for root from 103.67.78.51 port 51532 ssh2
Sep 29 09:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Received disconnect from 103.67.78.51 port 51532:11: Bye Bye [preauth]
Sep 29 09:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Disconnected from 103.67.78.51 port 51532 [preauth]
Sep 29 09:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Failed password for root from 162.144.236.216 port 42962 ssh2
Sep 29 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: Connection closed by 162.144.236.216 port 42962 [preauth]
Sep 29 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Failed password for root from 162.144.236.216 port 50716 ssh2
Sep 29 09:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Connection closed by 162.144.236.216 port 50716 [preauth]
Sep 29 09:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Invalid user user from 107.172.50.151
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: input_userauth_request: invalid user user [preauth]
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Invalid user ftp_client from 185.255.90.135
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: input_userauth_request: invalid user ftp_client [preauth]
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Failed password for invalid user user from 107.172.50.151 port 60748 ssh2
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Received disconnect from 107.172.50.151 port 60748:11: Bye Bye [preauth]
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Disconnected from 107.172.50.151 port 60748 [preauth]
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Failed password for invalid user ftp_client from 185.255.90.135 port 44410 ssh2
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Received disconnect from 185.255.90.135 port 44410:11: Bye Bye [preauth]
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14945]: Disconnected from 185.255.90.135 port 44410 [preauth]
Sep 29 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: Failed password for root from 162.144.236.216 port 57056 ssh2
Sep 29 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14944]: Connection closed by 162.144.236.216 port 57056 [preauth]
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Failed password for root from 103.159.132.217 port 53970 ssh2
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Invalid user juliana from 45.190.24.67
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: input_userauth_request: invalid user juliana [preauth]
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Received disconnect from 103.159.132.217 port 53970:11: Bye Bye [preauth]
Sep 29 09:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Disconnected from 103.159.132.217 port 53970 [preauth]
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15043]: Successful su for rubyman by root
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15043]: + ??? root:rubyman
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313851 of user rubyman.
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15043]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313851.
Sep 29 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Failed password for invalid user juliana from 45.190.24.67 port 41580 ssh2
Sep 29 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Received disconnect from 45.190.24.67 port 41580:11: Bye Bye [preauth]
Sep 29 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Disconnected from 45.190.24.67 port 41580 [preauth]
Sep 29 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user root
Sep 29 09:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: Failed password for root from 162.144.236.216 port 35884 ssh2
Sep 29 09:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: Connection closed by 162.144.236.216 port 35884 [preauth]
Sep 29 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Invalid user testtest from 222.107.251.147
Sep 29 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: input_userauth_request: invalid user testtest [preauth]
Sep 29 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Failed password for invalid user testtest from 222.107.251.147 port 18281 ssh2
Sep 29 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Received disconnect from 222.107.251.147 port 18281:11: Bye Bye [preauth]
Sep 29 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Disconnected from 222.107.251.147 port 18281 [preauth]
Sep 29 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Failed password for root from 162.144.236.216 port 42954 ssh2
Sep 29 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Connection closed by 162.144.236.216 port 42954 [preauth]
Sep 29 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Invalid user jordi from 185.213.175.140
Sep 29 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: input_userauth_request: invalid user jordi [preauth]
Sep 29 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: Did not receive identification string from 162.144.236.216
Sep 29 09:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Failed password for invalid user jordi from 185.213.175.140 port 21338 ssh2
Sep 29 09:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Received disconnect from 185.213.175.140 port 21338:11: Bye Bye [preauth]
Sep 29 09:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Disconnected from 185.213.175.140 port 21338 [preauth]
Sep 29 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session closed for user root
Sep 29 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: Failed password for root from 162.144.236.216 port 51768 ssh2
Sep 29 09:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15312]: Connection closed by 162.144.236.216 port 51768 [preauth]
Sep 29 09:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Failed password for root from 103.67.78.51 port 50812 ssh2
Sep 29 09:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Received disconnect from 103.67.78.51 port 50812:11: Bye Bye [preauth]
Sep 29 09:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Disconnected from 103.67.78.51 port 50812 [preauth]
Sep 29 09:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Failed password for root from 162.144.236.216 port 57598 ssh2
Sep 29 09:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Connection closed by 162.144.236.216 port 57598 [preauth]
Sep 29 09:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Invalid user test from 185.255.90.135
Sep 29 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: input_userauth_request: invalid user test [preauth]
Sep 29 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15423]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15418]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15420]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Failed password for invalid user test from 185.255.90.135 port 58024 ssh2
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Received disconnect from 185.255.90.135 port 58024:11: Bye Bye [preauth]
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15416]: Disconnected from 185.255.90.135 port 58024 [preauth]
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Failed password for root from 162.144.236.216 port 37634 ssh2
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: Successful su for rubyman by root
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: + ??? root:rubyman
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313856 of user rubyman.
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313856.
Sep 29 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15418]: pam_unix(cron:session): session closed for user root
Sep 29 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Connection closed by 162.144.236.216 port 37634 [preauth]
Sep 29 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user root
Sep 29 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Invalid user sbot from 45.190.24.67
Sep 29 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: input_userauth_request: invalid user sbot [preauth]
Sep 29 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Failed password for root from 162.144.236.216 port 44516 ssh2
Sep 29 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Failed password for invalid user sbot from 45.190.24.67 port 36886 ssh2
Sep 29 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Connection closed by 162.144.236.216 port 44516 [preauth]
Sep 29 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Received disconnect from 45.190.24.67 port 36886:11: Bye Bye [preauth]
Sep 29 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15764]: Disconnected from 45.190.24.67 port 36886 [preauth]
Sep 29 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Invalid user antonia from 222.107.251.147
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: input_userauth_request: invalid user antonia [preauth]
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Failed password for root from 162.144.236.216 port 50466 ssh2
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Invalid user bing from 185.213.175.140
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: input_userauth_request: invalid user bing [preauth]
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: Connection closed by 162.144.236.216 port 50466 [preauth]
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Failed password for invalid user antonia from 222.107.251.147 port 35889 ssh2
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Received disconnect from 222.107.251.147 port 35889:11: Bye Bye [preauth]
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15813]: Disconnected from 222.107.251.147 port 35889 [preauth]
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Failed password for invalid user bing from 185.213.175.140 port 44994 ssh2
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Received disconnect from 185.213.175.140 port 44994:11: Bye Bye [preauth]
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15825]: Disconnected from 185.213.175.140 port 44994 [preauth]
Sep 29 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14532]: pam_unix(cron:session): session closed for user root
Sep 29 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Invalid user oguz from 107.172.50.151
Sep 29 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: input_userauth_request: invalid user oguz [preauth]
Sep 29 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15829]: Failed password for root from 162.144.236.216 port 57574 ssh2
Sep 29 09:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Failed password for invalid user oguz from 107.172.50.151 port 34200 ssh2
Sep 29 09:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Received disconnect from 107.172.50.151 port 34200:11: Bye Bye [preauth]
Sep 29 09:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Disconnected from 107.172.50.151 port 34200 [preauth]
Sep 29 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15829]: Connection closed by 162.144.236.216 port 57574 [preauth]
Sep 29 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Failed password for root from 162.144.236.216 port 37536 ssh2
Sep 29 09:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Connection closed by 162.144.236.216 port 37536 [preauth]
Sep 29 09:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: Invalid user bot2 from 103.67.78.51
Sep 29 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: input_userauth_request: invalid user bot2 [preauth]
Sep 29 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15951]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: Failed password for invalid user bot2 from 103.67.78.51 port 40398 ssh2
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: Received disconnect from 103.67.78.51 port 40398:11: Bye Bye [preauth]
Sep 29 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: Disconnected from 103.67.78.51 port 40398 [preauth]
Sep 29 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16031]: Successful su for rubyman by root
Sep 29 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16031]: + ??? root:rubyman
Sep 29 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313862 of user rubyman.
Sep 29 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16031]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313862.
Sep 29 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Failed password for root from 162.144.236.216 port 43272 ssh2
Sep 29 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Connection closed by 162.144.236.216 port 43272 [preauth]
Sep 29 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session closed for user root
Sep 29 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13039]: pam_unix(cron:session): session closed for user root
Sep 29 09:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Invalid user foundry from 185.255.90.135
Sep 29 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: input_userauth_request: invalid user foundry [preauth]
Sep 29 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15952]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Failed password for root from 162.144.236.216 port 50224 ssh2
Sep 29 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Failed password for invalid user foundry from 185.255.90.135 port 36748 ssh2
Sep 29 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Received disconnect from 185.255.90.135 port 36748:11: Bye Bye [preauth]
Sep 29 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: Disconnected from 185.255.90.135 port 36748 [preauth]
Sep 29 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Connection closed by 162.144.236.216 port 50224 [preauth]
Sep 29 09:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Invalid user tina from 45.190.24.67
Sep 29 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: input_userauth_request: invalid user tina [preauth]
Sep 29 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Failed password for root from 162.144.236.216 port 57084 ssh2
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Connection closed by 162.144.236.216 port 57084 [preauth]
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Invalid user userr from 185.213.175.140
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: input_userauth_request: invalid user userr [preauth]
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user tina from 45.190.24.67 port 60432 ssh2
Sep 29 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Received disconnect from 45.190.24.67 port 60432:11: Bye Bye [preauth]
Sep 29 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Disconnected from 45.190.24.67 port 60432 [preauth]
Sep 29 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Failed password for invalid user userr from 185.213.175.140 port 4666 ssh2
Sep 29 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Received disconnect from 185.213.175.140 port 4666:11: Bye Bye [preauth]
Sep 29 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Disconnected from 185.213.175.140 port 4666 [preauth]
Sep 29 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Failed password for root from 162.144.236.216 port 33644 ssh2
Sep 29 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16298]: Connection closed by 162.144.236.216 port 33644 [preauth]
Sep 29 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Invalid user foundry from 222.107.251.147
Sep 29 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: input_userauth_request: invalid user foundry [preauth]
Sep 29 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Failed password for root from 162.144.236.216 port 39016 ssh2
Sep 29 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Failed password for invalid user foundry from 222.107.251.147 port 55269 ssh2
Sep 29 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Received disconnect from 222.107.251.147 port 55269:11: Bye Bye [preauth]
Sep 29 09:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Disconnected from 222.107.251.147 port 55269 [preauth]
Sep 29 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16311]: Connection closed by 162.144.236.216 port 39016 [preauth]
Sep 29 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session closed for user root
Sep 29 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Failed password for root from 162.144.236.216 port 45196 ssh2
Sep 29 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Connection closed by 162.144.236.216 port 45196 [preauth]
Sep 29 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Failed password for root from 162.144.236.216 port 51478 ssh2
Sep 29 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Connection closed by 162.144.236.216 port 51478 [preauth]
Sep 29 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Invalid user uftp from 103.159.132.217
Sep 29 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: input_userauth_request: invalid user uftp [preauth]
Sep 29 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Failed password for invalid user uftp from 103.159.132.217 port 60622 ssh2
Sep 29 09:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Received disconnect from 103.159.132.217 port 60622:11: Bye Bye [preauth]
Sep 29 09:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16421]: Disconnected from 103.159.132.217 port 60622 [preauth]
Sep 29 09:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for root from 162.144.236.216 port 59462 ssh2
Sep 29 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16448]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16449]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16519]: Successful su for rubyman by root
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16519]: + ??? root:rubyman
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313866 of user rubyman.
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16519]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313866.
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Connection closed by 162.144.236.216 port 59462 [preauth]
Sep 29 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13500]: pam_unix(cron:session): session closed for user root
Sep 29 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16447]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Failed password for root from 162.144.236.216 port 40706 ssh2
Sep 29 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Connection closed by 162.144.236.216 port 40706 [preauth]
Sep 29 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Invalid user ftp_client from 103.67.78.51
Sep 29 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: input_userauth_request: invalid user ftp_client [preauth]
Sep 29 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Failed password for invalid user ftp_client from 103.67.78.51 port 60924 ssh2
Sep 29 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Received disconnect from 103.67.78.51 port 60924:11: Bye Bye [preauth]
Sep 29 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Disconnected from 103.67.78.51 port 60924 [preauth]
Sep 29 09:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Invalid user sammy from 185.213.175.140
Sep 29 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: input_userauth_request: invalid user sammy [preauth]
Sep 29 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Invalid user deployer from 185.255.90.135
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: input_userauth_request: invalid user deployer [preauth]
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Invalid user anas from 107.172.50.151
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: input_userauth_request: invalid user anas [preauth]
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Failed password for invalid user sammy from 185.213.175.140 port 28342 ssh2
Sep 29 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Received disconnect from 185.213.175.140 port 28342:11: Bye Bye [preauth]
Sep 29 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16751]: Disconnected from 185.213.175.140 port 28342 [preauth]
Sep 29 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Failed password for invalid user deployer from 185.255.90.135 port 43040 ssh2
Sep 29 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Failed password for invalid user anas from 107.172.50.151 port 34332 ssh2
Sep 29 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Received disconnect from 107.172.50.151 port 34332:11: Bye Bye [preauth]
Sep 29 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Disconnected from 107.172.50.151 port 34332 [preauth]
Sep 29 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Received disconnect from 185.255.90.135 port 43040:11: Bye Bye [preauth]
Sep 29 09:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Disconnected from 185.255.90.135 port 43040 [preauth]
Sep 29 09:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Failed password for root from 162.144.236.216 port 47060 ssh2
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Connection closed by 162.144.236.216 port 47060 [preauth]
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Invalid user coco from 45.190.24.67
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: input_userauth_request: invalid user coco [preauth]
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Failed password for invalid user coco from 45.190.24.67 port 55728 ssh2
Sep 29 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Received disconnect from 45.190.24.67 port 55728:11: Bye Bye [preauth]
Sep 29 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16792]: Disconnected from 45.190.24.67 port 55728 [preauth]
Sep 29 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15423]: pam_unix(cron:session): session closed for user root
Sep 29 09:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Failed password for root from 162.144.236.216 port 54516 ssh2
Sep 29 09:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Connection closed by 162.144.236.216 port 54516 [preauth]
Sep 29 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Failed password for root from 222.107.251.147 port 6715 ssh2
Sep 29 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Received disconnect from 222.107.251.147 port 6715:11: Bye Bye [preauth]
Sep 29 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Disconnected from 222.107.251.147 port 6715 [preauth]
Sep 29 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Failed password for root from 162.144.236.216 port 59830 ssh2
Sep 29 09:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Connection closed by 162.144.236.216 port 59830 [preauth]
Sep 29 09:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: Failed password for root from 162.144.236.216 port 39164 ssh2
Sep 29 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16906]: Connection closed by 162.144.236.216 port 39164 [preauth]
Sep 29 09:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16922]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16920]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: Successful su for rubyman by root
Sep 29 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: + ??? root:rubyman
Sep 29 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313871 of user rubyman.
Sep 29 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313871.
Sep 29 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13987]: pam_unix(cron:session): session closed for user root
Sep 29 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Invalid user admin from 62.60.131.157
Sep 29 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: input_userauth_request: invalid user admin [preauth]
Sep 29 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Failed password for root from 162.144.236.216 port 44564 ssh2
Sep 29 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for invalid user admin from 62.60.131.157 port 63151 ssh2
Sep 29 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Connection closed by 162.144.236.216 port 44564 [preauth]
Sep 29 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16921]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for invalid user admin from 62.60.131.157 port 63151 ssh2
Sep 29 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for root from 185.213.175.140 port 51908 ssh2
Sep 29 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Received disconnect from 185.213.175.140 port 51908:11: Bye Bye [preauth]
Sep 29 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Disconnected from 185.213.175.140 port 51908 [preauth]
Sep 29 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for invalid user admin from 62.60.131.157 port 63151 ssh2
Sep 29 09:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Failed password for root from 162.144.236.216 port 51206 ssh2
Sep 29 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for invalid user admin from 62.60.131.157 port 63151 ssh2
Sep 29 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Connection closed by 162.144.236.216 port 51206 [preauth]
Sep 29 09:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for invalid user admin from 62.60.131.157 port 63151 ssh2
Sep 29 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Received disconnect from 62.60.131.157 port 63151:11: Bye [preauth]
Sep 29 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Disconnected from 62.60.131.157 port 63151 [preauth]
Sep 29 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Invalid user teste1 from 103.67.78.51
Sep 29 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: input_userauth_request: invalid user teste1 [preauth]
Sep 29 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: Invalid user azureuser from 190.103.202.7
Sep 29 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: input_userauth_request: invalid user azureuser [preauth]
Sep 29 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Failed password for invalid user teste1 from 103.67.78.51 port 34500 ssh2
Sep 29 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Received disconnect from 103.67.78.51 port 34500:11: Bye Bye [preauth]
Sep 29 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Disconnected from 103.67.78.51 port 34500 [preauth]
Sep 29 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: Failed password for invalid user azureuser from 190.103.202.7 port 54974 ssh2
Sep 29 09:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: Connection closed by 190.103.202.7 port 54974 [preauth]
Sep 29 09:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Failed password for root from 185.255.90.135 port 55700 ssh2
Sep 29 09:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for root from 162.144.236.216 port 57018 ssh2
Sep 29 09:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Received disconnect from 185.255.90.135 port 55700:11: Bye Bye [preauth]
Sep 29 09:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Disconnected from 185.255.90.135 port 55700 [preauth]
Sep 29 09:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Connection closed by 162.144.236.216 port 57018 [preauth]
Sep 29 09:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Invalid user aman from 45.190.24.67
Sep 29 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: input_userauth_request: invalid user aman [preauth]
Sep 29 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Failed password for root from 162.144.236.216 port 35442 ssh2
Sep 29 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Failed password for invalid user aman from 45.190.24.67 port 51040 ssh2
Sep 29 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Received disconnect from 45.190.24.67 port 51040:11: Bye Bye [preauth]
Sep 29 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Disconnected from 45.190.24.67 port 51040 [preauth]
Sep 29 09:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Connection closed by 162.144.236.216 port 35442 [preauth]
Sep 29 09:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user root
Sep 29 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Failed password for root from 162.144.236.216 port 42064 ssh2
Sep 29 09:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17300]: Connection closed by 162.144.236.216 port 42064 [preauth]
Sep 29 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Invalid user mysqladmin from 222.107.251.147
Sep 29 09:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: input_userauth_request: invalid user mysqladmin [preauth]
Sep 29 09:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Failed password for invalid user mysqladmin from 222.107.251.147 port 3985 ssh2
Sep 29 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Received disconnect from 222.107.251.147 port 3985:11: Bye Bye [preauth]
Sep 29 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Disconnected from 222.107.251.147 port 3985 [preauth]
Sep 29 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for root from 162.144.236.216 port 49256 ssh2
Sep 29 09:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Connection closed by 162.144.236.216 port 49256 [preauth]
Sep 29 09:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: Failed password for root from 107.172.50.151 port 58682 ssh2
Sep 29 09:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: Received disconnect from 107.172.50.151 port 58682:11: Bye Bye [preauth]
Sep 29 09:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: Disconnected from 107.172.50.151 port 58682 [preauth]
Sep 29 09:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Failed password for root from 162.144.236.216 port 58770 ssh2
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17463]: Successful su for rubyman by root
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17463]: + ??? root:rubyman
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313874 of user rubyman.
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17463]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313874.
Sep 29 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Connection closed by 162.144.236.216 port 58770 [preauth]
Sep 29 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14531]: pam_unix(cron:session): session closed for user root
Sep 29 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Invalid user keycloak from 185.213.175.140
Sep 29 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: input_userauth_request: invalid user keycloak [preauth]
Sep 29 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Failed password for invalid user keycloak from 185.213.175.140 port 11590 ssh2
Sep 29 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Received disconnect from 185.213.175.140 port 11590:11: Bye Bye [preauth]
Sep 29 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Disconnected from 185.213.175.140 port 11590 [preauth]
Sep 29 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Failed password for root from 162.144.236.216 port 37702 ssh2
Sep 29 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Connection closed by 162.144.236.216 port 37702 [preauth]
Sep 29 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Failed password for root from 162.144.236.216 port 46268 ssh2
Sep 29 09:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Connection closed by 162.144.236.216 port 46268 [preauth]
Sep 29 09:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Failed password for root from 162.144.236.216 port 51968 ssh2
Sep 29 09:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Connection closed by 162.144.236.216 port 51968 [preauth]
Sep 29 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Failed password for root from 185.255.90.135 port 45938 ssh2
Sep 29 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Received disconnect from 185.255.90.135 port 45938:11: Bye Bye [preauth]
Sep 29 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Disconnected from 185.255.90.135 port 45938 [preauth]
Sep 29 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Invalid user aris from 45.190.24.67
Sep 29 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: input_userauth_request: invalid user aris [preauth]
Sep 29 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Invalid user oracle from 103.67.78.51
Sep 29 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: input_userauth_request: invalid user oracle [preauth]
Sep 29 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Failed password for invalid user aris from 45.190.24.67 port 46350 ssh2
Sep 29 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Received disconnect from 45.190.24.67 port 46350:11: Bye Bye [preauth]
Sep 29 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Disconnected from 45.190.24.67 port 46350 [preauth]
Sep 29 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Failed password for invalid user oracle from 103.67.78.51 port 59160 ssh2
Sep 29 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Received disconnect from 103.67.78.51 port 59160:11: Bye Bye [preauth]
Sep 29 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Disconnected from 103.67.78.51 port 59160 [preauth]
Sep 29 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16449]: pam_unix(cron:session): session closed for user root
Sep 29 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: Failed password for root from 162.144.236.216 port 58944 ssh2
Sep 29 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: Connection closed by 162.144.236.216 port 58944 [preauth]
Sep 29 09:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 09:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: Failed password for root from 103.159.132.217 port 57226 ssh2
Sep 29 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: Received disconnect from 103.159.132.217 port 57226:11: Bye Bye [preauth]
Sep 29 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: Disconnected from 103.159.132.217 port 57226 [preauth]
Sep 29 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: Failed password for root from 162.144.236.216 port 36482 ssh2
Sep 29 09:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17875]: Connection closed by 162.144.236.216 port 36482 [preauth]
Sep 29 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Failed password for root from 222.107.251.147 port 42637 ssh2
Sep 29 09:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Received disconnect from 222.107.251.147 port 42637:11: Bye Bye [preauth]
Sep 29 09:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Disconnected from 222.107.251.147 port 42637 [preauth]
Sep 29 09:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Failed password for root from 162.144.236.216 port 45266 ssh2
Sep 29 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Connection closed by 162.144.236.216 port 45266 [preauth]
Sep 29 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Invalid user test1 from 185.213.175.140
Sep 29 09:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: input_userauth_request: invalid user test1 [preauth]
Sep 29 09:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for invalid user test1 from 185.213.175.140 port 35228 ssh2
Sep 29 09:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Received disconnect from 185.213.175.140 port 35228:11: Bye Bye [preauth]
Sep 29 09:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Disconnected from 185.213.175.140 port 35228 [preauth]
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17963]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18034]: Successful su for rubyman by root
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18034]: + ??? root:rubyman
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313879 of user rubyman.
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18034]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313879.
Sep 29 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for root from 162.144.236.216 port 51916 ssh2
Sep 29 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 162.144.236.216 port 51916 [preauth]
Sep 29 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session closed for user root
Sep 29 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17961]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Failed password for root from 162.144.236.216 port 59618 ssh2
Sep 29 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Connection closed by 162.144.236.216 port 59618 [preauth]
Sep 29 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for root from 162.144.236.216 port 36962 ssh2
Sep 29 09:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Connection closed by 162.144.236.216 port 36962 [preauth]
Sep 29 09:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: Failed password for root from 162.144.236.216 port 43822 ssh2
Sep 29 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18516]: Connection closed by 162.144.236.216 port 43822 [preauth]
Sep 29 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16923]: pam_unix(cron:session): session closed for user root
Sep 29 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Invalid user mep from 45.190.24.67
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: input_userauth_request: invalid user mep [preauth]
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18561]: Failed password for root from 162.144.236.216 port 50368 ssh2
Sep 29 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Invalid user git from 185.255.90.135
Sep 29 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: input_userauth_request: invalid user git [preauth]
Sep 29 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Failed password for invalid user mep from 45.190.24.67 port 41652 ssh2
Sep 29 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Failed password for root from 107.172.50.151 port 58922 ssh2
Sep 29 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Received disconnect from 45.190.24.67 port 41652:11: Bye Bye [preauth]
Sep 29 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18603]: Disconnected from 45.190.24.67 port 41652 [preauth]
Sep 29 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Received disconnect from 107.172.50.151 port 58922:11: Bye Bye [preauth]
Sep 29 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Disconnected from 107.172.50.151 port 58922 [preauth]
Sep 29 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Failed password for invalid user git from 185.255.90.135 port 56572 ssh2
Sep 29 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Received disconnect from 185.255.90.135 port 56572:11: Bye Bye [preauth]
Sep 29 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Disconnected from 185.255.90.135 port 56572 [preauth]
Sep 29 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18561]: Connection closed by 162.144.236.216 port 50368 [preauth]
Sep 29 09:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Failed password for root from 103.67.78.51 port 57398 ssh2
Sep 29 09:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Received disconnect from 103.67.78.51 port 57398:11: Bye Bye [preauth]
Sep 29 09:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Disconnected from 103.67.78.51 port 57398 [preauth]
Sep 29 09:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Failed password for root from 162.144.236.216 port 58626 ssh2
Sep 29 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Connection closed by 162.144.236.216 port 58626 [preauth]
Sep 29 09:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140  user=root
Sep 29 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Failed password for root from 185.213.175.140 port 58810 ssh2
Sep 29 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Received disconnect from 185.213.175.140 port 58810:11: Bye Bye [preauth]
Sep 29 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Disconnected from 185.213.175.140 port 58810 [preauth]
Sep 29 09:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: Failed password for root from 162.144.236.216 port 36998 ssh2
Sep 29 09:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Invalid user oguz from 222.107.251.147
Sep 29 09:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: input_userauth_request: invalid user oguz [preauth]
Sep 29 09:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18665]: Connection closed by 162.144.236.216 port 36998 [preauth]
Sep 29 09:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Failed password for invalid user oguz from 222.107.251.147 port 59498 ssh2
Sep 29 09:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Received disconnect from 222.107.251.147 port 59498:11: Bye Bye [preauth]
Sep 29 09:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18680]: Disconnected from 222.107.251.147 port 59498 [preauth]
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18704]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session closed for user root
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: Successful su for rubyman by root
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: + ??? root:rubyman
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313886 of user rubyman.
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313886.
Sep 29 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session closed for user root
Sep 29 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Failed password for root from 162.144.236.216 port 45054 ssh2
Sep 29 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session closed for user root
Sep 29 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Connection closed by 162.144.236.216 port 45054 [preauth]
Sep 29 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for root from 162.144.236.216 port 52366 ssh2
Sep 29 09:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Connection closed by 162.144.236.216 port 52366 [preauth]
Sep 29 09:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19070]: Failed password for root from 162.144.236.216 port 57860 ssh2
Sep 29 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19070]: Connection closed by 162.144.236.216 port 57860 [preauth]
Sep 29 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session closed for user root
Sep 29 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Invalid user gast from 45.190.24.67
Sep 29 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: input_userauth_request: invalid user gast [preauth]
Sep 29 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Invalid user candy from 185.213.175.140
Sep 29 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: input_userauth_request: invalid user candy [preauth]
Sep 29 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: Failed password for root from 162.144.236.216 port 35236 ssh2
Sep 29 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Failed password for invalid user gast from 45.190.24.67 port 36958 ssh2
Sep 29 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Received disconnect from 45.190.24.67 port 36958:11: Bye Bye [preauth]
Sep 29 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Disconnected from 45.190.24.67 port 36958 [preauth]
Sep 29 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: Connection closed by 162.144.236.216 port 35236 [preauth]
Sep 29 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Failed password for invalid user candy from 185.213.175.140 port 18430 ssh2
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Received disconnect from 185.213.175.140 port 18430:11: Bye Bye [preauth]
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Disconnected from 185.213.175.140 port 18430 [preauth]
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Invalid user oguz from 185.255.90.135
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: input_userauth_request: invalid user oguz [preauth]
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Failed password for invalid user oguz from 185.255.90.135 port 37130 ssh2
Sep 29 09:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Received disconnect from 185.255.90.135 port 37130:11: Bye Bye [preauth]
Sep 29 09:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Disconnected from 185.255.90.135 port 37130 [preauth]
Sep 29 09:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: Failed password for root from 162.144.236.216 port 42340 ssh2
Sep 29 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: Connection closed by 162.144.236.216 port 42340 [preauth]
Sep 29 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Failed password for root from 103.67.78.51 port 46892 ssh2
Sep 29 09:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Received disconnect from 103.67.78.51 port 46892:11: Bye Bye [preauth]
Sep 29 09:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Disconnected from 103.67.78.51 port 46892 [preauth]
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: Successful su for rubyman by root
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: + ??? root:rubyman
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313888 of user rubyman.
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19360]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313888.
Sep 29 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Failed password for root from 162.144.236.216 port 48478 ssh2
Sep 29 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Connection closed by 162.144.236.216 port 48478 [preauth]
Sep 29 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user root
Sep 29 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: Failed password for root from 222.107.251.147 port 58565 ssh2
Sep 29 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: Received disconnect from 222.107.251.147 port 58565:11: Bye Bye [preauth]
Sep 29 09:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19814]: Disconnected from 222.107.251.147 port 58565 [preauth]
Sep 29 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Failed password for root from 162.144.236.216 port 56706 ssh2
Sep 29 09:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19783]: Connection closed by 162.144.236.216 port 56706 [preauth]
Sep 29 09:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Invalid user bing from 107.172.50.151
Sep 29 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: input_userauth_request: invalid user bing [preauth]
Sep 29 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Failed password for invalid user bing from 107.172.50.151 port 55108 ssh2
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Received disconnect from 107.172.50.151 port 55108:11: Bye Bye [preauth]
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Disconnected from 107.172.50.151 port 55108 [preauth]
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: Invalid user mssql from 103.159.132.217
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: input_userauth_request: invalid user mssql [preauth]
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Failed password for root from 162.144.236.216 port 35220 ssh2
Sep 29 09:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Connection closed by 162.144.236.216 port 35220 [preauth]
Sep 29 09:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: Failed password for invalid user mssql from 103.159.132.217 port 59800 ssh2
Sep 29 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: Received disconnect from 103.159.132.217 port 59800:11: Bye Bye [preauth]
Sep 29 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19946]: Disconnected from 103.159.132.217 port 59800 [preauth]
Sep 29 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session closed for user root
Sep 29 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for root from 162.144.236.216 port 41246 ssh2
Sep 29 09:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Invalid user test1234 from 185.213.175.140
Sep 29 09:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: input_userauth_request: invalid user test1234 [preauth]
Sep 29 09:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Failed password for invalid user test1234 from 185.213.175.140 port 42068 ssh2
Sep 29 09:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Received disconnect from 185.213.175.140 port 42068:11: Bye Bye [preauth]
Sep 29 09:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Disconnected from 185.213.175.140 port 42068 [preauth]
Sep 29 09:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Connection closed by 162.144.236.216 port 41246 [preauth]
Sep 29 09:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: Invalid user dst from 45.190.24.67
Sep 29 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: input_userauth_request: invalid user dst [preauth]
Sep 29 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: Failed password for invalid user dst from 45.190.24.67 port 60506 ssh2
Sep 29 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: Received disconnect from 45.190.24.67 port 60506:11: Bye Bye [preauth]
Sep 29 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: Disconnected from 45.190.24.67 port 60506 [preauth]
Sep 29 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Failed password for root from 162.144.236.216 port 47868 ssh2
Sep 29 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Connection closed by 162.144.236.216 port 47868 [preauth]
Sep 29 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Invalid user minecraft from 185.255.90.135
Sep 29 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Failed password for invalid user minecraft from 185.255.90.135 port 35226 ssh2
Sep 29 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Received disconnect from 185.255.90.135 port 35226:11: Bye Bye [preauth]
Sep 29 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Disconnected from 185.255.90.135 port 35226 [preauth]
Sep 29 09:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 162.144.236.216 port 53394 ssh2
Sep 29 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Connection closed by 162.144.236.216 port 53394 [preauth]
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session closed for user root
Sep 29 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20149]: Successful su for rubyman by root
Sep 29 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20149]: + ??? root:rubyman
Sep 29 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313891 of user rubyman.
Sep 29 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20149]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313891.
Sep 29 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16448]: pam_unix(cron:session): session closed for user root
Sep 29 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Invalid user test from 103.67.78.51
Sep 29 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: input_userauth_request: invalid user test [preauth]
Sep 29 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20078]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for invalid user test from 103.67.78.51 port 47904 ssh2
Sep 29 09:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Received disconnect from 103.67.78.51 port 47904:11: Bye Bye [preauth]
Sep 29 09:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Disconnected from 103.67.78.51 port 47904 [preauth]
Sep 29 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Failed password for root from 162.144.236.216 port 58576 ssh2
Sep 29 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Connection closed by 162.144.236.216 port 58576 [preauth]
Sep 29 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Invalid user beehive from 222.107.251.147
Sep 29 09:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: input_userauth_request: invalid user beehive [preauth]
Sep 29 09:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Failed password for invalid user beehive from 222.107.251.147 port 30502 ssh2
Sep 29 09:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Received disconnect from 222.107.251.147 port 30502:11: Bye Bye [preauth]
Sep 29 09:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20404]: Disconnected from 222.107.251.147 port 30502 [preauth]
Sep 29 09:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: Failed password for root from 162.144.236.216 port 37480 ssh2
Sep 29 09:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: Connection closed by 162.144.236.216 port 37480 [preauth]
Sep 29 09:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Failed password for root from 162.144.236.216 port 44284 ssh2
Sep 29 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Connection closed by 162.144.236.216 port 44284 [preauth]
Sep 29 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Failed password for root from 162.144.236.216 port 51158 ssh2
Sep 29 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18704]: pam_unix(cron:session): session closed for user root
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Connection closed by 162.144.236.216 port 51158 [preauth]
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Invalid user superadmin from 185.213.175.140
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.175.140
Sep 29 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Failed password for invalid user superadmin from 185.213.175.140 port 1750 ssh2
Sep 29 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Received disconnect from 185.213.175.140 port 1750:11: Bye Bye [preauth]
Sep 29 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Disconnected from 185.213.175.140 port 1750 [preauth]
Sep 29 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Failed password for root from 162.144.236.216 port 57616 ssh2
Sep 29 09:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Connection closed by 162.144.236.216 port 57616 [preauth]
Sep 29 09:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Failed password for root from 162.144.236.216 port 35732 ssh2
Sep 29 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Connection closed by 162.144.236.216 port 35732 [preauth]
Sep 29 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Invalid user test from 45.190.24.67
Sep 29 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: input_userauth_request: invalid user test [preauth]
Sep 29 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user test from 45.190.24.67 port 55808 ssh2
Sep 29 09:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Received disconnect from 45.190.24.67 port 55808:11: Bye Bye [preauth]
Sep 29 09:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Disconnected from 45.190.24.67 port 55808 [preauth]
Sep 29 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20643]: Successful su for rubyman by root
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20643]: + ??? root:rubyman
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313897 of user rubyman.
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20643]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313897.
Sep 29 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: Failed password for root from 162.144.236.216 port 44478 ssh2
Sep 29 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Failed password for root from 185.255.90.135 port 56482 ssh2
Sep 29 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Received disconnect from 185.255.90.135 port 56482:11: Bye Bye [preauth]
Sep 29 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Disconnected from 185.255.90.135 port 56482 [preauth]
Sep 29 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: Connection closed by 162.144.236.216 port 44478 [preauth]
Sep 29 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16922]: pam_unix(cron:session): session closed for user root
Sep 29 09:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Failed password for root from 107.172.50.151 port 44260 ssh2
Sep 29 09:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Received disconnect from 107.172.50.151 port 44260:11: Bye Bye [preauth]
Sep 29 09:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Disconnected from 107.172.50.151 port 44260 [preauth]
Sep 29 09:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: Failed password for root from 162.144.236.216 port 50276 ssh2
Sep 29 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20753]: Connection closed by 162.144.236.216 port 50276 [preauth]
Sep 29 09:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Invalid user superadmin from 103.67.78.51
Sep 29 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Failed password for root from 162.144.236.216 port 58178 ssh2
Sep 29 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Failed password for invalid user superadmin from 103.67.78.51 port 47788 ssh2
Sep 29 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Received disconnect from 103.67.78.51 port 47788:11: Bye Bye [preauth]
Sep 29 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Disconnected from 103.67.78.51 port 47788 [preauth]
Sep 29 09:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Connection closed by 162.144.236.216 port 58178 [preauth]
Sep 29 09:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Failed password for root from 222.107.251.147 port 50009 ssh2
Sep 29 09:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Received disconnect from 222.107.251.147 port 50009:11: Bye Bye [preauth]
Sep 29 09:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Disconnected from 222.107.251.147 port 50009 [preauth]
Sep 29 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for root from 162.144.236.216 port 36544 ssh2
Sep 29 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Connection closed by 162.144.236.216 port 36544 [preauth]
Sep 29 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Failed password for root from 162.144.236.216 port 41476 ssh2
Sep 29 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user root
Sep 29 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Connection closed by 162.144.236.216 port 41476 [preauth]
Sep 29 09:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Failed password for root from 162.144.236.216 port 47754 ssh2
Sep 29 09:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Connection closed by 162.144.236.216 port 47754 [preauth]
Sep 29 09:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Failed password for root from 162.144.236.216 port 53476 ssh2
Sep 29 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Connection closed by 162.144.236.216 port 53476 [preauth]
Sep 29 09:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Failed password for root from 162.144.236.216 port 58574 ssh2
Sep 29 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Connection closed by 162.144.236.216 port 58574 [preauth]
Sep 29 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Failed password for root from 162.144.236.216 port 35450 ssh2
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21122]: Successful su for rubyman by root
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21122]: + ??? root:rubyman
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313901 of user rubyman.
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21122]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313901.
Sep 29 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Connection closed by 162.144.236.216 port 35450 [preauth]
Sep 29 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Invalid user wilson from 45.190.24.67
Sep 29 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: input_userauth_request: invalid user wilson [preauth]
Sep 29 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: Invalid user teste1 from 185.255.90.135
Sep 29 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: input_userauth_request: invalid user teste1 [preauth]
Sep 29 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session closed for user root
Sep 29 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Failed password for invalid user wilson from 45.190.24.67 port 51268 ssh2
Sep 29 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Received disconnect from 45.190.24.67 port 51268:11: Bye Bye [preauth]
Sep 29 09:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Disconnected from 45.190.24.67 port 51268 [preauth]
Sep 29 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: Failed password for invalid user teste1 from 185.255.90.135 port 56102 ssh2
Sep 29 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: Received disconnect from 185.255.90.135 port 56102:11: Bye Bye [preauth]
Sep 29 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: Disconnected from 185.255.90.135 port 56102 [preauth]
Sep 29 09:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Failed password for root from 162.144.236.216 port 41888 ssh2
Sep 29 09:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Connection closed by 162.144.236.216 port 41888 [preauth]
Sep 29 09:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Invalid user superadmin from 103.159.132.217
Sep 29 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: Failed password for root from 162.144.236.216 port 50252 ssh2
Sep 29 09:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Failed password for invalid user superadmin from 103.159.132.217 port 37824 ssh2
Sep 29 09:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Received disconnect from 103.159.132.217 port 37824:11: Bye Bye [preauth]
Sep 29 09:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Disconnected from 103.159.132.217 port 37824 [preauth]
Sep 29 09:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21325]: Connection closed by 162.144.236.216 port 50252 [preauth]
Sep 29 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 103.67.78.51 port 47312 ssh2
Sep 29 09:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Received disconnect from 103.67.78.51 port 47312:11: Bye Bye [preauth]
Sep 29 09:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Disconnected from 103.67.78.51 port 47312 [preauth]
Sep 29 09:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Failed password for root from 162.144.236.216 port 57282 ssh2
Sep 29 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Connection closed by 162.144.236.216 port 57282 [preauth]
Sep 29 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Invalid user user from 222.107.251.147
Sep 29 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: input_userauth_request: invalid user user [preauth]
Sep 29 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Failed password for invalid user user from 222.107.251.147 port 60799 ssh2
Sep 29 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Received disconnect from 222.107.251.147 port 60799:11: Bye Bye [preauth]
Sep 29 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Disconnected from 222.107.251.147 port 60799 [preauth]
Sep 29 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20082]: pam_unix(cron:session): session closed for user root
Sep 29 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: Failed password for root from 162.144.236.216 port 35300 ssh2
Sep 29 09:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: Connection closed by 162.144.236.216 port 35300 [preauth]
Sep 29 09:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Failed password for root from 162.144.236.216 port 42052 ssh2
Sep 29 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Connection closed by 162.144.236.216 port 42052 [preauth]
Sep 29 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Invalid user foundry from 107.172.50.151
Sep 29 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: input_userauth_request: invalid user foundry [preauth]
Sep 29 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Failed password for invalid user foundry from 107.172.50.151 port 36082 ssh2
Sep 29 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Received disconnect from 107.172.50.151 port 36082:11: Bye Bye [preauth]
Sep 29 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Disconnected from 107.172.50.151 port 36082 [preauth]
Sep 29 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Failed password for root from 162.144.236.216 port 49682 ssh2
Sep 29 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Connection closed by 162.144.236.216 port 49682 [preauth]
Sep 29 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Invalid user jeus from 49.206.243.162
Sep 29 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: input_userauth_request: invalid user jeus [preauth]
Sep 29 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.206.243.162
Sep 29 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Failed password for invalid user jeus from 49.206.243.162 port 63056 ssh2
Sep 29 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Received disconnect from 49.206.243.162 port 63056:11: Bye Bye [preauth]
Sep 29 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Disconnected from 49.206.243.162 port 63056 [preauth]
Sep 29 09:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for root from 162.144.236.216 port 54504 ssh2
Sep 29 09:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Connection closed by 162.144.236.216 port 54504 [preauth]
Sep 29 09:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session closed for user root
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: Successful su for rubyman by root
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: + ??? root:rubyman
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313905 of user rubyman.
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21586]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313905.
Sep 29 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17963]: pam_unix(cron:session): session closed for user root
Sep 29 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session closed for user root
Sep 29 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Invalid user superadmin from 185.255.90.135
Sep 29 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Failed password for root from 162.144.236.216 port 59592 ssh2
Sep 29 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for invalid user superadmin from 185.255.90.135 port 35576 ssh2
Sep 29 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Connection closed by 162.144.236.216 port 59592 [preauth]
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Received disconnect from 185.255.90.135 port 35576:11: Bye Bye [preauth]
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Disconnected from 185.255.90.135 port 35576 [preauth]
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Invalid user satisfactory from 45.190.24.67
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: input_userauth_request: invalid user satisfactory [preauth]
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Failed password for invalid user satisfactory from 45.190.24.67 port 46430 ssh2
Sep 29 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Received disconnect from 45.190.24.67 port 46430:11: Bye Bye [preauth]
Sep 29 09:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Disconnected from 45.190.24.67 port 46430 [preauth]
Sep 29 09:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21821]: Failed password for root from 162.144.236.216 port 39186 ssh2
Sep 29 09:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21821]: Connection closed by 162.144.236.216 port 39186 [preauth]
Sep 29 09:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: Failed password for root from 162.144.236.216 port 45764 ssh2
Sep 29 09:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21868]: Connection closed by 162.144.236.216 port 45764 [preauth]
Sep 29 09:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Invalid user matic from 103.67.78.51
Sep 29 09:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: input_userauth_request: invalid user matic [preauth]
Sep 29 09:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Failed password for invalid user matic from 103.67.78.51 port 58702 ssh2
Sep 29 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Received disconnect from 103.67.78.51 port 58702:11: Bye Bye [preauth]
Sep 29 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Disconnected from 103.67.78.51 port 58702 [preauth]
Sep 29 09:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session closed for user root
Sep 29 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Failed password for root from 222.107.251.147 port 20837 ssh2
Sep 29 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Received disconnect from 222.107.251.147 port 20837:11: Bye Bye [preauth]
Sep 29 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21941]: Disconnected from 222.107.251.147 port 20837 [preauth]
Sep 29 09:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: Failed password for root from 162.144.236.216 port 51804 ssh2
Sep 29 09:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: Connection closed by 162.144.236.216 port 51804 [preauth]
Sep 29 09:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: Failed password for root from 162.144.236.216 port 34034 ssh2
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21969]: Connection closed by 162.144.236.216 port 34034 [preauth]
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: Successful su for rubyman by root
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: + ??? root:rubyman
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313911 of user rubyman.
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313911.
Sep 29 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session closed for user root
Sep 29 09:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Failed password for root from 162.144.236.216 port 41170 ssh2
Sep 29 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Connection closed by 162.144.236.216 port 41170 [preauth]
Sep 29 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: Failed password for root from 185.255.90.135 port 55358 ssh2
Sep 29 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: Received disconnect from 185.255.90.135 port 55358:11: Bye Bye [preauth]
Sep 29 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22312]: Disconnected from 185.255.90.135 port 55358 [preauth]
Sep 29 09:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Failed password for root from 45.190.24.67 port 41752 ssh2
Sep 29 09:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Received disconnect from 45.190.24.67 port 41752:11: Bye Bye [preauth]
Sep 29 09:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Disconnected from 45.190.24.67 port 41752 [preauth]
Sep 29 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Failed password for root from 162.144.236.216 port 47476 ssh2
Sep 29 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Connection closed by 162.144.236.216 port 47476 [preauth]
Sep 29 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Failed password for root from 162.144.236.216 port 54006 ssh2
Sep 29 09:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Connection closed by 162.144.236.216 port 54006 [preauth]
Sep 29 09:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user root
Sep 29 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: Failed password for root from 162.144.236.216 port 59486 ssh2
Sep 29 09:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: Connection closed by 162.144.236.216 port 59486 [preauth]
Sep 29 09:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: Invalid user emc from 103.67.78.51
Sep 29 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: input_userauth_request: invalid user emc [preauth]
Sep 29 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: Failed password for invalid user emc from 103.67.78.51 port 51482 ssh2
Sep 29 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: Received disconnect from 103.67.78.51 port 51482:11: Bye Bye [preauth]
Sep 29 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22413]: Disconnected from 103.67.78.51 port 51482 [preauth]
Sep 29 09:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Failed password for root from 162.144.236.216 port 39058 ssh2
Sep 29 09:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22412]: Connection closed by 162.144.236.216 port 39058 [preauth]
Sep 29 09:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Invalid user alexandre from 222.107.251.147
Sep 29 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: input_userauth_request: invalid user alexandre [preauth]
Sep 29 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Failed password for invalid user alexandre from 222.107.251.147 port 5727 ssh2
Sep 29 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Received disconnect from 222.107.251.147 port 5727:11: Bye Bye [preauth]
Sep 29 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Disconnected from 222.107.251.147 port 5727 [preauth]
Sep 29 09:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: Failed password for root from 162.144.236.216 port 45116 ssh2
Sep 29 09:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: Connection closed by 162.144.236.216 port 45116 [preauth]
Sep 29 09:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22485]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: Successful su for rubyman by root
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: + ??? root:rubyman
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313916 of user rubyman.
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22550]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313916.
Sep 29 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Invalid user foundry from 103.159.132.217
Sep 29 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: input_userauth_request: invalid user foundry [preauth]
Sep 29 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Failed password for root from 162.144.236.216 port 52046 ssh2
Sep 29 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Failed password for invalid user foundry from 103.159.132.217 port 39984 ssh2
Sep 29 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Received disconnect from 103.159.132.217 port 39984:11: Bye Bye [preauth]
Sep 29 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Disconnected from 103.159.132.217 port 39984 [preauth]
Sep 29 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session closed for user root
Sep 29 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22471]: Connection closed by 162.144.236.216 port 52046 [preauth]
Sep 29 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22486]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Failed password for root from 162.144.236.216 port 58250 ssh2
Sep 29 09:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Connection closed by 162.144.236.216 port 58250 [preauth]
Sep 29 09:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Failed password for root from 162.144.236.216 port 36180 ssh2
Sep 29 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Connection closed by 162.144.236.216 port 36180 [preauth]
Sep 29 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Invalid user eric from 185.255.90.135
Sep 29 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: input_userauth_request: invalid user eric [preauth]
Sep 29 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user eric from 185.255.90.135 port 34112 ssh2
Sep 29 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Received disconnect from 185.255.90.135 port 34112:11: Bye Bye [preauth]
Sep 29 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Disconnected from 185.255.90.135 port 34112 [preauth]
Sep 29 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Failed password for root from 45.190.24.67 port 37054 ssh2
Sep 29 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Received disconnect from 45.190.24.67 port 37054:11: Bye Bye [preauth]
Sep 29 09:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23017]: Disconnected from 45.190.24.67 port 37054 [preauth]
Sep 29 09:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: Failed password for root from 162.144.236.216 port 43088 ssh2
Sep 29 09:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: Connection closed by 162.144.236.216 port 43088 [preauth]
Sep 29 09:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session closed for user root
Sep 29 09:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Failed password for root from 162.144.236.216 port 51102 ssh2
Sep 29 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23059]: Connection closed by 162.144.236.216 port 51102 [preauth]
Sep 29 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Failed password for root from 162.144.236.216 port 58698 ssh2
Sep 29 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Connection closed by 162.144.236.216 port 58698 [preauth]
Sep 29 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Invalid user eric from 103.67.78.51
Sep 29 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: input_userauth_request: invalid user eric [preauth]
Sep 29 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Failed password for invalid user eric from 103.67.78.51 port 33438 ssh2
Sep 29 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Received disconnect from 103.67.78.51 port 33438:11: Bye Bye [preauth]
Sep 29 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Disconnected from 103.67.78.51 port 33438 [preauth]
Sep 29 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Failed password for root from 162.144.236.216 port 36470 ssh2
Sep 29 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Invalid user wg from 222.107.251.147
Sep 29 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: input_userauth_request: invalid user wg [preauth]
Sep 29 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Connection closed by 162.144.236.216 port 36470 [preauth]
Sep 29 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for invalid user wg from 222.107.251.147 port 57130 ssh2
Sep 29 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Received disconnect from 222.107.251.147 port 57130:11: Bye Bye [preauth]
Sep 29 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Disconnected from 222.107.251.147 port 57130 [preauth]
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23290]: Successful su for rubyman by root
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23290]: + ??? root:rubyman
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313920 of user rubyman.
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23290]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313920.
Sep 29 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Failed password for root from 162.144.236.216 port 43512 ssh2
Sep 29 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Connection closed by 162.144.236.216 port 43512 [preauth]
Sep 29 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20081]: pam_unix(cron:session): session closed for user root
Sep 29 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23208]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Failed password for root from 162.144.236.216 port 49636 ssh2
Sep 29 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23498]: Connection closed by 162.144.236.216 port 49636 [preauth]
Sep 29 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23748]: Failed password for root from 162.144.236.216 port 56766 ssh2
Sep 29 09:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23748]: Connection closed by 162.144.236.216 port 56766 [preauth]
Sep 29 09:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23771]: Failed password for root from 162.144.236.216 port 33472 ssh2
Sep 29 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23771]: Connection closed by 162.144.236.216 port 33472 [preauth]
Sep 29 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Invalid user caja2 from 185.255.90.135
Sep 29 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: input_userauth_request: invalid user caja2 [preauth]
Sep 29 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Invalid user sandra from 45.190.24.67
Sep 29 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: input_userauth_request: invalid user sandra [preauth]
Sep 29 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Failed password for invalid user caja2 from 185.255.90.135 port 39856 ssh2
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Failed password for invalid user sandra from 45.190.24.67 port 60604 ssh2
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Received disconnect from 185.255.90.135 port 39856:11: Bye Bye [preauth]
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Disconnected from 185.255.90.135 port 39856 [preauth]
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Received disconnect from 45.190.24.67 port 60604:11: Bye Bye [preauth]
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23800]: Disconnected from 45.190.24.67 port 60604 [preauth]
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session closed for user root
Sep 29 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: Failed password for root from 162.144.236.216 port 40902 ssh2
Sep 29 09:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: Connection closed by 162.144.236.216 port 40902 [preauth]
Sep 29 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23842]: Failed password for root from 162.144.236.216 port 46638 ssh2
Sep 29 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23842]: Connection closed by 162.144.236.216 port 46638 [preauth]
Sep 29 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: Failed password for root from 162.144.236.216 port 53798 ssh2
Sep 29 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: Connection closed by 162.144.236.216 port 53798 [preauth]
Sep 29 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Invalid user deployer from 103.67.78.51
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: input_userauth_request: invalid user deployer [preauth]
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: Successful su for rubyman by root
Sep 29 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: + ??? root:rubyman
Sep 29 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313924 of user rubyman.
Sep 29 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313924.
Sep 29 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Failed password for invalid user deployer from 103.67.78.51 port 59090 ssh2
Sep 29 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Received disconnect from 103.67.78.51 port 59090:11: Bye Bye [preauth]
Sep 29 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23896]: Disconnected from 103.67.78.51 port 59090 [preauth]
Sep 29 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: Invalid user superadmin from 222.107.251.147
Sep 29 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session closed for user root
Sep 29 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: Failed password for invalid user superadmin from 222.107.251.147 port 9500 ssh2
Sep 29 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: Received disconnect from 222.107.251.147 port 9500:11: Bye Bye [preauth]
Sep 29 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24080]: Disconnected from 222.107.251.147 port 9500 [preauth]
Sep 29 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23900]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23895]: Failed password for root from 162.144.236.216 port 59944 ssh2
Sep 29 09:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23895]: Connection closed by 162.144.236.216 port 59944 [preauth]
Sep 29 09:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Failed password for root from 162.144.236.216 port 39472 ssh2
Sep 29 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Connection closed by 162.144.236.216 port 39472 [preauth]
Sep 29 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session closed for user root
Sep 29 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: Failed password for root from 162.144.236.216 port 45592 ssh2
Sep 29 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Invalid user temp from 185.255.90.135
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: input_userauth_request: invalid user temp [preauth]
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: Connection closed by 162.144.236.216 port 45592 [preauth]
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Failed password for invalid user temp from 185.255.90.135 port 50178 ssh2
Sep 29 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Failed password for root from 45.190.24.67 port 55904 ssh2
Sep 29 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Received disconnect from 185.255.90.135 port 50178:11: Bye Bye [preauth]
Sep 29 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Disconnected from 185.255.90.135 port 50178 [preauth]
Sep 29 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Received disconnect from 45.190.24.67 port 55904:11: Bye Bye [preauth]
Sep 29 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Disconnected from 45.190.24.67 port 55904 [preauth]
Sep 29 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Invalid user master from 103.159.132.217
Sep 29 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: input_userauth_request: invalid user master [preauth]
Sep 29 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Failed password for root from 162.144.236.216 port 52428 ssh2
Sep 29 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Failed password for invalid user master from 103.159.132.217 port 49932 ssh2
Sep 29 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Connection closed by 162.144.236.216 port 52428 [preauth]
Sep 29 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Received disconnect from 103.159.132.217 port 49932:11: Bye Bye [preauth]
Sep 29 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Disconnected from 103.159.132.217 port 49932 [preauth]
Sep 29 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Failed password for root from 162.144.236.216 port 58410 ssh2
Sep 29 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Connection closed by 162.144.236.216 port 58410 [preauth]
Sep 29 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24425]: pam_unix(cron:session): session closed for user root
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24419]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Failed password for root from 162.144.236.216 port 35506 ssh2
Sep 29 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24498]: Successful su for rubyman by root
Sep 29 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24498]: + ??? root:rubyman
Sep 29 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313926 of user rubyman.
Sep 29 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24498]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313926.
Sep 29 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Failed password for root from 107.172.50.151 port 59176 ssh2
Sep 29 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Received disconnect from 107.172.50.151 port 59176:11: Bye Bye [preauth]
Sep 29 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Disconnected from 107.172.50.151 port 59176 [preauth]
Sep 29 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user root
Sep 29 09:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session closed for user root
Sep 29 09:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Invalid user caldera from 103.67.78.51
Sep 29 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: input_userauth_request: invalid user caldera [preauth]
Sep 29 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24401]: Connection closed by 162.144.236.216 port 35506 [preauth]
Sep 29 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Failed password for invalid user caldera from 103.67.78.51 port 57070 ssh2
Sep 29 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Failed password for root from 222.107.251.147 port 6730 ssh2
Sep 29 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Received disconnect from 103.67.78.51 port 57070:11: Bye Bye [preauth]
Sep 29 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Disconnected from 103.67.78.51 port 57070 [preauth]
Sep 29 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Received disconnect from 222.107.251.147 port 6730:11: Bye Bye [preauth]
Sep 29 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Disconnected from 222.107.251.147 port 6730 [preauth]
Sep 29 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Connection reset by 147.185.132.61 port 58240 [preauth]
Sep 29 09:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Failed password for root from 162.144.236.216 port 43536 ssh2
Sep 29 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Connection closed by 162.144.236.216 port 43536 [preauth]
Sep 29 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session closed for user root
Sep 29 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: Failed password for root from 162.144.236.216 port 49966 ssh2
Sep 29 09:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: Connection closed by 162.144.236.216 port 49966 [preauth]
Sep 29 09:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Invalid user gtx from 138.68.58.124
Sep 29 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: input_userauth_request: invalid user gtx [preauth]
Sep 29 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Failed password for invalid user gtx from 138.68.58.124 port 40836 ssh2
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Invalid user test from 185.255.90.135
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: input_userauth_request: invalid user test [preauth]
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Invalid user user from 45.190.24.67
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: input_userauth_request: invalid user user [preauth]
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24835]: Connection closed by 138.68.58.124 port 40836 [preauth]
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Failed password for invalid user test from 185.255.90.135 port 38858 ssh2
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Failed password for invalid user user from 45.190.24.67 port 51208 ssh2
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Received disconnect from 45.190.24.67 port 51208:11: Bye Bye [preauth]
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Disconnected from 45.190.24.67 port 51208 [preauth]
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Received disconnect from 185.255.90.135 port 38858:11: Bye Bye [preauth]
Sep 29 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Disconnected from 185.255.90.135 port 38858 [preauth]
Sep 29 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Failed password for root from 162.144.236.216 port 57962 ssh2
Sep 29 09:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Connection closed by 162.144.236.216 port 57962 [preauth]
Sep 29 09:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Failed password for root from 162.144.236.216 port 36734 ssh2
Sep 29 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: Successful su for rubyman by root
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: + ??? root:rubyman
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313933 of user rubyman.
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25004]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313933.
Sep 29 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Connection closed by 162.144.236.216 port 36734 [preauth]
Sep 29 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session closed for user root
Sep 29 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Invalid user test from 222.107.251.147
Sep 29 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: input_userauth_request: invalid user test [preauth]
Sep 29 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Failed password for invalid user test from 222.107.251.147 port 32259 ssh2
Sep 29 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Received disconnect from 222.107.251.147 port 32259:11: Bye Bye [preauth]
Sep 29 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Disconnected from 222.107.251.147 port 32259 [preauth]
Sep 29 09:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Invalid user test from 103.67.78.51
Sep 29 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: input_userauth_request: invalid user test [preauth]
Sep 29 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Failed password for invalid user test from 103.67.78.51 port 49556 ssh2
Sep 29 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Received disconnect from 103.67.78.51 port 49556:11: Bye Bye [preauth]
Sep 29 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Disconnected from 103.67.78.51 port 49556 [preauth]
Sep 29 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Failed password for root from 162.144.236.216 port 44798 ssh2
Sep 29 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Connection closed by 162.144.236.216 port 44798 [preauth]
Sep 29 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25299]: Failed password for root from 162.144.236.216 port 53970 ssh2
Sep 29 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25299]: Connection closed by 162.144.236.216 port 53970 [preauth]
Sep 29 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session closed for user root
Sep 29 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.90.135  user=root
Sep 29 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Invalid user username from 45.190.24.67
Sep 29 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: input_userauth_request: invalid user username [preauth]
Sep 29 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Failed password for root from 185.255.90.135 port 36146 ssh2
Sep 29 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Received disconnect from 185.255.90.135 port 36146:11: Bye Bye [preauth]
Sep 29 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Disconnected from 185.255.90.135 port 36146 [preauth]
Sep 29 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Failed password for invalid user username from 45.190.24.67 port 46524 ssh2
Sep 29 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Received disconnect from 45.190.24.67 port 46524:11: Bye Bye [preauth]
Sep 29 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25592]: Disconnected from 45.190.24.67 port 46524 [preauth]
Sep 29 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Failed password for root from 162.144.236.216 port 60266 ssh2
Sep 29 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25538]: Connection closed by 162.144.236.216 port 60266 [preauth]
Sep 29 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25631]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25702]: Successful su for rubyman by root
Sep 29 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25702]: + ??? root:rubyman
Sep 29 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313938 of user rubyman.
Sep 29 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25702]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313938.
Sep 29 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session closed for user root
Sep 29 09:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: Failed password for root from 162.144.236.216 port 42336 ssh2
Sep 29 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25613]: Connection closed by 162.144.236.216 port 42336 [preauth]
Sep 29 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25627]: Connection closed by 175.136.142.75 port 8061 [preauth]
Sep 29 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Failed password for root from 162.144.236.216 port 51434 ssh2
Sep 29 09:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Connection closed by 162.144.236.216 port 51434 [preauth]
Sep 29 09:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Invalid user test1234 from 103.159.132.217
Sep 29 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: input_userauth_request: invalid user test1234 [preauth]
Sep 29 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Failed password for invalid user test1234 from 103.159.132.217 port 52594 ssh2
Sep 29 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Received disconnect from 103.159.132.217 port 52594:11: Bye Bye [preauth]
Sep 29 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Disconnected from 103.159.132.217 port 52594 [preauth]
Sep 29 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for root from 162.144.236.216 port 57452 ssh2
Sep 29 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Connection closed by 162.144.236.216 port 57452 [preauth]
Sep 29 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Failed password for root from 103.67.78.51 port 33620 ssh2
Sep 29 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Received disconnect from 103.67.78.51 port 33620:11: Bye Bye [preauth]
Sep 29 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Disconnected from 103.67.78.51 port 33620 [preauth]
Sep 29 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24424]: pam_unix(cron:session): session closed for user root
Sep 29 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Failed password for root from 162.144.236.216 port 35964 ssh2
Sep 29 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Connection closed by 162.144.236.216 port 35964 [preauth]
Sep 29 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Failed password for root from 162.144.236.216 port 43146 ssh2
Sep 29 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26141]: Connection closed by 162.144.236.216 port 43146 [preauth]
Sep 29 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Invalid user erwin from 45.190.24.67
Sep 29 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: input_userauth_request: invalid user erwin [preauth]
Sep 29 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Failed password for invalid user erwin from 45.190.24.67 port 41824 ssh2
Sep 29 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Received disconnect from 45.190.24.67 port 41824:11: Bye Bye [preauth]
Sep 29 09:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Disconnected from 45.190.24.67 port 41824 [preauth]
Sep 29 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Failed password for root from 162.144.236.216 port 52332 ssh2
Sep 29 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26186]: Connection closed by 162.144.236.216 port 52332 [preauth]
Sep 29 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: Invalid user minecraft from 222.107.251.147
Sep 29 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26215]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26212]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26287]: Successful su for rubyman by root
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26287]: + ??? root:rubyman
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313943 of user rubyman.
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26287]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313943.
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: Failed password for invalid user minecraft from 222.107.251.147 port 54515 ssh2
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: Received disconnect from 222.107.251.147 port 54515:11: Bye Bye [preauth]
Sep 29 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: Disconnected from 222.107.251.147 port 54515 [preauth]
Sep 29 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session closed for user root
Sep 29 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26214]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Failed password for root from 162.144.236.216 port 57916 ssh2
Sep 29 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Connection closed by 162.144.236.216 port 57916 [preauth]
Sep 29 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Invalid user keycloak from 107.172.50.151
Sep 29 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: input_userauth_request: invalid user keycloak [preauth]
Sep 29 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Failed password for invalid user keycloak from 107.172.50.151 port 39908 ssh2
Sep 29 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Received disconnect from 107.172.50.151 port 39908:11: Bye Bye [preauth]
Sep 29 09:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Disconnected from 107.172.50.151 port 39908 [preauth]
Sep 29 09:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: Failed password for root from 162.144.236.216 port 37704 ssh2
Sep 29 09:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: Connection closed by 162.144.236.216 port 37704 [preauth]
Sep 29 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session closed for user root
Sep 29 09:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: Failed password for root from 162.144.236.216 port 43542 ssh2
Sep 29 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: Connection closed by 162.144.236.216 port 43542 [preauth]
Sep 29 09:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51  user=root
Sep 29 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: Failed password for root from 103.67.78.51 port 36464 ssh2
Sep 29 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: Received disconnect from 103.67.78.51 port 36464:11: Bye Bye [preauth]
Sep 29 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: Disconnected from 103.67.78.51 port 36464 [preauth]
Sep 29 09:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Failed password for root from 162.144.236.216 port 49470 ssh2
Sep 29 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Connection closed by 162.144.236.216 port 49470 [preauth]
Sep 29 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Failed password for root from 162.144.236.216 port 57504 ssh2
Sep 29 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26787]: Connection closed by 162.144.236.216 port 57504 [preauth]
Sep 29 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: Successful su for rubyman by root
Sep 29 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: + ??? root:rubyman
Sep 29 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313944 of user rubyman.
Sep 29 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313944.
Sep 29 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Invalid user giulia from 45.190.24.67
Sep 29 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: input_userauth_request: invalid user giulia [preauth]
Sep 29 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Failed password for invalid user giulia from 45.190.24.67 port 37140 ssh2
Sep 29 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23211]: pam_unix(cron:session): session closed for user root
Sep 29 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for root from 162.144.236.216 port 34148 ssh2
Sep 29 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Received disconnect from 45.190.24.67 port 37140:11: Bye Bye [preauth]
Sep 29 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Disconnected from 45.190.24.67 port 37140 [preauth]
Sep 29 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Connection closed by 162.144.236.216 port 34148 [preauth]
Sep 29 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Failed password for root from 222.107.251.147 port 13374 ssh2
Sep 29 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Received disconnect from 222.107.251.147 port 13374:11: Bye Bye [preauth]
Sep 29 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Disconnected from 222.107.251.147 port 13374 [preauth]
Sep 29 09:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for root from 162.144.236.216 port 40656 ssh2
Sep 29 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Connection closed by 162.144.236.216 port 40656 [preauth]
Sep 29 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Failed password for root from 162.144.236.216 port 47012 ssh2
Sep 29 09:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Connection closed by 162.144.236.216 port 47012 [preauth]
Sep 29 09:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27226]: Failed password for root from 162.144.236.216 port 52492 ssh2
Sep 29 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27226]: Connection closed by 162.144.236.216 port 52492 [preauth]
Sep 29 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25635]: pam_unix(cron:session): session closed for user root
Sep 29 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Failed password for root from 162.144.236.216 port 58088 ssh2
Sep 29 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Connection closed by 162.144.236.216 port 58088 [preauth]
Sep 29 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Failed password for root from 162.144.236.216 port 38038 ssh2
Sep 29 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Connection closed by 162.144.236.216 port 38038 [preauth]
Sep 29 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Invalid user userftp from 103.67.78.51
Sep 29 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: input_userauth_request: invalid user userftp [preauth]
Sep 29 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.67.78.51
Sep 29 09:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: Did not receive identification string from 162.144.236.216
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Failed password for invalid user userftp from 103.67.78.51 port 35674 ssh2
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Received disconnect from 103.67.78.51 port 35674:11: Bye Bye [preauth]
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Disconnected from 103.67.78.51 port 35674 [preauth]
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user root
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27381]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Failed password for root from 107.172.50.151 port 42360 ssh2
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Received disconnect from 107.172.50.151 port 42360:11: Bye Bye [preauth]
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Disconnected from 107.172.50.151 port 42360 [preauth]
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: Successful su for rubyman by root
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: + ??? root:rubyman
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313948 of user rubyman.
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27457]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313948.
Sep 29 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session closed for user root
Sep 29 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23901]: pam_unix(cron:session): session closed for user root
Sep 29 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27382]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Invalid user store from 45.190.24.67
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: input_userauth_request: invalid user store [preauth]
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Invalid user jordi from 103.159.132.217
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: input_userauth_request: invalid user jordi [preauth]
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Failed password for invalid user store from 45.190.24.67 port 60702 ssh2
Sep 29 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Received disconnect from 45.190.24.67 port 60702:11: Bye Bye [preauth]
Sep 29 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27891]: Disconnected from 45.190.24.67 port 60702 [preauth]
Sep 29 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Failed password for invalid user jordi from 103.159.132.217 port 56980 ssh2
Sep 29 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Received disconnect from 103.159.132.217 port 56980:11: Bye Bye [preauth]
Sep 29 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Disconnected from 103.159.132.217 port 56980 [preauth]
Sep 29 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: Failed password for root from 162.144.236.216 port 46930 ssh2
Sep 29 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27376]: Connection closed by 162.144.236.216 port 46930 [preauth]
Sep 29 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Failed password for root from 222.107.251.147 port 36364 ssh2
Sep 29 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Received disconnect from 222.107.251.147 port 36364:11: Bye Bye [preauth]
Sep 29 09:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27908]: Disconnected from 222.107.251.147 port 36364 [preauth]
Sep 29 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Failed password for root from 162.144.236.216 port 56152 ssh2
Sep 29 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: Connection closed by 162.144.236.216 port 56152 [preauth]
Sep 29 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27928]: Failed password for root from 162.144.236.216 port 34162 ssh2
Sep 29 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26216]: pam_unix(cron:session): session closed for user root
Sep 29 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27928]: Connection closed by 162.144.236.216 port 34162 [preauth]
Sep 29 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Failed password for root from 162.144.236.216 port 40008 ssh2
Sep 29 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Connection closed by 162.144.236.216 port 40008 [preauth]
Sep 29 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Failed password for root from 162.144.236.216 port 47068 ssh2
Sep 29 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Connection closed by 162.144.236.216 port 47068 [preauth]
Sep 29 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28060]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28056]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28133]: Successful su for rubyman by root
Sep 29 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28133]: + ??? root:rubyman
Sep 29 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313954 of user rubyman.
Sep 29 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28133]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313954.
Sep 29 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Failed password for root from 162.144.236.216 port 52778 ssh2
Sep 29 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Connection closed by 162.144.236.216 port 52778 [preauth]
Sep 29 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28058]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session closed for user root
Sep 29 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Failed password for root from 162.144.236.216 port 32950 ssh2
Sep 29 09:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Connection closed by 162.144.236.216 port 32950 [preauth]
Sep 29 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: Failed password for root from 45.190.24.67 port 55982 ssh2
Sep 29 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: Received disconnect from 45.190.24.67 port 55982:11: Bye Bye [preauth]
Sep 29 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: Disconnected from 45.190.24.67 port 55982 [preauth]
Sep 29 09:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Invalid user murat from 222.107.251.147
Sep 29 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: input_userauth_request: invalid user murat [preauth]
Sep 29 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for invalid user murat from 222.107.251.147 port 54655 ssh2
Sep 29 09:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Received disconnect from 222.107.251.147 port 54655:11: Bye Bye [preauth]
Sep 29 09:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Disconnected from 222.107.251.147 port 54655 [preauth]
Sep 29 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user root
Sep 29 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: Failed password for root from 162.144.236.216 port 39434 ssh2
Sep 29 09:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: Connection closed by 162.144.236.216 port 39434 [preauth]
Sep 29 09:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28493]: Failed password for root from 162.144.236.216 port 48530 ssh2
Sep 29 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28493]: Connection closed by 162.144.236.216 port 48530 [preauth]
Sep 29 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28643]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: Successful su for rubyman by root
Sep 29 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: + ??? root:rubyman
Sep 29 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313958 of user rubyman.
Sep 29 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28723]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313958.
Sep 29 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24913]: pam_unix(cron:session): session closed for user root
Sep 29 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28644]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Failed password for root from 162.144.236.216 port 54354 ssh2
Sep 29 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Connection closed by 162.144.236.216 port 54354 [preauth]
Sep 29 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Failed password for root from 162.144.236.216 port 60788 ssh2
Sep 29 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Connection closed by 162.144.236.216 port 60788 [preauth]
Sep 29 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Failed password for root from 162.144.236.216 port 39064 ssh2
Sep 29 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Connection closed by 162.144.236.216 port 39064 [preauth]
Sep 29 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Invalid user jasper from 45.190.24.67
Sep 29 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: input_userauth_request: invalid user jasper [preauth]
Sep 29 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Failed password for invalid user jasper from 45.190.24.67 port 51312 ssh2
Sep 29 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Received disconnect from 45.190.24.67 port 51312:11: Bye Bye [preauth]
Sep 29 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29114]: Disconnected from 45.190.24.67 port 51312 [preauth]
Sep 29 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29109]: Failed password for root from 162.144.236.216 port 44372 ssh2
Sep 29 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29109]: Connection closed by 162.144.236.216 port 44372 [preauth]
Sep 29 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Invalid user rahim from 222.107.251.147
Sep 29 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: input_userauth_request: invalid user rahim [preauth]
Sep 29 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user root
Sep 29 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Failed password for invalid user rahim from 222.107.251.147 port 7519 ssh2
Sep 29 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Received disconnect from 222.107.251.147 port 7519:11: Bye Bye [preauth]
Sep 29 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Disconnected from 222.107.251.147 port 7519 [preauth]
Sep 29 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Failed password for root from 162.144.236.216 port 51232 ssh2
Sep 29 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Connection closed by 162.144.236.216 port 51232 [preauth]
Sep 29 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Failed password for root from 162.144.236.216 port 56500 ssh2
Sep 29 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Connection closed by 162.144.236.216 port 56500 [preauth]
Sep 29 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29315]: Successful su for rubyman by root
Sep 29 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29315]: + ??? root:rubyman
Sep 29 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313964 of user rubyman.
Sep 29 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29315]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313964.
Sep 29 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session closed for user root
Sep 29 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29236]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Failed password for root from 103.159.132.217 port 41224 ssh2
Sep 29 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Received disconnect from 103.159.132.217 port 41224:11: Bye Bye [preauth]
Sep 29 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Disconnected from 103.159.132.217 port 41224 [preauth]
Sep 29 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Failed password for root from 162.144.236.216 port 34100 ssh2
Sep 29 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Connection closed by 162.144.236.216 port 34100 [preauth]
Sep 29 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Invalid user uftp from 107.172.50.151
Sep 29 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: input_userauth_request: invalid user uftp [preauth]
Sep 29 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Failed password for invalid user uftp from 107.172.50.151 port 39990 ssh2
Sep 29 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Received disconnect from 107.172.50.151 port 39990:11: Bye Bye [preauth]
Sep 29 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Disconnected from 107.172.50.151 port 39990 [preauth]
Sep 29 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Failed password for root from 162.144.236.216 port 43906 ssh2
Sep 29 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Connection closed by 162.144.236.216 port 43906 [preauth]
Sep 29 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28060]: pam_unix(cron:session): session closed for user root
Sep 29 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Failed password for root from 45.190.24.67 port 46628 ssh2
Sep 29 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Received disconnect from 45.190.24.67 port 46628:11: Bye Bye [preauth]
Sep 29 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Disconnected from 45.190.24.67 port 46628 [preauth]
Sep 29 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: Failed password for root from 162.144.236.216 port 51478 ssh2
Sep 29 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: Connection closed by 162.144.236.216 port 51478 [preauth]
Sep 29 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: Failed password for root from 162.144.236.216 port 58904 ssh2
Sep 29 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: Connection closed by 162.144.236.216 port 58904 [preauth]
Sep 29 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Invalid user user from 222.107.251.147
Sep 29 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: input_userauth_request: invalid user user [preauth]
Sep 29 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Failed password for invalid user user from 222.107.251.147 port 24831 ssh2
Sep 29 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Received disconnect from 222.107.251.147 port 24831:11: Bye Bye [preauth]
Sep 29 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Disconnected from 222.107.251.147 port 24831 [preauth]
Sep 29 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: Failed password for root from 162.144.236.216 port 35812 ssh2
Sep 29 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29671]: Connection closed by 162.144.236.216 port 35812 [preauth]
Sep 29 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Failed password for root from 162.144.236.216 port 41542 ssh2
Sep 29 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Connection closed by 162.144.236.216 port 41542 [preauth]
Sep 29 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: Successful su for rubyman by root
Sep 29 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: + ??? root:rubyman
Sep 29 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313966 of user rubyman.
Sep 29 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313966.
Sep 29 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Failed password for root from 162.144.236.216 port 45882 ssh2
Sep 29 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Connection closed by 162.144.236.216 port 45882 [preauth]
Sep 29 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26215]: pam_unix(cron:session): session closed for user root
Sep 29 09:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Failed password for root from 162.144.236.216 port 52546 ssh2
Sep 29 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Connection closed by 162.144.236.216 port 52546 [preauth]
Sep 29 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Failed password for root from 162.144.236.216 port 59736 ssh2
Sep 29 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Connection closed by 162.144.236.216 port 59736 [preauth]
Sep 29 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: Failed password for root from 162.144.236.216 port 38862 ssh2
Sep 29 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30082]: Connection closed by 162.144.236.216 port 38862 [preauth]
Sep 29 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session closed for user root
Sep 29 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Failed password for root from 162.144.236.216 port 46538 ssh2
Sep 29 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Invalid user superadmin from 45.190.24.67
Sep 29 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Connection closed by 162.144.236.216 port 46538 [preauth]
Sep 29 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Failed password for invalid user superadmin from 45.190.24.67 port 41934 ssh2
Sep 29 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Received disconnect from 45.190.24.67 port 41934:11: Bye Bye [preauth]
Sep 29 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Disconnected from 45.190.24.67 port 41934 [preauth]
Sep 29 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Failed password for root from 162.144.236.216 port 52704 ssh2
Sep 29 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Connection closed by 162.144.236.216 port 52704 [preauth]
Sep 29 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: Failed password for root from 162.144.236.216 port 60670 ssh2
Sep 29 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Invalid user forge from 222.107.251.147
Sep 29 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: input_userauth_request: invalid user forge [preauth]
Sep 29 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: Connection closed by 162.144.236.216 port 60670 [preauth]
Sep 29 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Failed password for invalid user forge from 222.107.251.147 port 44696 ssh2
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Received disconnect from 222.107.251.147 port 44696:11: Bye Bye [preauth]
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Disconnected from 222.107.251.147 port 44696 [preauth]
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30248]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30253]: pam_unix(cron:session): session closed for user root
Sep 29 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: Successful su for rubyman by root
Sep 29 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: + ??? root:rubyman
Sep 29 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313970 of user rubyman.
Sep 29 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313970.
Sep 29 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30247]: pam_unix(cron:session): session closed for user root
Sep 29 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session closed for user root
Sep 29 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: Failed password for root from 162.144.236.216 port 38106 ssh2
Sep 29 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: Connection closed by 162.144.236.216 port 38106 [preauth]
Sep 29 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Failed password for root from 162.144.236.216 port 44332 ssh2
Sep 29 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Connection closed by 162.144.236.216 port 44332 [preauth]
Sep 29 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29239]: pam_unix(cron:session): session closed for user root
Sep 29 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for root from 162.144.236.216 port 49870 ssh2
Sep 29 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Connection closed by 162.144.236.216 port 49870 [preauth]
Sep 29 09:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Failed password for root from 162.144.236.216 port 57886 ssh2
Sep 29 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Failed password for root from 45.190.24.67 port 37250 ssh2
Sep 29 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Received disconnect from 45.190.24.67 port 37250:11: Bye Bye [preauth]
Sep 29 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Disconnected from 45.190.24.67 port 37250 [preauth]
Sep 29 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30789]: Connection closed by 162.144.236.216 port 57886 [preauth]
Sep 29 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Invalid user minecraft from 103.159.132.217
Sep 29 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Failed password for invalid user minecraft from 103.159.132.217 port 48830 ssh2
Sep 29 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Received disconnect from 103.159.132.217 port 48830:11: Bye Bye [preauth]
Sep 29 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Disconnected from 103.159.132.217 port 48830 [preauth]
Sep 29 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30858]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30931]: Successful su for rubyman by root
Sep 29 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30931]: + ??? root:rubyman
Sep 29 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313976 of user rubyman.
Sep 29 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30931]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313976.
Sep 29 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Invalid user eddy from 222.107.251.147
Sep 29 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: input_userauth_request: invalid user eddy [preauth]
Sep 29 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session closed for user root
Sep 29 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Failed password for invalid user eddy from 222.107.251.147 port 61997 ssh2
Sep 29 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Received disconnect from 222.107.251.147 port 61997:11: Bye Bye [preauth]
Sep 29 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Disconnected from 222.107.251.147 port 61997 [preauth]
Sep 29 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: Failed password for root from 162.144.236.216 port 37510 ssh2
Sep 29 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: Connection closed by 162.144.236.216 port 37510 [preauth]
Sep 29 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Failed password for root from 162.144.236.216 port 48926 ssh2
Sep 29 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29726]: pam_unix(cron:session): session closed for user root
Sep 29 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Connection closed by 162.144.236.216 port 48926 [preauth]
Sep 29 09:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: Failed password for root from 107.172.50.151 port 48128 ssh2
Sep 29 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: Received disconnect from 107.172.50.151 port 48128:11: Bye Bye [preauth]
Sep 29 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31270]: Disconnected from 107.172.50.151 port 48128 [preauth]
Sep 29 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Failed password for root from 162.144.236.216 port 58574 ssh2
Sep 29 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Connection closed by 162.144.236.216 port 58574 [preauth]
Sep 29 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: Invalid user sambauser from 45.190.24.67
Sep 29 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: input_userauth_request: invalid user sambauser [preauth]
Sep 29 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: Failed password for invalid user sambauser from 45.190.24.67 port 60788 ssh2
Sep 29 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: Received disconnect from 45.190.24.67 port 60788:11: Bye Bye [preauth]
Sep 29 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: Disconnected from 45.190.24.67 port 60788 [preauth]
Sep 29 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31391]: Successful su for rubyman by root
Sep 29 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31391]: + ??? root:rubyman
Sep 29 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313980 of user rubyman.
Sep 29 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31391]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313980.
Sep 29 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Failed password for root from 162.144.236.216 port 37124 ssh2
Sep 29 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session closed for user root
Sep 29 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Connection closed by 162.144.236.216 port 37124 [preauth]
Sep 29 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Invalid user wangziyun from 222.107.251.147
Sep 29 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: input_userauth_request: invalid user wangziyun [preauth]
Sep 29 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Failed password for invalid user wangziyun from 222.107.251.147 port 14524 ssh2
Sep 29 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Received disconnect from 222.107.251.147 port 14524:11: Bye Bye [preauth]
Sep 29 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Disconnected from 222.107.251.147 port 14524 [preauth]
Sep 29 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31648]: Failed password for root from 162.144.236.216 port 44664 ssh2
Sep 29 09:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31648]: Connection closed by 162.144.236.216 port 44664 [preauth]
Sep 29 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session closed for user root
Sep 29 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Failed password for root from 162.144.236.216 port 53470 ssh2
Sep 29 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Connection closed by 162.144.236.216 port 53470 [preauth]
Sep 29 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Failed password for root from 162.144.236.216 port 58976 ssh2
Sep 29 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Connection closed by 162.144.236.216 port 58976 [preauth]
Sep 29 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Invalid user abc from 45.190.24.67
Sep 29 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: input_userauth_request: invalid user abc [preauth]
Sep 29 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Failed password for invalid user abc from 45.190.24.67 port 56090 ssh2
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Received disconnect from 45.190.24.67 port 56090:11: Bye Bye [preauth]
Sep 29 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Disconnected from 45.190.24.67 port 56090 [preauth]
Sep 29 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31888]: Successful su for rubyman by root
Sep 29 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31888]: + ??? root:rubyman
Sep 29 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313985 of user rubyman.
Sep 29 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31888]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313985.
Sep 29 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28645]: pam_unix(cron:session): session closed for user root
Sep 29 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Failed password for root from 162.144.236.216 port 35306 ssh2
Sep 29 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Connection closed by 162.144.236.216 port 35306 [preauth]
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Failed password for root from 222.107.251.147 port 33514 ssh2
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Invalid user jordi from 107.172.50.151
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: input_userauth_request: invalid user jordi [preauth]
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Received disconnect from 222.107.251.147 port 33514:11: Bye Bye [preauth]
Sep 29 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Disconnected from 222.107.251.147 port 33514 [preauth]
Sep 29 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: Invalid user user from 93.152.230.176
Sep 29 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: input_userauth_request: invalid user user [preauth]
Sep 29 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Failed password for invalid user jordi from 107.172.50.151 port 56582 ssh2
Sep 29 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Received disconnect from 107.172.50.151 port 56582:11: Bye Bye [preauth]
Sep 29 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Disconnected from 107.172.50.151 port 56582 [preauth]
Sep 29 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: Failed password for invalid user user from 93.152.230.176 port 58308 ssh2
Sep 29 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: Received disconnect from 93.152.230.176 port 58308:11: Client disconnecting normally [preauth]
Sep 29 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32142]: Disconnected from 93.152.230.176 port 58308 [preauth]
Sep 29 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session closed for user root
Sep 29 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Failed password for root from 162.144.236.216 port 44610 ssh2
Sep 29 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Invalid user bing from 103.159.132.217
Sep 29 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: input_userauth_request: invalid user bing [preauth]
Sep 29 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Failed password for invalid user bing from 103.159.132.217 port 34278 ssh2
Sep 29 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Received disconnect from 103.159.132.217 port 34278:11: Bye Bye [preauth]
Sep 29 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Disconnected from 103.159.132.217 port 34278 [preauth]
Sep 29 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32141]: Connection closed by 162.144.236.216 port 44610 [preauth]
Sep 29 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: Failed password for root from 162.144.236.216 port 52100 ssh2
Sep 29 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32231]: Connection closed by 162.144.236.216 port 52100 [preauth]
Sep 29 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32276]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32278]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: Successful su for rubyman by root
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: + ??? root:rubyman
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313989 of user rubyman.
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313989.
Sep 29 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32276]: pam_unix(cron:session): session closed for user root
Sep 29 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: Invalid user foundry from 45.190.24.67
Sep 29 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: input_userauth_request: invalid user foundry [preauth]
Sep 29 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session closed for user root
Sep 29 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: Failed password for invalid user foundry from 45.190.24.67 port 51380 ssh2
Sep 29 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: Received disconnect from 45.190.24.67 port 51380:11: Bye Bye [preauth]
Sep 29 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32512]: Disconnected from 45.190.24.67 port 51380 [preauth]
Sep 29 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for root from 162.144.236.216 port 58472 ssh2
Sep 29 09:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Connection closed by 162.144.236.216 port 58472 [preauth]
Sep 29 09:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Invalid user delme from 222.107.251.147
Sep 29 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: input_userauth_request: invalid user delme [preauth]
Sep 29 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Failed password for invalid user delme from 222.107.251.147 port 52056 ssh2
Sep 29 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Received disconnect from 222.107.251.147 port 52056:11: Bye Bye [preauth]
Sep 29 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Disconnected from 222.107.251.147 port 52056 [preauth]
Sep 29 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Did not receive identification string from 162.144.236.216
Sep 29 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user root
Sep 29 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Failed password for root from 162.144.236.216 port 42036 ssh2
Sep 29 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Connection closed by 162.144.236.216 port 42036 [preauth]
Sep 29 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[356]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[357]: pam_unix(cron:session): session closed for user root
Sep 29 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[437]: Successful su for rubyman by root
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[437]: + ??? root:rubyman
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313997 of user rubyman.
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[437]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313997.
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: Invalid user candy from 107.172.50.151
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: input_userauth_request: invalid user candy [preauth]
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Failed password for root from 162.144.236.216 port 49538 ssh2
Sep 29 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: Failed password for invalid user candy from 107.172.50.151 port 57270 ssh2
Sep 29 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: Received disconnect from 107.172.50.151 port 57270:11: Bye Bye [preauth]
Sep 29 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[435]: Disconnected from 107.172.50.151 port 57270 [preauth]
Sep 29 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user root
Sep 29 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session closed for user root
Sep 29 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[330]: Connection closed by 162.144.236.216 port 49538 [preauth]
Sep 29 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Invalid user oguz from 45.190.24.67
Sep 29 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: input_userauth_request: invalid user oguz [preauth]
Sep 29 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Failed password for invalid user oguz from 45.190.24.67 port 46704 ssh2
Sep 29 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Received disconnect from 45.190.24.67 port 46704:11: Bye Bye [preauth]
Sep 29 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Disconnected from 45.190.24.67 port 46704 [preauth]
Sep 29 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Failed password for root from 162.144.236.216 port 57100 ssh2
Sep 29 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Connection closed by 162.144.236.216 port 57100 [preauth]
Sep 29 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session closed for user root
Sep 29 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Failed password for root from 162.144.236.216 port 35262 ssh2
Sep 29 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: Invalid user admin from 222.107.251.147
Sep 29 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: input_userauth_request: invalid user admin [preauth]
Sep 29 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Connection closed by 162.144.236.216 port 35262 [preauth]
Sep 29 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: Failed password for invalid user admin from 222.107.251.147 port 3530 ssh2
Sep 29 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: Received disconnect from 222.107.251.147 port 3530:11: Bye Bye [preauth]
Sep 29 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[767]: Disconnected from 222.107.251.147 port 3530 [preauth]
Sep 29 09:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: User mysql from 194.0.234.19 not allowed because not listed in AllowUsers
Sep 29 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: input_userauth_request: invalid user mysql [preauth]
Sep 29 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Failed none for invalid user mysql from 194.0.234.19 port 52676 ssh2
Sep 29 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Connection closed by 194.0.234.19 port 52676 [preauth]
Sep 29 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: Failed password for root from 162.144.236.216 port 42252 ssh2
Sep 29 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: Connection closed by 162.144.236.216 port 42252 [preauth]
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1020]: Successful su for rubyman by root
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1020]: + ??? root:rubyman
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 313999 of user rubyman.
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1020]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 313999.
Sep 29 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1184]: Invalid user admin from 139.19.117.131
Sep 29 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1184]: input_userauth_request: invalid user admin [preauth]
Sep 29 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30248]: pam_unix(cron:session): session closed for user root
Sep 29 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[892]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1184]: Connection closed by 139.19.117.131 port 38428 [preauth]
Sep 29 09:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Failed password for root from 162.144.236.216 port 51456 ssh2
Sep 29 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Invalid user user from 62.60.131.157
Sep 29 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: input_userauth_request: invalid user user [preauth]
Sep 29 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for root from 45.190.24.67 port 42024 ssh2
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Received disconnect from 45.190.24.67 port 42024:11: Bye Bye [preauth]
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Disconnected from 45.190.24.67 port 42024 [preauth]
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user user from 62.60.131.157 port 26923 ssh2
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Invalid user user from 103.159.132.217
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: input_userauth_request: invalid user user [preauth]
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[887]: Connection closed by 162.144.236.216 port 51456 [preauth]
Sep 29 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Failed password for invalid user user from 103.159.132.217 port 44034 ssh2
Sep 29 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user user from 62.60.131.157 port 26923 ssh2
Sep 29 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Received disconnect from 103.159.132.217 port 44034:11: Bye Bye [preauth]
Sep 29 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Disconnected from 103.159.132.217 port 44034 [preauth]
Sep 29 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user user from 62.60.131.157 port 26923 ssh2
Sep 29 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user user from 62.60.131.157 port 26923 ssh2
Sep 29 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Failed password for invalid user user from 62.60.131.157 port 26923 ssh2
Sep 29 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Received disconnect from 62.60.131.157 port 26923:11: Bye [preauth]
Sep 29 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: Disconnected from 62.60.131.157 port 26923 [preauth]
Sep 29 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1271]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session closed for user root
Sep 29 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Failed password for root from 162.144.236.216 port 59260 ssh2
Sep 29 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1287]: Connection closed by 162.144.236.216 port 59260 [preauth]
Sep 29 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Invalid user ian from 222.107.251.147
Sep 29 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: input_userauth_request: invalid user ian [preauth]
Sep 29 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Failed password for invalid user ian from 222.107.251.147 port 7293 ssh2
Sep 29 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Received disconnect from 222.107.251.147 port 7293:11: Bye Bye [preauth]
Sep 29 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Disconnected from 222.107.251.147 port 7293 [preauth]
Sep 29 09:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for root from 162.144.236.216 port 38858 ssh2
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Connection closed by 162.144.236.216 port 38858 [preauth]
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1440]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1517]: Successful su for rubyman by root
Sep 29 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1517]: + ??? root:rubyman
Sep 29 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314004 of user rubyman.
Sep 29 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1517]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314004.
Sep 29 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session closed for user root
Sep 29 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1441]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Failed password for root from 162.144.236.216 port 46442 ssh2
Sep 29 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Failed password for root from 164.68.105.9 port 52496 ssh2
Sep 29 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Connection closed by 164.68.105.9 port 52496 [preauth]
Sep 29 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Connection closed by 162.144.236.216 port 46442 [preauth]
Sep 29 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67  user=root
Sep 29 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Failed password for root from 45.190.24.67 port 37332 ssh2
Sep 29 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Received disconnect from 45.190.24.67 port 37332:11: Bye Bye [preauth]
Sep 29 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1802]: Disconnected from 45.190.24.67 port 37332 [preauth]
Sep 29 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[356]: pam_unix(cron:session): session closed for user root
Sep 29 09:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for root from 162.144.236.216 port 52834 ssh2
Sep 29 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 162.144.236.216 port 52834 [preauth]
Sep 29 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Failed password for root from 222.107.251.147 port 39957 ssh2
Sep 29 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Received disconnect from 222.107.251.147 port 39957:11: Bye Bye [preauth]
Sep 29 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Disconnected from 222.107.251.147 port 39957 [preauth]
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1904]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: Successful su for rubyman by root
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: + ??? root:rubyman
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314008 of user rubyman.
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314008.
Sep 29 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user root
Sep 29 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Failed password for root from 162.144.236.216 port 35086 ssh2
Sep 29 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1905]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Connection closed by 162.144.236.216 port 35086 [preauth]
Sep 29 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Failed password for root from 162.144.236.216 port 43886 ssh2
Sep 29 09:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Connection closed by 162.144.236.216 port 43886 [preauth]
Sep 29 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151  user=root
Sep 29 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2257]: Failed password for root from 107.172.50.151 port 53368 ssh2
Sep 29 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2257]: Received disconnect from 107.172.50.151 port 53368:11: Bye Bye [preauth]
Sep 29 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2257]: Disconnected from 107.172.50.151 port 53368 [preauth]
Sep 29 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Invalid user strapi from 45.190.24.67
Sep 29 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: input_userauth_request: invalid user strapi [preauth]
Sep 29 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session closed for user root
Sep 29 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for root from 162.144.236.216 port 50006 ssh2
Sep 29 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Failed password for invalid user strapi from 45.190.24.67 port 60882 ssh2
Sep 29 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Received disconnect from 45.190.24.67 port 60882:11: Bye Bye [preauth]
Sep 29 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Disconnected from 45.190.24.67 port 60882 [preauth]
Sep 29 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Connection closed by 162.144.236.216 port 50006 [preauth]
Sep 29 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for root from 162.144.236.216 port 55886 ssh2
Sep 29 09:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 162.144.236.216 port 55886 [preauth]
Sep 29 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2353]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2418]: Successful su for rubyman by root
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2418]: + ??? root:rubyman
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314011 of user rubyman.
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2418]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314011.
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Invalid user candy from 103.159.132.217
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: input_userauth_request: invalid user candy [preauth]
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Failed password for invalid user candy from 103.159.132.217 port 49144 ssh2
Sep 29 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Received disconnect from 103.159.132.217 port 49144:11: Bye Bye [preauth]
Sep 29 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2350]: Disconnected from 103.159.132.217 port 49144 [preauth]
Sep 29 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session closed for user root
Sep 29 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147  user=root
Sep 29 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2354]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for root from 222.107.251.147 port 58810 ssh2
Sep 29 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Received disconnect from 222.107.251.147 port 58810:11: Bye Bye [preauth]
Sep 29 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Disconnected from 222.107.251.147 port 58810 [preauth]
Sep 29 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Failed password for root from 162.144.236.216 port 34980 ssh2
Sep 29 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Connection closed by 162.144.236.216 port 34980 [preauth]
Sep 29 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Failed password for root from 162.144.236.216 port 43552 ssh2
Sep 29 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session closed for user root
Sep 29 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Connection closed by 162.144.236.216 port 43552 [preauth]
Sep 29 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Invalid user tuan from 45.190.24.67
Sep 29 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: input_userauth_request: invalid user tuan [preauth]
Sep 29 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.190.24.67
Sep 29 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for invalid user tuan from 45.190.24.67 port 56182 ssh2
Sep 29 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Received disconnect from 45.190.24.67 port 56182:11: Bye Bye [preauth]
Sep 29 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Disconnected from 45.190.24.67 port 56182 [preauth]
Sep 29 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: Failed password for root from 162.144.236.216 port 51120 ssh2
Sep 29 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: Connection closed by 162.144.236.216 port 51120 [preauth]
Sep 29 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2800]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user root
Sep 29 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: Successful su for rubyman by root
Sep 29 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: + ??? root:rubyman
Sep 29 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314016 of user rubyman.
Sep 29 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314016.
Sep 29 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2800]: pam_unix(cron:session): session closed for user root
Sep 29 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32280]: pam_unix(cron:session): session closed for user root
Sep 29 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: Failed password for root from 162.144.236.216 port 59244 ssh2
Sep 29 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2785]: Connection closed by 162.144.236.216 port 59244 [preauth]
Sep 29 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Invalid user eder from 222.107.251.147
Sep 29 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: input_userauth_request: invalid user eder [preauth]
Sep 29 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Failed password for invalid user eder from 222.107.251.147 port 11487 ssh2
Sep 29 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Received disconnect from 222.107.251.147 port 11487:11: Bye Bye [preauth]
Sep 29 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Disconnected from 222.107.251.147 port 11487 [preauth]
Sep 29 09:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Failed password for root from 162.144.236.216 port 39098 ssh2
Sep 29 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Connection closed by 162.144.236.216 port 39098 [preauth]
Sep 29 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session closed for user root
Sep 29 09:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Failed password for root from 162.144.236.216 port 46472 ssh2
Sep 29 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Connection closed by 162.144.236.216 port 46472 [preauth]
Sep 29 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3262]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: Successful su for rubyman by root
Sep 29 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: + ??? root:rubyman
Sep 29 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314021 of user rubyman.
Sep 29 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314021.
Sep 29 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[355]: pam_unix(cron:session): session closed for user root
Sep 29 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3263]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Failed password for root from 162.144.236.216 port 54890 ssh2
Sep 29 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3248]: Connection closed by 162.144.236.216 port 54890 [preauth]
Sep 29 09:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Invalid user squid from 222.107.251.147
Sep 29 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: input_userauth_request: invalid user squid [preauth]
Sep 29 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.251.147
Sep 29 09:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Failed password for invalid user squid from 222.107.251.147 port 30507 ssh2
Sep 29 09:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Received disconnect from 222.107.251.147 port 30507:11: Bye Bye [preauth]
Sep 29 09:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Disconnected from 222.107.251.147 port 30507 [preauth]
Sep 29 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session closed for user root
Sep 29 09:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Failed password for root from 162.144.236.216 port 34836 ssh2
Sep 29 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3569]: Connection closed by 162.144.236.216 port 34836 [preauth]
Sep 29 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Invalid user tabata from 103.159.132.217
Sep 29 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: input_userauth_request: invalid user tabata [preauth]
Sep 29 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Failed password for invalid user tabata from 103.159.132.217 port 39340 ssh2
Sep 29 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Received disconnect from 103.159.132.217 port 39340:11: Bye Bye [preauth]
Sep 29 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Disconnected from 103.159.132.217 port 39340 [preauth]
Sep 29 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3699]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3774]: Successful su for rubyman by root
Sep 29 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3774]: + ??? root:rubyman
Sep 29 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314025 of user rubyman.
Sep 29 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3774]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314025.
Sep 29 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Failed password for root from 162.144.236.216 port 45188 ssh2
Sep 29 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Connection closed by 162.144.236.216 port 45188 [preauth]
Sep 29 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[896]: pam_unix(cron:session): session closed for user root
Sep 29 09:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: Failed password for root from 162.144.236.216 port 54588 ssh2
Sep 29 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3915]: Connection closed by 162.144.236.216 port 54588 [preauth]
Sep 29 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Failed password for root from 162.144.236.216 port 59644 ssh2
Sep 29 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Connection closed by 162.144.236.216 port 59644 [preauth]
Sep 29 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Failed password for root from 162.144.236.216 port 38374 ssh2
Sep 29 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Connection closed by 162.144.236.216 port 38374 [preauth]
Sep 29 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2802]: pam_unix(cron:session): session closed for user root
Sep 29 09:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Failed password for root from 162.144.236.216 port 44754 ssh2
Sep 29 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Connection closed by 162.144.236.216 port 44754 [preauth]
Sep 29 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Failed password for root from 162.144.236.216 port 49686 ssh2
Sep 29 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Connection closed by 162.144.236.216 port 49686 [preauth]
Sep 29 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4158]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: Successful su for rubyman by root
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: + ??? root:rubyman
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314030 of user rubyman.
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4232]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314030.
Sep 29 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1456]: pam_unix(cron:session): session closed for user root
Sep 29 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4159]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Failed password for root from 93.152.230.176 port 51972 ssh2
Sep 29 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: Failed password for root from 162.144.236.216 port 55908 ssh2
Sep 29 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Received disconnect from 93.152.230.176 port 51972:11: Client disconnecting normally [preauth]
Sep 29 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4413]: Disconnected from 93.152.230.176 port 51972 [preauth]
Sep 29 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4155]: Connection closed by 162.144.236.216 port 55908 [preauth]
Sep 29 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Failed password for root from 162.144.236.216 port 34994 ssh2
Sep 29 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Connection closed by 162.144.236.216 port 34994 [preauth]
Sep 29 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Failed password for root from 162.144.236.216 port 41916 ssh2
Sep 29 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Connection closed by 162.144.236.216 port 41916 [preauth]
Sep 29 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: Failed password for root from 162.144.236.216 port 47200 ssh2
Sep 29 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3266]: pam_unix(cron:session): session closed for user root
Sep 29 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Invalid user userr from 107.172.50.151
Sep 29 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: input_userauth_request: invalid user userr [preauth]
Sep 29 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.50.151
Sep 29 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4491]: Connection closed by 162.144.236.216 port 47200 [preauth]
Sep 29 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Failed password for invalid user userr from 107.172.50.151 port 44942 ssh2
Sep 29 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Received disconnect from 107.172.50.151 port 44942:11: Bye Bye [preauth]
Sep 29 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Disconnected from 107.172.50.151 port 44942 [preauth]
Sep 29 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Sep 29 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Failed password for root from 80.94.95.115 port 54854 ssh2
Sep 29 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Connection closed by 80.94.95.115 port 54854 [preauth]
Sep 29 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Failed password for root from 162.144.236.216 port 55710 ssh2
Sep 29 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Connection closed by 162.144.236.216 port 55710 [preauth]
Sep 29 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for root from 162.144.236.216 port 34450 ssh2
Sep 29 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 162.144.236.216 port 34450 [preauth]
Sep 29 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Failed password for root from 162.144.236.216 port 41424 ssh2
Sep 29 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4616]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Invalid user sohan from 80.94.95.112
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: input_userauth_request: invalid user sohan [preauth]
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: Successful su for rubyman by root
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: + ??? root:rubyman
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314036 of user rubyman.
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314036.
Sep 29 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Connection closed by 162.144.236.216 port 41424 [preauth]
Sep 29 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Failed password for invalid user sohan from 80.94.95.112 port 62963 ssh2
Sep 29 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user root
Sep 29 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Failed password for invalid user sohan from 80.94.95.112 port 62963 ssh2
Sep 29 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Failed password for invalid user sohan from 80.94.95.112 port 62963 ssh2
Sep 29 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Failed password for invalid user sohan from 80.94.95.112 port 62963 ssh2
Sep 29 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Failed password for root from 162.144.236.216 port 49420 ssh2
Sep 29 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Connection closed by 162.144.236.216 port 49420 [preauth]
Sep 29 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Failed password for invalid user sohan from 80.94.95.112 port 62963 ssh2
Sep 29 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Received disconnect from 80.94.95.112 port 62963:11: Bye [preauth]
Sep 29 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: Disconnected from 80.94.95.112 port 62963 [preauth]
Sep 29 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4613]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4596]: Connection closed by 175.136.142.75 port 5045 [preauth]
Sep 29 09:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Failed password for root from 162.144.236.216 port 56682 ssh2
Sep 29 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Connection closed by 162.144.236.216 port 56682 [preauth]
Sep 29 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Failed password for root from 162.144.236.216 port 33276 ssh2
Sep 29 09:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Connection closed by 162.144.236.216 port 33276 [preauth]
Sep 29 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session closed for user root
Sep 29 09:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Failed password for root from 162.144.236.216 port 39538 ssh2
Sep 29 09:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Connection closed by 162.144.236.216 port 39538 [preauth]
Sep 29 09:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Failed password for root from 162.144.236.216 port 47098 ssh2
Sep 29 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Connection closed by 162.144.236.216 port 47098 [preauth]
Sep 29 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: Invalid user userr from 103.159.132.217
Sep 29 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: input_userauth_request: invalid user userr [preauth]
Sep 29 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Failed password for root from 162.144.236.216 port 52308 ssh2
Sep 29 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: Failed password for invalid user userr from 103.159.132.217 port 32842 ssh2
Sep 29 09:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: Received disconnect from 103.159.132.217 port 32842:11: Bye Bye [preauth]
Sep 29 09:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: Disconnected from 103.159.132.217 port 32842 [preauth]
Sep 29 09:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Connection closed by 162.144.236.216 port 52308 [preauth]
Sep 29 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Failed password for root from 162.144.236.216 port 60140 ssh2
Sep 29 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5067]: Connection closed by 162.144.236.216 port 60140 [preauth]
Sep 29 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5092]: pam_unix(cron:session): session closed for user root
Sep 29 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5082]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5160]: Successful su for rubyman by root
Sep 29 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5160]: + ??? root:rubyman
Sep 29 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314039 of user rubyman.
Sep 29 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5160]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314039.
Sep 29 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5089]: pam_unix(cron:session): session closed for user root
Sep 29 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Failed password for root from 162.144.236.216 port 38270 ssh2
Sep 29 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2355]: pam_unix(cron:session): session closed for user root
Sep 29 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Connection closed by 162.144.236.216 port 38270 [preauth]
Sep 29 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5083]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5455]: Failed password for root from 162.144.236.216 port 43392 ssh2
Sep 29 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5455]: Connection closed by 162.144.236.216 port 43392 [preauth]
Sep 29 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for root from 162.144.236.216 port 50406 ssh2
Sep 29 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Connection closed by 162.144.236.216 port 50406 [preauth]
Sep 29 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5527]: Failed password for root from 162.144.236.216 port 56200 ssh2
Sep 29 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5527]: Connection closed by 162.144.236.216 port 56200 [preauth]
Sep 29 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session closed for user root
Sep 29 09:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: Failed password for root from 162.144.236.216 port 35286 ssh2
Sep 29 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5565]: Connection closed by 162.144.236.216 port 35286 [preauth]
Sep 29 09:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for root from 162.144.236.216 port 41774 ssh2
Sep 29 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Connection closed by 162.144.236.216 port 41774 [preauth]
Sep 29 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: Failed password for root from 162.144.236.216 port 48718 ssh2
Sep 29 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5634]: Connection closed by 162.144.236.216 port 48718 [preauth]
Sep 29 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5664]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5662]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5740]: Successful su for rubyman by root
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5740]: + ??? root:rubyman
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314043 of user rubyman.
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5740]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314043.
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Failed password for root from 162.144.236.216 port 54114 ssh2
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Invalid user  from 62.60.131.157
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: input_userauth_request: invalid user  [preauth]
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Failed none for invalid user  from 62.60.131.157 port 62531 ssh2
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Received disconnect from 62.60.131.157 port 62531:11: Bye [preauth]
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Disconnected from 62.60.131.157 port 62531 [preauth]
Sep 29 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Connection closed by 162.144.236.216 port 54114 [preauth]
Sep 29 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user root
Sep 29 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5663]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5819]: Failed password for root from 162.144.236.216 port 60164 ssh2
Sep 29 09:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5819]: Connection closed by 162.144.236.216 port 60164 [preauth]
Sep 29 09:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Failed password for root from 162.144.236.216 port 38370 ssh2
Sep 29 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Connection closed by 162.144.236.216 port 38370 [preauth]
Sep 29 09:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Failed password for root from 162.144.236.216 port 45106 ssh2
Sep 29 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Connection closed by 162.144.236.216 port 45106 [preauth]
Sep 29 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user root
Sep 29 09:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Failed password for root from 162.144.236.216 port 51666 ssh2
Sep 29 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Connection closed by 162.144.236.216 port 51666 [preauth]
Sep 29 09:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6068]: Failed password for root from 162.144.236.216 port 59102 ssh2
Sep 29 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6068]: Connection closed by 162.144.236.216 port 59102 [preauth]
Sep 29 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Failed password for root from 162.144.236.216 port 36868 ssh2
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Connection closed by 162.144.236.216 port 36868 [preauth]
Sep 29 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6198]: Successful su for rubyman by root
Sep 29 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6198]: + ??? root:rubyman
Sep 29 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314047 of user rubyman.
Sep 29 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6198]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314047.
Sep 29 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session closed for user root
Sep 29 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: Failed password for root from 162.144.236.216 port 43998 ssh2
Sep 29 09:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: Connection closed by 162.144.236.216 port 43998 [preauth]
Sep 29 09:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for root from 162.144.236.216 port 50644 ssh2
Sep 29 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Connection closed by 162.144.236.216 port 50644 [preauth]
Sep 29 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5091]: pam_unix(cron:session): session closed for user root
Sep 29 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: Failed password for root from 162.144.236.216 port 58206 ssh2
Sep 29 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: Connection closed by 162.144.236.216 port 58206 [preauth]
Sep 29 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Invalid user test1 from 103.159.132.217
Sep 29 09:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: input_userauth_request: invalid user test1 [preauth]
Sep 29 09:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Failed password for invalid user test1 from 103.159.132.217 port 53584 ssh2
Sep 29 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Received disconnect from 103.159.132.217 port 53584:11: Bye Bye [preauth]
Sep 29 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Disconnected from 103.159.132.217 port 53584 [preauth]
Sep 29 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Failed password for root from 162.144.236.216 port 37410 ssh2
Sep 29 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Connection closed by 162.144.236.216 port 37410 [preauth]
Sep 29 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Failed password for root from 162.144.236.216 port 44310 ssh2
Sep 29 09:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Connection closed by 162.144.236.216 port 44310 [preauth]
Sep 29 09:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6593]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6742]: Successful su for rubyman by root
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6742]: + ??? root:rubyman
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314051 of user rubyman.
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6742]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314051.
Sep 29 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Failed password for root from 162.144.236.216 port 51824 ssh2
Sep 29 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3699]: pam_unix(cron:session): session closed for user root
Sep 29 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Connection closed by 162.144.236.216 port 51824 [preauth]
Sep 29 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: Failed password for root from 162.144.236.216 port 57926 ssh2
Sep 29 09:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6930]: Connection closed by 162.144.236.216 port 57926 [preauth]
Sep 29 09:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5665]: pam_unix(cron:session): session closed for user root
Sep 29 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: Failed password for root from 162.144.236.216 port 36750 ssh2
Sep 29 09:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: Connection closed by 162.144.236.216 port 36750 [preauth]
Sep 29 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Invalid user user1 from 213.209.157.9
Sep 29 09:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: input_userauth_request: invalid user user1 [preauth]
Sep 29 09:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 09:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Failed password for invalid user user1 from 213.209.157.9 port 41482 ssh2
Sep 29 09:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7027]: Connection closed by 213.209.157.9 port 41482 [preauth]
Sep 29 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7079]: Failed password for root from 162.144.236.216 port 44968 ssh2
Sep 29 09:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7079]: Connection closed by 162.144.236.216 port 44968 [preauth]
Sep 29 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7219]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Failed password for root from 162.144.236.216 port 52802 ssh2
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: Successful su for rubyman by root
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: + ??? root:rubyman
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314057 of user rubyman.
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314057.
Sep 29 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Connection closed by 162.144.236.216 port 52802 [preauth]
Sep 29 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user root
Sep 29 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7220]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: Failed password for root from 162.144.236.216 port 60338 ssh2
Sep 29 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7358]: Connection closed by 162.144.236.216 port 60338 [preauth]
Sep 29 09:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: Failed password for root from 162.144.236.216 port 38408 ssh2
Sep 29 09:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7505]: Connection closed by 162.144.236.216 port 38408 [preauth]
Sep 29 09:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Failed password for root from 162.144.236.216 port 45486 ssh2
Sep 29 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Connection closed by 162.144.236.216 port 45486 [preauth]
Sep 29 09:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user root
Sep 29 09:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7578]: Did not receive identification string from 162.144.236.216
Sep 29 09:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Failed password for root from 162.144.236.216 port 54456 ssh2
Sep 29 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Connection closed by 162.144.236.216 port 54456 [preauth]
Sep 29 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7672]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7670]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session closed for user root
Sep 29 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7668]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7750]: Successful su for rubyman by root
Sep 29 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7750]: + ??? root:rubyman
Sep 29 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314060 of user rubyman.
Sep 29 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7750]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314060.
Sep 29 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7670]: pam_unix(cron:session): session closed for user root
Sep 29 09:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session closed for user root
Sep 29 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: Failed password for root from 162.144.236.216 port 33698 ssh2
Sep 29 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7654]: Connection closed by 162.144.236.216 port 33698 [preauth]
Sep 29 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7669]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Failed password for root from 162.144.236.216 port 40152 ssh2
Sep 29 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Connection closed by 162.144.236.216 port 40152 [preauth]
Sep 29 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Failed password for root from 162.144.236.216 port 45414 ssh2
Sep 29 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Connection closed by 162.144.236.216 port 45414 [preauth]
Sep 29 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Failed password for root from 162.144.236.216 port 51370 ssh2
Sep 29 09:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Connection closed by 162.144.236.216 port 51370 [preauth]
Sep 29 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Invalid user ceshi from 103.159.132.217
Sep 29 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: input_userauth_request: invalid user ceshi [preauth]
Sep 29 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Failed password for invalid user ceshi from 103.159.132.217 port 57300 ssh2
Sep 29 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session closed for user root
Sep 29 09:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Received disconnect from 103.159.132.217 port 57300:11: Bye Bye [preauth]
Sep 29 09:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Disconnected from 103.159.132.217 port 57300 [preauth]
Sep 29 09:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Failed password for root from 162.144.236.216 port 57976 ssh2
Sep 29 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Connection closed by 162.144.236.216 port 57976 [preauth]
Sep 29 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Failed password for root from 162.144.236.216 port 36652 ssh2
Sep 29 09:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Connection closed by 162.144.236.216 port 36652 [preauth]
Sep 29 09:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Failed password for root from 162.144.236.216 port 45520 ssh2
Sep 29 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8200]: Connection closed by 162.144.236.216 port 45520 [preauth]
Sep 29 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: Successful su for rubyman by root
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: + ??? root:rubyman
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314066 of user rubyman.
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314066.
Sep 29 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Failed password for root from 162.144.236.216 port 54522 ssh2
Sep 29 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8224]: Connection closed by 162.144.236.216 port 54522 [preauth]
Sep 29 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5090]: pam_unix(cron:session): session closed for user root
Sep 29 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: Failed password for root from 162.144.236.216 port 59450 ssh2
Sep 29 09:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: Connection closed by 162.144.236.216 port 59450 [preauth]
Sep 29 09:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Failed password for root from 162.144.236.216 port 38780 ssh2
Sep 29 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Connection closed by 162.144.236.216 port 38780 [preauth]
Sep 29 09:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: Failed password for root from 162.144.236.216 port 45874 ssh2
Sep 29 09:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8567]: Connection closed by 162.144.236.216 port 45874 [preauth]
Sep 29 09:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user root
Sep 29 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Failed password for root from 162.144.236.216 port 51946 ssh2
Sep 29 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Connection closed by 162.144.236.216 port 51946 [preauth]
Sep 29 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Failed password for root from 162.144.236.216 port 58614 ssh2
Sep 29 09:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8647]: Connection closed by 162.144.236.216 port 58614 [preauth]
Sep 29 09:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Failed password for root from 162.144.236.216 port 37900 ssh2
Sep 29 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Connection closed by 162.144.236.216 port 37900 [preauth]
Sep 29 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8717]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8714]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: Successful su for rubyman by root
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: + ??? root:rubyman
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314069 of user rubyman.
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8888]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314069.
Sep 29 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8698]: Failed password for root from 162.144.236.216 port 45152 ssh2
Sep 29 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5664]: pam_unix(cron:session): session closed for user root
Sep 29 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8698]: Connection closed by 162.144.236.216 port 45152 [preauth]
Sep 29 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8715]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Failed password for root from 162.144.236.216 port 50848 ssh2
Sep 29 09:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Connection closed by 162.144.236.216 port 50848 [preauth]
Sep 29 09:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Failed password for root from 162.144.236.216 port 56818 ssh2
Sep 29 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Connection closed by 162.144.236.216 port 56818 [preauth]
Sep 29 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Failed password for root from 162.144.236.216 port 35084 ssh2
Sep 29 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Connection closed by 162.144.236.216 port 35084 [preauth]
Sep 29 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7672]: pam_unix(cron:session): session closed for user root
Sep 29 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Invalid user user from 93.152.230.176
Sep 29 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: input_userauth_request: invalid user user [preauth]
Sep 29 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 09:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Failed password for root from 162.144.236.216 port 41220 ssh2
Sep 29 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Failed password for invalid user user from 93.152.230.176 port 11819 ssh2
Sep 29 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9263]: Connection closed by 162.144.236.216 port 41220 [preauth]
Sep 29 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Received disconnect from 93.152.230.176 port 11819:11: Client disconnecting normally [preauth]
Sep 29 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9299]: Disconnected from 93.152.230.176 port 11819 [preauth]
Sep 29 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 09:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Failed password for root from 185.156.73.233 port 38720 ssh2
Sep 29 09:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9344]: Connection closed by 185.156.73.233 port 38720 [preauth]
Sep 29 09:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Failed password for root from 162.144.236.216 port 48732 ssh2
Sep 29 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Invalid user admin from 80.94.95.112
Sep 29 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: input_userauth_request: invalid user admin [preauth]
Sep 29 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.112 port 39239 ssh2
Sep 29 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Connection closed by 162.144.236.216 port 48732 [preauth]
Sep 29 09:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.112 port 39239 ssh2
Sep 29 09:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.112 port 39239 ssh2
Sep 29 09:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9396]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9459]: Successful su for rubyman by root
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9459]: + ??? root:rubyman
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314074 of user rubyman.
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9459]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314074.
Sep 29 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.112 port 39239 ssh2
Sep 29 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Failed password for invalid user admin from 80.94.95.112 port 39239 ssh2
Sep 29 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Received disconnect from 80.94.95.112 port 39239:11: Bye [preauth]
Sep 29 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: Disconnected from 80.94.95.112 port 39239 [preauth]
Sep 29 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9358]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user root
Sep 29 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9393]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Failed password for root from 162.144.236.216 port 56294 ssh2
Sep 29 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Connection closed by 162.144.236.216 port 56294 [preauth]
Sep 29 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Failed password for root from 103.159.132.217 port 49256 ssh2
Sep 29 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Received disconnect from 103.159.132.217 port 49256:11: Bye Bye [preauth]
Sep 29 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Disconnected from 103.159.132.217 port 49256 [preauth]
Sep 29 09:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Failed password for root from 162.144.236.216 port 37282 ssh2
Sep 29 09:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Connection closed by 162.144.236.216 port 37282 [preauth]
Sep 29 09:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Failed password for root from 162.144.236.216 port 42336 ssh2
Sep 29 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Connection closed by 162.144.236.216 port 42336 [preauth]
Sep 29 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session closed for user root
Sep 29 09:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Failed password for root from 162.144.236.216 port 50418 ssh2
Sep 29 09:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Connection closed by 162.144.236.216 port 50418 [preauth]
Sep 29 09:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Failed password for root from 162.144.236.216 port 56808 ssh2
Sep 29 09:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Connection closed by 162.144.236.216 port 56808 [preauth]
Sep 29 09:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: Failed password for root from 162.144.236.216 port 36046 ssh2
Sep 29 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: Connection closed by 162.144.236.216 port 36046 [preauth]
Sep 29 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session closed for user p13x
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: Successful su for rubyman by root
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: + ??? root:rubyman
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314077 of user rubyman.
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: pam_unix(su:session): session closed for user rubyman
Sep 29 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314077.
Sep 29 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session closed for user root
Sep 29 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9955]: pam_unix(cron:session): session closed for user samftp
Sep 29 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: Failed password for root from 162.144.236.216 port 42642 ssh2
Sep 29 09:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: Connection closed by 162.144.236.216 port 42642 [preauth]
Sep 29 09:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Failed password for root from 162.144.236.216 port 49694 ssh2
Sep 29 09:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Connection closed by 162.144.236.216 port 49694 [preauth]
Sep 29 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8717]: pam_unix(cron:session): session closed for user root
Sep 29 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Failed password for root from 162.144.236.216 port 56440 ssh2
Sep 29 09:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Connection closed by 162.144.236.216 port 56440 [preauth]
Sep 29 09:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Failed password for root from 162.144.236.216 port 34590 ssh2
Sep 29 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10379]: Connection closed by 162.144.236.216 port 34590 [preauth]
Sep 29 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10433]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10437]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10437]: pam_unix(cron:session): session closed for user root
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session closed for user root
Sep 29 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for root from 162.144.236.216 port 42034 ssh2
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: Successful su for rubyman by root
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: + ??? root:rubyman
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314085 of user rubyman.
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10547]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314085.
Sep 29 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Connection closed by 162.144.236.216 port 42034 [preauth]
Sep 29 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session closed for user root
Sep 29 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10431]: pam_unix(cron:session): session closed for user root
Sep 29 10:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10429]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10662]: Failed password for root from 162.144.236.216 port 49654 ssh2
Sep 29 10:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10662]: Connection closed by 162.144.236.216 port 49654 [preauth]
Sep 29 10:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Failed password for root from 162.144.236.216 port 56208 ssh2
Sep 29 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10814]: Connection closed by 162.144.236.216 port 56208 [preauth]
Sep 29 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9396]: pam_unix(cron:session): session closed for user root
Sep 29 10:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Failed password for root from 162.144.236.216 port 60898 ssh2
Sep 29 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Connection closed by 162.144.236.216 port 60898 [preauth]
Sep 29 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: Failed password for root from 162.144.236.216 port 39086 ssh2
Sep 29 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: Connection closed by 162.144.236.216 port 39086 [preauth]
Sep 29 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Failed password for root from 162.144.236.216 port 46142 ssh2
Sep 29 10:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Connection closed by 162.144.236.216 port 46142 [preauth]
Sep 29 10:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11062]: Successful su for rubyman by root
Sep 29 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11062]: + ??? root:rubyman
Sep 29 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314088 of user rubyman.
Sep 29 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11062]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314088.
Sep 29 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Failed password for root from 162.144.236.216 port 53452 ssh2
Sep 29 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Connection closed by 162.144.236.216 port 53452 [preauth]
Sep 29 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session closed for user root
Sep 29 10:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Failed password for root from 103.159.132.217 port 52406 ssh2
Sep 29 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Received disconnect from 103.159.132.217 port 52406:11: Bye Bye [preauth]
Sep 29 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Disconnected from 103.159.132.217 port 52406 [preauth]
Sep 29 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for root from 162.144.236.216 port 59048 ssh2
Sep 29 10:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 162.144.236.216 port 59048 [preauth]
Sep 29 10:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Failed password for root from 162.144.236.216 port 37536 ssh2
Sep 29 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Connection closed by 162.144.236.216 port 37536 [preauth]
Sep 29 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for root from 162.144.236.216 port 44744 ssh2
Sep 29 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Connection closed by 162.144.236.216 port 44744 [preauth]
Sep 29 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session closed for user root
Sep 29 10:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Failed password for root from 162.144.236.216 port 51506 ssh2
Sep 29 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Connection closed by 162.144.236.216 port 51506 [preauth]
Sep 29 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Failed password for root from 162.144.236.216 port 58200 ssh2
Sep 29 10:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Connection closed by 162.144.236.216 port 58200 [preauth]
Sep 29 10:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Failed password for root from 162.144.236.216 port 35838 ssh2
Sep 29 10:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Connection closed by 162.144.236.216 port 35838 [preauth]
Sep 29 10:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11437]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: Successful su for rubyman by root
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: + ??? root:rubyman
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314093 of user rubyman.
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11503]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314093.
Sep 29 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Failed password for root from 162.144.236.216 port 42532 ssh2
Sep 29 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Connection closed by 162.144.236.216 port 42532 [preauth]
Sep 29 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session closed for user root
Sep 29 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Failed password for root from 162.144.236.216 port 49586 ssh2
Sep 29 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Connection closed by 162.144.236.216 port 49586 [preauth]
Sep 29 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Failed password for root from 162.144.236.216 port 54544 ssh2
Sep 29 10:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Connection closed by 162.144.236.216 port 54544 [preauth]
Sep 29 10:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11842]: Failed password for root from 162.144.236.216 port 59772 ssh2
Sep 29 10:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11842]: Connection closed by 162.144.236.216 port 59772 [preauth]
Sep 29 10:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Failed password for root from 162.144.236.216 port 39456 ssh2
Sep 29 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Connection closed by 162.144.236.216 port 39456 [preauth]
Sep 29 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10433]: pam_unix(cron:session): session closed for user root
Sep 29 10:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Failed password for root from 162.144.236.216 port 44008 ssh2
Sep 29 10:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Connection closed by 162.144.236.216 port 44008 [preauth]
Sep 29 10:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Failed password for root from 162.144.236.216 port 53460 ssh2
Sep 29 10:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Connection closed by 162.144.236.216 port 53460 [preauth]
Sep 29 10:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12040]: Successful su for rubyman by root
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12040]: + ??? root:rubyman
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314096 of user rubyman.
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12040]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314096.
Sep 29 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Failed password for root from 162.144.236.216 port 33044 ssh2
Sep 29 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Connection closed by 162.144.236.216 port 33044 [preauth]
Sep 29 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8716]: pam_unix(cron:session): session closed for user root
Sep 29 10:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11977]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: Failed password for root from 162.144.236.216 port 39580 ssh2
Sep 29 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: Connection closed by 162.144.236.216 port 39580 [preauth]
Sep 29 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Failed password for root from 162.144.236.216 port 46984 ssh2
Sep 29 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Connection closed by 162.144.236.216 port 46984 [preauth]
Sep 29 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Failed password for root from 162.144.236.216 port 52524 ssh2
Sep 29 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Connection closed by 162.144.236.216 port 52524 [preauth]
Sep 29 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user root
Sep 29 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: Failed password for root from 162.144.236.216 port 33110 ssh2
Sep 29 10:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: Connection closed by 162.144.236.216 port 33110 [preauth]
Sep 29 10:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for root from 162.144.236.216 port 39206 ssh2
Sep 29 10:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Connection closed by 162.144.236.216 port 39206 [preauth]
Sep 29 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Failed password for root from 162.144.236.216 port 44312 ssh2
Sep 29 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Connection closed by 162.144.236.216 port 44312 [preauth]
Sep 29 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: Invalid user nutanix from 80.94.95.115
Sep 29 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: input_userauth_request: invalid user nutanix [preauth]
Sep 29 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: Failed password for invalid user nutanix from 80.94.95.115 port 18790 ssh2
Sep 29 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: Connection closed by 80.94.95.115 port 18790 [preauth]
Sep 29 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: Failed password for root from 162.144.236.216 port 51170 ssh2
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12495]: Successful su for rubyman by root
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12495]: + ??? root:rubyman
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314100 of user rubyman.
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12495]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314100.
Sep 29 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Failed password for root from 103.159.132.217 port 46096 ssh2
Sep 29 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12415]: Connection closed by 162.144.236.216 port 51170 [preauth]
Sep 29 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Received disconnect from 103.159.132.217 port 46096:11: Bye Bye [preauth]
Sep 29 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Disconnected from 103.159.132.217 port 46096 [preauth]
Sep 29 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session closed for user root
Sep 29 10:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Failed password for root from 162.144.236.216 port 57058 ssh2
Sep 29 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Connection closed by 162.144.236.216 port 57058 [preauth]
Sep 29 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for root from 162.144.236.216 port 34956 ssh2
Sep 29 10:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Connection closed by 162.144.236.216 port 34956 [preauth]
Sep 29 10:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Failed password for root from 162.144.236.216 port 41580 ssh2
Sep 29 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Connection closed by 162.144.236.216 port 41580 [preauth]
Sep 29 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session closed for user root
Sep 29 10:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: Failed password for root from 162.144.236.216 port 48642 ssh2
Sep 29 10:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12782]: Connection closed by 162.144.236.216 port 48642 [preauth]
Sep 29 10:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for root from 162.144.236.216 port 55142 ssh2
Sep 29 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Connection closed by 162.144.236.216 port 55142 [preauth]
Sep 29 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Failed password for root from 162.144.236.216 port 33392 ssh2
Sep 29 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Connection closed by 162.144.236.216 port 33392 [preauth]
Sep 29 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Failed password for root from 162.144.236.216 port 39188 ssh2
Sep 29 10:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Connection closed by 162.144.236.216 port 39188 [preauth]
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session closed for user root
Sep 29 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12889]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: Successful su for rubyman by root
Sep 29 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: + ??? root:rubyman
Sep 29 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314106 of user rubyman.
Sep 29 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314106.
Sep 29 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session closed for user root
Sep 29 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session closed for user root
Sep 29 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12887]: Failed password for root from 162.144.236.216 port 46942 ssh2
Sep 29 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12887]: Connection closed by 162.144.236.216 port 46942 [preauth]
Sep 29 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12890]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Failed password for root from 162.144.236.216 port 53516 ssh2
Sep 29 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Connection closed by 162.144.236.216 port 53516 [preauth]
Sep 29 10:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Failed password for root from 162.144.236.216 port 59836 ssh2
Sep 29 10:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Connection closed by 162.144.236.216 port 59836 [preauth]
Sep 29 10:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Failed password for root from 162.144.236.216 port 37978 ssh2
Sep 29 10:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Connection closed by 162.144.236.216 port 37978 [preauth]
Sep 29 10:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11979]: pam_unix(cron:session): session closed for user root
Sep 29 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Failed password for root from 162.144.236.216 port 43314 ssh2
Sep 29 10:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13292]: Connection closed by 162.144.236.216 port 43314 [preauth]
Sep 29 10:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.29.56.247 port 38268
Sep 29 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: Failed password for root from 162.144.236.216 port 50680 ssh2
Sep 29 10:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Connection closed by 20.29.56.247 port 38254 [preauth]
Sep 29 10:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13336]: Connection closed by 162.144.236.216 port 50680 [preauth]
Sep 29 10:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: Successful su for rubyman by root
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: + ??? root:rubyman
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314110 of user rubyman.
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13469]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314110.
Sep 29 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10432]: pam_unix(cron:session): session closed for user root
Sep 29 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: Failed password for root from 162.144.236.216 port 58212 ssh2
Sep 29 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: Connection closed by 162.144.236.216 port 58212 [preauth]
Sep 29 10:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for root from 162.144.236.216 port 36608 ssh2
Sep 29 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 162.144.236.216 port 36608 [preauth]
Sep 29 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session closed for user root
Sep 29 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for root from 162.144.236.216 port 44690 ssh2
Sep 29 10:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Connection closed by 162.144.236.216 port 44690 [preauth]
Sep 29 10:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Invalid user sammy from 103.159.132.217
Sep 29 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: input_userauth_request: invalid user sammy [preauth]
Sep 29 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Failed password for invalid user sammy from 103.159.132.217 port 57180 ssh2
Sep 29 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Received disconnect from 103.159.132.217 port 57180:11: Bye Bye [preauth]
Sep 29 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Disconnected from 103.159.132.217 port 57180 [preauth]
Sep 29 10:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Failed password for root from 162.144.236.216 port 52124 ssh2
Sep 29 10:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Connection closed by 162.144.236.216 port 52124 [preauth]
Sep 29 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13840]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: Successful su for rubyman by root
Sep 29 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: + ??? root:rubyman
Sep 29 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314116 of user rubyman.
Sep 29 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314116.
Sep 29 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session closed for user root
Sep 29 10:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Failed password for root from 162.144.236.216 port 59366 ssh2
Sep 29 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13836]: Connection closed by 162.144.236.216 port 59366 [preauth]
Sep 29 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: User www-data from 93.152.230.176 not allowed because not listed in AllowUsers
Sep 29 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: input_userauth_request: invalid user www-data [preauth]
Sep 29 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=www-data
Sep 29 10:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: Failed password for invalid user www-data from 93.152.230.176 port 5460 ssh2
Sep 29 10:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: Received disconnect from 93.152.230.176 port 5460:11: Client disconnecting normally [preauth]
Sep 29 10:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: Disconnected from 93.152.230.176 port 5460 [preauth]
Sep 29 10:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 162.144.236.216 port 39158 ssh2
Sep 29 10:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Connection closed by 162.144.236.216 port 39158 [preauth]
Sep 29 10:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for root from 162.144.236.216 port 45176 ssh2
Sep 29 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Connection closed by 162.144.236.216 port 45176 [preauth]
Sep 29 10:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session closed for user root
Sep 29 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Failed password for root from 162.144.236.216 port 53924 ssh2
Sep 29 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Connection closed by 162.144.236.216 port 53924 [preauth]
Sep 29 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Failed password for root from 162.144.236.216 port 59314 ssh2
Sep 29 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14305]: Connection closed by 162.144.236.216 port 59314 [preauth]
Sep 29 10:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Failed password for root from 162.144.236.216 port 39106 ssh2
Sep 29 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14336]: Connection closed by 162.144.236.216 port 39106 [preauth]
Sep 29 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: Successful su for rubyman by root
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: + ??? root:rubyman
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314119 of user rubyman.
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14420]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314119.
Sep 29 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Failed password for root from 162.144.236.216 port 46330 ssh2
Sep 29 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14355]: Connection closed by 162.144.236.216 port 46330 [preauth]
Sep 29 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session closed for user root
Sep 29 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for root from 162.144.236.216 port 51710 ssh2
Sep 29 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Connection closed by 162.144.236.216 port 51710 [preauth]
Sep 29 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: Failed password for root from 162.144.236.216 port 60422 ssh2
Sep 29 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: Connection closed by 162.144.236.216 port 60422 [preauth]
Sep 29 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14681]: Failed password for root from 162.144.236.216 port 41146 ssh2
Sep 29 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session closed for user root
Sep 29 10:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14681]: Connection closed by 162.144.236.216 port 41146 [preauth]
Sep 29 10:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for root from 162.144.236.216 port 49864 ssh2
Sep 29 10:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Connection closed by 162.144.236.216 port 49864 [preauth]
Sep 29 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for root from 193.32.162.157 port 52282 ssh2
Sep 29 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Failed password for root from 162.144.236.216 port 57088 ssh2
Sep 29 10:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Connection closed by 193.32.162.157 port 52282 [preauth]
Sep 29 10:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Connection closed by 162.144.236.216 port 57088 [preauth]
Sep 29 10:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: Successful su for rubyman by root
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: + ??? root:rubyman
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314125 of user rubyman.
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314125.
Sep 29 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: Failed password for root from 162.144.236.216 port 35314 ssh2
Sep 29 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session closed for user root
Sep 29 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: Connection closed by 162.144.236.216 port 35314 [preauth]
Sep 29 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11978]: pam_unix(cron:session): session closed for user root
Sep 29 10:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Failed password for root from 162.144.236.216 port 42580 ssh2
Sep 29 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Connection closed by 162.144.236.216 port 42580 [preauth]
Sep 29 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: Failed password for root from 193.32.162.157 port 38448 ssh2
Sep 29 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14772]: Connection closed by 193.32.162.157 port 38448 [preauth]
Sep 29 10:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Failed password for root from 162.144.236.216 port 48342 ssh2
Sep 29 10:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Connection closed by 162.144.236.216 port 48342 [preauth]
Sep 29 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Failed password for root from 162.144.236.216 port 55614 ssh2
Sep 29 10:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Connection closed by 162.144.236.216 port 55614 [preauth]
Sep 29 10:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Failed password for root from 193.32.162.157 port 59660 ssh2
Sep 29 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13843]: pam_unix(cron:session): session closed for user root
Sep 29 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Failed password for root from 162.144.236.216 port 34462 ssh2
Sep 29 10:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Connection closed by 162.144.236.216 port 34462 [preauth]
Sep 29 10:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Connection closed by 193.32.162.157 port 59660 [preauth]
Sep 29 10:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Invalid user snort from 103.159.132.217
Sep 29 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: input_userauth_request: invalid user snort [preauth]
Sep 29 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 10:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Failed password for invalid user snort from 103.159.132.217 port 44326 ssh2
Sep 29 10:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Received disconnect from 103.159.132.217 port 44326:11: Bye Bye [preauth]
Sep 29 10:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15258]: Disconnected from 103.159.132.217 port 44326 [preauth]
Sep 29 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Failed password for root from 162.144.236.216 port 39840 ssh2
Sep 29 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Connection closed by 162.144.236.216 port 39840 [preauth]
Sep 29 10:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Failed password for root from 193.32.162.157 port 60988 ssh2
Sep 29 10:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Failed password for root from 162.144.236.216 port 46572 ssh2
Sep 29 10:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Connection closed by 162.144.236.216 port 46572 [preauth]
Sep 29 10:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Connection closed by 193.32.162.157 port 60988 [preauth]
Sep 29 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15331]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15333]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15335]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15335]: pam_unix(cron:session): session closed for user root
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15315]: Failed password for root from 162.144.236.216 port 55120 ssh2
Sep 29 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15408]: Successful su for rubyman by root
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15408]: + ??? root:rubyman
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314130 of user rubyman.
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15408]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314130.
Sep 29 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15315]: Connection closed by 162.144.236.216 port 55120 [preauth]
Sep 29 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15331]: pam_unix(cron:session): session closed for user root
Sep 29 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session closed for user root
Sep 29 10:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15330]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Failed password for root from 162.144.236.216 port 33620 ssh2
Sep 29 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15461]: Connection closed by 162.144.236.216 port 33620 [preauth]
Sep 29 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Failed password for root from 193.32.162.157 port 33660 ssh2
Sep 29 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: Failed password for root from 162.144.236.216 port 40156 ssh2
Sep 29 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: Connection closed by 162.144.236.216 port 40156 [preauth]
Sep 29 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Connection closed by 193.32.162.157 port 33660 [preauth]
Sep 29 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Failed password for root from 162.144.236.216 port 46092 ssh2
Sep 29 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Connection closed by 162.144.236.216 port 46092 [preauth]
Sep 29 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14363]: pam_unix(cron:session): session closed for user root
Sep 29 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: Failed password for root from 193.32.162.157 port 48536 ssh2
Sep 29 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15665]: Connection closed by 193.32.162.157 port 48536 [preauth]
Sep 29 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Failed password for root from 162.144.236.216 port 52690 ssh2
Sep 29 10:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15698]: Connection closed by 162.144.236.216 port 52690 [preauth]
Sep 29 10:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for root from 193.32.162.157 port 47626 ssh2
Sep 29 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Failed password for root from 162.144.236.216 port 32958 ssh2
Sep 29 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15872]: Successful su for rubyman by root
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15872]: + ??? root:rubyman
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314136 of user rubyman.
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15872]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314136.
Sep 29 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Connection closed by 162.144.236.216 port 32958 [preauth]
Sep 29 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Connection closed by 193.32.162.157 port 47626 [preauth]
Sep 29 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session closed for user root
Sep 29 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: Failed password for root from 162.144.236.216 port 40030 ssh2
Sep 29 10:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15936]: Connection closed by 162.144.236.216 port 40030 [preauth]
Sep 29 10:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Failed password for root from 193.32.162.157 port 60126 ssh2
Sep 29 10:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for root from 162.144.236.216 port 46818 ssh2
Sep 29 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Connection closed by 162.144.236.216 port 46818 [preauth]
Sep 29 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15952]: Connection closed by 193.32.162.157 port 60126 [preauth]
Sep 29 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Failed password for root from 162.144.236.216 port 54706 ssh2
Sep 29 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Connection closed by 162.144.236.216 port 54706 [preauth]
Sep 29 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session closed for user root
Sep 29 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16159]: Failed password for root from 162.144.236.216 port 33244 ssh2
Sep 29 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16159]: Connection closed by 162.144.236.216 port 33244 [preauth]
Sep 29 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Failed password for root from 193.32.162.157 port 48602 ssh2
Sep 29 10:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Connection closed by 193.32.162.157 port 48602 [preauth]
Sep 29 10:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Failed password for root from 162.144.236.216 port 39634 ssh2
Sep 29 10:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Connection closed by 162.144.236.216 port 39634 [preauth]
Sep 29 10:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Failed password for root from 162.144.236.216 port 46748 ssh2
Sep 29 10:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Connection closed by 162.144.236.216 port 46748 [preauth]
Sep 29 10:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16254]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16318]: Successful su for rubyman by root
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16318]: + ??? root:rubyman
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314137 of user rubyman.
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16318]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314137.
Sep 29 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session closed for user root
Sep 29 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16214]: Failed password for root from 193.32.162.157 port 43870 ssh2
Sep 29 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Failed password for root from 162.144.236.216 port 53028 ssh2
Sep 29 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16249]: Connection closed by 162.144.236.216 port 53028 [preauth]
Sep 29 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16255]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16214]: Connection closed by 193.32.162.157 port 43870 [preauth]
Sep 29 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Invalid user apitest from 20.163.71.109
Sep 29 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: input_userauth_request: invalid user apitest [preauth]
Sep 29 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Failed password for invalid user apitest from 20.163.71.109 port 37872 ssh2
Sep 29 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Connection closed by 20.163.71.109 port 37872 [preauth]
Sep 29 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Failed password for root from 162.144.236.216 port 59220 ssh2
Sep 29 10:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Connection closed by 162.144.236.216 port 59220 [preauth]
Sep 29 10:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: Failed password for root from 193.32.162.157 port 44572 ssh2
Sep 29 10:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: Failed password for root from 103.159.132.217 port 39284 ssh2
Sep 29 10:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: Connection closed by 193.32.162.157 port 44572 [preauth]
Sep 29 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: Received disconnect from 103.159.132.217 port 39284:11: Bye Bye [preauth]
Sep 29 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16604]: Disconnected from 103.159.132.217 port 39284 [preauth]
Sep 29 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: Failed password for root from 162.144.236.216 port 39092 ssh2
Sep 29 10:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15334]: pam_unix(cron:session): session closed for user root
Sep 29 10:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: Connection closed by 162.144.236.216 port 39092 [preauth]
Sep 29 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: Failed password for root from 193.32.162.157 port 58472 ssh2
Sep 29 10:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: Connection closed by 193.32.162.157 port 58472 [preauth]
Sep 29 10:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for root from 162.144.236.216 port 47592 ssh2
Sep 29 10:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Connection closed by 162.144.236.216 port 47592 [preauth]
Sep 29 10:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: Successful su for rubyman by root
Sep 29 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: + ??? root:rubyman
Sep 29 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314143 of user rubyman.
Sep 29 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314143.
Sep 29 10:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13842]: pam_unix(cron:session): session closed for user root
Sep 29 10:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Failed password for root from 162.144.236.216 port 55260 ssh2
Sep 29 10:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16717]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Connection closed by 162.144.236.216 port 55260 [preauth]
Sep 29 10:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: Failed password for root from 193.32.162.157 port 37634 ssh2
Sep 29 10:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: Connection closed by 193.32.162.157 port 37634 [preauth]
Sep 29 10:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: Failed password for root from 162.144.236.216 port 34184 ssh2
Sep 29 10:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: Connection closed by 162.144.236.216 port 34184 [preauth]
Sep 29 10:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: Failed password for root from 162.144.236.216 port 40426 ssh2
Sep 29 10:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17027]: Connection closed by 162.144.236.216 port 40426 [preauth]
Sep 29 10:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Failed password for root from 162.144.236.216 port 45786 ssh2
Sep 29 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Connection closed by 162.144.236.216 port 45786 [preauth]
Sep 29 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Failed password for root from 193.32.162.157 port 59466 ssh2
Sep 29 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user root
Sep 29 10:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Connection closed by 193.32.162.157 port 59466 [preauth]
Sep 29 10:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Failed password for root from 162.144.236.216 port 51742 ssh2
Sep 29 10:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Connection closed by 162.144.236.216 port 51742 [preauth]
Sep 29 10:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Invalid user adm from 185.156.73.233
Sep 29 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: input_userauth_request: invalid user adm [preauth]
Sep 29 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Failed password for invalid user adm from 185.156.73.233 port 56330 ssh2
Sep 29 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Connection closed by 185.156.73.233 port 56330 [preauth]
Sep 29 10:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Failed password for root from 162.144.236.216 port 57284 ssh2
Sep 29 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Connection closed by 162.144.236.216 port 57284 [preauth]
Sep 29 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: Failed password for root from 162.144.236.216 port 34194 ssh2
Sep 29 10:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: Connection closed by 162.144.236.216 port 34194 [preauth]
Sep 29 10:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 193.32.162.157 port 44856 ssh2
Sep 29 10:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Connection closed by 193.32.162.157 port 44856 [preauth]
Sep 29 10:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Failed password for root from 162.144.236.216 port 39698 ssh2
Sep 29 10:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Connection closed by 162.144.236.216 port 39698 [preauth]
Sep 29 10:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: Successful su for rubyman by root
Sep 29 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: + ??? root:rubyman
Sep 29 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314145 of user rubyman.
Sep 29 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314145.
Sep 29 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session closed for user root
Sep 29 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for root from 162.144.236.216 port 47268 ssh2
Sep 29 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 162.144.236.216 port 47268 [preauth]
Sep 29 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for root from 162.144.236.216 port 51894 ssh2
Sep 29 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: Failed password for root from 193.32.162.157 port 41148 ssh2
Sep 29 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Connection closed by 162.144.236.216 port 51894 [preauth]
Sep 29 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: Connection closed by 193.32.162.157 port 41148 [preauth]
Sep 29 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Failed password for root from 162.144.236.216 port 58412 ssh2
Sep 29 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Connection closed by 162.144.236.216 port 58412 [preauth]
Sep 29 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Failed password for root from 162.144.236.216 port 37050 ssh2
Sep 29 10:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Connection closed by 162.144.236.216 port 37050 [preauth]
Sep 29 10:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16258]: pam_unix(cron:session): session closed for user root
Sep 29 10:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: Failed password for root from 193.32.162.157 port 33354 ssh2
Sep 29 10:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17499]: Connection closed by 193.32.162.157 port 33354 [preauth]
Sep 29 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Failed password for root from 162.144.236.216 port 44774 ssh2
Sep 29 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Connection closed by 162.144.236.216 port 44774 [preauth]
Sep 29 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Failed password for root from 162.144.236.216 port 50070 ssh2
Sep 29 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Connection closed by 162.144.236.216 port 50070 [preauth]
Sep 29 10:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17581]: Failed password for root from 193.32.162.157 port 59584 ssh2
Sep 29 10:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Failed password for root from 162.144.236.216 port 56752 ssh2
Sep 29 10:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Connection closed by 162.144.236.216 port 56752 [preauth]
Sep 29 10:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17581]: Connection closed by 193.32.162.157 port 59584 [preauth]
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17652]: pam_unix(cron:session): session closed for user root
Sep 29 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17647]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17757]: Successful su for rubyman by root
Sep 29 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17757]: + ??? root:rubyman
Sep 29 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314153 of user rubyman.
Sep 29 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17757]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314153.
Sep 29 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17649]: pam_unix(cron:session): session closed for user root
Sep 29 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user root
Sep 29 10:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Failed password for root from 162.144.236.216 port 37144 ssh2
Sep 29 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Connection closed by 162.144.236.216 port 37144 [preauth]
Sep 29 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17648]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Failed password for root from 103.159.132.217 port 56584 ssh2
Sep 29 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Received disconnect from 103.159.132.217 port 56584:11: Bye Bye [preauth]
Sep 29 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Disconnected from 103.159.132.217 port 56584 [preauth]
Sep 29 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18047]: Failed password for root from 162.144.236.216 port 44380 ssh2
Sep 29 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18047]: Connection closed by 162.144.236.216 port 44380 [preauth]
Sep 29 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17645]: Failed password for root from 193.32.162.157 port 34764 ssh2
Sep 29 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17645]: Connection closed by 193.32.162.157 port 34764 [preauth]
Sep 29 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for root from 162.144.236.216 port 49136 ssh2
Sep 29 10:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Connection closed by 162.144.236.216 port 49136 [preauth]
Sep 29 10:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: Failed password for root from 162.144.236.216 port 58792 ssh2
Sep 29 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session closed for user root
Sep 29 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18262]: Connection closed by 162.144.236.216 port 58792 [preauth]
Sep 29 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Failed password for root from 162.144.236.216 port 36400 ssh2
Sep 29 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Failed password for root from 193.32.162.157 port 49826 ssh2
Sep 29 10:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Connection closed by 162.144.236.216 port 36400 [preauth]
Sep 29 10:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Connection closed by 193.32.162.157 port 49826 [preauth]
Sep 29 10:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for root from 162.144.236.216 port 42566 ssh2
Sep 29 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Connection closed by 162.144.236.216 port 42566 [preauth]
Sep 29 10:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Failed password for root from 162.144.236.216 port 51362 ssh2
Sep 29 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Connection closed by 162.144.236.216 port 51362 [preauth]
Sep 29 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18575]: Successful su for rubyman by root
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18575]: + ??? root:rubyman
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314157 of user rubyman.
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18575]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314157.
Sep 29 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Failed password for root from 193.32.162.157 port 60582 ssh2
Sep 29 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Connection closed by 193.32.162.157 port 60582 [preauth]
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: Invalid user test from 93.152.230.176
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: input_userauth_request: invalid user test [preauth]
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15333]: pam_unix(cron:session): session closed for user root
Sep 29 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: Failed password for invalid user test from 93.152.230.176 port 27917 ssh2
Sep 29 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: Received disconnect from 93.152.230.176 port 27917:11: Client disconnecting normally [preauth]
Sep 29 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18728]: Disconnected from 93.152.230.176 port 27917 [preauth]
Sep 29 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Failed password for root from 162.144.236.216 port 56594 ssh2
Sep 29 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Connection closed by 162.144.236.216 port 56594 [preauth]
Sep 29 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: Failed password for root from 162.144.236.216 port 36720 ssh2
Sep 29 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: Connection closed by 162.144.236.216 port 36720 [preauth]
Sep 29 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Failed password for root from 193.32.162.157 port 47084 ssh2
Sep 29 10:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Failed password for root from 162.144.236.216 port 42698 ssh2
Sep 29 10:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Connection closed by 162.144.236.216 port 42698 [preauth]
Sep 29 10:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Connection closed by 193.32.162.157 port 47084 [preauth]
Sep 29 10:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for root from 162.144.236.216 port 48644 ssh2
Sep 29 10:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Connection closed by 162.144.236.216 port 48644 [preauth]
Sep 29 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session closed for user root
Sep 29 10:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 162.144.236.216 port 55364 ssh2
Sep 29 10:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Connection closed by 162.144.236.216 port 55364 [preauth]
Sep 29 10:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: Failed password for root from 193.32.162.157 port 35414 ssh2
Sep 29 10:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: Failed password for root from 162.144.236.216 port 33310 ssh2
Sep 29 10:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: Connection closed by 162.144.236.216 port 33310 [preauth]
Sep 29 10:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: Connection closed by 193.32.162.157 port 35414 [preauth]
Sep 29 10:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Failed password for root from 162.144.236.216 port 40326 ssh2
Sep 29 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Connection closed by 162.144.236.216 port 40326 [preauth]
Sep 29 10:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19010]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19010]: pam_unix(cron:session): session closed for user root
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19012]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: Successful su for rubyman by root
Sep 29 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: + ??? root:rubyman
Sep 29 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314161 of user rubyman.
Sep 29 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314161.
Sep 29 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Failed password for root from 162.144.236.216 port 46880 ssh2
Sep 29 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session closed for user root
Sep 29 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Connection closed by 162.144.236.216 port 46880 [preauth]
Sep 29 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Failed password for root from 193.32.162.157 port 55360 ssh2
Sep 29 10:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19014]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Connection closed by 193.32.162.157 port 55360 [preauth]
Sep 29 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for root from 162.144.236.216 port 53544 ssh2
Sep 29 10:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Connection closed by 162.144.236.216 port 53544 [preauth]
Sep 29 10:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Failed password for root from 162.144.236.216 port 33820 ssh2
Sep 29 10:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19440]: Connection closed by 162.144.236.216 port 33820 [preauth]
Sep 29 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for root from 193.32.162.157 port 58220 ssh2
Sep 29 10:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Connection closed by 193.32.162.157 port 58220 [preauth]
Sep 29 10:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17651]: pam_unix(cron:session): session closed for user root
Sep 29 10:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: Failed password for root from 162.144.236.216 port 40716 ssh2
Sep 29 10:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Failed password for root from 193.32.162.157 port 53804 ssh2
Sep 29 10:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Connection closed by 193.32.162.157 port 53804 [preauth]
Sep 29 10:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19572]: Connection closed by 162.144.236.216 port 40716 [preauth]
Sep 29 10:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Failed password for root from 103.159.132.217 port 48824 ssh2
Sep 29 10:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Received disconnect from 103.159.132.217 port 48824:11: Bye Bye [preauth]
Sep 29 10:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Disconnected from 103.159.132.217 port 48824 [preauth]
Sep 29 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: Successful su for rubyman by root
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: + ??? root:rubyman
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314164 of user rubyman.
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19902]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314164.
Sep 29 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Failed password for root from 162.144.236.216 port 52048 ssh2
Sep 29 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16257]: pam_unix(cron:session): session closed for user root
Sep 29 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19778]: Connection closed by 162.144.236.216 port 52048 [preauth]
Sep 29 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19795]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: Failed password for root from 193.32.162.157 port 55990 ssh2
Sep 29 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: Failed password for root from 162.144.236.216 port 58706 ssh2
Sep 29 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: Connection closed by 193.32.162.157 port 55990 [preauth]
Sep 29 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: Connection closed by 162.144.236.216 port 58706 [preauth]
Sep 29 10:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Failed password for root from 162.144.236.216 port 36870 ssh2
Sep 29 10:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Connection closed by 162.144.236.216 port 36870 [preauth]
Sep 29 10:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20187]: Failed password for root from 162.144.236.216 port 43256 ssh2
Sep 29 10:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20187]: Connection closed by 162.144.236.216 port 43256 [preauth]
Sep 29 10:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: Failed password for root from 193.32.162.157 port 59148 ssh2
Sep 29 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session closed for user root
Sep 29 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20156]: Connection closed by 193.32.162.157 port 59148 [preauth]
Sep 29 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: Failed password for root from 162.144.236.216 port 50046 ssh2
Sep 29 10:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20240]: Connection closed by 162.144.236.216 port 50046 [preauth]
Sep 29 10:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Failed password for root from 162.144.236.216 port 57440 ssh2
Sep 29 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Connection closed by 162.144.236.216 port 57440 [preauth]
Sep 29 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: Failed password for root from 193.32.162.157 port 38410 ssh2
Sep 29 10:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Failed password for root from 162.144.236.216 port 34490 ssh2
Sep 29 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20318]: Connection closed by 162.144.236.216 port 34490 [preauth]
Sep 29 10:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: Connection closed by 193.32.162.157 port 38410 [preauth]
Sep 29 10:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20422]: Successful su for rubyman by root
Sep 29 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20422]: + ??? root:rubyman
Sep 29 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314168 of user rubyman.
Sep 29 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20422]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314168.
Sep 29 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session closed for user root
Sep 29 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20329]: Failed password for root from 162.144.236.216 port 41938 ssh2
Sep 29 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20329]: Connection closed by 162.144.236.216 port 41938 [preauth]
Sep 29 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Failed password for root from 162.144.236.216 port 49742 ssh2
Sep 29 10:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Connection closed by 162.144.236.216 port 49742 [preauth]
Sep 29 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Failed password for root from 193.32.162.157 port 51672 ssh2
Sep 29 10:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20341]: Connection closed by 193.32.162.157 port 51672 [preauth]
Sep 29 10:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Failed password for root from 162.144.236.216 port 55240 ssh2
Sep 29 10:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Connection closed by 162.144.236.216 port 55240 [preauth]
Sep 29 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Failed password for root from 162.144.236.216 port 33862 ssh2
Sep 29 10:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Connection closed by 162.144.236.216 port 33862 [preauth]
Sep 29 10:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19016]: pam_unix(cron:session): session closed for user root
Sep 29 10:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Failed password for root from 193.32.162.157 port 45916 ssh2
Sep 29 10:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: Failed password for root from 162.144.236.216 port 42434 ssh2
Sep 29 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: Connection closed by 162.144.236.216 port 42434 [preauth]
Sep 29 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Connection closed by 193.32.162.157 port 45916 [preauth]
Sep 29 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Failed password for root from 162.144.236.216 port 48370 ssh2
Sep 29 10:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Connection closed by 162.144.236.216 port 48370 [preauth]
Sep 29 10:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: Failed password for root from 162.144.236.216 port 55366 ssh2
Sep 29 10:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20799]: Connection closed by 162.144.236.216 port 55366 [preauth]
Sep 29 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: Failed password for root from 193.32.162.157 port 48014 ssh2
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20828]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session closed for user root
Sep 29 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: Successful su for rubyman by root
Sep 29 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: + ??? root:rubyman
Sep 29 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314174 of user rubyman.
Sep 29 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314174.
Sep 29 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: Connection closed by 193.32.162.157 port 48014 [preauth]
Sep 29 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Failed password for root from 162.144.236.216 port 33456 ssh2
Sep 29 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
Sep 29 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session closed for user root
Sep 29 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Connection closed by 162.144.236.216 port 33456 [preauth]
Sep 29 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Failed password for root from 162.144.236.216 port 40236 ssh2
Sep 29 10:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Connection closed by 162.144.236.216 port 40236 [preauth]
Sep 29 10:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Failed password for root from 193.32.162.157 port 37400 ssh2
Sep 29 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21155]: Failed password for root from 162.144.236.216 port 47054 ssh2
Sep 29 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21155]: Connection closed by 162.144.236.216 port 47054 [preauth]
Sep 29 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Connection closed by 193.32.162.157 port 37400 [preauth]
Sep 29 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Failed password for root from 162.144.236.216 port 55162 ssh2
Sep 29 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21180]: Connection closed by 162.144.236.216 port 55162 [preauth]
Sep 29 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session closed for user root
Sep 29 10:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for root from 162.144.236.216 port 34322 ssh2
Sep 29 10:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Failed password for root from 193.32.162.157 port 52952 ssh2
Sep 29 10:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Connection closed by 162.144.236.216 port 34322 [preauth]
Sep 29 10:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Invalid user keycloak from 103.159.132.217
Sep 29 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: input_userauth_request: invalid user keycloak [preauth]
Sep 29 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Connection closed by 193.32.162.157 port 52952 [preauth]
Sep 29 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Failed password for invalid user keycloak from 103.159.132.217 port 55256 ssh2
Sep 29 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Received disconnect from 103.159.132.217 port 55256:11: Bye Bye [preauth]
Sep 29 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Disconnected from 103.159.132.217 port 55256 [preauth]
Sep 29 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Failed password for root from 162.144.236.216 port 41012 ssh2
Sep 29 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Connection closed by 162.144.236.216 port 41012 [preauth]
Sep 29 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Failed password for root from 162.144.236.216 port 47340 ssh2
Sep 29 10:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Connection closed by 162.144.236.216 port 47340 [preauth]
Sep 29 10:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21312]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21308]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: Successful su for rubyman by root
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: + ??? root:rubyman
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314180 of user rubyman.
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21385]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314180.
Sep 29 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Failed password for root from 193.32.162.157 port 50878 ssh2
Sep 29 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Failed password for root from 162.144.236.216 port 54292 ssh2
Sep 29 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17650]: pam_unix(cron:session): session closed for user root
Sep 29 10:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Connection closed by 162.144.236.216 port 54292 [preauth]
Sep 29 10:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Connection closed by 193.32.162.157 port 50878 [preauth]
Sep 29 10:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21310]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: Failed password for root from 162.144.236.216 port 60304 ssh2
Sep 29 10:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21574]: Connection closed by 162.144.236.216 port 60304 [preauth]
Sep 29 10:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 10:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:18.97.26.43
Sep 29 10:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Failed password for root from 162.144.236.216 port 38714 ssh2
Sep 29 10:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for root from 193.32.162.157 port 48736 ssh2
Sep 29 10:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Connection closed by 162.144.236.216 port 38714 [preauth]
Sep 29 10:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Connection closed by 193.32.162.157 port 48736 [preauth]
Sep 29 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Failed password for root from 162.144.236.216 port 47186 ssh2
Sep 29 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session closed for user root
Sep 29 10:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Connection closed by 162.144.236.216 port 47186 [preauth]
Sep 29 10:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21703]: Failed password for root from 162.144.236.216 port 54702 ssh2
Sep 29 10:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21703]: Connection closed by 162.144.236.216 port 54702 [preauth]
Sep 29 10:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: Failed password for root from 193.32.162.157 port 42012 ssh2
Sep 29 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: Failed password for root from 162.144.236.216 port 60154 ssh2
Sep 29 10:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21724]: Connection closed by 162.144.236.216 port 60154 [preauth]
Sep 29 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: Connection closed by 193.32.162.157 port 42012 [preauth]
Sep 29 10:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21777]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21852]: Successful su for rubyman by root
Sep 29 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21852]: + ??? root:rubyman
Sep 29 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314183 of user rubyman.
Sep 29 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21852]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314183.
Sep 29 10:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Failed password for root from 162.144.236.216 port 37594 ssh2
Sep 29 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session closed for user root
Sep 29 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21753]: Connection closed by 162.144.236.216 port 37594 [preauth]
Sep 29 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21778]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: Failed password for root from 193.32.162.157 port 40994 ssh2
Sep 29 10:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21754]: Connection closed by 193.32.162.157 port 40994 [preauth]
Sep 29 10:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Failed password for root from 162.144.236.216 port 47800 ssh2
Sep 29 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22052]: Connection closed by 162.144.236.216 port 47800 [preauth]
Sep 29 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: Failed password for root from 193.32.162.157 port 57608 ssh2
Sep 29 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22072]: Connection closed by 193.32.162.157 port 57608 [preauth]
Sep 29 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20828]: pam_unix(cron:session): session closed for user root
Sep 29 10:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Failed password for root from 162.144.236.216 port 53010 ssh2
Sep 29 10:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Connection closed by 162.144.236.216 port 53010 [preauth]
Sep 29 10:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Failed password for root from 162.144.236.216 port 60236 ssh2
Sep 29 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Connection closed by 162.144.236.216 port 60236 [preauth]
Sep 29 10:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for root from 193.32.162.157 port 54464 ssh2
Sep 29 10:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for root from 162.144.236.216 port 37948 ssh2
Sep 29 10:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Connection closed by 162.144.236.216 port 37948 [preauth]
Sep 29 10:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Connection closed by 193.32.162.157 port 54464 [preauth]
Sep 29 10:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22316]: Successful su for rubyman by root
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22316]: + ??? root:rubyman
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314186 of user rubyman.
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22316]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314186.
Sep 29 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Failed password for root from 162.144.236.216 port 43994 ssh2
Sep 29 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Connection closed by 162.144.236.216 port 43994 [preauth]
Sep 29 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session closed for user root
Sep 29 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Failed password for root from 162.144.236.216 port 51052 ssh2
Sep 29 10:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Failed password for root from 193.32.162.157 port 57844 ssh2
Sep 29 10:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Connection closed by 162.144.236.216 port 51052 [preauth]
Sep 29 10:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Connection closed by 193.32.162.157 port 57844 [preauth]
Sep 29 10:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Failed password for root from 162.144.236.216 port 58794 ssh2
Sep 29 10:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22547]: Connection closed by 162.144.236.216 port 58794 [preauth]
Sep 29 10:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: Invalid user admin from 80.94.95.115
Sep 29 10:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 10:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: Failed password for invalid user admin from 80.94.95.115 port 42732 ssh2
Sep 29 10:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22568]: Connection closed by 80.94.95.115 port 42732 [preauth]
Sep 29 10:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Failed password for root from 162.144.236.216 port 37022 ssh2
Sep 29 10:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Connection closed by 162.144.236.216 port 37022 [preauth]
Sep 29 10:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Invalid user oguz from 103.159.132.217
Sep 29 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: input_userauth_request: invalid user oguz [preauth]
Sep 29 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Failed password for invalid user oguz from 103.159.132.217 port 40218 ssh2
Sep 29 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Received disconnect from 103.159.132.217 port 40218:11: Bye Bye [preauth]
Sep 29 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Disconnected from 103.159.132.217 port 40218 [preauth]
Sep 29 10:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21312]: pam_unix(cron:session): session closed for user root
Sep 29 10:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22557]: Failed password for root from 193.32.162.157 port 46624 ssh2
Sep 29 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22557]: Connection closed by 193.32.162.157 port 46624 [preauth]
Sep 29 10:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Failed password for root from 162.144.236.216 port 43540 ssh2
Sep 29 10:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Connection closed by 162.144.236.216 port 43540 [preauth]
Sep 29 10:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Failed password for root from 162.144.236.216 port 50814 ssh2
Sep 29 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Connection closed by 162.144.236.216 port 50814 [preauth]
Sep 29 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Failed password for root from 193.32.162.157 port 49768 ssh2
Sep 29 10:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: Failed password for root from 162.144.236.216 port 57952 ssh2
Sep 29 10:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: Connection closed by 162.144.236.216 port 57952 [preauth]
Sep 29 10:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22654]: Connection closed by 193.32.162.157 port 49768 [preauth]
Sep 29 10:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22986]: Successful su for rubyman by root
Sep 29 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22986]: + ??? root:rubyman
Sep 29 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314191 of user rubyman.
Sep 29 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22986]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314191.
Sep 29 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session closed for user root
Sep 29 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Failed password for root from 162.144.236.216 port 36720 ssh2
Sep 29 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22904]: Connection closed by 162.144.236.216 port 36720 [preauth]
Sep 29 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Failed password for root from 162.144.236.216 port 43974 ssh2
Sep 29 10:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Connection closed by 162.144.236.216 port 43974 [preauth]
Sep 29 10:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Failed password for root from 193.32.162.157 port 47838 ssh2
Sep 29 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Connection closed by 193.32.162.157 port 47838 [preauth]
Sep 29 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Failed password for root from 162.144.236.216 port 52108 ssh2
Sep 29 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Connection closed by 162.144.236.216 port 52108 [preauth]
Sep 29 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: Failed password for root from 162.144.236.216 port 57658 ssh2
Sep 29 10:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: Connection closed by 162.144.236.216 port 57658 [preauth]
Sep 29 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Invalid user minecraft from 20.163.71.109
Sep 29 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Failed password for invalid user minecraft from 20.163.71.109 port 57944 ssh2
Sep 29 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23357]: Connection closed by 20.163.71.109 port 57944 [preauth]
Sep 29 10:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21780]: pam_unix(cron:session): session closed for user root
Sep 29 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: Failed password for root from 193.32.162.157 port 34262 ssh2
Sep 29 10:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23360]: Failed password for root from 162.144.236.216 port 35282 ssh2
Sep 29 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23360]: Connection closed by 162.144.236.216 port 35282 [preauth]
Sep 29 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: Connection closed by 193.32.162.157 port 34262 [preauth]
Sep 29 10:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Failed password for root from 162.144.236.216 port 42762 ssh2
Sep 29 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Invalid user username from 93.152.230.176
Sep 29 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: input_userauth_request: invalid user username [preauth]
Sep 29 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Connection closed by 162.144.236.216 port 42762 [preauth]
Sep 29 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Failed password for invalid user username from 93.152.230.176 port 57901 ssh2
Sep 29 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Received disconnect from 93.152.230.176 port 57901:11: Client disconnecting normally [preauth]
Sep 29 10:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Disconnected from 93.152.230.176 port 57901 [preauth]
Sep 29 10:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23413]: Failed password for root from 193.32.162.157 port 60424 ssh2
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23397]: Connection closed by 115.134.146.150 port 56436 [preauth]
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user root
Sep 29 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23466]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: Successful su for rubyman by root
Sep 29 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: + ??? root:rubyman
Sep 29 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314194 of user rubyman.
Sep 29 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23758]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314194.
Sep 29 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23413]: Connection closed by 193.32.162.157 port 60424 [preauth]
Sep 29 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user root
Sep 29 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23469]: pam_unix(cron:session): session closed for user root
Sep 29 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for root from 162.144.236.216 port 49752 ssh2
Sep 29 10:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Connection closed by 162.144.236.216 port 49752 [preauth]
Sep 29 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23468]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Failed password for root from 193.32.162.157 port 58614 ssh2
Sep 29 10:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23822]: Connection closed by 193.32.162.157 port 58614 [preauth]
Sep 29 10:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Failed password for root from 162.144.236.216 port 57286 ssh2
Sep 29 10:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Connection closed by 162.144.236.216 port 57286 [preauth]
Sep 29 10:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22251]: pam_unix(cron:session): session closed for user root
Sep 29 10:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Failed password for root from 162.144.236.216 port 37530 ssh2
Sep 29 10:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: Failed password for root from 193.32.162.157 port 41202 ssh2
Sep 29 10:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Connection closed by 162.144.236.216 port 37530 [preauth]
Sep 29 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: Connection closed by 193.32.162.157 port 41202 [preauth]
Sep 29 10:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: Successful su for rubyman by root
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: + ??? root:rubyman
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314201 of user rubyman.
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314201.
Sep 29 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Failed password for root from 162.144.236.216 port 44850 ssh2
Sep 29 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Connection closed by 162.144.236.216 port 44850 [preauth]
Sep 29 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Failed password for root from 193.32.162.157 port 37798 ssh2
Sep 29 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session closed for user root
Sep 29 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24202]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Connection closed by 193.32.162.157 port 37798 [preauth]
Sep 29 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Failed password for root from 162.144.236.216 port 52854 ssh2
Sep 29 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Connection closed by 162.144.236.216 port 52854 [preauth]
Sep 29 10:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Invalid user anas from 103.159.132.217
Sep 29 10:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: input_userauth_request: invalid user anas [preauth]
Sep 29 10:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217
Sep 29 10:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Failed password for invalid user anas from 103.159.132.217 port 55378 ssh2
Sep 29 10:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Received disconnect from 103.159.132.217 port 55378:11: Bye Bye [preauth]
Sep 29 10:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Disconnected from 103.159.132.217 port 55378 [preauth]
Sep 29 10:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Sep 29 10:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: Failed password for root from 162.144.236.216 port 58958 ssh2
Sep 29 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Failed password for root from 193.32.162.157 port 44262 ssh2
Sep 29 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: Connection closed by 162.144.236.216 port 58958 [preauth]
Sep 29 10:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24501]: Connection closed by 193.32.162.157 port 44262 [preauth]
Sep 29 10:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Failed password for root from 162.144.236.216 port 38628 ssh2
Sep 29 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22915]: pam_unix(cron:session): session closed for user root
Sep 29 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Connection closed by 162.144.236.216 port 38628 [preauth]
Sep 29 10:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for root from 162.144.236.216 port 44100 ssh2
Sep 29 10:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Connection closed by 162.144.236.216 port 44100 [preauth]
Sep 29 10:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Failed password for root from 162.144.236.216 port 50676 ssh2
Sep 29 10:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Connection closed by 162.144.236.216 port 50676 [preauth]
Sep 29 10:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Failed password for root from 162.144.236.216 port 58916 ssh2
Sep 29 10:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24667]: Connection closed by 162.144.236.216 port 58916 [preauth]
Sep 29 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24693]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24765]: Successful su for rubyman by root
Sep 29 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24765]: + ??? root:rubyman
Sep 29 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314204 of user rubyman.
Sep 29 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24765]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314204.
Sep 29 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21311]: pam_unix(cron:session): session closed for user root
Sep 29 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 162.144.236.216 port 36814 ssh2
Sep 29 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: Invalid user nagiosadmin from 46.101.170.54
Sep 29 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: input_userauth_request: invalid user nagiosadmin [preauth]
Sep 29 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 29 10:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Connection closed by 162.144.236.216 port 36814 [preauth]
Sep 29 10:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: Failed password for invalid user nagiosadmin from 46.101.170.54 port 54506 ssh2
Sep 29 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24969]: Connection closed by 46.101.170.54 port 54506 [preauth]
Sep 29 10:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: Failed password for root from 162.144.236.216 port 46502 ssh2
Sep 29 10:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24982]: Connection closed by 162.144.236.216 port 46502 [preauth]
Sep 29 10:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: Failed password for root from 162.144.236.216 port 52480 ssh2
Sep 29 10:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: Connection closed by 162.144.236.216 port 52480 [preauth]
Sep 29 10:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Failed password for root from 162.144.236.216 port 59140 ssh2
Sep 29 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Connection closed by 162.144.236.216 port 59140 [preauth]
Sep 29 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session closed for user root
Sep 29 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: Failed password for root from 162.144.236.216 port 38314 ssh2
Sep 29 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: Connection closed by 162.144.236.216 port 38314 [preauth]
Sep 29 10:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Did not receive identification string from 92.118.39.62
Sep 29 10:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Failed password for root from 162.144.236.216 port 45322 ssh2
Sep 29 10:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Connection closed by 162.144.236.216 port 45322 [preauth]
Sep 29 10:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: Failed password for root from 162.144.236.216 port 51248 ssh2
Sep 29 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25163]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25158]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: Successful su for rubyman by root
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: + ??? root:rubyman
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314208 of user rubyman.
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314208.
Sep 29 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: Connection closed by 162.144.236.216 port 51248 [preauth]
Sep 29 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21779]: pam_unix(cron:session): session closed for user root
Sep 29 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25161]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Failed password for root from 162.144.236.216 port 57812 ssh2
Sep 29 10:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Connection closed by 162.144.236.216 port 57812 [preauth]
Sep 29 10:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Failed password for root from 162.144.236.216 port 37064 ssh2
Sep 29 10:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Connection closed by 162.144.236.216 port 37064 [preauth]
Sep 29 10:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Failed password for root from 162.144.236.216 port 41712 ssh2
Sep 29 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Connection closed by 162.144.236.216 port 41712 [preauth]
Sep 29 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Failed password for root from 162.144.236.216 port 48250 ssh2
Sep 29 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Connection closed by 162.144.236.216 port 48250 [preauth]
Sep 29 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session closed for user root
Sep 29 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for root from 162.144.236.216 port 54984 ssh2
Sep 29 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Connection closed by 162.144.236.216 port 54984 [preauth]
Sep 29 10:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Failed password for root from 162.144.236.216 port 33502 ssh2
Sep 29 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Invalid user tmpuser from 8.213.197.49
Sep 29 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: input_userauth_request: invalid user tmpuser [preauth]
Sep 29 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 10:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Connection closed by 162.144.236.216 port 33502 [preauth]
Sep 29 10:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Failed password for invalid user tmpuser from 8.213.197.49 port 59906 ssh2
Sep 29 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Received disconnect from 8.213.197.49 port 59906:11: Bye Bye [preauth]
Sep 29 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25926]: Disconnected from 8.213.197.49 port 59906 [preauth]
Sep 29 10:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Failed password for root from 162.144.236.216 port 40724 ssh2
Sep 29 10:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Connection closed by 162.144.236.216 port 40724 [preauth]
Sep 29 10:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25962]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26042]: Successful su for rubyman by root
Sep 29 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26042]: + ??? root:rubyman
Sep 29 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314214 of user rubyman.
Sep 29 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26042]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314214.
Sep 29 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22250]: pam_unix(cron:session): session closed for user root
Sep 29 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Failed password for root from 162.144.236.216 port 47532 ssh2
Sep 29 10:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Connection closed by 162.144.236.216 port 47532 [preauth]
Sep 29 10:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Failed password for root from 103.159.132.217 port 38548 ssh2
Sep 29 10:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Received disconnect from 103.159.132.217 port 38548:11: Bye Bye [preauth]
Sep 29 10:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26258]: Disconnected from 103.159.132.217 port 38548 [preauth]
Sep 29 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Failed password for root from 162.144.236.216 port 54010 ssh2
Sep 29 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Connection closed by 162.144.236.216 port 54010 [preauth]
Sep 29 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Failed password for root from 162.144.236.216 port 32876 ssh2
Sep 29 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Invalid user ict from 152.32.172.117
Sep 29 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: input_userauth_request: invalid user ict [preauth]
Sep 29 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Connection closed by 162.144.236.216 port 32876 [preauth]
Sep 29 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Failed password for invalid user ict from 152.32.172.117 port 47420 ssh2
Sep 29 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Received disconnect from 152.32.172.117 port 47420:11: Bye Bye [preauth]
Sep 29 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Disconnected from 152.32.172.117 port 47420 [preauth]
Sep 29 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: Failed password for root from 162.144.236.216 port 39478 ssh2
Sep 29 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: Connection closed by 162.144.236.216 port 39478 [preauth]
Sep 29 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24693]: pam_unix(cron:session): session closed for user root
Sep 29 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: Failed password for root from 162.144.236.216 port 46172 ssh2
Sep 29 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: Connection closed by 162.144.236.216 port 46172 [preauth]
Sep 29 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Failed password for root from 162.144.236.216 port 52004 ssh2
Sep 29 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Connection closed by 162.144.236.216 port 52004 [preauth]
Sep 29 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Invalid user user from 80.94.95.112
Sep 29 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: input_userauth_request: invalid user user [preauth]
Sep 29 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for invalid user user from 80.94.95.112 port 63162 ssh2
Sep 29 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Failed password for root from 162.144.236.216 port 58872 ssh2
Sep 29 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for invalid user user from 80.94.95.112 port 63162 ssh2
Sep 29 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Connection closed by 162.144.236.216 port 58872 [preauth]
Sep 29 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for invalid user user from 80.94.95.112 port 63162 ssh2
Sep 29 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26546]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26548]: pam_unix(cron:session): session closed for user root
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26543]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: Successful su for rubyman by root
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: + ??? root:rubyman
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314216 of user rubyman.
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314216.
Sep 29 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for invalid user user from 80.94.95.112 port 63162 ssh2
Sep 29 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26545]: pam_unix(cron:session): session closed for user root
Sep 29 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for invalid user user from 80.94.95.112 port 63162 ssh2
Sep 29 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Received disconnect from 80.94.95.112 port 63162:11: Bye [preauth]
Sep 29 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Disconnected from 80.94.95.112 port 63162 [preauth]
Sep 29 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session closed for user root
Sep 29 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: Failed password for root from 162.144.236.216 port 37784 ssh2
Sep 29 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: Connection closed by 162.144.236.216 port 37784 [preauth]
Sep 29 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26544]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Failed password for root from 162.144.236.216 port 45144 ssh2
Sep 29 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Connection closed by 162.144.236.216 port 45144 [preauth]
Sep 29 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: Failed password for root from 162.144.236.216 port 52620 ssh2
Sep 29 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: Failed password for root from 164.68.105.9 port 38934 ssh2
Sep 29 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27019]: Connection closed by 164.68.105.9 port 38934 [preauth]
Sep 29 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27009]: Connection closed by 162.144.236.216 port 52620 [preauth]
Sep 29 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25164]: pam_unix(cron:session): session closed for user root
Sep 29 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Failed password for root from 162.144.236.216 port 60480 ssh2
Sep 29 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27044]: Connection closed by 162.144.236.216 port 60480 [preauth]
Sep 29 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27076]: Failed password for root from 162.144.236.216 port 39434 ssh2
Sep 29 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27076]: Connection closed by 162.144.236.216 port 39434 [preauth]
Sep 29 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Failed password for root from 162.144.236.216 port 46106 ssh2
Sep 29 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Connection closed by 162.144.236.216 port 46106 [preauth]
Sep 29 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for root from 222.108.39.109 port 56798 ssh2
Sep 29 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for root from 222.108.39.109 port 56798 ssh2
Sep 29 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: Failed password for root from 162.144.236.216 port 53242 ssh2
Sep 29 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27137]: Connection closed by 162.144.236.216 port 53242 [preauth]
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for root from 222.108.39.109 port 56798 ssh2
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: Successful su for rubyman by root
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: + ??? root:rubyman
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314223 of user rubyman.
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314223.
Sep 29 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for root from 222.108.39.109 port 56798 ssh2
Sep 29 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for root from 222.108.39.109 port 56798 ssh2
Sep 29 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session closed for user root
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for root from 222.108.39.109 port 56798 ssh2
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: error: maximum authentication attempts exceeded for root from 222.108.39.109 port 56798 ssh2 [preauth]
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Failed password for root from 162.144.236.216 port 59322 ssh2
Sep 29 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Connection closed by 162.144.236.216 port 59322 [preauth]
Sep 29 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 222.108.39.109 port 59516 ssh2
Sep 29 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 222.108.39.109 port 59516 ssh2
Sep 29 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 222.108.39.109 port 59516 ssh2
Sep 29 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Failed password for root from 162.144.236.216 port 38044 ssh2
Sep 29 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 222.108.39.109 port 59516 ssh2
Sep 29 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27485]: Connection closed by 162.144.236.216 port 38044 [preauth]
Sep 29 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 222.108.39.109 port 59516 ssh2
Sep 29 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Failed password for root from 222.108.39.109 port 59516 ssh2
Sep 29 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: error: maximum authentication attempts exceeded for root from 222.108.39.109 port 59516 ssh2 [preauth]
Sep 29 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27470]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for root from 222.108.39.109 port 33800 ssh2
Sep 29 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: Failed password for root from 162.144.236.216 port 44630 ssh2
Sep 29 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for root from 222.108.39.109 port 33800 ssh2
Sep 29 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: Connection closed by 162.144.236.216 port 44630 [preauth]
Sep 29 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for root from 222.108.39.109 port 33800 ssh2
Sep 29 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for root from 222.108.39.109 port 33800 ssh2
Sep 29 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user root
Sep 29 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for root from 222.108.39.109 port 33800 ssh2
Sep 29 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for root from 222.108.39.109 port 33800 ssh2
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: error: maximum authentication attempts exceeded for root from 222.108.39.109 port 33800 ssh2 [preauth]
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: Failed password for root from 162.144.236.216 port 53414 ssh2
Sep 29 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109  user=root
Sep 29 10:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: Connection closed by 162.144.236.216 port 53414 [preauth]
Sep 29 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Failed password for root from 222.108.39.109 port 36326 ssh2
Sep 29 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Received disconnect from 222.108.39.109 port 36326:11: disconnected by user [preauth]
Sep 29 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: Disconnected from 222.108.39.109 port 36326 [preauth]
Sep 29 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Invalid user admin from 222.108.39.109
Sep 29 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Failed password for invalid user admin from 222.108.39.109 port 36912 ssh2
Sep 29 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27762]: Failed password for root from 162.144.236.216 port 60188 ssh2
Sep 29 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Failed password for invalid user admin from 222.108.39.109 port 36912 ssh2
Sep 29 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27762]: Connection closed by 162.144.236.216 port 60188 [preauth]
Sep 29 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Failed password for invalid user admin from 222.108.39.109 port 36912 ssh2
Sep 29 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Failed password for invalid user admin from 222.108.39.109 port 36912 ssh2
Sep 29 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Failed password for invalid user admin from 222.108.39.109 port 36912 ssh2
Sep 29 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Failed password for invalid user admin from 222.108.39.109 port 36912 ssh2
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: error: maximum authentication attempts exceeded for invalid user admin from 222.108.39.109 port 36912 ssh2 [preauth]
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27766]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Invalid user admin from 222.108.39.109
Sep 29 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: Failed password for root from 162.144.236.216 port 38982 ssh2
Sep 29 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: Connection closed by 162.144.236.216 port 38982 [preauth]
Sep 29 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for invalid user admin from 222.108.39.109 port 39446 ssh2
Sep 29 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for invalid user admin from 222.108.39.109 port 39446 ssh2
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27904]: Successful su for rubyman by root
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27904]: + ??? root:rubyman
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314226 of user rubyman.
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27904]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314226.
Sep 29 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for invalid user admin from 222.108.39.109 port 39446 ssh2
Sep 29 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.159.132.217  user=root
Sep 29 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24203]: pam_unix(cron:session): session closed for user root
Sep 29 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for invalid user admin from 222.108.39.109 port 39446 ssh2
Sep 29 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27936]: Failed password for root from 103.159.132.217 port 37664 ssh2
Sep 29 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27936]: Received disconnect from 103.159.132.217 port 37664:11: Bye Bye [preauth]
Sep 29 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27936]: Disconnected from 103.159.132.217 port 37664 [preauth]
Sep 29 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for invalid user admin from 222.108.39.109 port 39446 ssh2
Sep 29 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for invalid user admin from 222.108.39.109 port 39446 ssh2
Sep 29 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: error: maximum authentication attempts exceeded for invalid user admin from 222.108.39.109 port 39446 ssh2 [preauth]
Sep 29 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Invalid user admin from 222.108.39.109
Sep 29 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Failed password for invalid user admin from 222.108.39.109 port 41992 ssh2
Sep 29 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Invalid user anonymous from 80.94.95.116
Sep 29 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: input_userauth_request: invalid user anonymous [preauth]
Sep 29 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Failed password for root from 162.144.236.216 port 46298 ssh2
Sep 29 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Failed none for invalid user anonymous from 80.94.95.116 port 25028 ssh2
Sep 29 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Connection closed by 80.94.95.116 port 25028 [preauth]
Sep 29 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Failed password for invalid user admin from 222.108.39.109 port 41992 ssh2
Sep 29 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Connection closed by 162.144.236.216 port 46298 [preauth]
Sep 29 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Failed password for invalid user admin from 222.108.39.109 port 41992 ssh2
Sep 29 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Failed password for invalid user admin from 222.108.39.109 port 41992 ssh2
Sep 29 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Received disconnect from 222.108.39.109 port 41992:11: disconnected by user [preauth]
Sep 29 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Disconnected from 222.108.39.109 port 41992 [preauth]
Sep 29 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Invalid user oracle from 222.108.39.109
Sep 29 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: input_userauth_request: invalid user oracle [preauth]
Sep 29 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user oracle from 222.108.39.109 port 43778 ssh2
Sep 29 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user oracle from 222.108.39.109 port 43778 ssh2
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Invalid user old from 170.233.151.14
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: input_userauth_request: invalid user old [preauth]
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user oracle from 222.108.39.109 port 43778 ssh2
Sep 29 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Failed password for root from 162.144.236.216 port 54276 ssh2
Sep 29 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Failed password for invalid user old from 170.233.151.14 port 46882 ssh2
Sep 29 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Received disconnect from 170.233.151.14 port 46882:11: Bye Bye [preauth]
Sep 29 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Disconnected from 170.233.151.14 port 46882 [preauth]
Sep 29 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user oracle from 222.108.39.109 port 43778 ssh2
Sep 29 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user oracle from 222.108.39.109 port 43778 ssh2
Sep 29 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Connection closed by 162.144.236.216 port 54276 [preauth]
Sep 29 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user oracle from 222.108.39.109 port 43778 ssh2
Sep 29 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: error: maximum authentication attempts exceeded for invalid user oracle from 222.108.39.109 port 43778 ssh2 [preauth]
Sep 29 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26547]: pam_unix(cron:session): session closed for user root
Sep 29 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Invalid user oracle from 222.108.39.109
Sep 29 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: input_userauth_request: invalid user oracle [preauth]
Sep 29 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Failed password for invalid user oracle from 222.108.39.109 port 46382 ssh2
Sep 29 10:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: Failed password for root from 152.52.15.214 port 28296 ssh2
Sep 29 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: Received disconnect from 152.52.15.214 port 28296:11: Bye Bye [preauth]
Sep 29 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28231]: Disconnected from 152.52.15.214 port 28296 [preauth]
Sep 29 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Failed password for invalid user oracle from 222.108.39.109 port 46382 ssh2
Sep 29 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: Failed password for root from 162.144.236.216 port 59380 ssh2
Sep 29 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Failed password for invalid user oracle from 222.108.39.109 port 46382 ssh2
Sep 29 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: Connection closed by 162.144.236.216 port 59380 [preauth]
Sep 29 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Failed password for invalid user oracle from 222.108.39.109 port 46382 ssh2
Sep 29 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Failed password for invalid user oracle from 222.108.39.109 port 46382 ssh2
Sep 29 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Failed password for invalid user oracle from 222.108.39.109 port 46382 ssh2
Sep 29 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: error: maximum authentication attempts exceeded for invalid user oracle from 222.108.39.109 port 46382 ssh2 [preauth]
Sep 29 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28215]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Failed password for root from 162.144.236.216 port 37154 ssh2
Sep 29 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Connection closed by 162.144.236.216 port 37154 [preauth]
Sep 29 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Invalid user oracle from 222.108.39.109
Sep 29 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: input_userauth_request: invalid user oracle [preauth]
Sep 29 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for invalid user oracle from 222.108.39.109 port 49156 ssh2
Sep 29 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Failed password for invalid user oracle from 222.108.39.109 port 49156 ssh2
Sep 29 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Received disconnect from 222.108.39.109 port 49156:11: disconnected by user [preauth]
Sep 29 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: Disconnected from 222.108.39.109 port 49156 [preauth]
Sep 29 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28279]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Invalid user usuario from 222.108.39.109
Sep 29 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: input_userauth_request: invalid user usuario [preauth]
Sep 29 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user usuario from 222.108.39.109 port 50182 ssh2
Sep 29 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user usuario from 222.108.39.109 port 50182 ssh2
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28384]: Successful su for rubyman by root
Sep 29 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28384]: + ??? root:rubyman
Sep 29 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314230 of user rubyman.
Sep 29 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28384]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314230.
Sep 29 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Failed password for root from 162.144.236.216 port 43652 ssh2
Sep 29 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user usuario from 222.108.39.109 port 50182 ssh2
Sep 29 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Connection closed by 162.144.236.216 port 43652 [preauth]
Sep 29 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session closed for user root
Sep 29 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user usuario from 222.108.39.109 port 50182 ssh2
Sep 29 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user usuario from 222.108.39.109 port 50182 ssh2
Sep 29 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28309]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user usuario from 222.108.39.109 port 50182 ssh2
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: error: maximum authentication attempts exceeded for invalid user usuario from 222.108.39.109 port 50182 ssh2 [preauth]
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Invalid user exx from 152.32.172.117
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: input_userauth_request: invalid user exx [preauth]
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Invalid user usuario from 222.108.39.109
Sep 29 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: input_userauth_request: invalid user usuario [preauth]
Sep 29 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Failed password for invalid user exx from 152.32.172.117 port 45260 ssh2
Sep 29 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Received disconnect from 152.32.172.117 port 45260:11: Bye Bye [preauth]
Sep 29 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28722]: Disconnected from 152.32.172.117 port 45260 [preauth]
Sep 29 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user usuario from 222.108.39.109 port 52698 ssh2
Sep 29 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user usuario from 222.108.39.109 port 52698 ssh2
Sep 29 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Failed password for root from 162.144.236.216 port 54240 ssh2
Sep 29 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user usuario from 222.108.39.109 port 52698 ssh2
Sep 29 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user usuario from 222.108.39.109 port 52698 ssh2
Sep 29 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Connection closed by 162.144.236.216 port 54240 [preauth]
Sep 29 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user usuario from 222.108.39.109 port 52698 ssh2
Sep 29 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Failed password for invalid user usuario from 222.108.39.109 port 52698 ssh2
Sep 29 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: error: maximum authentication attempts exceeded for invalid user usuario from 222.108.39.109 port 52698 ssh2 [preauth]
Sep 29 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28735]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Invalid user usuario from 222.108.39.109
Sep 29 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: input_userauth_request: invalid user usuario [preauth]
Sep 29 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49  user=root
Sep 29 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user usuario from 222.108.39.109 port 55296 ssh2
Sep 29 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Failed password for root from 8.213.197.49 port 50388 ssh2
Sep 29 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Received disconnect from 8.213.197.49 port 50388:11: Bye Bye [preauth]
Sep 29 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Disconnected from 8.213.197.49 port 50388 [preauth]
Sep 29 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user usuario from 222.108.39.109 port 55296 ssh2
Sep 29 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Received disconnect from 222.108.39.109 port 55296:11: disconnected by user [preauth]
Sep 29 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Disconnected from 222.108.39.109 port 55296 [preauth]
Sep 29 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Invalid user test from 222.108.39.109
Sep 29 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: input_userauth_request: invalid user test [preauth]
Sep 29 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session closed for user root
Sep 29 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user test from 222.108.39.109 port 56406 ssh2
Sep 29 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user test from 222.108.39.109 port 56406 ssh2
Sep 29 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user test from 222.108.39.109 port 56406 ssh2
Sep 29 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Failed password for root from 162.144.236.216 port 33872 ssh2
Sep 29 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user test from 222.108.39.109 port 56406 ssh2
Sep 29 10:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Connection closed by 162.144.236.216 port 33872 [preauth]
Sep 29 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user test from 222.108.39.109 port 56406 ssh2
Sep 29 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user test from 222.108.39.109 port 56406 ssh2
Sep 29 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: maximum authentication attempts exceeded for invalid user test from 222.108.39.109 port 56406 ssh2 [preauth]
Sep 29 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Invalid user test from 222.108.39.109
Sep 29 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: input_userauth_request: invalid user test [preauth]
Sep 29 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user test from 222.108.39.109 port 59078 ssh2
Sep 29 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user test from 222.108.39.109 port 59078 ssh2
Sep 29 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user test from 222.108.39.109 port 59078 ssh2
Sep 29 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: Failed password for root from 162.144.236.216 port 41902 ssh2
Sep 29 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user test from 222.108.39.109 port 59078 ssh2
Sep 29 10:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28859]: Connection closed by 162.144.236.216 port 41902 [preauth]
Sep 29 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user test from 222.108.39.109 port 59078 ssh2
Sep 29 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Failed password for invalid user test from 222.108.39.109 port 59078 ssh2
Sep 29 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: error: maximum authentication attempts exceeded for invalid user test from 222.108.39.109 port 59078 ssh2 [preauth]
Sep 29 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28880]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Invalid user test from 222.108.39.109
Sep 29 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: input_userauth_request: invalid user test [preauth]
Sep 29 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: Successful su for rubyman by root
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: + ??? root:rubyman
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314236 of user rubyman.
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314236.
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Failed password for invalid user test from 222.108.39.109 port 33448 ssh2
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: Failed password for root from 162.144.236.216 port 48900 ssh2
Sep 29 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Invalid user eth from 152.52.15.214
Sep 29 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: input_userauth_request: invalid user eth [preauth]
Sep 29 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: Connection closed by 162.144.236.216 port 48900 [preauth]
Sep 29 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Failed password for invalid user test from 222.108.39.109 port 33448 ssh2
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Received disconnect from 222.108.39.109 port 33448:11: disconnected by user [preauth]
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Disconnected from 222.108.39.109 port 33448 [preauth]
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25163]: pam_unix(cron:session): session closed for user root
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Failed password for invalid user eth from 152.52.15.214 port 53800 ssh2
Sep 29 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Received disconnect from 152.52.15.214 port 53800:11: Bye Bye [preauth]
Sep 29 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Disconnected from 152.52.15.214 port 53800 [preauth]
Sep 29 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Invalid user user from 222.108.39.109
Sep 29 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: input_userauth_request: invalid user user [preauth]
Sep 29 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Failed password for invalid user user from 222.108.39.109 port 34566 ssh2
Sep 29 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Failed password for root from 162.144.236.216 port 56360 ssh2
Sep 29 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Failed password for invalid user user from 222.108.39.109 port 34566 ssh2
Sep 29 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Connection closed by 162.144.236.216 port 56360 [preauth]
Sep 29 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Failed password for invalid user user from 222.108.39.109 port 34566 ssh2
Sep 29 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Failed password for invalid user user from 222.108.39.109 port 34566 ssh2
Sep 29 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Invalid user server2 from 170.233.151.14
Sep 29 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: input_userauth_request: invalid user server2 [preauth]
Sep 29 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Failed password for invalid user user from 222.108.39.109 port 34566 ssh2
Sep 29 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for invalid user server2 from 170.233.151.14 port 42680 ssh2
Sep 29 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Received disconnect from 170.233.151.14 port 42680:11: Bye Bye [preauth]
Sep 29 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Disconnected from 170.233.151.14 port 42680 [preauth]
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Failed password for invalid user user from 222.108.39.109 port 34566 ssh2
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: error: maximum authentication attempts exceeded for invalid user user from 222.108.39.109 port 34566 ssh2 [preauth]
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29284]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: Failed password for root from 162.144.236.216 port 34268 ssh2
Sep 29 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Invalid user user from 222.108.39.109
Sep 29 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: input_userauth_request: invalid user user [preauth]
Sep 29 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: Connection closed by 162.144.236.216 port 34268 [preauth]
Sep 29 10:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 10:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for invalid user user from 222.108.39.109 port 37094 ssh2
Sep 29 10:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Failed password for root from 152.32.172.117 port 53840 ssh2
Sep 29 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for invalid user user from 222.108.39.109 port 37094 ssh2
Sep 29 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Received disconnect from 152.32.172.117 port 53840:11: Bye Bye [preauth]
Sep 29 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Disconnected from 152.32.172.117 port 53840 [preauth]
Sep 29 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for invalid user user from 222.108.39.109 port 37094 ssh2
Sep 29 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for invalid user user from 222.108.39.109 port 37094 ssh2
Sep 29 10:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for root from 162.144.236.216 port 42326 ssh2
Sep 29 10:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for invalid user user from 222.108.39.109 port 37094 ssh2
Sep 29 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Connection closed by 162.144.236.216 port 42326 [preauth]
Sep 29 10:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Failed password for invalid user user from 222.108.39.109 port 37094 ssh2
Sep 29 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: error: maximum authentication attempts exceeded for invalid user user from 222.108.39.109 port 37094 ssh2 [preauth]
Sep 29 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29364]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Invalid user user from 222.108.39.109
Sep 29 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: input_userauth_request: invalid user user [preauth]
Sep 29 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session closed for user root
Sep 29 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Failed password for invalid user user from 222.108.39.109 port 39790 ssh2
Sep 29 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Failed password for root from 162.144.236.216 port 49728 ssh2
Sep 29 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Connection closed by 162.144.236.216 port 49728 [preauth]
Sep 29 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Failed password for invalid user user from 222.108.39.109 port 39790 ssh2
Sep 29 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Failed password for invalid user user from 222.108.39.109 port 39790 ssh2
Sep 29 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Failed password for invalid user user from 222.108.39.109 port 39790 ssh2
Sep 29 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Received disconnect from 222.108.39.109 port 39790:11: disconnected by user [preauth]
Sep 29 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Disconnected from 222.108.39.109 port 39790 [preauth]
Sep 29 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Invalid user ftpuser from 222.108.39.109
Sep 29 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Failed password for invalid user ftpuser from 222.108.39.109 port 41538 ssh2
Sep 29 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: Failed password for root from 162.144.236.216 port 55670 ssh2
Sep 29 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Failed password for invalid user ftpuser from 222.108.39.109 port 41538 ssh2
Sep 29 10:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29453]: Connection closed by 162.144.236.216 port 55670 [preauth]
Sep 29 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Failed password for invalid user ftpuser from 222.108.39.109 port 41538 ssh2
Sep 29 10:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Failed password for invalid user ftpuser from 222.108.39.109 port 41538 ssh2
Sep 29 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Failed password for invalid user ftpuser from 222.108.39.109 port 41538 ssh2
Sep 29 10:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Failed password for invalid user ftpuser from 222.108.39.109 port 41538 ssh2
Sep 29 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: error: maximum authentication attempts exceeded for invalid user ftpuser from 222.108.39.109 port 41538 ssh2 [preauth]
Sep 29 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29459]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Invalid user ftpuser from 222.108.39.109
Sep 29 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Failed password for root from 162.144.236.216 port 34730 ssh2
Sep 29 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user ftpuser from 222.108.39.109 port 44032 ssh2
Sep 29 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Connection closed by 162.144.236.216 port 34730 [preauth]
Sep 29 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user ftpuser from 222.108.39.109 port 44032 ssh2
Sep 29 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user ftpuser from 222.108.39.109 port 44032 ssh2
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29530]: pam_unix(cron:session): session closed for user root
Sep 29 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29603]: Successful su for rubyman by root
Sep 29 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29603]: + ??? root:rubyman
Sep 29 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314240 of user rubyman.
Sep 29 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29603]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314240.
Sep 29 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user ftpuser from 222.108.39.109 port 44032 ssh2
Sep 29 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user ftpuser from 222.108.39.109 port 44032 ssh2
Sep 29 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Failed password for root from 162.144.236.216 port 43484 ssh2
Sep 29 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user root
Sep 29 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session closed for user root
Sep 29 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user ftpuser from 222.108.39.109 port 44032 ssh2
Sep 29 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: error: maximum authentication attempts exceeded for invalid user ftpuser from 222.108.39.109 port 44032 ssh2 [preauth]
Sep 29 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 162.144.236.216 port 43484 [preauth]
Sep 29 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Invalid user ftpuser from 222.108.39.109
Sep 29 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for invalid user ftpuser from 222.108.39.109 port 46288 ssh2
Sep 29 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for invalid user ftpuser from 222.108.39.109 port 46288 ssh2
Sep 29 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for invalid user ftpuser from 222.108.39.109 port 46288 ssh2
Sep 29 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Invalid user frappe from 152.52.15.214
Sep 29 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: input_userauth_request: invalid user frappe [preauth]
Sep 29 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for invalid user ftpuser from 222.108.39.109 port 46288 ssh2
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Failed password for invalid user frappe from 152.52.15.214 port 20602 ssh2
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Received disconnect from 222.108.39.109 port 46288:11: disconnected by user [preauth]
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Disconnected from 222.108.39.109 port 46288 [preauth]
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Received disconnect from 152.52.15.214 port 20602:11: Bye Bye [preauth]
Sep 29 10:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Disconnected from 152.52.15.214 port 20602 [preauth]
Sep 29 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Invalid user test1 from 222.108.39.109
Sep 29 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: input_userauth_request: invalid user test1 [preauth]
Sep 29 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Failed password for root from 162.144.236.216 port 50818 ssh2
Sep 29 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Connection closed by 162.144.236.216 port 50818 [preauth]
Sep 29 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user test1 from 222.108.39.109 port 47970 ssh2
Sep 29 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user test1 from 222.108.39.109 port 47970 ssh2
Sep 29 10:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user test1 from 222.108.39.109 port 47970 ssh2
Sep 29 10:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user test1 from 222.108.39.109 port 47970 ssh2
Sep 29 10:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Invalid user tania from 170.233.151.14
Sep 29 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: input_userauth_request: invalid user tania [preauth]
Sep 29 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user test1 from 222.108.39.109 port 47970 ssh2
Sep 29 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Invalid user kkk from 152.32.172.117
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: input_userauth_request: invalid user kkk [preauth]
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Failed password for invalid user tania from 170.233.151.14 port 33282 ssh2
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Invalid user ubuntu from 8.213.197.49
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Received disconnect from 170.233.151.14 port 33282:11: Bye Bye [preauth]
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Disconnected from 170.233.151.14 port 33282 [preauth]
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user test1 from 222.108.39.109 port 47970 ssh2
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: maximum authentication attempts exceeded for invalid user test1 from 222.108.39.109 port 47970 ssh2 [preauth]
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Failed password for invalid user kkk from 152.32.172.117 port 44072 ssh2
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Invalid user test1 from 222.108.39.109
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: input_userauth_request: invalid user test1 [preauth]
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Received disconnect from 152.32.172.117 port 44072:11: Bye Bye [preauth]
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Disconnected from 152.32.172.117 port 44072 [preauth]
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Failed password for root from 162.144.236.216 port 58934 ssh2
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Failed password for invalid user ubuntu from 8.213.197.49 port 43570 ssh2
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Received disconnect from 8.213.197.49 port 43570:11: Bye Bye [preauth]
Sep 29 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Disconnected from 8.213.197.49 port 43570 [preauth]
Sep 29 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Connection closed by 162.144.236.216 port 58934 [preauth]
Sep 29 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user test1 from 222.108.39.109 port 50266 ssh2
Sep 29 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user test1 from 222.108.39.109 port 50266 ssh2
Sep 29 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28311]: pam_unix(cron:session): session closed for user root
Sep 29 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user test1 from 222.108.39.109 port 50266 ssh2
Sep 29 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user test1 from 222.108.39.109 port 50266 ssh2
Sep 29 10:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user test1 from 222.108.39.109 port 50266 ssh2
Sep 29 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: Failed password for root from 162.144.236.216 port 36946 ssh2
Sep 29 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user test1 from 222.108.39.109 port 50266 ssh2
Sep 29 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: error: maximum authentication attempts exceeded for invalid user test1 from 222.108.39.109 port 50266 ssh2 [preauth]
Sep 29 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Invalid user test1 from 222.108.39.109
Sep 29 10:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: input_userauth_request: invalid user test1 [preauth]
Sep 29 10:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Failed password for invalid user test1 from 222.108.39.109 port 52526 ssh2
Sep 29 10:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29955]: Connection closed by 162.144.236.216 port 36946 [preauth]
Sep 29 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Failed password for invalid user test1 from 222.108.39.109 port 52526 ssh2
Sep 29 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Received disconnect from 222.108.39.109 port 52526:11: disconnected by user [preauth]
Sep 29 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Disconnected from 222.108.39.109 port 52526 [preauth]
Sep 29 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Invalid user test2 from 222.108.39.109
Sep 29 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: input_userauth_request: invalid user test2 [preauth]
Sep 29 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user test2 from 222.108.39.109 port 53486 ssh2
Sep 29 10:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Sep 29 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user test2 from 222.108.39.109 port 53486 ssh2
Sep 29 10:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user test2 from 222.108.39.109 port 53486 ssh2
Sep 29 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for root from 62.60.131.157 port 63318 ssh2
Sep 29 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user test2 from 222.108.39.109 port 53486 ssh2
Sep 29 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for root from 62.60.131.157 port 63318 ssh2
Sep 29 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user test2 from 222.108.39.109 port 53486 ssh2
Sep 29 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for root from 62.60.131.157 port 63318 ssh2
Sep 29 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user test2 from 222.108.39.109 port 53486 ssh2
Sep 29 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: error: maximum authentication attempts exceeded for invalid user test2 from 222.108.39.109 port 53486 ssh2 [preauth]
Sep 29 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for root from 62.60.131.157 port 63318 ssh2
Sep 29 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: Failed password for root from 162.144.236.216 port 42340 ssh2
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Invalid user test2 from 222.108.39.109
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: input_userauth_request: invalid user test2 [preauth]
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for root from 62.60.131.157 port 63318 ssh2
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Received disconnect from 62.60.131.157 port 63318:11: Bye [preauth]
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Disconnected from 62.60.131.157 port 63318 [preauth]
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Sep 29 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: Connection closed by 162.144.236.216 port 42340 [preauth]
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: Successful su for rubyman by root
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: + ??? root:rubyman
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314245 of user rubyman.
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314245.
Sep 29 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user test2 from 222.108.39.109 port 55944 ssh2
Sep 29 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user test2 from 222.108.39.109 port 55944 ssh2
Sep 29 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26546]: pam_unix(cron:session): session closed for user root
Sep 29 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user test2 from 222.108.39.109 port 55944 ssh2
Sep 29 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user test2 from 222.108.39.109 port 55944 ssh2
Sep 29 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user test2 from 222.108.39.109 port 55944 ssh2
Sep 29 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user test2 from 222.108.39.109 port 55944 ssh2
Sep 29 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: maximum authentication attempts exceeded for invalid user test2 from 222.108.39.109 port 55944 ssh2 [preauth]
Sep 29 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Invalid user test2 from 222.108.39.109
Sep 29 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: input_userauth_request: invalid user test2 [preauth]
Sep 29 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Failed password for root from 162.144.236.216 port 49876 ssh2
Sep 29 10:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for invalid user test2 from 222.108.39.109 port 58490 ssh2
Sep 29 10:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Connection closed by 162.144.236.216 port 49876 [preauth]
Sep 29 10:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for invalid user test2 from 222.108.39.109 port 58490 ssh2
Sep 29 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Received disconnect from 222.108.39.109 port 58490:11: disconnected by user [preauth]
Sep 29 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Disconnected from 222.108.39.109 port 58490 [preauth]
Sep 29 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Invalid user ubuntu from 222.108.39.109
Sep 29 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user ubuntu from 222.108.39.109 port 59478 ssh2
Sep 29 10:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for root from 162.144.236.216 port 59288 ssh2
Sep 29 10:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user ubuntu from 222.108.39.109 port 59478 ssh2
Sep 29 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 162.144.236.216 port 59288 [preauth]
Sep 29 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30472]: Failed password for root from 152.52.15.214 port 43896 ssh2
Sep 29 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30472]: Received disconnect from 152.52.15.214 port 43896:11: Bye Bye [preauth]
Sep 29 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30472]: Disconnected from 152.52.15.214 port 43896 [preauth]
Sep 29 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user ubuntu from 222.108.39.109 port 59478 ssh2
Sep 29 10:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user ubuntu from 222.108.39.109 port 59478 ssh2
Sep 29 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user ubuntu from 222.108.39.109 port 59478 ssh2
Sep 29 10:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user ubuntu from 222.108.39.109 port 59478 ssh2
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: error: maximum authentication attempts exceeded for invalid user ubuntu from 222.108.39.109 port 59478 ssh2 [preauth]
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Invalid user work from 152.32.172.117
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: input_userauth_request: invalid user work [preauth]
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Invalid user ubuntu from 222.108.39.109
Sep 29 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Failed password for root from 162.144.236.216 port 37488 ssh2
Sep 29 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Failed password for invalid user work from 152.32.172.117 port 60300 ssh2
Sep 29 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Received disconnect from 152.32.172.117 port 60300:11: Bye Bye [preauth]
Sep 29 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Disconnected from 152.32.172.117 port 60300 [preauth]
Sep 29 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Connection closed by 162.144.236.216 port 37488 [preauth]
Sep 29 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for invalid user ubuntu from 222.108.39.109 port 33572 ssh2
Sep 29 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session closed for user root
Sep 29 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: Invalid user user-backup from 170.233.151.14
Sep 29 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: input_userauth_request: invalid user user-backup [preauth]
Sep 29 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for invalid user ubuntu from 222.108.39.109 port 33572 ssh2
Sep 29 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: Failed password for invalid user user-backup from 170.233.151.14 port 44958 ssh2
Sep 29 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: Received disconnect from 170.233.151.14 port 44958:11: Bye Bye [preauth]
Sep 29 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: Disconnected from 170.233.151.14 port 44958 [preauth]
Sep 29 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for invalid user ubuntu from 222.108.39.109 port 33572 ssh2
Sep 29 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Failed password for root from 162.144.236.216 port 44544 ssh2
Sep 29 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for invalid user ubuntu from 222.108.39.109 port 33572 ssh2
Sep 29 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Connection closed by 162.144.236.216 port 44544 [preauth]
Sep 29 10:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for invalid user ubuntu from 222.108.39.109 port 33572 ssh2
Sep 29 10:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for invalid user ubuntu from 222.108.39.109 port 33572 ssh2
Sep 29 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: error: maximum authentication attempts exceeded for invalid user ubuntu from 222.108.39.109 port 33572 ssh2 [preauth]
Sep 29 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Disconnecting: Too many authentication failures [preauth]
Sep 29 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Invalid user ubuntu from 222.108.39.109
Sep 29 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for invalid user ubuntu from 222.108.39.109 port 36036 ssh2
Sep 29 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for root from 162.144.236.216 port 51134 ssh2
Sep 29 10:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for invalid user ubuntu from 222.108.39.109 port 36036 ssh2
Sep 29 10:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Connection closed by 162.144.236.216 port 51134 [preauth]
Sep 29 10:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for invalid user ubuntu from 222.108.39.109 port 36036 ssh2
Sep 29 10:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for invalid user ubuntu from 222.108.39.109 port 36036 ssh2
Sep 29 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Received disconnect from 222.108.39.109 port 36036:11: disconnected by user [preauth]
Sep 29 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Disconnected from 222.108.39.109 port 36036 [preauth]
Sep 29 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Invalid user pi from 222.108.39.109
Sep 29 10:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: input_userauth_request: invalid user pi [preauth]
Sep 29 10:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Failed password for invalid user pi from 222.108.39.109 port 37736 ssh2
Sep 29 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Failed password for invalid user pi from 222.108.39.109 port 37736 ssh2
Sep 29 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for root from 162.144.236.216 port 58926 ssh2
Sep 29 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Connection closed by 162.144.236.216 port 58926 [preauth]
Sep 29 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Failed password for invalid user pi from 222.108.39.109 port 37736 ssh2
Sep 29 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30774]: Successful su for rubyman by root
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30774]: + ??? root:rubyman
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314249 of user rubyman.
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30774]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314249.
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Failed password for invalid user pi from 222.108.39.109 port 37736 ssh2
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Received disconnect from 222.108.39.109 port 37736:11: disconnected by user [preauth]
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Disconnected from 222.108.39.109 port 37736 [preauth]
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 29 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Invalid user baikal from 222.108.39.109
Sep 29 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: input_userauth_request: invalid user baikal [preauth]
Sep 29 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.39.109
Sep 29 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session closed for user root
Sep 29 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Failed password for invalid user baikal from 222.108.39.109 port 39466 ssh2
Sep 29 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Received disconnect from 222.108.39.109 port 39466:11: disconnected by user [preauth]
Sep 29 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Disconnected from 222.108.39.109 port 39466 [preauth]
Sep 29 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Failed password for root from 162.144.236.216 port 37090 ssh2
Sep 29 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Connection closed by 162.144.236.216 port 37090 [preauth]
Sep 29 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Failed password for root from 162.144.236.216 port 46704 ssh2
Sep 29 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: Connection closed by 162.144.236.216 port 46704 [preauth]
Sep 29 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: Failed password for root from 162.144.236.216 port 53022 ssh2
Sep 29 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31028]: Connection closed by 162.144.236.216 port 53022 [preauth]
Sep 29 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Failed password for root from 162.144.236.216 port 59550 ssh2
Sep 29 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Invalid user vlado from 152.32.172.117
Sep 29 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: input_userauth_request: invalid user vlado [preauth]
Sep 29 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session closed for user root
Sep 29 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Connection closed by 162.144.236.216 port 59550 [preauth]
Sep 29 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for root from 152.52.15.214 port 10694 ssh2
Sep 29 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Received disconnect from 152.52.15.214 port 10694:11: Bye Bye [preauth]
Sep 29 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Disconnected from 152.52.15.214 port 10694 [preauth]
Sep 29 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Failed password for invalid user vlado from 152.32.172.117 port 54838 ssh2
Sep 29 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Received disconnect from 152.32.172.117 port 54838:11: Bye Bye [preauth]
Sep 29 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Disconnected from 152.32.172.117 port 54838 [preauth]
Sep 29 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Invalid user ubuntu from 170.233.151.14
Sep 29 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Failed password for root from 162.144.236.216 port 38720 ssh2
Sep 29 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Connection closed by 162.144.236.216 port 38720 [preauth]
Sep 29 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Failed password for invalid user ubuntu from 170.233.151.14 port 60392 ssh2
Sep 29 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Received disconnect from 170.233.151.14 port 60392:11: Bye Bye [preauth]
Sep 29 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Disconnected from 170.233.151.14 port 60392 [preauth]
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31252]: Successful su for rubyman by root
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31252]: + ??? root:rubyman
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314252 of user rubyman.
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31252]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314252.
Sep 29 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Failed password for root from 162.144.236.216 port 44956 ssh2
Sep 29 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user root
Sep 29 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Connection closed by 162.144.236.216 port 44956 [preauth]
Sep 29 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: Failed password for root from 162.144.236.216 port 55708 ssh2
Sep 29 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: Connection closed by 162.144.236.216 port 55708 [preauth]
Sep 29 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for root from 162.144.236.216 port 33208 ssh2
Sep 29 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Connection closed by 162.144.236.216 port 33208 [preauth]
Sep 29 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user root
Sep 29 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: Failed password for root from 162.144.236.216 port 39766 ssh2
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: Connection closed by 162.144.236.216 port 39766 [preauth]
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: Invalid user server2 from 152.52.15.214
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: input_userauth_request: invalid user server2 [preauth]
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: Failed password for invalid user server2 from 152.52.15.214 port 33992 ssh2
Sep 29 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: Received disconnect from 152.52.15.214 port 33992:11: Bye Bye [preauth]
Sep 29 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31622]: Disconnected from 152.52.15.214 port 33992 [preauth]
Sep 29 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Failed password for root from 152.32.172.117 port 43798 ssh2
Sep 29 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Received disconnect from 152.32.172.117 port 43798:11: Bye Bye [preauth]
Sep 29 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31624]: Disconnected from 152.32.172.117 port 43798 [preauth]
Sep 29 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: Failed password for root from 162.144.236.216 port 44654 ssh2
Sep 29 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Invalid user ftptest from 170.233.151.14
Sep 29 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: input_userauth_request: invalid user ftptest [preauth]
Sep 29 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: Connection closed by 162.144.236.216 port 44654 [preauth]
Sep 29 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Failed password for invalid user ftptest from 170.233.151.14 port 54814 ssh2
Sep 29 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Received disconnect from 170.233.151.14 port 54814:11: Bye Bye [preauth]
Sep 29 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Disconnected from 170.233.151.14 port 54814 [preauth]
Sep 29 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: Failed password for root from 162.144.236.216 port 53286 ssh2
Sep 29 10:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: Connection closed by 162.144.236.216 port 53286 [preauth]
Sep 29 10:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: Successful su for rubyman by root
Sep 29 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: + ??? root:rubyman
Sep 29 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314258 of user rubyman.
Sep 29 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31832]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314258.
Sep 29 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31683]: pam_unix(cron:session): session closed for user root
Sep 29 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28310]: pam_unix(cron:session): session closed for user root
Sep 29 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: Failed password for root from 162.144.236.216 port 59638 ssh2
Sep 29 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31680]: Connection closed by 162.144.236.216 port 59638 [preauth]
Sep 29 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Failed password for root from 162.144.236.216 port 37922 ssh2
Sep 29 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32056]: Connection closed by 162.144.236.216 port 37922 [preauth]
Sep 29 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: Failed password for root from 162.144.236.216 port 44422 ssh2
Sep 29 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: Connection closed by 162.144.236.216 port 44422 [preauth]
Sep 29 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30709]: pam_unix(cron:session): session closed for user root
Sep 29 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32117]: Failed password for root from 162.144.236.216 port 51068 ssh2
Sep 29 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32117]: Connection closed by 162.144.236.216 port 51068 [preauth]
Sep 29 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Failed password for root from 162.144.236.216 port 59990 ssh2
Sep 29 10:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32170]: Connection closed by 162.144.236.216 port 59990 [preauth]
Sep 29 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Invalid user tania from 152.52.15.214
Sep 29 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: input_userauth_request: invalid user tania [preauth]
Sep 29 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for invalid user tania from 152.52.15.214 port 57292 ssh2
Sep 29 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Received disconnect from 152.52.15.214 port 57292:11: Bye Bye [preauth]
Sep 29 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Disconnected from 152.52.15.214 port 57292 [preauth]
Sep 29 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Failed password for root from 162.144.236.216 port 39182 ssh2
Sep 29 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32205]: Connection closed by 162.144.236.216 port 39182 [preauth]
Sep 29 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session closed for user root
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32244]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32313]: Successful su for rubyman by root
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32313]: + ??? root:rubyman
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314266 of user rubyman.
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32313]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314266.
Sep 29 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Failed password for root from 162.144.236.216 port 47914 ssh2
Sep 29 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for root from 170.233.151.14 port 52500 ssh2
Sep 29 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Connection closed by 162.144.236.216 port 47914 [preauth]
Sep 29 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Received disconnect from 170.233.151.14 port 52500:11: Bye Bye [preauth]
Sep 29 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Disconnected from 170.233.151.14 port 52500 [preauth]
Sep 29 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32246]: pam_unix(cron:session): session closed for user root
Sep 29 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Invalid user st from 152.32.172.117
Sep 29 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: input_userauth_request: invalid user st [preauth]
Sep 29 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session closed for user root
Sep 29 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Failed password for invalid user st from 152.32.172.117 port 45238 ssh2
Sep 29 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Received disconnect from 152.32.172.117 port 45238:11: Bye Bye [preauth]
Sep 29 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Disconnected from 152.32.172.117 port 45238 [preauth]
Sep 29 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32245]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: Failed password for root from 162.144.236.216 port 54322 ssh2
Sep 29 10:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32410]: Connection closed by 162.144.236.216 port 54322 [preauth]
Sep 29 10:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: Failed password for root from 162.144.236.216 port 59386 ssh2
Sep 29 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32556]: Connection closed by 162.144.236.216 port 59386 [preauth]
Sep 29 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Failed password for root from 162.144.236.216 port 38824 ssh2
Sep 29 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Connection closed by 162.144.236.216 port 38824 [preauth]
Sep 29 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user root
Sep 29 10:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for root from 162.144.236.216 port 44990 ssh2
Sep 29 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Connection closed by 162.144.236.216 port 44990 [preauth]
Sep 29 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Invalid user admin from 139.19.117.131
Sep 29 10:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: Failed password for root from 162.144.236.216 port 50404 ssh2
Sep 29 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32655]: Connection closed by 162.144.236.216 port 50404 [preauth]
Sep 29 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: Failed password for root from 162.144.236.216 port 56568 ssh2
Sep 29 10:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32686]: Connection closed by 162.144.236.216 port 56568 [preauth]
Sep 29 10:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Connection closed by 139.19.117.131 port 57590 [preauth]
Sep 29 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: Failed password for root from 162.144.236.216 port 34166 ssh2
Sep 29 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32704]: Connection closed by 162.144.236.216 port 34166 [preauth]
Sep 29 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: Invalid user old from 152.52.15.214
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: input_userauth_request: invalid user old [preauth]
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Failed password for root from 162.144.236.216 port 38506 ssh2
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32737]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: Successful su for rubyman by root
Sep 29 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: + ??? root:rubyman
Sep 29 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314267 of user rubyman.
Sep 29 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[342]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314267.
Sep 29 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: Failed password for invalid user old from 152.52.15.214 port 24090 ssh2
Sep 29 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: Received disconnect from 152.52.15.214 port 24090:11: Bye Bye [preauth]
Sep 29 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32729]: Disconnected from 152.52.15.214 port 24090 [preauth]
Sep 29 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Connection closed by 162.144.236.216 port 38506 [preauth]
Sep 29 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session closed for user root
Sep 29 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Invalid user santana from 170.233.151.14
Sep 29 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: input_userauth_request: invalid user santana [preauth]
Sep 29 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Failed password for invalid user santana from 170.233.151.14 port 51644 ssh2
Sep 29 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Received disconnect from 170.233.151.14 port 51644:11: Bye Bye [preauth]
Sep 29 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Disconnected from 170.233.151.14 port 51644 [preauth]
Sep 29 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 162.144.236.216 port 45194 ssh2
Sep 29 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Invalid user geoserver from 152.32.172.117
Sep 29 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Connection closed by 162.144.236.216 port 45194 [preauth]
Sep 29 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Failed password for invalid user geoserver from 152.32.172.117 port 35424 ssh2
Sep 29 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Received disconnect from 152.32.172.117 port 35424:11: Bye Bye [preauth]
Sep 29 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Disconnected from 152.32.172.117 port 35424 [preauth]
Sep 29 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Invalid user admin from 93.152.230.176
Sep 29 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Failed password for root from 162.144.236.216 port 54250 ssh2
Sep 29 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for invalid user admin from 93.152.230.176 port 51049 ssh2
Sep 29 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Received disconnect from 93.152.230.176 port 51049:11: Client disconnecting normally [preauth]
Sep 29 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Disconnected from 93.152.230.176 port 51049 [preauth]
Sep 29 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Connection closed by 162.144.236.216 port 54250 [preauth]
Sep 29 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49  user=root
Sep 29 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Failed password for root from 162.144.236.216 port 60406 ssh2
Sep 29 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[627]: Failed password for root from 8.213.197.49 port 45660 ssh2
Sep 29 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[627]: Received disconnect from 8.213.197.49 port 45660:11: Bye Bye [preauth]
Sep 29 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[627]: Disconnected from 8.213.197.49 port 45660 [preauth]
Sep 29 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Connection closed by 162.144.236.216 port 60406 [preauth]
Sep 29 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Invalid user admin from 185.156.73.233
Sep 29 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Failed password for invalid user admin from 185.156.73.233 port 42484 ssh2
Sep 29 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Connection closed by 185.156.73.233 port 42484 [preauth]
Sep 29 10:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session closed for user root
Sep 29 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Failed password for root from 162.144.236.216 port 37824 ssh2
Sep 29 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Connection closed by 162.144.236.216 port 37824 [preauth]
Sep 29 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: Failed password for root from 162.144.236.216 port 45088 ssh2
Sep 29 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: Connection closed by 162.144.236.216 port 45088 [preauth]
Sep 29 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Failed password for root from 162.144.236.216 port 52128 ssh2
Sep 29 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Connection closed by 162.144.236.216 port 52128 [preauth]
Sep 29 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[748]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: Successful su for rubyman by root
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: + ??? root:rubyman
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314273 of user rubyman.
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[841]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314273.
Sep 29 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for root from 162.144.236.216 port 58734 ssh2
Sep 29 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 162.144.236.216 port 58734 [preauth]
Sep 29 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session closed for user root
Sep 29 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Invalid user user-backup from 152.52.15.214
Sep 29 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: input_userauth_request: invalid user user-backup [preauth]
Sep 29 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Failed password for root from 162.144.236.216 port 36704 ssh2
Sep 29 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Failed password for invalid user user-backup from 152.52.15.214 port 47386 ssh2
Sep 29 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Connection closed by 162.144.236.216 port 36704 [preauth]
Sep 29 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Received disconnect from 152.52.15.214 port 47386:11: Bye Bye [preauth]
Sep 29 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Disconnected from 152.52.15.214 port 47386 [preauth]
Sep 29 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for root from 170.233.151.14 port 44524 ssh2
Sep 29 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for root from 162.144.236.216 port 43946 ssh2
Sep 29 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Received disconnect from 170.233.151.14 port 44524:11: Bye Bye [preauth]
Sep 29 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Disconnected from 170.233.151.14 port 44524 [preauth]
Sep 29 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Connection closed by 162.144.236.216 port 43946 [preauth]
Sep 29 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Failed password for root from 152.32.172.117 port 35170 ssh2
Sep 29 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Received disconnect from 152.32.172.117 port 35170:11: Bye Bye [preauth]
Sep 29 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Disconnected from 152.32.172.117 port 35170 [preauth]
Sep 29 10:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Failed password for root from 162.144.236.216 port 49128 ssh2
Sep 29 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Connection closed by 162.144.236.216 port 49128 [preauth]
Sep 29 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[741]: Connection closed by 115.134.146.150 port 57637 [preauth]
Sep 29 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Failed password for root from 162.144.236.216 port 57472 ssh2
Sep 29 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32249]: pam_unix(cron:session): session closed for user root
Sep 29 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Connection closed by 162.144.236.216 port 57472 [preauth]
Sep 29 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for root from 162.144.236.216 port 34376 ssh2
Sep 29 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Connection closed by 162.144.236.216 port 34376 [preauth]
Sep 29 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Failed password for root from 162.144.236.216 port 41850 ssh2
Sep 29 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Connection closed by 162.144.236.216 port 41850 [preauth]
Sep 29 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 10:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Failed password for root from 162.144.236.216 port 47990 ssh2
Sep 29 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: Connection closed by 162.144.236.216 port 47990 [preauth]
Sep 29 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1407]: Successful su for rubyman by root
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1407]: + ??? root:rubyman
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314276 of user rubyman.
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1407]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314276.
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco rhost=::ffff:79.124.49.146
Sep 29 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user root
Sep 29 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Failed password for root from 162.144.236.216 port 55526 ssh2
Sep 29 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Connection closed by 162.144.236.216 port 55526 [preauth]
Sep 29 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Failed password for root from 162.144.236.216 port 34020 ssh2
Sep 29 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Failed password for root from 152.52.15.214 port 14180 ssh2
Sep 29 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Received disconnect from 152.52.15.214 port 14180:11: Bye Bye [preauth]
Sep 29 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Disconnected from 152.52.15.214 port 14180 [preauth]
Sep 29 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1686]: Invalid user  from 64.62.197.153
Sep 29 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1686]: input_userauth_request: invalid user  [preauth]
Sep 29 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Connection closed by 162.144.236.216 port 34020 [preauth]
Sep 29 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1686]: Connection closed by 64.62.197.153 port 63751 [preauth]
Sep 29 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Failed password for root from 162.144.236.216 port 40914 ssh2
Sep 29 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Invalid user deployment from 170.233.151.14
Sep 29 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: input_userauth_request: invalid user deployment [preauth]
Sep 29 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Connection closed by 162.144.236.216 port 40914 [preauth]
Sep 29 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Invalid user ftptest from 8.213.197.49
Sep 29 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: input_userauth_request: invalid user ftptest [preauth]
Sep 29 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for invalid user deployment from 170.233.151.14 port 38704 ssh2
Sep 29 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Received disconnect from 170.233.151.14 port 38704:11: Bye Bye [preauth]
Sep 29 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Disconnected from 170.233.151.14 port 38704 [preauth]
Sep 29 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Failed password for invalid user ftptest from 8.213.197.49 port 53306 ssh2
Sep 29 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Received disconnect from 8.213.197.49 port 53306:11: Bye Bye [preauth]
Sep 29 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Disconnected from 8.213.197.49 port 53306 [preauth]
Sep 29 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Invalid user django from 152.32.172.117
Sep 29 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: input_userauth_request: invalid user django [preauth]
Sep 29 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Failed password for invalid user django from 152.32.172.117 port 59036 ssh2
Sep 29 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Received disconnect from 152.32.172.117 port 59036:11: Bye Bye [preauth]
Sep 29 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Disconnected from 152.32.172.117 port 59036 [preauth]
Sep 29 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32737]: pam_unix(cron:session): session closed for user root
Sep 29 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: Failed password for root from 162.144.236.216 port 46654 ssh2
Sep 29 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: Connection closed by 162.144.236.216 port 46654 [preauth]
Sep 29 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: Failed password for root from 162.144.236.216 port 54966 ssh2
Sep 29 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: Connection closed by 162.144.236.216 port 54966 [preauth]
Sep 29 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: Failed password for root from 162.144.236.216 port 34314 ssh2
Sep 29 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: Connection closed by 162.144.236.216 port 34314 [preauth]
Sep 29 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: Successful su for rubyman by root
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: + ??? root:rubyman
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314279 of user rubyman.
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314279.
Sep 29 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Failed password for root from 162.144.236.216 port 41680 ssh2
Sep 29 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Connection closed by 162.144.236.216 port 41680 [preauth]
Sep 29 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session closed for user root
Sep 29 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Failed password for root from 162.144.236.216 port 48668 ssh2
Sep 29 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1987]: Connection closed by 162.144.236.216 port 48668 [preauth]
Sep 29 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: Failed password for root from 162.144.236.216 port 54180 ssh2
Sep 29 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: Connection closed by 162.144.236.216 port 54180 [preauth]
Sep 29 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Invalid user ya from 152.52.15.214
Sep 29 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: input_userauth_request: invalid user ya [preauth]
Sep 29 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Failed password for invalid user ya from 152.52.15.214 port 37478 ssh2
Sep 29 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Received disconnect from 152.52.15.214 port 37478:11: Bye Bye [preauth]
Sep 29 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Disconnected from 152.52.15.214 port 37478 [preauth]
Sep 29 10:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Failed password for root from 162.144.236.216 port 35166 ssh2
Sep 29 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Connection closed by 162.144.236.216 port 35166 [preauth]
Sep 29 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[749]: pam_unix(cron:session): session closed for user root
Sep 29 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Failed password for root from 162.144.236.216 port 41064 ssh2
Sep 29 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Connection closed by 162.144.236.216 port 41064 [preauth]
Sep 29 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 10:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Invalid user santana from 152.32.172.117
Sep 29 10:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: input_userauth_request: invalid user santana [preauth]
Sep 29 10:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Failed password for root from 170.233.151.14 port 48794 ssh2
Sep 29 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Received disconnect from 170.233.151.14 port 48794:11: Bye Bye [preauth]
Sep 29 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Disconnected from 170.233.151.14 port 48794 [preauth]
Sep 29 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Failed password for invalid user santana from 152.32.172.117 port 36924 ssh2
Sep 29 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Received disconnect from 152.32.172.117 port 36924:11: Bye Bye [preauth]
Sep 29 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Disconnected from 152.32.172.117 port 36924 [preauth]
Sep 29 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Failed password for root from 162.144.236.216 port 48078 ssh2
Sep 29 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Connection closed by 162.144.236.216 port 48078 [preauth]
Sep 29 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Failed password for root from 162.144.236.216 port 54556 ssh2
Sep 29 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Connection closed by 162.144.236.216 port 54556 [preauth]
Sep 29 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session closed for user root
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2368]: Successful su for rubyman by root
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2368]: + ??? root:rubyman
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314284 of user rubyman.
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2368]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314284.
Sep 29 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for root from 162.144.236.216 port 34652 ssh2
Sep 29 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user root
Sep 29 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Connection closed by 162.144.236.216 port 34652 [preauth]
Sep 29 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session closed for user root
Sep 29 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Failed password for root from 162.144.236.216 port 41498 ssh2
Sep 29 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Connection closed by 162.144.236.216 port 41498 [preauth]
Sep 29 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Failed password for root from 162.144.236.216 port 48358 ssh2
Sep 29 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Invalid user ict from 8.213.197.49
Sep 29 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: input_userauth_request: invalid user ict [preauth]
Sep 29 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Connection closed by 162.144.236.216 port 48358 [preauth]
Sep 29 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Failed password for invalid user ict from 8.213.197.49 port 43752 ssh2
Sep 29 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Received disconnect from 8.213.197.49 port 43752:11: Bye Bye [preauth]
Sep 29 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Disconnected from 8.213.197.49 port 43752 [preauth]
Sep 29 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session closed for user root
Sep 29 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Failed password for root from 162.144.236.216 port 56848 ssh2
Sep 29 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Connection closed by 162.144.236.216 port 56848 [preauth]
Sep 29 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Failed password for root from 152.52.15.214 port 60778 ssh2
Sep 29 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Received disconnect from 152.52.15.214 port 60778:11: Bye Bye [preauth]
Sep 29 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Disconnected from 152.52.15.214 port 60778 [preauth]
Sep 29 10:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Failed password for root from 162.144.236.216 port 37412 ssh2
Sep 29 10:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Connection closed by 162.144.236.216 port 37412 [preauth]
Sep 29 10:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Failed password for root from 162.144.236.216 port 43832 ssh2
Sep 29 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Connection closed by 162.144.236.216 port 43832 [preauth]
Sep 29 10:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Invalid user user from 62.60.131.157
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: input_userauth_request: invalid user user [preauth]
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 10:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Invalid user ftp1 from 152.32.172.117
Sep 29 10:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: input_userauth_request: invalid user ftp1 [preauth]
Sep 29 10:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Invalid user eth from 170.233.151.14
Sep 29 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: input_userauth_request: invalid user eth [preauth]
Sep 29 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Failed password for root from 162.144.236.216 port 49378 ssh2
Sep 29 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user user from 62.60.131.157 port 44186 ssh2
Sep 29 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Failed password for invalid user ftp1 from 152.32.172.117 port 59600 ssh2
Sep 29 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Received disconnect from 152.32.172.117 port 59600:11: Bye Bye [preauth]
Sep 29 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Disconnected from 152.32.172.117 port 59600 [preauth]
Sep 29 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Connection closed by 162.144.236.216 port 49378 [preauth]
Sep 29 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Failed password for invalid user eth from 170.233.151.14 port 38772 ssh2
Sep 29 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Received disconnect from 170.233.151.14 port 38772:11: Bye Bye [preauth]
Sep 29 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Disconnected from 170.233.151.14 port 38772 [preauth]
Sep 29 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user user from 62.60.131.157 port 44186 ssh2
Sep 29 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2789]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: Successful su for rubyman by root
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: + ??? root:rubyman
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314289 of user rubyman.
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314289.
Sep 29 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user user from 62.60.131.157 port 44186 ssh2
Sep 29 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user user from 62.60.131.157 port 44186 ssh2
Sep 29 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session closed for user root
Sep 29 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Failed password for root from 162.144.236.216 port 55444 ssh2
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for invalid user user from 62.60.131.157 port 44186 ssh2
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Received disconnect from 62.60.131.157 port 44186:11: Bye [preauth]
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Disconnected from 62.60.131.157 port 44186 [preauth]
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2790]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Connection closed by 162.144.236.216 port 55444 [preauth]
Sep 29 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Failed password for root from 162.144.236.216 port 35116 ssh2
Sep 29 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Connection closed by 162.144.236.216 port 35116 [preauth]
Sep 29 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3097]: Failed password for root from 162.144.236.216 port 40756 ssh2
Sep 29 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3097]: Connection closed by 162.144.236.216 port 40756 [preauth]
Sep 29 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Failed password for root from 162.144.236.216 port 49670 ssh2
Sep 29 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3130]: Connection closed by 162.144.236.216 port 49670 [preauth]
Sep 29 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session closed for user root
Sep 29 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: Failed password for root from 162.144.236.216 port 55246 ssh2
Sep 29 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: Connection closed by 162.144.236.216 port 55246 [preauth]
Sep 29 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: Invalid user tmpuser from 152.52.15.214
Sep 29 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: input_userauth_request: invalid user tmpuser [preauth]
Sep 29 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Failed password for root from 162.144.236.216 port 33160 ssh2
Sep 29 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: Failed password for invalid user tmpuser from 152.52.15.214 port 27578 ssh2
Sep 29 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Connection closed by 162.144.236.216 port 33160 [preauth]
Sep 29 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: Received disconnect from 152.52.15.214 port 27578:11: Bye Bye [preauth]
Sep 29 10:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3196]: Disconnected from 152.52.15.214 port 27578 [preauth]
Sep 29 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: Failed password for root from 162.144.236.216 port 38648 ssh2
Sep 29 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: Connection closed by 162.144.236.216 port 38648 [preauth]
Sep 29 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3234]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: Successful su for rubyman by root
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: + ??? root:rubyman
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314293 of user rubyman.
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3303]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314293.
Sep 29 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Failed password for root from 162.144.236.216 port 45538 ssh2
Sep 29 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Connection closed by 162.144.236.216 port 45538 [preauth]
Sep 29 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user root
Sep 29 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3236]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil15@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Invalid user pydio from 152.32.172.117
Sep 29 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: input_userauth_request: invalid user pydio [preauth]
Sep 29 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Failed password for invalid user pydio from 152.32.172.117 port 57692 ssh2
Sep 29 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Received disconnect from 152.32.172.117 port 57692:11: Bye Bye [preauth]
Sep 29 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Disconnected from 152.32.172.117 port 57692 [preauth]
Sep 29 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Failed password for root from 162.144.236.216 port 50830 ssh2
Sep 29 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil15 rhost=::ffff:45.142.193.185
Sep 29 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Connection closed by 162.144.236.216 port 50830 [preauth]
Sep 29 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Invalid user agent from 170.233.151.14
Sep 29 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: input_userauth_request: invalid user agent [preauth]
Sep 29 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Failed password for invalid user agent from 170.233.151.14 port 36620 ssh2
Sep 29 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Received disconnect from 170.233.151.14 port 36620:11: Bye Bye [preauth]
Sep 29 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Disconnected from 170.233.151.14 port 36620 [preauth]
Sep 29 10:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Invalid user kkk from 8.213.197.49
Sep 29 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: input_userauth_request: invalid user kkk [preauth]
Sep 29 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Failed password for invalid user kkk from 8.213.197.49 port 52312 ssh2
Sep 29 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Received disconnect from 8.213.197.49 port 52312:11: Bye Bye [preauth]
Sep 29 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3561]: Disconnected from 8.213.197.49 port 52312 [preauth]
Sep 29 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: Failed password for root from 162.144.236.216 port 57836 ssh2
Sep 29 10:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: Connection closed by 162.144.236.216 port 57836 [preauth]
Sep 29 10:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: Failed password for root from 162.144.236.216 port 37204 ssh2
Sep 29 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: Connection closed by 162.144.236.216 port 37204 [preauth]
Sep 29 10:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session closed for user root
Sep 29 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: Failed password for root from 162.144.236.216 port 43474 ssh2
Sep 29 10:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: Connection closed by 162.144.236.216 port 43474 [preauth]
Sep 29 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Failed password for root from 162.144.236.216 port 50038 ssh2
Sep 29 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Connection closed by 162.144.236.216 port 50038 [preauth]
Sep 29 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Failed password for root from 162.144.236.216 port 54726 ssh2
Sep 29 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3660]: Connection closed by 162.144.236.216 port 54726 [preauth]
Sep 29 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Failed password for root from 162.144.236.216 port 32806 ssh2
Sep 29 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Connection closed by 162.144.236.216 port 32806 [preauth]
Sep 29 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Invalid user st from 152.52.15.214
Sep 29 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: input_userauth_request: invalid user st [preauth]
Sep 29 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Failed password for invalid user st from 152.52.15.214 port 50880 ssh2
Sep 29 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Received disconnect from 152.52.15.214 port 50880:11: Bye Bye [preauth]
Sep 29 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Disconnected from 152.52.15.214 port 50880 [preauth]
Sep 29 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3701]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: Successful su for rubyman by root
Sep 29 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: + ??? root:rubyman
Sep 29 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314298 of user rubyman.
Sep 29 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314298.
Sep 29 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[748]: pam_unix(cron:session): session closed for user root
Sep 29 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3699]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Failed password for root from 162.144.236.216 port 37480 ssh2
Sep 29 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Connection closed by 162.144.236.216 port 37480 [preauth]
Sep 29 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: Failed password for root from 162.144.236.216 port 45354 ssh2
Sep 29 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: Connection closed by 162.144.236.216 port 45354 [preauth]
Sep 29 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: Failed password for root from 162.144.236.216 port 52302 ssh2
Sep 29 10:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: Connection closed by 162.144.236.216 port 52302 [preauth]
Sep 29 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Invalid user ubuntu from 170.233.151.14
Sep 29 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Failed password for invalid user ubuntu from 170.233.151.14 port 45122 ssh2
Sep 29 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for root from 162.144.236.216 port 57856 ssh2
Sep 29 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Received disconnect from 170.233.151.14 port 45122:11: Bye Bye [preauth]
Sep 29 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Disconnected from 170.233.151.14 port 45122 [preauth]
Sep 29 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session closed for user root
Sep 29 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Connection closed by 162.144.236.216 port 57856 [preauth]
Sep 29 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Failed password for root from 152.32.172.117 port 44192 ssh2
Sep 29 10:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Received disconnect from 152.32.172.117 port 44192:11: Bye Bye [preauth]
Sep 29 10:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Disconnected from 152.32.172.117 port 44192 [preauth]
Sep 29 10:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Failed password for root from 162.144.236.216 port 36728 ssh2
Sep 29 10:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Connection closed by 162.144.236.216 port 36728 [preauth]
Sep 29 10:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Failed password for root from 162.144.236.216 port 46230 ssh2
Sep 29 10:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Connection closed by 162.144.236.216 port 46230 [preauth]
Sep 29 10:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4242]: Successful su for rubyman by root
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4242]: + ??? root:rubyman
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314304 of user rubyman.
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4242]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314304.
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Invalid user kkk from 152.52.15.214
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: input_userauth_request: invalid user kkk [preauth]
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Failed password for root from 162.144.236.216 port 53302 ssh2
Sep 29 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: Connection closed by 162.144.236.216 port 53302 [preauth]
Sep 29 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Failed password for invalid user kkk from 152.52.15.214 port 17674 ssh2
Sep 29 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Received disconnect from 152.52.15.214 port 17674:11: Bye Bye [preauth]
Sep 29 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Disconnected from 152.52.15.214 port 17674 [preauth]
Sep 29 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session closed for user root
Sep 29 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Failed password for root from 162.144.236.216 port 33328 ssh2
Sep 29 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4369]: Connection closed by 162.144.236.216 port 33328 [preauth]
Sep 29 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Failed password for root from 162.144.236.216 port 37924 ssh2
Sep 29 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4463]: Connection closed by 8.213.197.49 port 53960 [preauth]
Sep 29 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Connection closed by 162.144.236.216 port 37924 [preauth]
Sep 29 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for root from 162.144.236.216 port 44972 ssh2
Sep 29 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Connection closed by 162.144.236.216 port 44972 [preauth]
Sep 29 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session closed for user root
Sep 29 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Invalid user vlado from 170.233.151.14
Sep 29 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: input_userauth_request: invalid user vlado [preauth]
Sep 29 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Failed password for invalid user vlado from 170.233.151.14 port 34408 ssh2
Sep 29 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Received disconnect from 170.233.151.14 port 34408:11: Bye Bye [preauth]
Sep 29 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4563]: Disconnected from 170.233.151.14 port 34408 [preauth]
Sep 29 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Failed password for root from 162.144.236.216 port 52760 ssh2
Sep 29 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Failed password for root from 152.32.172.117 port 47928 ssh2
Sep 29 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Received disconnect from 152.32.172.117 port 47928:11: Bye Bye [preauth]
Sep 29 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4579]: Disconnected from 152.32.172.117 port 47928 [preauth]
Sep 29 10:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Connection closed by 162.144.236.216 port 52760 [preauth]
Sep 29 10:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session closed for user root
Sep 29 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: Successful su for rubyman by root
Sep 29 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: + ??? root:rubyman
Sep 29 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314307 of user rubyman.
Sep 29 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4700]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314307.
Sep 29 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session closed for user root
Sep 29 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session closed for user root
Sep 29 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Failed password for root from 162.144.236.216 port 32952 ssh2
Sep 29 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Connection closed by 162.144.236.216 port 32952 [preauth]
Sep 29 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Failed password for root from 152.52.15.214 port 40970 ssh2
Sep 29 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Received disconnect from 152.52.15.214 port 40970:11: Bye Bye [preauth]
Sep 29 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Disconnected from 152.52.15.214 port 40970 [preauth]
Sep 29 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4936]: Failed password for root from 162.144.236.216 port 42684 ssh2
Sep 29 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4936]: Connection closed by 162.144.236.216 port 42684 [preauth]
Sep 29 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Failed password for root from 162.144.236.216 port 50000 ssh2
Sep 29 10:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4975]: Connection closed by 162.144.236.216 port 50000 [preauth]
Sep 29 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3701]: pam_unix(cron:session): session closed for user root
Sep 29 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5002]: Failed password for root from 162.144.236.216 port 57952 ssh2
Sep 29 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5002]: Connection closed by 162.144.236.216 port 57952 [preauth]
Sep 29 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: Failed password for root from 162.144.236.216 port 35582 ssh2
Sep 29 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5053]: Connection closed by 162.144.236.216 port 35582 [preauth]
Sep 29 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Failed password for root from 162.144.236.216 port 42238 ssh2
Sep 29 10:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5081]: Connection closed by 162.144.236.216 port 42238 [preauth]
Sep 29 10:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Invalid user ftptest from 152.32.172.117
Sep 29 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: input_userauth_request: invalid user ftptest [preauth]
Sep 29 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Failed password for invalid user ftptest from 152.32.172.117 port 34066 ssh2
Sep 29 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Received disconnect from 152.32.172.117 port 34066:11: Bye Bye [preauth]
Sep 29 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Disconnected from 152.32.172.117 port 34066 [preauth]
Sep 29 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Invalid user geoserver from 170.233.151.14
Sep 29 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Failed password for root from 162.144.236.216 port 48092 ssh2
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Failed password for invalid user geoserver from 170.233.151.14 port 46020 ssh2
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Received disconnect from 170.233.151.14 port 46020:11: Bye Bye [preauth]
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5111]: Disconnected from 170.233.151.14 port 46020 [preauth]
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5127]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5107]: Connection closed by 162.144.236.216 port 48092 [preauth]
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: Successful su for rubyman by root
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: + ??? root:rubyman
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314312 of user rubyman.
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314312.
Sep 29 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user root
Sep 29 10:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5128]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: Failed password for root from 162.144.236.216 port 54248 ssh2
Sep 29 10:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5220]: Connection closed by 162.144.236.216 port 54248 [preauth]
Sep 29 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49  user=root
Sep 29 10:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for root from 8.213.197.49 port 42622 ssh2
Sep 29 10:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Received disconnect from 8.213.197.49 port 42622:11: Bye Bye [preauth]
Sep 29 10:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Disconnected from 8.213.197.49 port 42622 [preauth]
Sep 29 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Invalid user config from 80.94.95.115
Sep 29 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: input_userauth_request: invalid user config [preauth]
Sep 29 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: Failed password for root from 162.144.236.216 port 33102 ssh2
Sep 29 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5501]: Connection closed by 162.144.236.216 port 33102 [preauth]
Sep 29 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Failed password for invalid user config from 80.94.95.115 port 37710 ssh2
Sep 29 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Connection closed by 80.94.95.115 port 37710 [preauth]
Sep 29 10:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Failed password for root from 162.144.236.216 port 39482 ssh2
Sep 29 10:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5532]: Connection closed by 162.144.236.216 port 39482 [preauth]
Sep 29 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Failed password for root from 162.144.236.216 port 45994 ssh2
Sep 29 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session closed for user root
Sep 29 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Connection closed by 162.144.236.216 port 45994 [preauth]
Sep 29 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for root from 152.52.15.214 port 64272 ssh2
Sep 29 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Received disconnect from 152.52.15.214 port 64272:11: Bye Bye [preauth]
Sep 29 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Disconnected from 152.52.15.214 port 64272 [preauth]
Sep 29 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: Failed password for root from 162.144.236.216 port 52222 ssh2
Sep 29 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5602]: Connection closed by 162.144.236.216 port 52222 [preauth]
Sep 29 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Failed password for root from 162.144.236.216 port 58480 ssh2
Sep 29 10:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Connection closed by 162.144.236.216 port 58480 [preauth]
Sep 29 10:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for root from 162.144.236.216 port 37736 ssh2
Sep 29 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Connection closed by 162.144.236.216 port 37736 [preauth]
Sep 29 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5747]: Successful su for rubyman by root
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5747]: + ??? root:rubyman
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314316 of user rubyman.
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5747]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314316.
Sep 29 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session closed for user root
Sep 29 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: Failed password for root from 162.144.236.216 port 45394 ssh2
Sep 29 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5672]: Connection closed by 162.144.236.216 port 45394 [preauth]
Sep 29 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Failed password for root from 152.32.172.117 port 42338 ssh2
Sep 29 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Received disconnect from 152.32.172.117 port 42338:11: Bye Bye [preauth]
Sep 29 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5962]: Disconnected from 152.32.172.117 port 42338 [preauth]
Sep 29 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Invalid user ubnt from 62.60.131.157
Sep 29 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: Failed password for root from 162.144.236.216 port 50920 ssh2
Sep 29 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user ubnt from 62.60.131.157 port 62144 ssh2
Sep 29 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5964]: Connection closed by 162.144.236.216 port 50920 [preauth]
Sep 29 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user ubnt from 62.60.131.157 port 62144 ssh2
Sep 29 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user ubnt from 62.60.131.157 port 62144 ssh2
Sep 29 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user ubnt from 62.60.131.157 port 62144 ssh2
Sep 29 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user ubnt from 62.60.131.157 port 62144 ssh2
Sep 29 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Received disconnect from 62.60.131.157 port 62144:11: Bye [preauth]
Sep 29 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Disconnected from 62.60.131.157 port 62144 [preauth]
Sep 29 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 10:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session closed for user root
Sep 29 10:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for root from 162.144.236.216 port 58672 ssh2
Sep 29 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Connection closed by 162.144.236.216 port 58672 [preauth]
Sep 29 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Invalid user geoserver from 152.52.15.214
Sep 29 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Failed password for invalid user geoserver from 152.52.15.214 port 31076 ssh2
Sep 29 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Received disconnect from 152.52.15.214 port 31076:11: Bye Bye [preauth]
Sep 29 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Disconnected from 152.52.15.214 port 31076 [preauth]
Sep 29 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Failed password for root from 162.144.236.216 port 38246 ssh2
Sep 29 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Connection closed by 162.144.236.216 port 38246 [preauth]
Sep 29 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: Successful su for rubyman by root
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: + ??? root:rubyman
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314319 of user rubyman.
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6208]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314319.
Sep 29 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session closed for user root
Sep 29 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Failed password for root from 162.144.236.216 port 47490 ssh2
Sep 29 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Connection closed by 162.144.236.216 port 47490 [preauth]
Sep 29 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: Failed password for root from 162.144.236.216 port 54368 ssh2
Sep 29 10:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: Invalid user javad from 152.32.172.117
Sep 29 10:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: input_userauth_request: invalid user javad [preauth]
Sep 29 10:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: Connection closed by 162.144.236.216 port 54368 [preauth]
Sep 29 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: Failed password for invalid user javad from 152.32.172.117 port 52800 ssh2
Sep 29 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: Received disconnect from 152.32.172.117 port 52800:11: Bye Bye [preauth]
Sep 29 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6445]: Disconnected from 152.32.172.117 port 52800 [preauth]
Sep 29 10:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5130]: pam_unix(cron:session): session closed for user root
Sep 29 10:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Failed password for root from 162.144.236.216 port 33816 ssh2
Sep 29 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Connection closed by 162.144.236.216 port 33816 [preauth]
Sep 29 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Invalid user ict from 170.233.151.14
Sep 29 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: input_userauth_request: invalid user ict [preauth]
Sep 29 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Failed password for invalid user ict from 170.233.151.14 port 47652 ssh2
Sep 29 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Received disconnect from 170.233.151.14 port 47652:11: Bye Bye [preauth]
Sep 29 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Disconnected from 170.233.151.14 port 47652 [preauth]
Sep 29 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Failed password for root from 162.144.236.216 port 42544 ssh2
Sep 29 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: Successful su for rubyman by root
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: + ??? root:rubyman
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314324 of user rubyman.
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6756]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314324.
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Connection closed by 162.144.236.216 port 42544 [preauth]
Sep 29 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session closed for user root
Sep 29 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Failed password for root from 162.144.236.216 port 51822 ssh2
Sep 29 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Connection closed by 162.144.236.216 port 51822 [preauth]
Sep 29 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Failed password for root from 162.144.236.216 port 58458 ssh2
Sep 29 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Connection closed by 162.144.236.216 port 58458 [preauth]
Sep 29 10:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: Invalid user admin from 78.128.112.74
Sep 29 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: input_userauth_request: invalid user admin [preauth]
Sep 29 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: Failed password for invalid user admin from 78.128.112.74 port 60662 ssh2
Sep 29 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: Connection closed by 78.128.112.74 port 60662 [preauth]
Sep 29 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Failed password for root from 162.144.236.216 port 38068 ssh2
Sep 29 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Connection closed by 162.144.236.216 port 38068 [preauth]
Sep 29 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Invalid user tania from 152.32.172.117
Sep 29 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: input_userauth_request: invalid user tania [preauth]
Sep 29 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Failed password for invalid user tania from 152.32.172.117 port 50460 ssh2
Sep 29 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Received disconnect from 152.32.172.117 port 50460:11: Bye Bye [preauth]
Sep 29 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Disconnected from 152.32.172.117 port 50460 [preauth]
Sep 29 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Failed password for root from 162.144.236.216 port 42400 ssh2
Sep 29 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5678]: pam_unix(cron:session): session closed for user root
Sep 29 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Connection closed by 162.144.236.216 port 42400 [preauth]
Sep 29 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7089]: Failed password for root from 162.144.236.216 port 48878 ssh2
Sep 29 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7089]: Connection closed by 162.144.236.216 port 48878 [preauth]
Sep 29 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: Invalid user exx from 152.52.15.214
Sep 29 10:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: input_userauth_request: invalid user exx [preauth]
Sep 29 10:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: Failed password for invalid user exx from 152.52.15.214 port 54414 ssh2
Sep 29 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: Received disconnect from 152.52.15.214 port 54414:11: Bye Bye [preauth]
Sep 29 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7138]: Disconnected from 152.52.15.214 port 54414 [preauth]
Sep 29 10:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Failed password for root from 162.144.236.216 port 54260 ssh2
Sep 29 10:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Connection closed by 162.144.236.216 port 54260 [preauth]
Sep 29 10:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Failed password for root from 162.144.236.216 port 59980 ssh2
Sep 29 10:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Connection closed by 162.144.236.216 port 59980 [preauth]
Sep 29 10:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Failed password for root from 170.233.151.14 port 60702 ssh2
Sep 29 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Received disconnect from 170.233.151.14 port 60702:11: Bye Bye [preauth]
Sep 29 10:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7234]: Disconnected from 170.233.151.14 port 60702 [preauth]
Sep 29 10:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7252]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7252]: pam_unix(cron:session): session closed for user root
Sep 29 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: Successful su for rubyman by root
Sep 29 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: + ??? root:rubyman
Sep 29 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314328 of user rubyman.
Sep 29 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314328.
Sep 29 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: Failed password for root from 162.144.236.216 port 36696 ssh2
Sep 29 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7232]: Connection closed by 162.144.236.216 port 36696 [preauth]
Sep 29 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session closed for user root
Sep 29 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4174]: pam_unix(cron:session): session closed for user root
Sep 29 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: Failed password for root from 162.144.236.216 port 45224 ssh2
Sep 29 10:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7447]: Connection closed by 162.144.236.216 port 45224 [preauth]
Sep 29 10:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Failed password for root from 162.144.236.216 port 51620 ssh2
Sep 29 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Connection closed by 162.144.236.216 port 51620 [preauth]
Sep 29 10:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: Failed password for root from 162.144.236.216 port 59742 ssh2
Sep 29 10:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7611]: Connection closed by 162.144.236.216 port 59742 [preauth]
Sep 29 10:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
Sep 29 10:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Failed password for root from 162.144.236.216 port 38140 ssh2
Sep 29 10:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Connection closed by 162.144.236.216 port 38140 [preauth]
Sep 29 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Invalid user santana from 152.52.15.214
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: input_userauth_request: invalid user santana [preauth]
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: Failed password for root from 162.144.236.216 port 43984 ssh2
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: Invalid user ya from 152.32.172.117
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: input_userauth_request: invalid user ya [preauth]
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Failed password for invalid user santana from 152.52.15.214 port 21214 ssh2
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Received disconnect from 152.52.15.214 port 21214:11: Bye Bye [preauth]
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Disconnected from 152.52.15.214 port 21214 [preauth]
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: Connection closed by 162.144.236.216 port 43984 [preauth]
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: Failed password for invalid user ya from 152.32.172.117 port 50586 ssh2
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: Received disconnect from 152.32.172.117 port 50586:11: Bye Bye [preauth]
Sep 29 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7715]: Disconnected from 152.32.172.117 port 50586 [preauth]
Sep 29 10:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7831]: Successful su for rubyman by root
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7831]: + ??? root:rubyman
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314334 of user rubyman.
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7831]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314334.
Sep 29 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4623]: pam_unix(cron:session): session closed for user root
Sep 29 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7748]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Invalid user st from 170.233.151.14
Sep 29 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: input_userauth_request: invalid user st [preauth]
Sep 29 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Failed password for root from 162.144.236.216 port 51298 ssh2
Sep 29 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Failed password for invalid user st from 170.233.151.14 port 40272 ssh2
Sep 29 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Received disconnect from 170.233.151.14 port 40272:11: Bye Bye [preauth]
Sep 29 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8075]: Disconnected from 170.233.151.14 port 40272 [preauth]
Sep 29 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Connection closed by 162.144.236.216 port 51298 [preauth]
Sep 29 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8106]: Failed password for root from 162.144.236.216 port 60928 ssh2
Sep 29 10:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8106]: Connection closed by 162.144.236.216 port 60928 [preauth]
Sep 29 10:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Failed password for root from 162.144.236.216 port 39066 ssh2
Sep 29 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8156]: Connection closed by 162.144.236.216 port 39066 [preauth]
Sep 29 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session closed for user root
Sep 29 10:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Failed password for root from 162.144.236.216 port 45008 ssh2
Sep 29 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Connection closed by 162.144.236.216 port 45008 [preauth]
Sep 29 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: Failed password for root from 162.144.236.216 port 50684 ssh2
Sep 29 10:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8206]: Connection closed by 162.144.236.216 port 50684 [preauth]
Sep 29 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: Invalid user vlado from 152.52.15.214
Sep 29 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: input_userauth_request: invalid user vlado [preauth]
Sep 29 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8270]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8336]: Successful su for rubyman by root
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8336]: + ??? root:rubyman
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314337 of user rubyman.
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8336]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314337.
Sep 29 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: Failed password for invalid user vlado from 152.52.15.214 port 44512 ssh2
Sep 29 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: Received disconnect from 152.52.15.214 port 44512:11: Bye Bye [preauth]
Sep 29 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8265]: Disconnected from 152.52.15.214 port 44512 [preauth]
Sep 29 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5129]: pam_unix(cron:session): session closed for user root
Sep 29 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Invalid user robot from 152.32.172.117
Sep 29 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: input_userauth_request: invalid user robot [preauth]
Sep 29 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8271]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Failed password for invalid user robot from 152.32.172.117 port 40160 ssh2
Sep 29 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Received disconnect from 152.32.172.117 port 40160:11: Bye Bye [preauth]
Sep 29 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Disconnected from 152.32.172.117 port 40160 [preauth]
Sep 29 10:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: Failed password for root from 162.144.236.216 port 57972 ssh2
Sep 29 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: Connection closed by 162.144.236.216 port 57972 [preauth]
Sep 29 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: Failed password for root from 162.144.236.216 port 38808 ssh2
Sep 29 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8593]: Connection closed by 162.144.236.216 port 38808 [preauth]
Sep 29 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Invalid user tmpuser from 170.233.151.14
Sep 29 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: input_userauth_request: invalid user tmpuser [preauth]
Sep 29 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Failed password for invalid user tmpuser from 170.233.151.14 port 41780 ssh2
Sep 29 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Received disconnect from 170.233.151.14 port 41780:11: Bye Bye [preauth]
Sep 29 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8637]: Disconnected from 170.233.151.14 port 41780 [preauth]
Sep 29 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7251]: pam_unix(cron:session): session closed for user root
Sep 29 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Failed password for root from 162.144.236.216 port 46206 ssh2
Sep 29 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8636]: Connection closed by 162.144.236.216 port 46206 [preauth]
Sep 29 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Failed password for root from 162.144.236.216 port 52468 ssh2
Sep 29 10:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Connection closed by 162.144.236.216 port 52468 [preauth]
Sep 29 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Failed password for root from 162.144.236.216 port 58732 ssh2
Sep 29 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Connection closed by 162.144.236.216 port 58732 [preauth]
Sep 29 10:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Failed password for root from 162.144.236.216 port 36782 ssh2
Sep 29 10:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Connection closed by 162.144.236.216 port 36782 [preauth]
Sep 29 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8923]: Successful su for rubyman by root
Sep 29 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8923]: + ??? root:rubyman
Sep 29 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314342 of user rubyman.
Sep 29 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8923]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314342.
Sep 29 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5677]: pam_unix(cron:session): session closed for user root
Sep 29 10:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: Failed password for root from 162.144.236.216 port 42428 ssh2
Sep 29 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8744]: Connection closed by 162.144.236.216 port 42428 [preauth]
Sep 29 10:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Invalid user ict from 152.52.15.214
Sep 29 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: input_userauth_request: invalid user ict [preauth]
Sep 29 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Failed password for invalid user ict from 152.52.15.214 port 11316 ssh2
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Received disconnect from 152.52.15.214 port 11316:11: Bye Bye [preauth]
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Disconnected from 152.52.15.214 port 11316 [preauth]
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: Invalid user titu from 152.32.172.117
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: input_userauth_request: invalid user titu [preauth]
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: Failed password for invalid user titu from 152.32.172.117 port 34032 ssh2
Sep 29 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: Received disconnect from 152.32.172.117 port 34032:11: Bye Bye [preauth]
Sep 29 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9265]: Disconnected from 152.32.172.117 port 34032 [preauth]
Sep 29 10:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Failed password for root from 162.144.236.216 port 53392 ssh2
Sep 29 10:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9253]: Connection closed by 162.144.236.216 port 53392 [preauth]
Sep 29 10:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Failed password for root from 162.144.236.216 port 59546 ssh2
Sep 29 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Connection closed by 162.144.236.216 port 59546 [preauth]
Sep 29 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7750]: pam_unix(cron:session): session closed for user root
Sep 29 10:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Failed password for root from 162.144.236.216 port 39424 ssh2
Sep 29 10:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Connection closed by 162.144.236.216 port 39424 [preauth]
Sep 29 10:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Failed password for root from 162.144.236.216 port 46680 ssh2
Sep 29 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9368]: Connection closed by 162.144.236.216 port 46680 [preauth]
Sep 29 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Invalid user kkk from 170.233.151.14
Sep 29 10:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: input_userauth_request: invalid user kkk [preauth]
Sep 29 10:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Failed password for invalid user kkk from 170.233.151.14 port 40938 ssh2
Sep 29 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Received disconnect from 170.233.151.14 port 40938:11: Bye Bye [preauth]
Sep 29 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9402]: Disconnected from 170.233.151.14 port 40938 [preauth]
Sep 29 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Failed password for root from 162.144.236.216 port 54438 ssh2
Sep 29 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Connection closed by 162.144.236.216 port 54438 [preauth]
Sep 29 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9429]: pam_unix(cron:session): session closed for user p13x
Sep 29 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9494]: Successful su for rubyman by root
Sep 29 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9494]: + ??? root:rubyman
Sep 29 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314347 of user rubyman.
Sep 29 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9494]: pam_unix(su:session): session closed for user rubyman
Sep 29 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314347.
Sep 29 10:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user root
Sep 29 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Invalid user robot from 8.213.197.49
Sep 29 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: input_userauth_request: invalid user robot [preauth]
Sep 29 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session closed for user samftp
Sep 29 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Failed password for invalid user robot from 8.213.197.49 port 52266 ssh2
Sep 29 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Received disconnect from 8.213.197.49 port 52266:11: Bye Bye [preauth]
Sep 29 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Disconnected from 8.213.197.49 port 52266 [preauth]
Sep 29 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Failed password for root from 162.144.236.216 port 33070 ssh2
Sep 29 10:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9426]: Connection closed by 162.144.236.216 port 33070 [preauth]
Sep 29 10:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: Failed password for root from 162.144.236.216 port 41116 ssh2
Sep 29 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: Connection closed by 162.144.236.216 port 41116 [preauth]
Sep 29 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Failed password for root from 162.144.236.216 port 47958 ssh2
Sep 29 10:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Connection closed by 162.144.236.216 port 47958 [preauth]
Sep 29 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Invalid user agent from 152.52.15.214
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: input_userauth_request: invalid user agent [preauth]
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: Invalid user ubuntu from 152.32.172.117
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 10:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for invalid user agent from 152.52.15.214 port 34620 ssh2
Sep 29 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: Failed password for invalid user ubuntu from 152.32.172.117 port 35896 ssh2
Sep 29 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Received disconnect from 152.52.15.214 port 34620:11: Bye Bye [preauth]
Sep 29 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Disconnected from 152.52.15.214 port 34620 [preauth]
Sep 29 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: Received disconnect from 152.32.172.117 port 35896:11: Bye Bye [preauth]
Sep 29 10:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: Disconnected from 152.32.172.117 port 35896 [preauth]
Sep 29 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8273]: pam_unix(cron:session): session closed for user root
Sep 29 10:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: Failed password for root from 162.144.236.216 port 55006 ssh2
Sep 29 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9893]: Connection closed by 162.144.236.216 port 55006 [preauth]
Sep 29 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 10:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Failed password for root from 162.144.236.216 port 36442 ssh2
Sep 29 10:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Connection closed by 162.144.236.216 port 36442 [preauth]
Sep 29 10:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 10:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9974]: Failed password for root from 162.144.236.216 port 42428 ssh2
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session closed for user root
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10001]: pam_unix(cron:session): session closed for user root
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9974]: Connection closed by 162.144.236.216 port 42428 [preauth]
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: Successful su for rubyman by root
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: + ??? root:rubyman
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314353 of user rubyman.
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314353.
Sep 29 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session closed for user root
Sep 29 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6687]: pam_unix(cron:session): session closed for user root
Sep 29 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10000]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: Invalid user robot from 170.233.151.14
Sep 29 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: input_userauth_request: invalid user robot [preauth]
Sep 29 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: Failed password for invalid user robot from 170.233.151.14 port 54316 ssh2
Sep 29 11:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: Received disconnect from 170.233.151.14 port 54316:11: Bye Bye [preauth]
Sep 29 11:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10373]: Disconnected from 170.233.151.14 port 54316 [preauth]
Sep 29 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Failed password for root from 162.144.236.216 port 50120 ssh2
Sep 29 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10132]: Connection closed by 162.144.236.216 port 50120 [preauth]
Sep 29 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Invalid user admin from 185.156.73.233
Sep 29 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: input_userauth_request: invalid user admin [preauth]
Sep 29 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Failed password for invalid user admin from 185.156.73.233 port 26098 ssh2
Sep 29 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10437]: Connection closed by 185.156.73.233 port 26098 [preauth]
Sep 29 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session closed for user root
Sep 29 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Failed password for root from 162.144.236.216 port 58184 ssh2
Sep 29 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Connection closed by 162.144.236.216 port 58184 [preauth]
Sep 29 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Invalid user server2 from 152.32.172.117
Sep 29 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: input_userauth_request: invalid user server2 [preauth]
Sep 29 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Invalid user javad from 152.52.15.214
Sep 29 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: input_userauth_request: invalid user javad [preauth]
Sep 29 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Failed password for invalid user server2 from 152.32.172.117 port 45804 ssh2
Sep 29 11:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Received disconnect from 152.32.172.117 port 45804:11: Bye Bye [preauth]
Sep 29 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Disconnected from 152.32.172.117 port 45804 [preauth]
Sep 29 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Failed password for invalid user javad from 152.52.15.214 port 57922 ssh2
Sep 29 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Received disconnect from 152.52.15.214 port 57922:11: Bye Bye [preauth]
Sep 29 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Disconnected from 152.52.15.214 port 57922 [preauth]
Sep 29 11:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for root from 162.144.236.216 port 37250 ssh2
Sep 29 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Connection closed by 162.144.236.216 port 37250 [preauth]
Sep 29 11:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Failed password for root from 162.144.236.216 port 42332 ssh2
Sep 29 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Connection closed by 162.144.236.216 port 42332 [preauth]
Sep 29 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Failed password for root from 162.144.236.216 port 48976 ssh2
Sep 29 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Connection closed by 162.144.236.216 port 48976 [preauth]
Sep 29 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10602]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: Successful su for rubyman by root
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: + ??? root:rubyman
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314357 of user rubyman.
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314357.
Sep 29 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Invalid user pydio from 8.213.197.49
Sep 29 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: input_userauth_request: invalid user pydio [preauth]
Sep 29 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7250]: pam_unix(cron:session): session closed for user root
Sep 29 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: Failed password for root from 162.144.236.216 port 54164 ssh2
Sep 29 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Failed password for invalid user pydio from 8.213.197.49 port 48490 ssh2
Sep 29 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Received disconnect from 8.213.197.49 port 48490:11: Bye Bye [preauth]
Sep 29 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Disconnected from 8.213.197.49 port 48490 [preauth]
Sep 29 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: Connection closed by 162.144.236.216 port 54164 [preauth]
Sep 29 11:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Failed password for root from 162.144.236.216 port 33142 ssh2
Sep 29 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Connection closed by 162.144.236.216 port 33142 [preauth]
Sep 29 11:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Invalid user frappe from 170.233.151.14
Sep 29 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: input_userauth_request: invalid user frappe [preauth]
Sep 29 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Failed password for root from 162.144.236.216 port 39754 ssh2
Sep 29 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Failed password for invalid user frappe from 170.233.151.14 port 59222 ssh2
Sep 29 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Received disconnect from 170.233.151.14 port 59222:11: Bye Bye [preauth]
Sep 29 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Disconnected from 170.233.151.14 port 59222 [preauth]
Sep 29 11:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Connection closed by 162.144.236.216 port 39754 [preauth]
Sep 29 11:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session closed for user root
Sep 29 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: Failed password for root from 162.144.236.216 port 49732 ssh2
Sep 29 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10951]: Connection closed by 162.144.236.216 port 49732 [preauth]
Sep 29 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: Failed password for root from 162.144.236.216 port 55522 ssh2
Sep 29 11:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: Connection closed by 162.144.236.216 port 55522 [preauth]
Sep 29 11:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: Invalid user ubuntu from 152.52.15.214
Sep 29 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 11:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: Failed password for invalid user ubuntu from 152.52.15.214 port 24720 ssh2
Sep 29 11:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: Received disconnect from 152.52.15.214 port 24720:11: Bye Bye [preauth]
Sep 29 11:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11024]: Disconnected from 152.52.15.214 port 24720 [preauth]
Sep 29 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for root from 162.144.236.216 port 33656 ssh2
Sep 29 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: Failed password for root from 152.32.172.117 port 43808 ssh2
Sep 29 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: Received disconnect from 152.32.172.117 port 43808:11: Bye Bye [preauth]
Sep 29 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11037]: Disconnected from 152.32.172.117 port 43808 [preauth]
Sep 29 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Connection closed by 162.144.236.216 port 33656 [preauth]
Sep 29 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for root from 162.144.236.216 port 39792 ssh2
Sep 29 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Connection closed by 162.144.236.216 port 39792 [preauth]
Sep 29 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11062]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11060]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11127]: Successful su for rubyman by root
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11127]: + ??? root:rubyman
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314362 of user rubyman.
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11127]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314362.
Sep 29 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session closed for user root
Sep 29 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11058]: Failed password for root from 162.144.236.216 port 46798 ssh2
Sep 29 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11058]: Connection closed by 162.144.236.216 port 46798 [preauth]
Sep 29 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11061]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Failed password for root from 162.144.236.216 port 52404 ssh2
Sep 29 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Connection closed by 162.144.236.216 port 52404 [preauth]
Sep 29 11:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Failed password for root from 162.144.236.216 port 60596 ssh2
Sep 29 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Connection closed by 162.144.236.216 port 60596 [preauth]
Sep 29 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: Failed password for root from 162.144.236.216 port 39360 ssh2
Sep 29 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: Connection closed by 162.144.236.216 port 39360 [preauth]
Sep 29 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session closed for user root
Sep 29 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Invalid user exx from 170.233.151.14
Sep 29 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: input_userauth_request: invalid user exx [preauth]
Sep 29 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Failed password for invalid user exx from 170.233.151.14 port 50024 ssh2
Sep 29 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Received disconnect from 170.233.151.14 port 50024:11: Bye Bye [preauth]
Sep 29 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Disconnected from 170.233.151.14 port 50024 [preauth]
Sep 29 11:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Failed password for root from 162.144.236.216 port 45164 ssh2
Sep 29 11:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11417]: Connection closed by 162.144.236.216 port 45164 [preauth]
Sep 29 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Invalid user pydio from 152.52.15.214
Sep 29 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: input_userauth_request: invalid user pydio [preauth]
Sep 29 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Failed password for invalid user pydio from 152.52.15.214 port 48018 ssh2
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Received disconnect from 152.52.15.214 port 48018:11: Bye Bye [preauth]
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Disconnected from 152.52.15.214 port 48018 [preauth]
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: Invalid user ubuntu from 152.32.172.117
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: Failed password for invalid user ubuntu from 152.32.172.117 port 52810 ssh2
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: Received disconnect from 152.32.172.117 port 52810:11: Bye Bye [preauth]
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: Disconnected from 152.32.172.117 port 52810 [preauth]
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: Successful su for rubyman by root
Sep 29 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: + ??? root:rubyman
Sep 29 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314365 of user rubyman.
Sep 29 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314365.
Sep 29 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session closed for user root
Sep 29 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11505]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Failed password for root from 162.144.236.216 port 53402 ssh2
Sep 29 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Connection closed by 162.144.236.216 port 53402 [preauth]
Sep 29 11:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Failed password for root from 162.144.236.216 port 34192 ssh2
Sep 29 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Connection closed by 162.144.236.216 port 34192 [preauth]
Sep 29 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: Failed password for root from 162.144.236.216 port 41804 ssh2
Sep 29 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: Connection closed by 162.144.236.216 port 41804 [preauth]
Sep 29 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10602]: pam_unix(cron:session): session closed for user root
Sep 29 11:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for root from 162.144.236.216 port 48890 ssh2
Sep 29 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Connection closed by 162.144.236.216 port 48890 [preauth]
Sep 29 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Failed password for root from 162.144.236.216 port 56236 ssh2
Sep 29 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Connection closed by 162.144.236.216 port 56236 [preauth]
Sep 29 11:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Invalid user pydio from 170.233.151.14
Sep 29 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: input_userauth_request: invalid user pydio [preauth]
Sep 29 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Failed password for invalid user pydio from 170.233.151.14 port 59344 ssh2
Sep 29 11:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Received disconnect from 170.233.151.14 port 59344:11: Bye Bye [preauth]
Sep 29 11:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Disconnected from 170.233.151.14 port 59344 [preauth]
Sep 29 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: Failed password for root from 162.144.236.216 port 34598 ssh2
Sep 29 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: Connection closed by 162.144.236.216 port 34598 [preauth]
Sep 29 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12039]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12104]: Successful su for rubyman by root
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12104]: + ??? root:rubyman
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314369 of user rubyman.
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12104]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314369.
Sep 29 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session closed for user root
Sep 29 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Failed password for root from 162.144.236.216 port 42096 ssh2
Sep 29 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Failed password for root from 152.52.15.214 port 14814 ssh2
Sep 29 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Received disconnect from 152.52.15.214 port 14814:11: Bye Bye [preauth]
Sep 29 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Disconnected from 152.52.15.214 port 14814 [preauth]
Sep 29 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12037]: Connection closed by 162.144.236.216 port 42096 [preauth]
Sep 29 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Invalid user test from 152.32.172.117
Sep 29 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: input_userauth_request: invalid user test [preauth]
Sep 29 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Failed password for invalid user test from 152.32.172.117 port 37118 ssh2
Sep 29 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Received disconnect from 152.32.172.117 port 37118:11: Bye Bye [preauth]
Sep 29 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Disconnected from 152.32.172.117 port 37118 [preauth]
Sep 29 11:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Failed password for root from 162.144.236.216 port 47892 ssh2
Sep 29 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Connection closed by 162.144.236.216 port 47892 [preauth]
Sep 29 11:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: Failed password for root from 162.144.236.216 port 55734 ssh2
Sep 29 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12352]: Connection closed by 162.144.236.216 port 55734 [preauth]
Sep 29 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: Failed password for root from 162.144.236.216 port 33790 ssh2
Sep 29 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11063]: pam_unix(cron:session): session closed for user root
Sep 29 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12381]: Connection closed by 162.144.236.216 port 33790 [preauth]
Sep 29 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Failed password for root from 162.144.236.216 port 40784 ssh2
Sep 29 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Connection closed by 162.144.236.216 port 40784 [preauth]
Sep 29 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Failed password for root from 162.144.236.216 port 48816 ssh2
Sep 29 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Connection closed by 162.144.236.216 port 48816 [preauth]
Sep 29 11:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: Invalid user deployment from 8.213.197.49
Sep 29 11:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: input_userauth_request: invalid user deployment [preauth]
Sep 29 11:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: Failed password for invalid user deployment from 8.213.197.49 port 41796 ssh2
Sep 29 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: Received disconnect from 8.213.197.49 port 41796:11: Bye Bye [preauth]
Sep 29 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12484]: Disconnected from 8.213.197.49 port 41796 [preauth]
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session closed for user root
Sep 29 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: Successful su for rubyman by root
Sep 29 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: + ??? root:rubyman
Sep 29 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314372 of user rubyman.
Sep 29 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12569]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314372.
Sep 29 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user root
Sep 29 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: Failed password for root from 162.144.236.216 port 56094 ssh2
Sep 29 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session closed for user root
Sep 29 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12482]: Connection closed by 162.144.236.216 port 56094 [preauth]
Sep 29 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Invalid user django from 152.52.15.214
Sep 29 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: input_userauth_request: invalid user django [preauth]
Sep 29 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Failed password for root from 170.233.151.14 port 56284 ssh2
Sep 29 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Received disconnect from 170.233.151.14 port 56284:11: Bye Bye [preauth]
Sep 29 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Disconnected from 170.233.151.14 port 56284 [preauth]
Sep 29 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Failed password for invalid user django from 152.52.15.214 port 38114 ssh2
Sep 29 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Received disconnect from 152.52.15.214 port 38114:11: Bye Bye [preauth]
Sep 29 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Disconnected from 152.52.15.214 port 38114 [preauth]
Sep 29 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Invalid user tmpuser from 152.32.172.117
Sep 29 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: input_userauth_request: invalid user tmpuser [preauth]
Sep 29 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Failed password for invalid user tmpuser from 152.32.172.117 port 34176 ssh2
Sep 29 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Received disconnect from 152.32.172.117 port 34176:11: Bye Bye [preauth]
Sep 29 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Disconnected from 152.32.172.117 port 34176 [preauth]
Sep 29 11:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Failed password for root from 162.144.236.216 port 35414 ssh2
Sep 29 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Connection closed by 162.144.236.216 port 35414 [preauth]
Sep 29 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Did not receive identification string from 162.144.236.216
Sep 29 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user root
Sep 29 11:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for root from 162.144.236.216 port 45922 ssh2
Sep 29 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Connection closed by 162.144.236.216 port 45922 [preauth]
Sep 29 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Failed password for root from 162.144.236.216 port 53118 ssh2
Sep 29 11:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Connection closed by 162.144.236.216 port 53118 [preauth]
Sep 29 11:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Failed password for root from 162.144.236.216 port 60658 ssh2
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Connection closed by 162.144.236.216 port 60658 [preauth]
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: Successful su for rubyman by root
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: + ??? root:rubyman
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314379 of user rubyman.
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13083]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314379.
Sep 29 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session closed for user root
Sep 29 11:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Failed password for root from 162.144.236.216 port 38198 ssh2
Sep 29 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Connection closed by 162.144.236.216 port 38198 [preauth]
Sep 29 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: Failed password for root from 162.144.236.216 port 45288 ssh2
Sep 29 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: Connection closed by 162.144.236.216 port 45288 [preauth]
Sep 29 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Invalid user deployment from 152.52.15.214
Sep 29 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: input_userauth_request: invalid user deployment [preauth]
Sep 29 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Failed password for invalid user deployment from 152.52.15.214 port 61414 ssh2
Sep 29 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Received disconnect from 152.52.15.214 port 61414:11: Bye Bye [preauth]
Sep 29 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Disconnected from 152.52.15.214 port 61414 [preauth]
Sep 29 11:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Failed password for root from 162.144.236.216 port 51828 ssh2
Sep 29 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Connection closed by 162.144.236.216 port 51828 [preauth]
Sep 29 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 11:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Invalid user ya from 170.233.151.14
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: input_userauth_request: invalid user ya [preauth]
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Failed password for root from 152.32.172.117 port 49970 ssh2
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Received disconnect from 152.32.172.117 port 49970:11: Bye Bye [preauth]
Sep 29 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Disconnected from 152.32.172.117 port 49970 [preauth]
Sep 29 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Failed password for invalid user ya from 170.233.151.14 port 48518 ssh2
Sep 29 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Received disconnect from 170.233.151.14 port 48518:11: Bye Bye [preauth]
Sep 29 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Disconnected from 170.233.151.14 port 48518 [preauth]
Sep 29 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user root
Sep 29 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for root from 162.144.236.216 port 59654 ssh2
Sep 29 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Connection closed by 162.144.236.216 port 59654 [preauth]
Sep 29 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Failed password for root from 162.144.236.216 port 36644 ssh2
Sep 29 11:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Connection closed by 162.144.236.216 port 36644 [preauth]
Sep 29 11:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Invalid user admin from 185.156.73.233
Sep 29 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: input_userauth_request: invalid user admin [preauth]
Sep 29 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Failed password for invalid user admin from 185.156.73.233 port 32716 ssh2
Sep 29 11:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13451]: Connection closed by 185.156.73.233 port 32716 [preauth]
Sep 29 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Failed password for root from 162.144.236.216 port 42996 ssh2
Sep 29 11:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Connection closed by 162.144.236.216 port 42996 [preauth]
Sep 29 11:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13482]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13477]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Failed password for root from 162.144.236.216 port 52072 ssh2
Sep 29 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13544]: Successful su for rubyman by root
Sep 29 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13544]: + ??? root:rubyman
Sep 29 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314382 of user rubyman.
Sep 29 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13544]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314382.
Sep 29 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Connection closed by 162.144.236.216 port 52072 [preauth]
Sep 29 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session closed for user root
Sep 29 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Failed password for root from 162.144.236.216 port 58478 ssh2
Sep 29 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Connection closed by 162.144.236.216 port 58478 [preauth]
Sep 29 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: Failed password for root from 162.144.236.216 port 37692 ssh2
Sep 29 11:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: Connection closed by 162.144.236.216 port 37692 [preauth]
Sep 29 11:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Invalid user robot from 152.52.15.214
Sep 29 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: input_userauth_request: invalid user robot [preauth]
Sep 29 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for invalid user robot from 152.52.15.214 port 28210 ssh2
Sep 29 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Received disconnect from 152.52.15.214 port 28210:11: Bye Bye [preauth]
Sep 29 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Disconnected from 152.52.15.214 port 28210 [preauth]
Sep 29 11:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Failed password for root from 162.144.236.216 port 43102 ssh2
Sep 29 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session closed for user root
Sep 29 11:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Connection closed by 162.144.236.216 port 43102 [preauth]
Sep 29 11:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Invalid user ftp1 from 170.233.151.14
Sep 29 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: input_userauth_request: invalid user ftp1 [preauth]
Sep 29 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for invalid user ftp1 from 170.233.151.14 port 53092 ssh2
Sep 29 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Received disconnect from 170.233.151.14 port 53092:11: Bye Bye [preauth]
Sep 29 11:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Disconnected from 170.233.151.14 port 53092 [preauth]
Sep 29 11:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13858]: Failed password for root from 162.144.236.216 port 49480 ssh2
Sep 29 11:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13858]: Connection closed by 162.144.236.216 port 49480 [preauth]
Sep 29 11:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Invalid user agent from 152.32.172.117
Sep 29 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: input_userauth_request: invalid user agent [preauth]
Sep 29 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Failed password for invalid user agent from 152.32.172.117 port 37206 ssh2
Sep 29 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Received disconnect from 152.32.172.117 port 37206:11: Bye Bye [preauth]
Sep 29 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Disconnected from 152.32.172.117 port 37206 [preauth]
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13922]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13982]: Successful su for rubyman by root
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13982]: + ??? root:rubyman
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314386 of user rubyman.
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13982]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314386.
Sep 29 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11062]: pam_unix(cron:session): session closed for user root
Sep 29 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for root from 162.144.236.216 port 55902 ssh2
Sep 29 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Connection closed by 162.144.236.216 port 55902 [preauth]
Sep 29 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13918]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Failed password for root from 162.144.236.216 port 35792 ssh2
Sep 29 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14262]: Connection closed by 162.144.236.216 port 35792 [preauth]
Sep 29 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Failed password for root from 162.144.236.216 port 44418 ssh2
Sep 29 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Connection closed by 162.144.236.216 port 44418 [preauth]
Sep 29 11:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for root from 162.144.236.216 port 50404 ssh2
Sep 29 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Connection closed by 162.144.236.216 port 50404 [preauth]
Sep 29 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session closed for user root
Sep 29 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Invalid user ftptest from 152.52.15.214
Sep 29 11:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: input_userauth_request: invalid user ftptest [preauth]
Sep 29 11:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: Failed password for root from 162.144.236.216 port 56608 ssh2
Sep 29 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Failed password for invalid user ftptest from 152.52.15.214 port 51510 ssh2
Sep 29 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Received disconnect from 152.52.15.214 port 51510:11: Bye Bye [preauth]
Sep 29 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Disconnected from 152.52.15.214 port 51510 [preauth]
Sep 29 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14354]: Connection closed by 162.144.236.216 port 56608 [preauth]
Sep 29 11:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Failed password for root from 162.144.236.216 port 36800 ssh2
Sep 29 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Connection closed by 162.144.236.216 port 36800 [preauth]
Sep 29 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Connection closed by 8.213.197.49 port 52222 [preauth]
Sep 29 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Invalid user titu from 170.233.151.14
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: input_userauth_request: invalid user titu [preauth]
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14440]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14436]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14438]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Failed password for root from 162.144.236.216 port 43500 ssh2
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: Successful su for rubyman by root
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: + ??? root:rubyman
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314392 of user rubyman.
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314392.
Sep 29 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14436]: pam_unix(cron:session): session closed for user root
Sep 29 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Connection closed by 162.144.236.216 port 43500 [preauth]
Sep 29 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Failed password for invalid user titu from 170.233.151.14 port 37336 ssh2
Sep 29 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Received disconnect from 170.233.151.14 port 37336:11: Bye Bye [preauth]
Sep 29 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Disconnected from 170.233.151.14 port 37336 [preauth]
Sep 29 11:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session closed for user root
Sep 29 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: Connection closed by 172.236.228.220 port 53656 [preauth]
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Invalid user deployment from 152.32.172.117
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: input_userauth_request: invalid user deployment [preauth]
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14439]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Connection closed by 172.236.228.220 port 53660 [preauth]
Sep 29 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Failed password for invalid user deployment from 152.32.172.117 port 40174 ssh2
Sep 29 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Failed password for root from 162.144.236.216 port 52990 ssh2
Sep 29 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Received disconnect from 152.32.172.117 port 40174:11: Bye Bye [preauth]
Sep 29 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Disconnected from 152.32.172.117 port 40174 [preauth]
Sep 29 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Did not receive identification string from 172.236.228.220
Sep 29 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Connection closed by 162.144.236.216 port 52990 [preauth]
Sep 29 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarabas.com@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 11:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Failed password for root from 162.144.236.216 port 59100 ssh2
Sep 29 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Connection closed by 162.144.236.216 port 59100 [preauth]
Sep 29 11:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 11:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarabas.com rhost=::ffff:45.142.193.185
Sep 29 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: Failed password for root from 162.144.236.216 port 38162 ssh2
Sep 29 11:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: Connection closed by 162.144.236.216 port 38162 [preauth]
Sep 29 11:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13482]: pam_unix(cron:session): session closed for user root
Sep 29 11:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Failed password for root from 162.144.236.216 port 45646 ssh2
Sep 29 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Connection closed by 162.144.236.216 port 45646 [preauth]
Sep 29 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Failed password for root from 162.144.236.216 port 53894 ssh2
Sep 29 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Invalid user titu from 152.52.15.214
Sep 29 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: input_userauth_request: invalid user titu [preauth]
Sep 29 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Connection closed by 162.144.236.216 port 53894 [preauth]
Sep 29 11:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Failed password for invalid user titu from 152.52.15.214 port 18310 ssh2
Sep 29 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Received disconnect from 152.52.15.214 port 18310:11: Bye Bye [preauth]
Sep 29 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Disconnected from 152.52.15.214 port 18310 [preauth]
Sep 29 11:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for root from 162.144.236.216 port 34588 ssh2
Sep 29 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 162.144.236.216 port 34588 [preauth]
Sep 29 11:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14998]: pam_unix(cron:session): session closed for user root
Sep 29 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15068]: Successful su for rubyman by root
Sep 29 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15068]: + ??? root:rubyman
Sep 29 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314395 of user rubyman.
Sep 29 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15068]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314395.
Sep 29 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user root
Sep 29 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14995]: pam_unix(cron:session): session closed for user root
Sep 29 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Failed password for root from 162.144.236.216 port 41100 ssh2
Sep 29 11:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Connection closed by 162.144.236.216 port 41100 [preauth]
Sep 29 11:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Failed password for root from 162.144.236.216 port 47714 ssh2
Sep 29 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15271]: Connection closed by 162.144.236.216 port 47714 [preauth]
Sep 29 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Invalid user frappe from 152.32.172.117
Sep 29 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: input_userauth_request: invalid user frappe [preauth]
Sep 29 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Invalid user work from 170.233.151.14
Sep 29 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: input_userauth_request: invalid user work [preauth]
Sep 29 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Failed password for invalid user frappe from 152.32.172.117 port 36324 ssh2
Sep 29 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Received disconnect from 152.32.172.117 port 36324:11: Bye Bye [preauth]
Sep 29 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Disconnected from 152.32.172.117 port 36324 [preauth]
Sep 29 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Failed password for invalid user work from 170.233.151.14 port 50004 ssh2
Sep 29 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Received disconnect from 170.233.151.14 port 50004:11: Bye Bye [preauth]
Sep 29 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15330]: Disconnected from 170.233.151.14 port 50004 [preauth]
Sep 29 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Failed password for root from 162.144.236.216 port 53662 ssh2
Sep 29 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Connection closed by 162.144.236.216 port 53662 [preauth]
Sep 29 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13922]: pam_unix(cron:session): session closed for user root
Sep 29 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Failed password for root from 162.144.236.216 port 60644 ssh2
Sep 29 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Connection closed by 162.144.236.216 port 60644 [preauth]
Sep 29 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Failed password for root from 162.144.236.216 port 40606 ssh2
Sep 29 11:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15402]: Connection closed by 162.144.236.216 port 40606 [preauth]
Sep 29 11:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Failed password for root from 162.144.236.216 port 48086 ssh2
Sep 29 11:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49  user=root
Sep 29 11:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Connection closed by 162.144.236.216 port 48086 [preauth]
Sep 29 11:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Failed password for root from 8.213.197.49 port 33382 ssh2
Sep 29 11:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Received disconnect from 8.213.197.49 port 33382:11: Bye Bye [preauth]
Sep 29 11:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Disconnected from 8.213.197.49 port 33382 [preauth]
Sep 29 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15467]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Failed password for root from 162.144.236.216 port 54252 ssh2
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: Successful su for rubyman by root
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: + ??? root:rubyman
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314401 of user rubyman.
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314401.
Sep 29 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Connection closed by 162.144.236.216 port 54252 [preauth]
Sep 29 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214  user=root
Sep 29 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user root
Sep 29 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Failed password for root from 152.52.15.214 port 41610 ssh2
Sep 29 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Received disconnect from 152.52.15.214 port 41610:11: Bye Bye [preauth]
Sep 29 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Disconnected from 152.52.15.214 port 41610 [preauth]
Sep 29 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Failed password for root from 162.144.236.216 port 33448 ssh2
Sep 29 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Connection closed by 162.144.236.216 port 33448 [preauth]
Sep 29 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15767]: Connection closed by 172.105.128.13 port 58142 [preauth]
Sep 29 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Connection closed by 172.105.128.13 port 58154 [preauth]
Sep 29 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: fatal: Unable to negotiate with 172.105.128.13 port 58168: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Sep 29 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Failed password for root from 162.144.236.216 port 40830 ssh2
Sep 29 11:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Connection closed by 162.144.236.216 port 40830 [preauth]
Sep 29 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Invalid user old from 152.32.172.117
Sep 29 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: input_userauth_request: invalid user old [preauth]
Sep 29 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Failed password for invalid user old from 152.32.172.117 port 56640 ssh2
Sep 29 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Received disconnect from 152.32.172.117 port 56640:11: Bye Bye [preauth]
Sep 29 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15815]: Disconnected from 152.32.172.117 port 56640 [preauth]
Sep 29 11:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session closed for user root
Sep 29 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Failed password for root from 170.233.151.14 port 52924 ssh2
Sep 29 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Received disconnect from 170.233.151.14 port 52924:11: Bye Bye [preauth]
Sep 29 11:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Disconnected from 170.233.151.14 port 52924 [preauth]
Sep 29 11:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: Failed password for root from 162.144.236.216 port 48510 ssh2
Sep 29 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15805]: Connection closed by 162.144.236.216 port 48510 [preauth]
Sep 29 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15914]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: Successful su for rubyman by root
Sep 29 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: + ??? root:rubyman
Sep 29 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314406 of user rubyman.
Sep 29 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15977]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314406.
Sep 29 11:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session closed for user root
Sep 29 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Failed password for root from 162.144.236.216 port 58982 ssh2
Sep 29 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15915]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15894]: Connection closed by 162.144.236.216 port 58982 [preauth]
Sep 29 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Invalid user test from 152.52.15.214
Sep 29 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: input_userauth_request: invalid user test [preauth]
Sep 29 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user test from 152.52.15.214 port 64912 ssh2
Sep 29 11:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Received disconnect from 152.52.15.214 port 64912:11: Bye Bye [preauth]
Sep 29 11:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Disconnected from 152.52.15.214 port 64912 [preauth]
Sep 29 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Failed password for root from 162.144.236.216 port 37570 ssh2
Sep 29 11:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Connection closed by 162.144.236.216 port 37570 [preauth]
Sep 29 11:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session closed for user root
Sep 29 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Failed password for root from 162.144.236.216 port 45250 ssh2
Sep 29 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Invalid user eth from 152.32.172.117
Sep 29 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: input_userauth_request: invalid user eth [preauth]
Sep 29 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user eth from 152.32.172.117 port 59508 ssh2
Sep 29 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Received disconnect from 152.32.172.117 port 59508:11: Bye Bye [preauth]
Sep 29 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Disconnected from 152.32.172.117 port 59508 [preauth]
Sep 29 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Connection closed by 162.144.236.216 port 45250 [preauth]
Sep 29 11:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Invalid user test from 170.233.151.14
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: input_userauth_request: invalid user test [preauth]
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Failed password for root from 162.144.236.216 port 53554 ssh2
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: Successful su for rubyman by root
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: + ??? root:rubyman
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314409 of user rubyman.
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16429]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Invalid user user from 93.152.230.176
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: input_userauth_request: invalid user user [preauth]
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314409.
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Failed password for invalid user test from 170.233.151.14 port 48454 ssh2
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Received disconnect from 170.233.151.14 port 48454:11: Bye Bye [preauth]
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16356]: Disconnected from 170.233.151.14 port 48454 [preauth]
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Connection closed by 162.144.236.216 port 53554 [preauth]
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Failed password for invalid user user from 93.152.230.176 port 26894 ssh2
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Received disconnect from 93.152.230.176 port 26894:11: Client disconnecting normally [preauth]
Sep 29 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Disconnected from 93.152.230.176 port 26894 [preauth]
Sep 29 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13481]: pam_unix(cron:session): session closed for user root
Sep 29 11:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Failed password for root from 162.144.236.216 port 33172 ssh2
Sep 29 11:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Connection closed by 162.144.236.216 port 33172 [preauth]
Sep 29 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Invalid user ftp1 from 152.52.15.214
Sep 29 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: input_userauth_request: invalid user ftp1 [preauth]
Sep 29 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Failed password for invalid user ftp1 from 152.52.15.214 port 31714 ssh2
Sep 29 11:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Received disconnect from 152.52.15.214 port 31714:11: Bye Bye [preauth]
Sep 29 11:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Disconnected from 152.52.15.214 port 31714 [preauth]
Sep 29 11:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Failed password for root from 162.144.236.216 port 40106 ssh2
Sep 29 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session closed for user root
Sep 29 11:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Connection closed by 162.144.236.216 port 40106 [preauth]
Sep 29 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Invalid user user-backup from 152.32.172.117
Sep 29 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: input_userauth_request: invalid user user-backup [preauth]
Sep 29 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117
Sep 29 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Failed password for invalid user user-backup from 152.32.172.117 port 45262 ssh2
Sep 29 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Received disconnect from 152.32.172.117 port 45262:11: Bye Bye [preauth]
Sep 29 11:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Disconnected from 152.32.172.117 port 45262 [preauth]
Sep 29 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Failed password for root from 162.144.236.216 port 48642 ssh2
Sep 29 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16819]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16815]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16880]: Successful su for rubyman by root
Sep 29 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16880]: + ??? root:rubyman
Sep 29 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314413 of user rubyman.
Sep 29 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16880]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314413.
Sep 29 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Connection closed by 162.144.236.216 port 48642 [preauth]
Sep 29 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session closed for user root
Sep 29 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16817]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: Failed password for root from 162.144.236.216 port 59134 ssh2
Sep 29 11:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17032]: Connection closed by 162.144.236.216 port 59134 [preauth]
Sep 29 11:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Failed password for root from 170.233.151.14 port 52458 ssh2
Sep 29 11:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Received disconnect from 170.233.151.14 port 52458:11: Bye Bye [preauth]
Sep 29 11:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17136]: Disconnected from 170.233.151.14 port 52458 [preauth]
Sep 29 11:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Failed password for root from 162.144.236.216 port 37622 ssh2
Sep 29 11:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Connection closed by 162.144.236.216 port 37622 [preauth]
Sep 29 11:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session closed for user root
Sep 29 11:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Invalid user ubuntu from 152.52.15.214
Sep 29 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Failed password for invalid user ubuntu from 152.52.15.214 port 55012 ssh2
Sep 29 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Received disconnect from 152.52.15.214 port 55012:11: Bye Bye [preauth]
Sep 29 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Disconnected from 152.52.15.214 port 55012 [preauth]
Sep 29 11:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Failed password for root from 162.144.236.216 port 43794 ssh2
Sep 29 11:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Connection closed by 162.144.236.216 port 43794 [preauth]
Sep 29 11:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 11:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.128.169
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user root
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17300]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.172.117  user=root
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17382]: Successful su for rubyman by root
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17382]: + ??? root:rubyman
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314417 of user rubyman.
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17382]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314417.
Sep 29 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for root from 162.144.236.216 port 51878 ssh2
Sep 29 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Failed password for root from 152.32.172.117 port 49142 ssh2
Sep 29 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Received disconnect from 152.32.172.117 port 49142:11: Bye Bye [preauth]
Sep 29 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Disconnected from 152.32.172.117 port 49142 [preauth]
Sep 29 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user root
Sep 29 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Connection closed by 162.144.236.216 port 51878 [preauth]
Sep 29 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Invalid user viper from 120.48.170.78
Sep 29 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: input_userauth_request: invalid user viper [preauth]
Sep 29 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.170.78
Sep 29 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14440]: pam_unix(cron:session): session closed for user root
Sep 29 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17549]: Failed password for invalid user viper from 120.48.170.78 port 34500 ssh2
Sep 29 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Failed password for root from 162.144.236.216 port 59442 ssh2
Sep 29 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Connection closed by 162.144.236.216 port 59442 [preauth]
Sep 29 11:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Failed password for root from 162.144.236.216 port 38128 ssh2
Sep 29 11:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Connection closed by 162.144.236.216 port 38128 [preauth]
Sep 29 11:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user root
Sep 29 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Invalid user javad from 170.233.151.14
Sep 29 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: input_userauth_request: invalid user javad [preauth]
Sep 29 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Failed password for invalid user javad from 170.233.151.14 port 35502 ssh2
Sep 29 11:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Received disconnect from 170.233.151.14 port 35502:11: Bye Bye [preauth]
Sep 29 11:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Disconnected from 170.233.151.14 port 35502 [preauth]
Sep 29 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Invalid user work from 152.52.15.214
Sep 29 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: input_userauth_request: invalid user work [preauth]
Sep 29 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.52.15.214
Sep 29 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Failed password for invalid user work from 152.52.15.214 port 21810 ssh2
Sep 29 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Received disconnect from 152.52.15.214 port 21810:11: Bye Bye [preauth]
Sep 29 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17775]: Disconnected from 152.52.15.214 port 21810 [preauth]
Sep 29 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Failed password for root from 162.144.236.216 port 43638 ssh2
Sep 29 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Connection closed by 162.144.236.216 port 43638 [preauth]
Sep 29 11:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17881]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: Successful su for rubyman by root
Sep 29 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: + ??? root:rubyman
Sep 29 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314424 of user rubyman.
Sep 29 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17959]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314424.
Sep 29 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Failed password for root from 162.144.236.216 port 52800 ssh2
Sep 29 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session closed for user root
Sep 29 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17848]: Connection closed by 162.144.236.216 port 52800 [preauth]
Sep 29 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Failed password for root from 162.144.236.216 port 60184 ssh2
Sep 29 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Connection closed by 162.144.236.216 port 60184 [preauth]
Sep 29 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18418]: Failed password for root from 162.144.236.216 port 38702 ssh2
Sep 29 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18418]: Connection closed by 162.144.236.216 port 38702 [preauth]
Sep 29 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16819]: pam_unix(cron:session): session closed for user root
Sep 29 11:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: Failed password for root from 162.144.236.216 port 47162 ssh2
Sep 29 11:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18489]: Connection closed by 162.144.236.216 port 47162 [preauth]
Sep 29 11:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Invalid user django from 170.233.151.14
Sep 29 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: input_userauth_request: invalid user django [preauth]
Sep 29 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14
Sep 29 11:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Failed password for invalid user django from 170.233.151.14 port 47636 ssh2
Sep 29 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Received disconnect from 170.233.151.14 port 47636:11: Bye Bye [preauth]
Sep 29 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Disconnected from 170.233.151.14 port 47636 [preauth]
Sep 29 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: Failed password for root from 162.144.236.216 port 54458 ssh2
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session closed for user root
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: Connection closed by 162.144.236.216 port 54458 [preauth]
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18681]: Successful su for rubyman by root
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18681]: + ??? root:rubyman
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314427 of user rubyman.
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18681]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314427.
Sep 29 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session closed for user root
Sep 29 11:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: Failed password for root from 162.144.236.216 port 58882 ssh2
Sep 29 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18709]: Connection closed by 162.144.236.216 port 58882 [preauth]
Sep 29 11:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: Failed password for root from 162.144.236.216 port 37504 ssh2
Sep 29 11:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: Connection closed by 162.144.236.216 port 37504 [preauth]
Sep 29 11:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session closed for user root
Sep 29 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: Failed password for root from 162.144.236.216 port 43586 ssh2
Sep 29 11:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: Connection closed by 162.144.236.216 port 43586 [preauth]
Sep 29 11:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19036]: Failed password for root from 162.144.236.216 port 52078 ssh2
Sep 29 11:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19036]: Connection closed by 162.144.236.216 port 52078 [preauth]
Sep 29 11:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19155]: Successful su for rubyman by root
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19155]: + ??? root:rubyman
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314433 of user rubyman.
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19155]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314433.
Sep 29 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session closed for user root
Sep 29 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 162.144.236.216 port 59572 ssh2
Sep 29 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Connection closed by 162.144.236.216 port 59572 [preauth]
Sep 29 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19588]: Failed password for root from 170.233.151.14 port 48858 ssh2
Sep 29 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19588]: Received disconnect from 170.233.151.14 port 48858:11: Bye Bye [preauth]
Sep 29 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19588]: Disconnected from 170.233.151.14 port 48858 [preauth]
Sep 29 11:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19585]: Failed password for root from 162.144.236.216 port 38152 ssh2
Sep 29 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19585]: Connection closed by 162.144.236.216 port 38152 [preauth]
Sep 29 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17881]: pam_unix(cron:session): session closed for user root
Sep 29 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Failed password for root from 162.144.236.216 port 46608 ssh2
Sep 29 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Connection closed by 162.144.236.216 port 46608 [preauth]
Sep 29 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Invalid user dell from 103.174.114.50
Sep 29 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: input_userauth_request: invalid user dell [preauth]
Sep 29 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Failed password for invalid user dell from 103.174.114.50 port 49868 ssh2
Sep 29 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Received disconnect from 103.174.114.50 port 49868:11: Bye Bye [preauth]
Sep 29 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19837]: Disconnected from 103.174.114.50 port 49868 [preauth]
Sep 29 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Failed password for root from 162.144.236.216 port 53908 ssh2
Sep 29 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Connection closed by 162.144.236.216 port 53908 [preauth]
Sep 29 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: Successful su for rubyman by root
Sep 29 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: + ??? root:rubyman
Sep 29 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314436 of user rubyman.
Sep 29 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314436.
Sep 29 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user root
Sep 29 11:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19909]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Failed password for root from 162.144.236.216 port 33112 ssh2
Sep 29 11:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Connection closed by 162.144.236.216 port 33112 [preauth]
Sep 29 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: Failed password for root from 162.144.236.216 port 39916 ssh2
Sep 29 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20230]: Connection closed by 162.144.236.216 port 39916 [preauth]
Sep 29 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: Failed password for root from 162.144.236.216 port 44690 ssh2
Sep 29 11:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.233.151.14  user=root
Sep 29 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20263]: Connection closed by 162.144.236.216 port 44690 [preauth]
Sep 29 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Failed password for root from 170.233.151.14 port 35920 ssh2
Sep 29 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Received disconnect from 170.233.151.14 port 35920:11: Bye Bye [preauth]
Sep 29 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Disconnected from 170.233.151.14 port 35920 [preauth]
Sep 29 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session closed for user root
Sep 29 11:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Failed password for root from 162.144.236.216 port 51570 ssh2
Sep 29 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Connection closed by 162.144.236.216 port 51570 [preauth]
Sep 29 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session closed for user root
Sep 29 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20486]: Successful su for rubyman by root
Sep 29 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20486]: + ??? root:rubyman
Sep 29 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314442 of user rubyman.
Sep 29 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20486]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314442.
Sep 29 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user root
Sep 29 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16818]: pam_unix(cron:session): session closed for user root
Sep 29 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Failed password for root from 162.144.236.216 port 57536 ssh2
Sep 29 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Connection closed by 162.144.236.216 port 57536 [preauth]
Sep 29 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: Failed password for root from 162.144.236.216 port 41480 ssh2
Sep 29 11:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: Connection closed by 162.144.236.216 port 41480 [preauth]
Sep 29 11:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: Failed password for root from 162.144.236.216 port 45780 ssh2
Sep 29 11:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: Connection closed by 162.144.236.216 port 45780 [preauth]
Sep 29 11:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19092]: pam_unix(cron:session): session closed for user root
Sep 29 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Failed password for root from 162.144.236.216 port 52722 ssh2
Sep 29 11:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Connection closed by 162.144.236.216 port 52722 [preauth]
Sep 29 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Failed password for root from 162.144.236.216 port 59238 ssh2
Sep 29 11:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20838]: Connection closed by 162.144.236.216 port 59238 [preauth]
Sep 29 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Failed password for root from 162.144.236.216 port 39166 ssh2
Sep 29 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Connection closed by 162.144.236.216 port 39166 [preauth]
Sep 29 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20909]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20984]: Successful su for rubyman by root
Sep 29 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20984]: + ??? root:rubyman
Sep 29 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314447 of user rubyman.
Sep 29 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20984]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314447.
Sep 29 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session closed for user root
Sep 29 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20910]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Failed password for root from 162.144.236.216 port 47140 ssh2
Sep 29 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Sep 29 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Connection closed by 162.144.236.216 port 47140 [preauth]
Sep 29 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Failed password for root from 194.0.234.19 port 59594 ssh2
Sep 29 11:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Connection closed by 194.0.234.19 port 59594 [preauth]
Sep 29 11:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Invalid user marko from 103.174.114.50
Sep 29 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: input_userauth_request: invalid user marko [preauth]
Sep 29 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Failed password for invalid user marko from 103.174.114.50 port 43316 ssh2
Sep 29 11:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Received disconnect from 103.174.114.50 port 43316:11: Bye Bye [preauth]
Sep 29 11:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Disconnected from 103.174.114.50 port 43316 [preauth]
Sep 29 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Failed password for root from 162.144.236.216 port 54930 ssh2
Sep 29 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21199]: Connection closed by 162.144.236.216 port 54930 [preauth]
Sep 29 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19913]: pam_unix(cron:session): session closed for user root
Sep 29 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21286]: Did not receive identification string from 139.59.79.179
Sep 29 11:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Failed password for root from 162.144.236.216 port 34452 ssh2
Sep 29 11:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Connection closed by 162.144.236.216 port 34452 [preauth]
Sep 29 11:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: Successful su for rubyman by root
Sep 29 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: + ??? root:rubyman
Sep 29 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314451 of user rubyman.
Sep 29 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314451.
Sep 29 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session closed for user root
Sep 29 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Failed password for root from 162.144.236.216 port 42030 ssh2
Sep 29 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21341]: Connection closed by 162.144.236.216 port 42030 [preauth]
Sep 29 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21629]: Failed password for root from 162.144.236.216 port 50014 ssh2
Sep 29 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21629]: Connection closed by 162.144.236.216 port 50014 [preauth]
Sep 29 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Failed password for root from 162.144.236.216 port 56780 ssh2
Sep 29 11:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Connection closed by 162.144.236.216 port 56780 [preauth]
Sep 29 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session closed for user root
Sep 29 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21700]: Connection closed by 8.213.197.49 port 33998 [preauth]
Sep 29 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: Failed password for root from 162.144.236.216 port 34938 ssh2
Sep 29 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: Connection closed by 162.144.236.216 port 34938 [preauth]
Sep 29 11:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Failed password for root from 93.152.230.176 port 9466 ssh2
Sep 29 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Received disconnect from 93.152.230.176 port 9466:11: Client disconnecting normally [preauth]
Sep 29 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Disconnected from 93.152.230.176 port 9466 [preauth]
Sep 29 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Failed password for root from 162.144.236.216 port 42902 ssh2
Sep 29 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Connection closed by 162.144.236.216 port 42902 [preauth]
Sep 29 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Failed password for root from 162.144.236.216 port 50114 ssh2
Sep 29 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Connection closed by 162.144.236.216 port 50114 [preauth]
Sep 29 11:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: Successful su for rubyman by root
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: + ??? root:rubyman
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314456 of user rubyman.
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21888]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314456.
Sep 29 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Failed password for root from 162.144.236.216 port 56624 ssh2
Sep 29 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Connection closed by 162.144.236.216 port 56624 [preauth]
Sep 29 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user root
Sep 29 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Invalid user chris from 103.174.114.50
Sep 29 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: input_userauth_request: invalid user chris [preauth]
Sep 29 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Sep 29 11:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Failed password for invalid user chris from 103.174.114.50 port 43958 ssh2
Sep 29 11:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22023]: Failed password for root from 162.144.236.216 port 34454 ssh2
Sep 29 11:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Received disconnect from 103.174.114.50 port 43958:11: Bye Bye [preauth]
Sep 29 11:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Disconnected from 103.174.114.50 port 43958 [preauth]
Sep 29 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: Failed password for root from 138.68.58.124 port 47562 ssh2
Sep 29 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: Connection closed by 138.68.58.124 port 47562 [preauth]
Sep 29 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22023]: Connection closed by 162.144.236.216 port 34454 [preauth]
Sep 29 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: Failed password for root from 162.144.236.216 port 42538 ssh2
Sep 29 11:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: Connection closed by 162.144.236.216 port 42538 [preauth]
Sep 29 11:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Invalid user steffen from 80.94.95.112
Sep 29 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: input_userauth_request: invalid user steffen [preauth]
Sep 29 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 11:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user steffen from 80.94.95.112 port 63241 ssh2
Sep 29 11:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user steffen from 80.94.95.112 port 63241 ssh2
Sep 29 11:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Failed password for root from 162.144.236.216 port 49176 ssh2
Sep 29 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Connection closed by 162.144.236.216 port 49176 [preauth]
Sep 29 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user steffen from 80.94.95.112 port 63241 ssh2
Sep 29 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20913]: pam_unix(cron:session): session closed for user root
Sep 29 11:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user steffen from 80.94.95.112 port 63241 ssh2
Sep 29 11:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user steffen from 80.94.95.112 port 63241 ssh2
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: Failed password for root from 162.144.236.216 port 55294 ssh2
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Received disconnect from 80.94.95.112 port 63241:11: Bye [preauth]
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Disconnected from 80.94.95.112 port 63241 [preauth]
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22180]: Connection closed by 162.144.236.216 port 55294 [preauth]
Sep 29 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Invalid user steam from 190.103.202.7
Sep 29 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: input_userauth_request: invalid user steam [preauth]
Sep 29 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 11:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for invalid user steam from 190.103.202.7 port 53446 ssh2
Sep 29 11:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Connection closed by 190.103.202.7 port 53446 [preauth]
Sep 29 11:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Failed password for root from 162.144.236.216 port 60322 ssh2
Sep 29 11:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22216]: Connection closed by 162.144.236.216 port 60322 [preauth]
Sep 29 11:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: Failed password for root from 162.144.236.216 port 40574 ssh2
Sep 29 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: Connection closed by 162.144.236.216 port 40574 [preauth]
Sep 29 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: Successful su for rubyman by root
Sep 29 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: + ??? root:rubyman
Sep 29 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314459 of user rubyman.
Sep 29 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314459.
Sep 29 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Failed password for root from 162.144.236.216 port 46720 ssh2
Sep 29 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Connection closed by 162.144.236.216 port 46720 [preauth]
Sep 29 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19091]: pam_unix(cron:session): session closed for user root
Sep 29 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Failed password for root from 162.144.236.216 port 52464 ssh2
Sep 29 11:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22523]: Connection closed by 162.144.236.216 port 52464 [preauth]
Sep 29 11:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: Failed password for root from 162.144.236.216 port 60462 ssh2
Sep 29 11:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22586]: Connection closed by 162.144.236.216 port 60462 [preauth]
Sep 29 11:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: Invalid user server2 from 8.213.197.49
Sep 29 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: input_userauth_request: invalid user server2 [preauth]
Sep 29 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 11:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session closed for user root
Sep 29 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for root from 162.144.236.216 port 40214 ssh2
Sep 29 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: Failed password for invalid user server2 from 8.213.197.49 port 35064 ssh2
Sep 29 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Connection closed by 162.144.236.216 port 40214 [preauth]
Sep 29 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: Received disconnect from 8.213.197.49 port 35064:11: Bye Bye [preauth]
Sep 29 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22625]: Disconnected from 8.213.197.49 port 35064 [preauth]
Sep 29 11:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Failed password for root from 162.144.236.216 port 47458 ssh2
Sep 29 11:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Connection closed by 162.144.236.216 port 47458 [preauth]
Sep 29 11:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Invalid user james from 103.174.114.50
Sep 29 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: input_userauth_request: invalid user james [preauth]
Sep 29 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Failed password for root from 162.144.236.216 port 54494 ssh2
Sep 29 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22896]: Connection closed by 162.144.236.216 port 54494 [preauth]
Sep 29 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Failed password for invalid user james from 103.174.114.50 port 33662 ssh2
Sep 29 11:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Received disconnect from 103.174.114.50 port 33662:11: Bye Bye [preauth]
Sep 29 11:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22915]: Disconnected from 103.174.114.50 port 33662 [preauth]
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22945]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22948]: pam_unix(cron:session): session closed for user root
Sep 29 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22942]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: Successful su for rubyman by root
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: + ??? root:rubyman
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314466 of user rubyman.
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314466.
Sep 29 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Failed password for root from 162.144.236.216 port 60584 ssh2
Sep 29 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22929]: Connection closed by 162.144.236.216 port 60584 [preauth]
Sep 29 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session closed for user root
Sep 29 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22944]: pam_unix(cron:session): session closed for user root
Sep 29 11:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Failed password for root from 162.144.236.216 port 41368 ssh2
Sep 29 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Connection closed by 162.144.236.216 port 41368 [preauth]
Sep 29 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22943]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Failed password for root from 162.144.236.216 port 46656 ssh2
Sep 29 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Connection closed by 162.144.236.216 port 46656 [preauth]
Sep 29 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: Failed password for root from 162.144.236.216 port 51514 ssh2
Sep 29 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23372]: Connection closed by 162.144.236.216 port 51514 [preauth]
Sep 29 11:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21810]: pam_unix(cron:session): session closed for user root
Sep 29 11:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23404]: Failed password for root from 162.144.236.216 port 58262 ssh2
Sep 29 11:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23404]: Connection closed by 162.144.236.216 port 58262 [preauth]
Sep 29 11:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Failed password for root from 162.144.236.216 port 36488 ssh2
Sep 29 11:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Connection closed by 162.144.236.216 port 36488 [preauth]
Sep 29 11:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Failed password for root from 162.144.236.216 port 43334 ssh2
Sep 29 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Connection closed by 162.144.236.216 port 43334 [preauth]
Sep 29 11:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for root from 162.144.236.216 port 49252 ssh2
Sep 29 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Connection closed by 162.144.236.216 port 49252 [preauth]
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23544]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23535]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Sep 29 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23816]: Successful su for rubyman by root
Sep 29 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23816]: + ??? root:rubyman
Sep 29 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314469 of user rubyman.
Sep 29 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23816]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314469.
Sep 29 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Failed password for root from 80.94.95.116 port 15014 ssh2
Sep 29 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Connection closed by 80.94.95.116 port 15014 [preauth]
Sep 29 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Failed password for root from 162.144.236.216 port 54700 ssh2
Sep 29 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session closed for user root
Sep 29 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Connection closed by 162.144.236.216 port 54700 [preauth]
Sep 29 11:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23536]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Failed password for root from 162.144.236.216 port 60536 ssh2
Sep 29 11:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Connection closed by 162.144.236.216 port 60536 [preauth]
Sep 29 11:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Failed password for root from 162.144.236.216 port 40200 ssh2
Sep 29 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24053]: Connection closed by 162.144.236.216 port 40200 [preauth]
Sep 29 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24101]: Connection reset by 8.213.197.49 port 39294 [preauth]
Sep 29 11:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Failed password for root from 103.174.114.50 port 46076 ssh2
Sep 29 11:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session closed for user root
Sep 29 11:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Received disconnect from 103.174.114.50 port 46076:11: Bye Bye [preauth]
Sep 29 11:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Disconnected from 103.174.114.50 port 46076 [preauth]
Sep 29 11:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Failed password for root from 162.144.236.216 port 47760 ssh2
Sep 29 11:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Connection closed by 162.144.236.216 port 47760 [preauth]
Sep 29 11:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Failed password for root from 162.144.236.216 port 53896 ssh2
Sep 29 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24160]: Connection closed by 162.144.236.216 port 53896 [preauth]
Sep 29 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24189]: Failed password for root from 162.144.236.216 port 32990 ssh2
Sep 29 11:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24189]: Connection closed by 162.144.236.216 port 32990 [preauth]
Sep 29 11:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24298]: Successful su for rubyman by root
Sep 29 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24298]: + ??? root:rubyman
Sep 29 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314474 of user rubyman.
Sep 29 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24298]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314474.
Sep 29 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Failed password for root from 162.144.236.216 port 39800 ssh2
Sep 29 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20911]: pam_unix(cron:session): session closed for user root
Sep 29 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Connection closed by 162.144.236.216 port 39800 [preauth]
Sep 29 11:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Failed password for root from 162.144.236.216 port 48900 ssh2
Sep 29 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Connection closed by 162.144.236.216 port 48900 [preauth]
Sep 29 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Did not receive identification string from 196.251.87.127
Sep 29 11:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Failed password for root from 162.144.236.216 port 54280 ssh2
Sep 29 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Connection closed by 162.144.236.216 port 54280 [preauth]
Sep 29 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for root from 162.144.236.216 port 33944 ssh2
Sep 29 11:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Connection closed by 162.144.236.216 port 33944 [preauth]
Sep 29 11:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22947]: pam_unix(cron:session): session closed for user root
Sep 29 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: Failed password for root from 162.144.236.216 port 41596 ssh2
Sep 29 11:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: Connection closed by 162.144.236.216 port 41596 [preauth]
Sep 29 11:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 162.144.236.216 port 48936 ssh2
Sep 29 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Connection closed by 162.144.236.216 port 48936 [preauth]
Sep 29 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24708]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24783]: Successful su for rubyman by root
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24783]: + ??? root:rubyman
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314477 of user rubyman.
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24783]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314477.
Sep 29 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for root from 162.144.236.216 port 56730 ssh2
Sep 29 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Connection closed by 162.144.236.216 port 56730 [preauth]
Sep 29 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session closed for user root
Sep 29 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24709]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Invalid user vhserver from 103.174.114.50
Sep 29 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: input_userauth_request: invalid user vhserver [preauth]
Sep 29 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Failed password for root from 162.144.236.216 port 34426 ssh2
Sep 29 11:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Connection closed by 162.144.236.216 port 34426 [preauth]
Sep 29 11:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Failed password for invalid user vhserver from 103.174.114.50 port 47734 ssh2
Sep 29 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Received disconnect from 103.174.114.50 port 47734:11: Bye Bye [preauth]
Sep 29 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Disconnected from 103.174.114.50 port 47734 [preauth]
Sep 29 11:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Failed password for root from 162.144.236.216 port 41750 ssh2
Sep 29 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Connection closed by 162.144.236.216 port 41750 [preauth]
Sep 29 11:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Failed password for root from 162.144.236.216 port 47670 ssh2
Sep 29 11:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Connection closed by 162.144.236.216 port 47670 [preauth]
Sep 29 11:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23544]: pam_unix(cron:session): session closed for user root
Sep 29 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Failed password for root from 162.144.236.216 port 54612 ssh2
Sep 29 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Connection closed by 162.144.236.216 port 54612 [preauth]
Sep 29 11:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Failed password for root from 162.144.236.216 port 32788 ssh2
Sep 29 11:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Connection closed by 162.144.236.216 port 32788 [preauth]
Sep 29 11:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25146]: Failed password for root from 162.144.236.216 port 39840 ssh2
Sep 29 11:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25146]: Connection closed by 162.144.236.216 port 39840 [preauth]
Sep 29 11:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: Successful su for rubyman by root
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: + ??? root:rubyman
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314480 of user rubyman.
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25276]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314480.
Sep 29 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25168]: Failed password for root from 162.144.236.216 port 47312 ssh2
Sep 29 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21809]: pam_unix(cron:session): session closed for user root
Sep 29 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25168]: Connection closed by 162.144.236.216 port 47312 [preauth]
Sep 29 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: Failed password for root from 162.144.236.216 port 53850 ssh2
Sep 29 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: Connection closed by 162.144.236.216 port 53850 [preauth]
Sep 29 11:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Failed password for root from 162.144.236.216 port 59828 ssh2
Sep 29 11:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Connection closed by 162.144.236.216 port 59828 [preauth]
Sep 29 11:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Failed password for root from 162.144.236.216 port 38182 ssh2
Sep 29 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Connection closed by 162.144.236.216 port 38182 [preauth]
Sep 29 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24229]: pam_unix(cron:session): session closed for user root
Sep 29 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Failed password for root from 162.144.236.216 port 47508 ssh2
Sep 29 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Connection closed by 162.144.236.216 port 47508 [preauth]
Sep 29 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Failed password for root from 103.174.114.50 port 41486 ssh2
Sep 29 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Failed password for root from 162.144.236.216 port 55698 ssh2
Sep 29 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Received disconnect from 103.174.114.50 port 41486:11: Bye Bye [preauth]
Sep 29 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Disconnected from 103.174.114.50 port 41486 [preauth]
Sep 29 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25928]: Connection closed by 162.144.236.216 port 55698 [preauth]
Sep 29 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session closed for user root
Sep 29 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: Successful su for rubyman by root
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: + ??? root:rubyman
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314486 of user rubyman.
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26061]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314486.
Sep 29 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Failed password for root from 162.144.236.216 port 34846 ssh2
Sep 29 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Connection closed by 162.144.236.216 port 34846 [preauth]
Sep 29 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25979]: pam_unix(cron:session): session closed for user root
Sep 29 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session closed for user root
Sep 29 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Failed password for root from 162.144.236.216 port 41172 ssh2
Sep 29 11:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Connection closed by 162.144.236.216 port 41172 [preauth]
Sep 29 11:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: Failed password for root from 162.144.236.216 port 49088 ssh2
Sep 29 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26312]: Connection closed by 162.144.236.216 port 49088 [preauth]
Sep 29 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: Failed password for root from 162.144.236.216 port 55038 ssh2
Sep 29 11:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: Connection closed by 162.144.236.216 port 55038 [preauth]
Sep 29 11:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24711]: pam_unix(cron:session): session closed for user root
Sep 29 11:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Failed password for root from 162.144.236.216 port 32962 ssh2
Sep 29 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Connection closed by 162.144.236.216 port 32962 [preauth]
Sep 29 11:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: Failed password for root from 162.144.236.216 port 40280 ssh2
Sep 29 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: Connection closed by 162.144.236.216 port 40280 [preauth]
Sep 29 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Failed password for root from 162.144.236.216 port 46628 ssh2
Sep 29 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Connection closed by 162.144.236.216 port 46628 [preauth]
Sep 29 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26582]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: Successful su for rubyman by root
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: + ??? root:rubyman
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314490 of user rubyman.
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314490.
Sep 29 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 162.144.236.216 port 51782 ssh2
Sep 29 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Connection closed by 162.144.236.216 port 51782 [preauth]
Sep 29 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26583]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22945]: pam_unix(cron:session): session closed for user root
Sep 29 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Failed password for root from 162.144.236.216 port 59294 ssh2
Sep 29 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Connection closed by 162.144.236.216 port 59294 [preauth]
Sep 29 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Failed password for root from 162.144.236.216 port 37888 ssh2
Sep 29 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Connection closed by 162.144.236.216 port 37888 [preauth]
Sep 29 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Invalid user test1 from 196.251.87.127
Sep 29 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: input_userauth_request: invalid user test1 [preauth]
Sep 29 11:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 11:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Failed password for invalid user test1 from 196.251.87.127 port 35660 ssh2
Sep 29 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Connection closed by 196.251.87.127 port 35660 [preauth]
Sep 29 11:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Failed password for root from 162.144.236.216 port 43174 ssh2
Sep 29 11:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27032]: Connection closed by 162.144.236.216 port 43174 [preauth]
Sep 29 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session closed for user root
Sep 29 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Invalid user work from 103.174.114.50
Sep 29 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: input_userauth_request: invalid user work [preauth]
Sep 29 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Failed password for invalid user work from 103.174.114.50 port 39388 ssh2
Sep 29 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Received disconnect from 103.174.114.50 port 39388:11: Bye Bye [preauth]
Sep 29 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Disconnected from 103.174.114.50 port 39388 [preauth]
Sep 29 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Failed password for root from 162.144.236.216 port 52316 ssh2
Sep 29 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Connection closed by 162.144.236.216 port 52316 [preauth]
Sep 29 11:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Failed password for root from 162.144.236.216 port 58016 ssh2
Sep 29 11:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Connection closed by 162.144.236.216 port 58016 [preauth]
Sep 29 11:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: Failed password for root from 162.144.236.216 port 37702 ssh2
Sep 29 11:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: Connection closed by 162.144.236.216 port 37702 [preauth]
Sep 29 11:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27244]: Successful su for rubyman by root
Sep 29 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27244]: + ??? root:rubyman
Sep 29 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314496 of user rubyman.
Sep 29 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27244]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314496.
Sep 29 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23543]: pam_unix(cron:session): session closed for user root
Sep 29 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for root from 162.144.236.216 port 44706 ssh2
Sep 29 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Connection closed by 162.144.236.216 port 44706 [preauth]
Sep 29 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Invalid user user from 93.152.230.176
Sep 29 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: input_userauth_request: invalid user user [preauth]
Sep 29 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Failed password for invalid user user from 93.152.230.176 port 22932 ssh2
Sep 29 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Received disconnect from 93.152.230.176 port 22932:11: Client disconnecting normally [preauth]
Sep 29 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Disconnected from 93.152.230.176 port 22932 [preauth]
Sep 29 11:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Failed password for root from 162.144.236.216 port 51982 ssh2
Sep 29 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Connection closed by 162.144.236.216 port 51982 [preauth]
Sep 29 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Invalid user santana from 8.213.197.49
Sep 29 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: input_userauth_request: invalid user santana [preauth]
Sep 29 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Failed password for invalid user santana from 8.213.197.49 port 42838 ssh2
Sep 29 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Received disconnect from 8.213.197.49 port 42838:11: Bye Bye [preauth]
Sep 29 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Disconnected from 8.213.197.49 port 42838 [preauth]
Sep 29 11:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: Failed password for root from 162.144.236.216 port 59520 ssh2
Sep 29 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27525]: Connection closed by 162.144.236.216 port 59520 [preauth]
Sep 29 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: Failed password for root from 162.144.236.216 port 37240 ssh2
Sep 29 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27721]: Connection closed by 162.144.236.216 port 37240 [preauth]
Sep 29 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session closed for user root
Sep 29 11:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27736]: Failed password for root from 162.144.236.216 port 43790 ssh2
Sep 29 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27736]: Connection closed by 162.144.236.216 port 43790 [preauth]
Sep 29 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: Failed password for root from 162.144.236.216 port 51804 ssh2
Sep 29 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27786]: Connection closed by 162.144.236.216 port 51804 [preauth]
Sep 29 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Failed password for root from 162.144.236.216 port 57176 ssh2
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27813]: Connection closed by 162.144.236.216 port 57176 [preauth]
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: Successful su for rubyman by root
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: + ??? root:rubyman
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314498 of user rubyman.
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27903]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314498.
Sep 29 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session closed for user root
Sep 29 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Failed password for root from 162.144.236.216 port 35582 ssh2
Sep 29 11:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27835]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27830]: Connection closed by 162.144.236.216 port 35582 [preauth]
Sep 29 11:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Failed password for root from 162.144.236.216 port 41364 ssh2
Sep 29 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Connection closed by 162.144.236.216 port 41364 [preauth]
Sep 29 11:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28151]: Failed password for root from 103.174.114.50 port 41998 ssh2
Sep 29 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28151]: Received disconnect from 103.174.114.50 port 41998:11: Bye Bye [preauth]
Sep 29 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28151]: Disconnected from 103.174.114.50 port 41998 [preauth]
Sep 29 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: Failed password for root from 162.144.236.216 port 48934 ssh2
Sep 29 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: Connection closed by 162.144.236.216 port 48934 [preauth]
Sep 29 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session closed for user root
Sep 29 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Failed password for root from 162.144.236.216 port 54164 ssh2
Sep 29 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Connection closed by 162.144.236.216 port 54164 [preauth]
Sep 29 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Failed password for root from 162.144.236.216 port 60882 ssh2
Sep 29 11:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Connection closed by 162.144.236.216 port 60882 [preauth]
Sep 29 11:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Failed password for root from 162.144.236.216 port 40090 ssh2
Sep 29 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Connection closed by 162.144.236.216 port 40090 [preauth]
Sep 29 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Failed password for root from 162.144.236.216 port 46686 ssh2
Sep 29 11:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Connection closed by 162.144.236.216 port 46686 [preauth]
Sep 29 11:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Invalid user test2 from 196.251.87.127
Sep 29 11:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: input_userauth_request: invalid user test2 [preauth]
Sep 29 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28374]: Successful su for rubyman by root
Sep 29 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28374]: + ??? root:rubyman
Sep 29 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314502 of user rubyman.
Sep 29 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28374]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314502.
Sep 29 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Failed password for invalid user test2 from 196.251.87.127 port 54148 ssh2
Sep 29 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24710]: pam_unix(cron:session): session closed for user root
Sep 29 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Failed password for root from 162.144.236.216 port 53740 ssh2
Sep 29 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Connection closed by 196.251.87.127 port 54148 [preauth]
Sep 29 11:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Connection closed by 162.144.236.216 port 53740 [preauth]
Sep 29 11:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49  user=root
Sep 29 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: Failed password for root from 8.213.197.49 port 59522 ssh2
Sep 29 11:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: Received disconnect from 8.213.197.49 port 59522:11: Bye Bye [preauth]
Sep 29 11:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28703]: Disconnected from 8.213.197.49 port 59522 [preauth]
Sep 29 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Failed password for root from 162.144.236.216 port 60654 ssh2
Sep 29 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Connection closed by 162.144.236.216 port 60654 [preauth]
Sep 29 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: Failed password for root from 162.144.236.216 port 37134 ssh2
Sep 29 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: Connection closed by 162.144.236.216 port 37134 [preauth]
Sep 29 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: Failed password for root from 162.144.236.216 port 42018 ssh2
Sep 29 11:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: Connection closed by 162.144.236.216 port 42018 [preauth]
Sep 29 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session closed for user root
Sep 29 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: Failed password for root from 162.144.236.216 port 48712 ssh2
Sep 29 11:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: Connection closed by 162.144.236.216 port 48712 [preauth]
Sep 29 11:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Failed password for root from 162.144.236.216 port 55566 ssh2
Sep 29 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Connection closed by 162.144.236.216 port 55566 [preauth]
Sep 29 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: Failed password for root from 162.144.236.216 port 33110 ssh2
Sep 29 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: Connection closed by 162.144.236.216 port 33110 [preauth]
Sep 29 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28918]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user root
Sep 29 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Invalid user winter from 103.174.114.50
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: input_userauth_request: invalid user winter [preauth]
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29085]: Successful su for rubyman by root
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29085]: + ??? root:rubyman
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314509 of user rubyman.
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29085]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314509.
Sep 29 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Failed password for invalid user winter from 103.174.114.50 port 46234 ssh2
Sep 29 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Received disconnect from 103.174.114.50 port 46234:11: Bye Bye [preauth]
Sep 29 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Disconnected from 103.174.114.50 port 46234 [preauth]
Sep 29 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Failed password for root from 162.144.236.216 port 38088 ssh2
Sep 29 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session closed for user root
Sep 29 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28918]: pam_unix(cron:session): session closed for user root
Sep 29 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Connection closed by 162.144.236.216 port 38088 [preauth]
Sep 29 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: Failed password for root from 162.144.236.216 port 47328 ssh2
Sep 29 11:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29310]: Connection closed by 162.144.236.216 port 47328 [preauth]
Sep 29 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Failed password for root from 162.144.236.216 port 54146 ssh2
Sep 29 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user root
Sep 29 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29375]: Connection closed by 162.144.236.216 port 54146 [preauth]
Sep 29 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29440]: Failed password for root from 162.144.236.216 port 34762 ssh2
Sep 29 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29440]: Connection closed by 162.144.236.216 port 34762 [preauth]
Sep 29 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29519]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: Successful su for rubyman by root
Sep 29 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: + ??? root:rubyman
Sep 29 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314512 of user rubyman.
Sep 29 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314512.
Sep 29 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: Failed password for root from 162.144.236.216 port 42466 ssh2
Sep 29 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: Connection closed by 162.144.236.216 port 42466 [preauth]
Sep 29 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session closed for user root
Sep 29 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29520]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Failed password for root from 162.144.236.216 port 50120 ssh2
Sep 29 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Connection closed by 162.144.236.216 port 50120 [preauth]
Sep 29 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: Failed password for root from 162.144.236.216 port 57412 ssh2
Sep 29 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29852]: Connection closed by 162.144.236.216 port 57412 [preauth]
Sep 29 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user root
Sep 29 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Failed password for root from 162.144.236.216 port 35950 ssh2
Sep 29 11:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Connection closed by 162.144.236.216 port 35950 [preauth]
Sep 29 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Failed password for root from 103.174.114.50 port 49980 ssh2
Sep 29 11:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Received disconnect from 103.174.114.50 port 49980:11: Bye Bye [preauth]
Sep 29 11:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Disconnected from 103.174.114.50 port 49980 [preauth]
Sep 29 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Failed password for root from 162.144.236.216 port 42098 ssh2
Sep 29 11:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Connection closed by 162.144.236.216 port 42098 [preauth]
Sep 29 11:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Invalid user test3 from 196.251.87.127
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: input_userauth_request: invalid user test3 [preauth]
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30014]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: Successful su for rubyman by root
Sep 29 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: + ??? root:rubyman
Sep 29 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314516 of user rubyman.
Sep 29 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314516.
Sep 29 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session closed for user root
Sep 29 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Failed password for invalid user test3 from 196.251.87.127 port 35414 ssh2
Sep 29 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Connection closed by 196.251.87.127 port 35414 [preauth]
Sep 29 11:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Failed password for root from 162.144.236.216 port 49200 ssh2
Sep 29 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Connection closed by 162.144.236.216 port 49200 [preauth]
Sep 29 11:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Failed password for root from 162.144.236.216 port 56458 ssh2
Sep 29 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30355]: Connection closed by 162.144.236.216 port 56458 [preauth]
Sep 29 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: Failed password for root from 162.144.236.216 port 34932 ssh2
Sep 29 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30382]: Connection closed by 162.144.236.216 port 34932 [preauth]
Sep 29 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session closed for user root
Sep 29 11:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for root from 162.144.236.216 port 41190 ssh2
Sep 29 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Connection closed by 162.144.236.216 port 41190 [preauth]
Sep 29 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for root from 162.144.236.216 port 47450 ssh2
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: Successful su for rubyman by root
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: + ??? root:rubyman
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314520 of user rubyman.
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30693]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314520.
Sep 29 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Connection closed by 162.144.236.216 port 47450 [preauth]
Sep 29 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Invalid user frappe from 8.213.197.49
Sep 29 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: input_userauth_request: invalid user frappe [preauth]
Sep 29 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.213.197.49
Sep 29 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
Sep 29 11:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Failed password for invalid user frappe from 8.213.197.49 port 50444 ssh2
Sep 29 11:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Received disconnect from 8.213.197.49 port 50444:11: Bye Bye [preauth]
Sep 29 11:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Disconnected from 8.213.197.49 port 50444 [preauth]
Sep 29 11:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for root from 162.144.236.216 port 56162 ssh2
Sep 29 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Connection closed by 162.144.236.216 port 56162 [preauth]
Sep 29 11:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Failed password for root from 162.144.236.216 port 33832 ssh2
Sep 29 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Connection closed by 162.144.236.216 port 33832 [preauth]
Sep 29 11:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: Invalid user server from 103.174.114.50
Sep 29 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: input_userauth_request: invalid user server [preauth]
Sep 29 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: Failed password for invalid user server from 103.174.114.50 port 42240 ssh2
Sep 29 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session closed for user root
Sep 29 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: Received disconnect from 103.174.114.50 port 42240:11: Bye Bye [preauth]
Sep 29 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30975]: Disconnected from 103.174.114.50 port 42240 [preauth]
Sep 29 11:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30962]: Failed password for root from 162.144.236.216 port 43036 ssh2
Sep 29 11:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30962]: Connection closed by 162.144.236.216 port 43036 [preauth]
Sep 29 11:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Invalid user VPN from 120.48.170.78
Sep 29 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: input_userauth_request: invalid user VPN [preauth]
Sep 29 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.170.78
Sep 29 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Failed password for invalid user VPN from 120.48.170.78 port 43328 ssh2
Sep 29 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Received disconnect from 120.48.170.78 port 43328:11: Bye Bye [preauth]
Sep 29 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Disconnected from 120.48.170.78 port 43328 [preauth]
Sep 29 11:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31026]: Failed password for root from 162.144.236.216 port 49202 ssh2
Sep 29 11:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31026]: Connection closed by 162.144.236.216 port 49202 [preauth]
Sep 29 11:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31097]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31247]: Successful su for rubyman by root
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31247]: + ??? root:rubyman
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314525 of user rubyman.
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31247]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314525.
Sep 29 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31093]: pam_unix(cron:session): session closed for user root
Sep 29 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session closed for user root
Sep 29 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Failed password for root from 162.144.236.216 port 54736 ssh2
Sep 29 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31096]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Connection closed by 162.144.236.216 port 54736 [preauth]
Sep 29 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Failed password for root from 162.144.236.216 port 34206 ssh2
Sep 29 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Connection closed by 162.144.236.216 port 34206 [preauth]
Sep 29 11:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 162.144.236.216 port 41392 ssh2
Sep 29 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 162.144.236.216 port 41392 [preauth]
Sep 29 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user root
Sep 29 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Failed password for root from 162.144.236.216 port 46532 ssh2
Sep 29 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Connection closed by 162.144.236.216 port 46532 [preauth]
Sep 29 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Failed password for root from 196.251.87.127 port 41696 ssh2
Sep 29 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Connection closed by 196.251.87.127 port 41696 [preauth]
Sep 29 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31690]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session closed for user root
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for root from 162.144.236.216 port 53872 ssh2
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: Successful su for rubyman by root
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: + ??? root:rubyman
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314531 of user rubyman.
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31762]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314531.
Sep 29 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Connection closed by 162.144.236.216 port 53872 [preauth]
Sep 29 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session closed for user root
Sep 29 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user root
Sep 29 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Invalid user shop from 103.174.114.50
Sep 29 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: input_userauth_request: invalid user shop [preauth]
Sep 29 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for root from 162.144.236.216 port 60988 ssh2
Sep 29 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 162.144.236.216 port 60988 [preauth]
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Failed password for invalid user shop from 103.174.114.50 port 33924 ssh2
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: Invalid user ubnt from 194.0.234.19
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Received disconnect from 103.174.114.50 port 33924:11: Bye Bye [preauth]
Sep 29 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31996]: Disconnected from 103.174.114.50 port 33924 [preauth]
Sep 29 11:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: Failed password for invalid user ubnt from 194.0.234.19 port 16620 ssh2
Sep 29 11:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32007]: Connection closed by 194.0.234.19 port 16620 [preauth]
Sep 29 11:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: Failed password for root from 162.144.236.216 port 39934 ssh2
Sep 29 11:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32009]: Connection closed by 162.144.236.216 port 39934 [preauth]
Sep 29 11:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session closed for user root
Sep 29 11:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Failed password for root from 162.144.236.216 port 46336 ssh2
Sep 29 11:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Connection closed by 162.144.236.216 port 46336 [preauth]
Sep 29 11:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Invalid user admin from 139.19.117.131
Sep 29 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: input_userauth_request: invalid user admin [preauth]
Sep 29 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Connection closed by 139.19.117.131 port 37516 [preauth]
Sep 29 11:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Failed password for root from 162.144.236.216 port 54100 ssh2
Sep 29 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Connection closed by 162.144.236.216 port 54100 [preauth]
Sep 29 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32184]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32181]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32255]: Successful su for rubyman by root
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32255]: + ??? root:rubyman
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314535 of user rubyman.
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32255]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314535.
Sep 29 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user root
Sep 29 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Failed password for root from 162.144.236.216 port 33604 ssh2
Sep 29 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Connection closed by 162.144.236.216 port 33604 [preauth]
Sep 29 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32182]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: Failed password for root from 162.144.236.216 port 39572 ssh2
Sep 29 11:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: Connection closed by 162.144.236.216 port 39572 [preauth]
Sep 29 11:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Failed password for root from 162.144.236.216 port 46924 ssh2
Sep 29 11:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Connection closed by 162.144.236.216 port 46924 [preauth]
Sep 29 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31098]: pam_unix(cron:session): session closed for user root
Sep 29 11:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: User www-data from 93.152.230.176 not allowed because not listed in AllowUsers
Sep 29 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: input_userauth_request: invalid user www-data [preauth]
Sep 29 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=www-data
Sep 29 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: Failed password for invalid user www-data from 93.152.230.176 port 35330 ssh2
Sep 29 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: Received disconnect from 93.152.230.176 port 35330:11: Client disconnecting normally [preauth]
Sep 29 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: Disconnected from 93.152.230.176 port 35330 [preauth]
Sep 29 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Invalid user marcel from 103.174.114.50
Sep 29 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: input_userauth_request: invalid user marcel [preauth]
Sep 29 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Failed password for invalid user marcel from 103.174.114.50 port 39352 ssh2
Sep 29 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Received disconnect from 103.174.114.50 port 39352:11: Bye Bye [preauth]
Sep 29 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Disconnected from 103.174.114.50 port 39352 [preauth]
Sep 29 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Failed password for root from 162.144.236.216 port 53712 ssh2
Sep 29 11:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Connection closed by 162.144.236.216 port 53712 [preauth]
Sep 29 11:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: Successful su for rubyman by root
Sep 29 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: + ??? root:rubyman
Sep 29 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314541 of user rubyman.
Sep 29 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32698]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314541.
Sep 29 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Failed password for root from 162.144.236.216 port 34740 ssh2
Sep 29 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session closed for user root
Sep 29 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Connection closed by 162.144.236.216 port 34740 [preauth]
Sep 29 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32633]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 162.144.236.216 port 42592 ssh2
Sep 29 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Failed password for root from 196.251.87.127 port 45456 ssh2
Sep 29 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Connection closed by 162.144.236.216 port 42592 [preauth]
Sep 29 11:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[392]: Connection closed by 196.251.87.127 port 45456 [preauth]
Sep 29 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Failed password for root from 162.144.236.216 port 49806 ssh2
Sep 29 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Connection closed by 162.144.236.216 port 49806 [preauth]
Sep 29 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31690]: pam_unix(cron:session): session closed for user root
Sep 29 11:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Failed password for root from 162.144.236.216 port 55774 ssh2
Sep 29 11:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Connection closed by 162.144.236.216 port 55774 [preauth]
Sep 29 11:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Failed password for root from 162.144.236.216 port 60908 ssh2
Sep 29 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Connection closed by 162.144.236.216 port 60908 [preauth]
Sep 29 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[618]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[682]: Successful su for rubyman by root
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[682]: + ??? root:rubyman
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314543 of user rubyman.
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[682]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314543.
Sep 29 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user root
Sep 29 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Failed password for root from 162.144.236.216 port 41798 ssh2
Sep 29 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Connection closed by 162.144.236.216 port 41798 [preauth]
Sep 29 11:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Failed password for root from 162.144.236.216 port 48164 ssh2
Sep 29 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Connection closed by 162.144.236.216 port 48164 [preauth]
Sep 29 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Invalid user celka from 103.174.114.50
Sep 29 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: input_userauth_request: invalid user celka [preauth]
Sep 29 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for invalid user celka from 103.174.114.50 port 34030 ssh2
Sep 29 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Received disconnect from 103.174.114.50 port 34030:11: Bye Bye [preauth]
Sep 29 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Disconnected from 103.174.114.50 port 34030 [preauth]
Sep 29 11:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32184]: pam_unix(cron:session): session closed for user root
Sep 29 11:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Invalid user  from 62.60.131.157
Sep 29 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: input_userauth_request: invalid user  [preauth]
Sep 29 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Failed none for invalid user  from 62.60.131.157 port 63637 ssh2
Sep 29 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Received disconnect from 62.60.131.157 port 63637:11: Bye [preauth]
Sep 29 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Disconnected from 62.60.131.157 port 63637 [preauth]
Sep 29 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Failed password for root from 162.144.236.216 port 56558 ssh2
Sep 29 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1065]: Connection closed by 162.144.236.216 port 56558 [preauth]
Sep 29 11:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1165]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: Successful su for rubyman by root
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: + ??? root:rubyman
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314549 of user rubyman.
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1232]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314549.
Sep 29 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Failed password for root from 162.144.236.216 port 35818 ssh2
Sep 29 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session closed for user root
Sep 29 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Connection closed by 162.144.236.216 port 35818 [preauth]
Sep 29 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1166]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Failed password for root from 162.144.236.216 port 43976 ssh2
Sep 29 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Connection closed by 162.144.236.216 port 43976 [preauth]
Sep 29 11:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Failed password for root from 162.144.236.216 port 51726 ssh2
Sep 29 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Connection closed by 162.144.236.216 port 51726 [preauth]
Sep 29 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Failed password for root from 162.144.236.216 port 55862 ssh2
Sep 29 11:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Connection closed by 162.144.236.216 port 55862 [preauth]
Sep 29 11:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32635]: pam_unix(cron:session): session closed for user root
Sep 29 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Failed password for root from 162.144.236.216 port 60938 ssh2
Sep 29 11:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Connection closed by 162.144.236.216 port 60938 [preauth]
Sep 29 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Failed password for root from 196.251.87.127 port 46574 ssh2
Sep 29 11:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Connection closed by 196.251.87.127 port 46574 [preauth]
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1663]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1665]: pam_unix(cron:session): session closed for user root
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: Successful su for rubyman by root
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: + ??? root:rubyman
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314554 of user rubyman.
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1745]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314554.
Sep 29 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: Failed password for root from 162.144.236.216 port 38128 ssh2
Sep 29 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session closed for user root
Sep 29 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31097]: pam_unix(cron:session): session closed for user root
Sep 29 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: Connection closed by 162.144.236.216 port 38128 [preauth]
Sep 29 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Invalid user viper from 103.174.114.50
Sep 29 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: input_userauth_request: invalid user viper [preauth]
Sep 29 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Failed password for invalid user viper from 103.174.114.50 port 45836 ssh2
Sep 29 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Received disconnect from 103.174.114.50 port 45836:11: Bye Bye [preauth]
Sep 29 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1959]: Disconnected from 103.174.114.50 port 45836 [preauth]
Sep 29 11:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Failed password for root from 162.144.236.216 port 46328 ssh2
Sep 29 11:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1958]: Connection closed by 162.144.236.216 port 46328 [preauth]
Sep 29 11:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: Failed password for root from 162.144.236.216 port 53698 ssh2
Sep 29 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2014]: Connection closed by 162.144.236.216 port 53698 [preauth]
Sep 29 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[622]: pam_unix(cron:session): session closed for user root
Sep 29 11:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: Failed password for root from 162.144.236.216 port 59220 ssh2
Sep 29 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: Connection closed by 162.144.236.216 port 59220 [preauth]
Sep 29 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Failed password for root from 162.144.236.216 port 36148 ssh2
Sep 29 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Connection closed by 162.144.236.216 port 36148 [preauth]
Sep 29 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2231]: Successful su for rubyman by root
Sep 29 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2231]: + ??? root:rubyman
Sep 29 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314557 of user rubyman.
Sep 29 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2231]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314557.
Sep 29 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session closed for user root
Sep 29 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2150]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Failed password for root from 162.144.236.216 port 42056 ssh2
Sep 29 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Connection closed by 162.144.236.216 port 42056 [preauth]
Sep 29 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Failed password for root from 162.144.236.216 port 48800 ssh2
Sep 29 11:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Connection closed by 162.144.236.216 port 48800 [preauth]
Sep 29 11:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session closed for user root
Sep 29 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Invalid user username from 103.174.114.50
Sep 29 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: input_userauth_request: invalid user username [preauth]
Sep 29 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Failed password for invalid user username from 103.174.114.50 port 37460 ssh2
Sep 29 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Failed password for root from 162.144.236.216 port 58040 ssh2
Sep 29 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Received disconnect from 103.174.114.50 port 37460:11: Bye Bye [preauth]
Sep 29 11:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Disconnected from 103.174.114.50 port 37460 [preauth]
Sep 29 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Connection closed by 162.144.236.216 port 58040 [preauth]
Sep 29 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: Failed password for root from 162.144.236.216 port 37372 ssh2
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2613]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: Successful su for rubyman by root
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: + ??? root:rubyman
Sep 29 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314561 of user rubyman.
Sep 29 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2676]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314561.
Sep 29 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: Connection closed by 162.144.236.216 port 37372 [preauth]
Sep 29 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32183]: pam_unix(cron:session): session closed for user root
Sep 29 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Failed password for root from 162.144.236.216 port 42826 ssh2
Sep 29 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Connection closed by 162.144.236.216 port 42826 [preauth]
Sep 29 11:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Failed password for root from 162.144.236.216 port 48040 ssh2
Sep 29 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Connection closed by 162.144.236.216 port 48040 [preauth]
Sep 29 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for root from 196.251.87.127 port 47592 ssh2
Sep 29 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection closed by 196.251.87.127 port 47592 [preauth]
Sep 29 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session closed for user root
Sep 29 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Failed password for root from 162.144.236.216 port 54948 ssh2
Sep 29 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Connection closed by 162.144.236.216 port 54948 [preauth]
Sep 29 11:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3110]: Successful su for rubyman by root
Sep 29 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3110]: + ??? root:rubyman
Sep 29 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314565 of user rubyman.
Sep 29 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3110]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314565.
Sep 29 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Failed password for root from 162.144.236.216 port 34254 ssh2
Sep 29 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Connection closed by 162.144.236.216 port 34254 [preauth]
Sep 29 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32634]: pam_unix(cron:session): session closed for user root
Sep 29 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3045]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Failed password for root from 162.144.236.216 port 42708 ssh2
Sep 29 11:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Connection closed by 162.144.236.216 port 42708 [preauth]
Sep 29 11:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: Failed password for root from 162.144.236.216 port 48016 ssh2
Sep 29 11:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Failed password for root from 103.174.114.50 port 60082 ssh2
Sep 29 11:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Received disconnect from 103.174.114.50 port 60082:11: Bye Bye [preauth]
Sep 29 11:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Disconnected from 103.174.114.50 port 60082 [preauth]
Sep 29 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: Connection closed by 162.144.236.216 port 48016 [preauth]
Sep 29 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2153]: pam_unix(cron:session): session closed for user root
Sep 29 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Failed password for root from 162.144.236.216 port 55496 ssh2
Sep 29 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Connection closed by 162.144.236.216 port 55496 [preauth]
Sep 29 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3483]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3545]: Successful su for rubyman by root
Sep 29 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3545]: + ??? root:rubyman
Sep 29 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314569 of user rubyman.
Sep 29 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3545]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314569.
Sep 29 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Failed password for root from 162.144.236.216 port 34998 ssh2
Sep 29 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session closed for user root
Sep 29 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Connection closed by 162.144.236.216 port 34998 [preauth]
Sep 29 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: Failed password for root from 162.144.236.216 port 42536 ssh2
Sep 29 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: Connection closed by 162.144.236.216 port 42536 [preauth]
Sep 29 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3779]: Failed password for root from 162.144.236.216 port 48888 ssh2
Sep 29 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3779]: Connection closed by 162.144.236.216 port 48888 [preauth]
Sep 29 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session closed for user root
Sep 29 11:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for root from 162.144.236.216 port 55436 ssh2
Sep 29 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Connection closed by 162.144.236.216 port 55436 [preauth]
Sep 29 11:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for root from 196.251.87.127 port 48278 ssh2
Sep 29 11:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Invalid user test from 194.0.234.19
Sep 29 11:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: input_userauth_request: invalid user test [preauth]
Sep 29 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Connection closed by 196.251.87.127 port 48278 [preauth]
Sep 29 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Failed password for invalid user test from 194.0.234.19 port 41010 ssh2
Sep 29 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Connection closed by 194.0.234.19 port 41010 [preauth]
Sep 29 11:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user root
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Invalid user user from 62.60.131.157
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: input_userauth_request: invalid user user [preauth]
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4001]: Successful su for rubyman by root
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4001]: + ??? root:rubyman
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314573 of user rubyman.
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4001]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314573.
Sep 29 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Failed password for root from 162.144.236.216 port 60690 ssh2
Sep 29 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user user from 62.60.131.157 port 41015 ssh2
Sep 29 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Connection closed by 162.144.236.216 port 60690 [preauth]
Sep 29 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3929]: pam_unix(cron:session): session closed for user root
Sep 29 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user user from 62.60.131.157 port 41015 ssh2
Sep 29 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session closed for user root
Sep 29 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Invalid user move from 103.174.114.50
Sep 29 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: input_userauth_request: invalid user move [preauth]
Sep 29 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user user from 62.60.131.157 port 41015 ssh2
Sep 29 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Failed password for invalid user move from 103.174.114.50 port 48168 ssh2
Sep 29 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Received disconnect from 103.174.114.50 port 48168:11: Bye Bye [preauth]
Sep 29 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Disconnected from 103.174.114.50 port 48168 [preauth]
Sep 29 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user user from 62.60.131.157 port 41015 ssh2
Sep 29 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Failed password for root from 162.144.236.216 port 40352 ssh2
Sep 29 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user user from 62.60.131.157 port 41015 ssh2
Sep 29 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Received disconnect from 62.60.131.157 port 41015:11: Bye [preauth]
Sep 29 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Disconnected from 62.60.131.157 port 41015 [preauth]
Sep 29 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 11:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Connection closed by 162.144.236.216 port 40352 [preauth]
Sep 29 11:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4256]: Failed password for root from 162.144.236.216 port 47174 ssh2
Sep 29 11:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4256]: Connection closed by 162.144.236.216 port 47174 [preauth]
Sep 29 11:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session closed for user root
Sep 29 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: Invalid user test from 93.152.230.176
Sep 29 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: input_userauth_request: invalid user test [preauth]
Sep 29 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 11:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: Failed password for invalid user test from 93.152.230.176 port 27834 ssh2
Sep 29 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Failed password for root from 162.144.236.216 port 55338 ssh2
Sep 29 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: Received disconnect from 93.152.230.176 port 27834:11: Client disconnecting normally [preauth]
Sep 29 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4357]: Disconnected from 93.152.230.176 port 27834 [preauth]
Sep 29 11:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Connection closed by 162.144.236.216 port 55338 [preauth]
Sep 29 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Failed password for root from 162.144.236.216 port 35122 ssh2
Sep 29 11:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4390]: Connection closed by 162.144.236.216 port 35122 [preauth]
Sep 29 11:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4421]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4417]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: Successful su for rubyman by root
Sep 29 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: + ??? root:rubyman
Sep 29 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314581 of user rubyman.
Sep 29 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4489]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314581.
Sep 29 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1663]: pam_unix(cron:session): session closed for user root
Sep 29 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Failed password for root from 162.144.236.216 port 39912 ssh2
Sep 29 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4414]: Connection closed by 162.144.236.216 port 39912 [preauth]
Sep 29 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Failed password for root from 162.144.236.216 port 44764 ssh2
Sep 29 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Connection closed by 162.144.236.216 port 44764 [preauth]
Sep 29 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 162.144.236.216 port 51100 ssh2
Sep 29 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Connection closed by 162.144.236.216 port 51100 [preauth]
Sep 29 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3483]: pam_unix(cron:session): session closed for user root
Sep 29 11:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Failed password for root from 162.144.236.216 port 57330 ssh2
Sep 29 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Invalid user agent from 103.174.114.50
Sep 29 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: input_userauth_request: invalid user agent [preauth]
Sep 29 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Connection closed by 162.144.236.216 port 57330 [preauth]
Sep 29 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for invalid user agent from 103.174.114.50 port 41320 ssh2
Sep 29 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Received disconnect from 103.174.114.50 port 41320:11: Bye Bye [preauth]
Sep 29 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Disconnected from 103.174.114.50 port 41320 [preauth]
Sep 29 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4935]: Successful su for rubyman by root
Sep 29 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4935]: + ??? root:rubyman
Sep 29 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314584 of user rubyman.
Sep 29 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4935]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314584.
Sep 29 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2152]: pam_unix(cron:session): session closed for user root
Sep 29 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Failed password for root from 162.144.236.216 port 37734 ssh2
Sep 29 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Connection closed by 162.144.236.216 port 37734 [preauth]
Sep 29 11:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: Failed password for root from 162.144.236.216 port 45960 ssh2
Sep 29 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: Connection closed by 162.144.236.216 port 45960 [preauth]
Sep 29 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Failed password for root from 196.251.87.127 port 48898 ssh2
Sep 29 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5164]: Connection closed by 196.251.87.127 port 48898 [preauth]
Sep 29 11:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Failed password for root from 162.144.236.216 port 53054 ssh2
Sep 29 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Connection closed by 162.144.236.216 port 53054 [preauth]
Sep 29 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Failed password for root from 162.144.236.216 port 59960 ssh2
Sep 29 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Connection closed by 162.144.236.216 port 59960 [preauth]
Sep 29 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session closed for user root
Sep 29 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Failed password for root from 162.144.236.216 port 37014 ssh2
Sep 29 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Connection closed by 162.144.236.216 port 37014 [preauth]
Sep 29 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Failed password for root from 162.144.236.216 port 44992 ssh2
Sep 29 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Connection closed by 162.144.236.216 port 44992 [preauth]
Sep 29 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: Successful su for rubyman by root
Sep 29 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: + ??? root:rubyman
Sep 29 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314587 of user rubyman.
Sep 29 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314587.
Sep 29 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: Failed password for root from 162.144.236.216 port 51670 ssh2
Sep 29 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: Connection closed by 162.144.236.216 port 51670 [preauth]
Sep 29 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session closed for user root
Sep 29 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: Failed password for root from 162.144.236.216 port 59510 ssh2
Sep 29 11:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: Connection closed by 162.144.236.216 port 59510 [preauth]
Sep 29 11:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Failed password for root from 162.144.236.216 port 37790 ssh2
Sep 29 11:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Connection closed by 162.144.236.216 port 37790 [preauth]
Sep 29 11:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Invalid user old from 103.174.114.50
Sep 29 11:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: input_userauth_request: invalid user old [preauth]
Sep 29 11:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Failed password for root from 162.144.236.216 port 45898 ssh2
Sep 29 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4421]: pam_unix(cron:session): session closed for user root
Sep 29 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Failed password for invalid user old from 103.174.114.50 port 44332 ssh2
Sep 29 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Received disconnect from 103.174.114.50 port 44332:11: Bye Bye [preauth]
Sep 29 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Disconnected from 103.174.114.50 port 44332 [preauth]
Sep 29 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Connection closed by 162.144.236.216 port 45898 [preauth]
Sep 29 11:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: Failed password for root from 162.144.236.216 port 53072 ssh2
Sep 29 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: Connection closed by 162.144.236.216 port 53072 [preauth]
Sep 29 11:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: Failed password for root from 162.144.236.216 port 59720 ssh2
Sep 29 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5834]: Connection closed by 162.144.236.216 port 59720 [preauth]
Sep 29 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Failed password for root from 162.144.236.216 port 37946 ssh2
Sep 29 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Connection closed by 162.144.236.216 port 37946 [preauth]
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5887]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5886]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5884]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5955]: Successful su for rubyman by root
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5955]: + ??? root:rubyman
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314593 of user rubyman.
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5955]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314593.
Sep 29 11:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3046]: pam_unix(cron:session): session closed for user root
Sep 29 11:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5885]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: Failed password for root from 162.144.236.216 port 43624 ssh2
Sep 29 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5882]: Connection closed by 162.144.236.216 port 43624 [preauth]
Sep 29 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for root from 162.144.236.216 port 52496 ssh2
Sep 29 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 162.144.236.216 port 52496 [preauth]
Sep 29 11:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Failed password for root from 162.144.236.216 port 58726 ssh2
Sep 29 11:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session closed for user root
Sep 29 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Connection closed by 162.144.236.216 port 58726 [preauth]
Sep 29 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Failed password for root from 162.144.236.216 port 39332 ssh2
Sep 29 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6259]: Connection closed by 162.144.236.216 port 39332 [preauth]
Sep 29 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Failed password for root from 162.144.236.216 port 45696 ssh2
Sep 29 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6282]: Connection closed by 162.144.236.216 port 45696 [preauth]
Sep 29 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Failed password for root from 196.251.87.127 port 49762 ssh2
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6327]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session closed for user root
Sep 29 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6325]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6403]: Successful su for rubyman by root
Sep 29 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6403]: + ??? root:rubyman
Sep 29 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314595 of user rubyman.
Sep 29 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6403]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314595.
Sep 29 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Connection closed by 196.251.87.127 port 49762 [preauth]
Sep 29 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Failed password for root from 162.144.236.216 port 53028 ssh2
Sep 29 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6327]: pam_unix(cron:session): session closed for user root
Sep 29 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3481]: pam_unix(cron:session): session closed for user root
Sep 29 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Connection closed by 162.144.236.216 port 53028 [preauth]
Sep 29 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6326]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Failed password for root from 162.144.236.216 port 34820 ssh2
Sep 29 11:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Connection closed by 162.144.236.216 port 34820 [preauth]
Sep 29 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Invalid user titu from 103.174.114.50
Sep 29 11:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: input_userauth_request: invalid user titu [preauth]
Sep 29 11:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Failed password for invalid user titu from 103.174.114.50 port 49488 ssh2
Sep 29 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Received disconnect from 103.174.114.50 port 49488:11: Bye Bye [preauth]
Sep 29 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Disconnected from 103.174.114.50 port 49488 [preauth]
Sep 29 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6778]: Failed password for root from 162.144.236.216 port 41212 ssh2
Sep 29 11:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6778]: Connection closed by 162.144.236.216 port 41212 [preauth]
Sep 29 11:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Failed password for root from 162.144.236.216 port 47926 ssh2
Sep 29 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Connection closed by 162.144.236.216 port 47926 [preauth]
Sep 29 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session closed for user root
Sep 29 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for root from 162.144.236.216 port 53100 ssh2
Sep 29 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection closed by 162.144.236.216 port 53100 [preauth]
Sep 29 11:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for root from 162.144.236.216 port 59206 ssh2
Sep 29 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Connection closed by 162.144.236.216 port 59206 [preauth]
Sep 29 11:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6921]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Failed password for root from 162.144.236.216 port 40014 ssh2
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: Successful su for rubyman by root
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: + ??? root:rubyman
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314601 of user rubyman.
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314601.
Sep 29 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6909]: Connection closed by 162.144.236.216 port 40014 [preauth]
Sep 29 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Invalid user telecomadmin from 80.94.95.116
Sep 29 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: input_userauth_request: invalid user telecomadmin [preauth]
Sep 29 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session closed for user root
Sep 29 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6923]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Failed password for invalid user telecomadmin from 80.94.95.116 port 39270 ssh2
Sep 29 11:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Connection closed by 80.94.95.116 port 39270 [preauth]
Sep 29 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Failed password for root from 162.144.236.216 port 46966 ssh2
Sep 29 11:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Connection closed by 162.144.236.216 port 46966 [preauth]
Sep 29 11:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Failed password for root from 162.144.236.216 port 53168 ssh2
Sep 29 11:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Connection closed by 162.144.236.216 port 53168 [preauth]
Sep 29 11:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Failed password for root from 162.144.236.216 port 33064 ssh2
Sep 29 11:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Connection closed by 162.144.236.216 port 33064 [preauth]
Sep 29 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5887]: pam_unix(cron:session): session closed for user root
Sep 29 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Did not receive identification string from 198.235.24.115
Sep 29 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Failed password for root from 162.144.236.216 port 39890 ssh2
Sep 29 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Connection closed by 162.144.236.216 port 39890 [preauth]
Sep 29 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Failed password for root from 162.144.236.216 port 47778 ssh2
Sep 29 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Connection closed by 162.144.236.216 port 47778 [preauth]
Sep 29 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for root from 162.144.236.216 port 53622 ssh2
Sep 29 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Failed password for root from 103.174.114.50 port 35494 ssh2
Sep 29 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Received disconnect from 103.174.114.50 port 35494:11: Bye Bye [preauth]
Sep 29 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Disconnected from 103.174.114.50 port 35494 [preauth]
Sep 29 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Connection closed by 162.144.236.216 port 53622 [preauth]
Sep 29 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7486]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7552]: Successful su for rubyman by root
Sep 29 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7552]: + ??? root:rubyman
Sep 29 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314605 of user rubyman.
Sep 29 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7552]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314605.
Sep 29 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session closed for user root
Sep 29 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7487]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for root from 162.144.236.216 port 59774 ssh2
Sep 29 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Connection closed by 162.144.236.216 port 59774 [preauth]
Sep 29 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for root from 162.144.236.216 port 39898 ssh2
Sep 29 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Connection closed by 162.144.236.216 port 39898 [preauth]
Sep 29 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127  user=root
Sep 29 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: Connection closed by 167.94.145.107 port 60926 [preauth]
Sep 29 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Failed password for root from 196.251.87.127 port 49940 ssh2
Sep 29 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Failed password for root from 162.144.236.216 port 46134 ssh2
Sep 29 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Connection closed by 196.251.87.127 port 49940 [preauth]
Sep 29 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Connection closed by 162.144.236.216 port 46134 [preauth]
Sep 29 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: Failed password for root from 162.144.236.216 port 52176 ssh2
Sep 29 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7851]: Connection closed by 162.144.236.216 port 52176 [preauth]
Sep 29 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session closed for user root
Sep 29 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Failed password for root from 162.144.236.216 port 57954 ssh2
Sep 29 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Connection closed by 162.144.236.216 port 57954 [preauth]
Sep 29 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Failed password for root from 162.144.236.216 port 35994 ssh2
Sep 29 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Connection closed by 162.144.236.216 port 35994 [preauth]
Sep 29 11:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: Failed password for root from 162.144.236.216 port 42762 ssh2
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7944]: Connection closed by 162.144.236.216 port 42762 [preauth]
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: Successful su for rubyman by root
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: + ??? root:rubyman
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314609 of user rubyman.
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314609.
Sep 29 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user root
Sep 29 11:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7967]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Failed password for root from 162.144.236.216 port 48240 ssh2
Sep 29 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Connection closed by 162.144.236.216 port 48240 [preauth]
Sep 29 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for root from 162.144.236.216 port 55702 ssh2
Sep 29 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Connection closed by 162.144.236.216 port 55702 [preauth]
Sep 29 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Invalid user admin from 62.60.131.157
Sep 29 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: input_userauth_request: invalid user admin [preauth]
Sep 29 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user admin from 62.60.131.157 port 63592 ssh2
Sep 29 11:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user admin from 62.60.131.157 port 63592 ssh2
Sep 29 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user admin from 62.60.131.157 port 63592 ssh2
Sep 29 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user admin from 62.60.131.157 port 63592 ssh2
Sep 29 11:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Failed password for root from 162.144.236.216 port 34720 ssh2
Sep 29 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Connection closed by 162.144.236.216 port 34720 [preauth]
Sep 29 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user admin from 62.60.131.157 port 63592 ssh2
Sep 29 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Received disconnect from 62.60.131.157 port 63592:11: Bye [preauth]
Sep 29 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Disconnected from 62.60.131.157 port 63592 [preauth]
Sep 29 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6925]: pam_unix(cron:session): session closed for user root
Sep 29 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: Invalid user test from 138.124.158.150
Sep 29 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: input_userauth_request: invalid user test [preauth]
Sep 29 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: Failed password for invalid user test from 138.124.158.150 port 49424 ssh2
Sep 29 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: Received disconnect from 138.124.158.150 port 49424:11: Bye Bye [preauth]
Sep 29 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8394]: Disconnected from 138.124.158.150 port 49424 [preauth]
Sep 29 11:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: Invalid user test from 103.174.114.50
Sep 29 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: input_userauth_request: invalid user test [preauth]
Sep 29 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for root from 162.144.236.216 port 42028 ssh2
Sep 29 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: Failed password for invalid user test from 103.174.114.50 port 50126 ssh2
Sep 29 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: Received disconnect from 103.174.114.50 port 50126:11: Bye Bye [preauth]
Sep 29 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: Disconnected from 103.174.114.50 port 50126 [preauth]
Sep 29 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Connection closed by 162.144.236.216 port 42028 [preauth]
Sep 29 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: Failed password for root from 162.144.236.216 port 49850 ssh2
Sep 29 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8425]: Connection closed by 162.144.236.216 port 49850 [preauth]
Sep 29 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Did not receive identification string from 196.251.114.29
Sep 29 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Failed password for root from 162.144.236.216 port 55598 ssh2
Sep 29 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Connection closed by 162.144.236.216 port 55598 [preauth]
Sep 29 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session closed for user p13x
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: Successful su for rubyman by root
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: + ??? root:rubyman
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314613 of user rubyman.
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8546]: pam_unix(su:session): session closed for user rubyman
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314613.
Sep 29 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: Failed password for root from 162.144.236.216 port 33152 ssh2
Sep 29 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session closed for user root
Sep 29 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8463]: Connection closed by 162.144.236.216 port 33152 [preauth]
Sep 29 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session closed for user samftp
Sep 29 11:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for root from 162.144.236.216 port 39598 ssh2
Sep 29 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Connection closed by 162.144.236.216 port 39598 [preauth]
Sep 29 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Failed password for root from 162.144.236.216 port 48824 ssh2
Sep 29 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Connection closed by 162.144.236.216 port 48824 [preauth]
Sep 29 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Invalid user username from 93.152.230.176
Sep 29 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: input_userauth_request: invalid user username [preauth]
Sep 29 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 11:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Failed password for invalid user username from 93.152.230.176 port 44005 ssh2
Sep 29 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Received disconnect from 93.152.230.176 port 44005:11: Client disconnecting normally [preauth]
Sep 29 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8944]: Disconnected from 93.152.230.176 port 44005 [preauth]
Sep 29 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Failed password for root from 162.144.236.216 port 54890 ssh2
Sep 29 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Connection closed by 162.144.236.216 port 54890 [preauth]
Sep 29 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user root
Sep 29 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Failed password for root from 162.144.236.216 port 60388 ssh2
Sep 29 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Connection closed by 162.144.236.216 port 60388 [preauth]
Sep 29 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: Failed password for root from 162.144.236.216 port 39860 ssh2
Sep 29 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: Connection closed by 162.144.236.216 port 39860 [preauth]
Sep 29 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session closed for user root
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9057]: pam_unix(cron:session): session closed for user root
Sep 29 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9055]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9260]: Successful su for rubyman by root
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Invalid user postgres from 196.251.87.127
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: input_userauth_request: invalid user postgres [preauth]
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9260]: + ??? root:rubyman
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314619 of user rubyman.
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9260]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314619.
Sep 29 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Failed password for root from 162.144.236.216 port 46696 ssh2
Sep 29 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Connection closed by 162.144.236.216 port 46696 [preauth]
Sep 29 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5886]: pam_unix(cron:session): session closed for user root
Sep 29 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9058]: pam_unix(cron:session): session closed for user root
Sep 29 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Failed password for invalid user postgres from 196.251.87.127 port 51748 ssh2
Sep 29 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9056]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Connection closed by 196.251.87.127 port 51748 [preauth]
Sep 29 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for root from 162.144.236.216 port 54116 ssh2
Sep 29 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Connection closed by 162.144.236.216 port 54116 [preauth]
Sep 29 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Invalid user cindy from 103.174.114.50
Sep 29 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: input_userauth_request: invalid user cindy [preauth]
Sep 29 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9520]: Failed password for root from 162.144.236.216 port 59948 ssh2
Sep 29 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9520]: Connection closed by 162.144.236.216 port 59948 [preauth]
Sep 29 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for invalid user cindy from 103.174.114.50 port 55114 ssh2
Sep 29 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Received disconnect from 103.174.114.50 port 55114:11: Bye Bye [preauth]
Sep 29 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Disconnected from 103.174.114.50 port 55114 [preauth]
Sep 29 12:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Failed password for root from 162.144.236.216 port 37614 ssh2
Sep 29 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Connection closed by 162.144.236.216 port 37614 [preauth]
Sep 29 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session closed for user root
Sep 29 12:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: Failed password for root from 162.144.236.216 port 44260 ssh2
Sep 29 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: Connection closed by 162.144.236.216 port 44260 [preauth]
Sep 29 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: Failed password for root from 162.144.236.216 port 50466 ssh2
Sep 29 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: Connection closed by 162.144.236.216 port 50466 [preauth]
Sep 29 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: Failed password for root from 162.144.236.216 port 56918 ssh2
Sep 29 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: Connection closed by 162.144.236.216 port 56918 [preauth]
Sep 29 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Invalid user user from 80.94.95.112
Sep 29 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: input_userauth_request: invalid user user [preauth]
Sep 29 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user user from 80.94.95.112 port 63660 ssh2
Sep 29 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user user from 80.94.95.112 port 63660 ssh2
Sep 29 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: Successful su for rubyman by root
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: + ??? root:rubyman
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314624 of user rubyman.
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9926]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314624.
Sep 29 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user user from 80.94.95.112 port 63660 ssh2
Sep 29 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Failed password for root from 162.144.236.216 port 35450 ssh2
Sep 29 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user user from 80.94.95.112 port 63660 ssh2
Sep 29 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9833]: Connection closed by 162.144.236.216 port 35450 [preauth]
Sep 29 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6328]: pam_unix(cron:session): session closed for user root
Sep 29 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user user from 80.94.95.112 port 63660 ssh2
Sep 29 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9848]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Received disconnect from 80.94.95.112 port 63660:11: Bye [preauth]
Sep 29 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Disconnected from 80.94.95.112 port 63660 [preauth]
Sep 29 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 12:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 12:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Failed password for root from 162.144.236.216 port 42850 ssh2
Sep 29 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Connection closed by 162.144.236.216 port 42850 [preauth]
Sep 29 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Failed password for root from 162.144.236.216 port 50080 ssh2
Sep 29 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Connection closed by 162.144.236.216 port 50080 [preauth]
Sep 29 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Failed password for root from 162.144.236.216 port 56106 ssh2
Sep 29 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10189]: Connection closed by 162.144.236.216 port 56106 [preauth]
Sep 29 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session closed for user root
Sep 29 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Failed password for root from 162.144.236.216 port 34114 ssh2
Sep 29 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Connection closed by 162.144.236.216 port 34114 [preauth]
Sep 29 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: Failed password for root from 162.144.236.216 port 39824 ssh2
Sep 29 12:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: Connection closed by 162.144.236.216 port 39824 [preauth]
Sep 29 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: Failed password for root from 162.144.236.216 port 45294 ssh2
Sep 29 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10292]: Connection closed by 162.144.236.216 port 45294 [preauth]
Sep 29 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Failed password for root from 162.144.236.216 port 50248 ssh2
Sep 29 12:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Connection closed by 162.144.236.216 port 50248 [preauth]
Sep 29 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Invalid user gl from 103.174.114.50
Sep 29 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: input_userauth_request: invalid user gl [preauth]
Sep 29 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Failed password for invalid user gl from 103.174.114.50 port 54594 ssh2
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Received disconnect from 103.174.114.50 port 54594:11: Bye Bye [preauth]
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Disconnected from 103.174.114.50 port 54594 [preauth]
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10408]: Successful su for rubyman by root
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10408]: + ??? root:rubyman
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314629 of user rubyman.
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10408]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314629.
Sep 29 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6924]: pam_unix(cron:session): session closed for user root
Sep 29 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for root from 162.144.236.216 port 54386 ssh2
Sep 29 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Connection closed by 162.144.236.216 port 54386 [preauth]
Sep 29 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: Invalid user oracle from 196.251.87.127
Sep 29 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: input_userauth_request: invalid user oracle [preauth]
Sep 29 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: Failed password for invalid user oracle from 196.251.87.127 port 49206 ssh2
Sep 29 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Failed password for root from 162.144.236.216 port 60812 ssh2
Sep 29 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10587]: Connection closed by 196.251.87.127 port 49206 [preauth]
Sep 29 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Connection closed by 162.144.236.216 port 60812 [preauth]
Sep 29 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Failed password for root from 162.144.236.216 port 39152 ssh2
Sep 29 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Connection closed by 162.144.236.216 port 39152 [preauth]
Sep 29 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Failed password for root from 138.124.158.150 port 44754 ssh2
Sep 29 12:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Received disconnect from 138.124.158.150 port 44754:11: Bye Bye [preauth]
Sep 29 12:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Disconnected from 138.124.158.150 port 44754 [preauth]
Sep 29 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session closed for user root
Sep 29 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: Failed password for root from 162.144.236.216 port 47468 ssh2
Sep 29 12:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10695]: Connection closed by 162.144.236.216 port 47468 [preauth]
Sep 29 12:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for root from 162.144.236.216 port 54896 ssh2
Sep 29 12:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Connection closed by 162.144.236.216 port 54896 [preauth]
Sep 29 12:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Failed password for root from 162.144.236.216 port 33424 ssh2
Sep 29 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Connection closed by 162.144.236.216 port 33424 [preauth]
Sep 29 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10800]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10868]: Successful su for rubyman by root
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10868]: + ??? root:rubyman
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314632 of user rubyman.
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10868]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314632.
Sep 29 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: Failed password for root from 162.144.236.216 port 38950 ssh2
Sep 29 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session closed for user root
Sep 29 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10789]: Connection closed by 162.144.236.216 port 38950 [preauth]
Sep 29 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11051]: Failed password for root from 162.144.236.216 port 45368 ssh2
Sep 29 12:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11051]: Connection closed by 162.144.236.216 port 45368 [preauth]
Sep 29 12:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Failed password for root from 162.144.236.216 port 52842 ssh2
Sep 29 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Connection closed by 162.144.236.216 port 52842 [preauth]
Sep 29 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for root from 162.144.236.216 port 58470 ssh2
Sep 29 12:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Connection closed by 162.144.236.216 port 58470 [preauth]
Sep 29 12:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user root
Sep 29 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Failed password for root from 162.144.236.216 port 36596 ssh2
Sep 29 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Connection closed by 162.144.236.216 port 36596 [preauth]
Sep 29 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Failed password for root from 138.124.158.150 port 50978 ssh2
Sep 29 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Received disconnect from 138.124.158.150 port 50978:11: Bye Bye [preauth]
Sep 29 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Disconnected from 138.124.158.150 port 50978 [preauth]
Sep 29 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user seal from 103.174.114.50
Sep 29 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user seal [preauth]
Sep 29 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for root from 162.144.236.216 port 43328 ssh2
Sep 29 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Connection closed by 162.144.236.216 port 43328 [preauth]
Sep 29 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user seal from 103.174.114.50 port 37492 ssh2
Sep 29 12:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Received disconnect from 103.174.114.50 port 37492:11: Bye Bye [preauth]
Sep 29 12:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Disconnected from 103.174.114.50 port 37492 [preauth]
Sep 29 12:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Failed password for root from 162.144.236.216 port 48896 ssh2
Sep 29 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Connection closed by 162.144.236.216 port 48896 [preauth]
Sep 29 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: Failed password for root from 162.144.236.216 port 55716 ssh2
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: Successful su for rubyman by root
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: + ??? root:rubyman
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314636 of user rubyman.
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314636.
Sep 29 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11232]: Connection closed by 162.144.236.216 port 55716 [preauth]
Sep 29 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7968]: pam_unix(cron:session): session closed for user root
Sep 29 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11246]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Failed password for root from 162.144.236.216 port 60910 ssh2
Sep 29 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Connection closed by 162.144.236.216 port 60910 [preauth]
Sep 29 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for root from 162.144.236.216 port 39292 ssh2
Sep 29 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Connection closed by 162.144.236.216 port 39292 [preauth]
Sep 29 12:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Invalid user admin from 80.94.95.112
Sep 29 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: input_userauth_request: invalid user admin [preauth]
Sep 29 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 12:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: Invalid user user from 196.251.87.127
Sep 29 12:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: input_userauth_request: invalid user user [preauth]
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Failed password for root from 162.144.236.216 port 44628 ssh2
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for invalid user admin from 80.94.95.112 port 44419 ssh2
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Connection closed by 162.144.236.216 port 44628 [preauth]
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for invalid user admin from 80.94.95.112 port 44419 ssh2
Sep 29 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: Failed password for invalid user user from 196.251.87.127 port 48494 ssh2
Sep 29 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11556]: Connection closed by 196.251.87.127 port 48494 [preauth]
Sep 29 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for invalid user admin from 80.94.95.112 port 44419 ssh2
Sep 29 12:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: Failed password for root from 162.144.236.216 port 48818 ssh2
Sep 29 12:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for invalid user admin from 80.94.95.112 port 44419 ssh2
Sep 29 12:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Failed password for invalid user admin from 80.94.95.112 port 44419 ssh2
Sep 29 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Received disconnect from 80.94.95.112 port 44419:11: Bye [preauth]
Sep 29 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: Disconnected from 80.94.95.112 port 44419 [preauth]
Sep 29 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11532]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11568]: Connection closed by 162.144.236.216 port 48818 [preauth]
Sep 29 12:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session closed for user root
Sep 29 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Failed password for root from 162.144.236.216 port 55230 ssh2
Sep 29 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Connection closed by 162.144.236.216 port 55230 [preauth]
Sep 29 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Invalid user sql from 138.124.158.150
Sep 29 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: input_userauth_request: invalid user sql [preauth]
Sep 29 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Failed password for invalid user sql from 138.124.158.150 port 60080 ssh2
Sep 29 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Received disconnect from 138.124.158.150 port 60080:11: Bye Bye [preauth]
Sep 29 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Disconnected from 138.124.158.150 port 60080 [preauth]
Sep 29 12:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Failed password for root from 162.144.236.216 port 33666 ssh2
Sep 29 12:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Connection closed by 162.144.236.216 port 33666 [preauth]
Sep 29 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: Failed password for root from 162.144.236.216 port 40556 ssh2
Sep 29 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: Connection closed by 162.144.236.216 port 40556 [preauth]
Sep 29 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session closed for user root
Sep 29 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11796]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: Successful su for rubyman by root
Sep 29 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: + ??? root:rubyman
Sep 29 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314642 of user rubyman.
Sep 29 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314642.
Sep 29 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11799]: pam_unix(cron:session): session closed for user root
Sep 29 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user root
Sep 29 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Failed password for root from 162.144.236.216 port 48102 ssh2
Sep 29 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Connection closed by 162.144.236.216 port 48102 [preauth]
Sep 29 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11798]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Failed password for root from 162.144.236.216 port 54446 ssh2
Sep 29 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Connection closed by 162.144.236.216 port 54446 [preauth]
Sep 29 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Failed password for root from 162.144.236.216 port 58828 ssh2
Sep 29 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Connection closed by 162.144.236.216 port 58828 [preauth]
Sep 29 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 12:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for root from 103.174.114.50 port 36320 ssh2
Sep 29 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Received disconnect from 103.174.114.50 port 36320:11: Bye Bye [preauth]
Sep 29 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Disconnected from 103.174.114.50 port 36320 [preauth]
Sep 29 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Failed password for root from 162.144.236.216 port 38156 ssh2
Sep 29 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session closed for user root
Sep 29 12:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Connection closed by 162.144.236.216 port 38156 [preauth]
Sep 29 12:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Failed password for root from 162.144.236.216 port 45120 ssh2
Sep 29 12:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12198]: Connection closed by 162.144.236.216 port 45120 [preauth]
Sep 29 12:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Invalid user distro from 138.124.158.150
Sep 29 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: input_userauth_request: invalid user distro [preauth]
Sep 29 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Failed password for root from 162.144.236.216 port 52510 ssh2
Sep 29 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Connection closed by 162.144.236.216 port 52510 [preauth]
Sep 29 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Failed password for invalid user distro from 138.124.158.150 port 56514 ssh2
Sep 29 12:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Received disconnect from 138.124.158.150 port 56514:11: Bye Bye [preauth]
Sep 29 12:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Disconnected from 138.124.158.150 port 56514 [preauth]
Sep 29 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Failed password for root from 162.144.236.216 port 59946 ssh2
Sep 29 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Connection closed by 162.144.236.216 port 59946 [preauth]
Sep 29 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12287]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: Successful su for rubyman by root
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: + ??? root:rubyman
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314648 of user rubyman.
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12362]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314648.
Sep 29 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9059]: pam_unix(cron:session): session closed for user root
Sep 29 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12288]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12398]: Failed password for root from 162.144.236.216 port 37638 ssh2
Sep 29 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12398]: Connection closed by 162.144.236.216 port 37638 [preauth]
Sep 29 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Failed password for root from 162.144.236.216 port 45792 ssh2
Sep 29 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Connection closed by 162.144.236.216 port 45792 [preauth]
Sep 29 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for root from 162.144.236.216 port 51626 ssh2
Sep 29 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Connection closed by 162.144.236.216 port 51626 [preauth]
Sep 29 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11249]: pam_unix(cron:session): session closed for user root
Sep 29 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Invalid user wpyan from 196.251.87.127
Sep 29 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: input_userauth_request: invalid user wpyan [preauth]
Sep 29 12:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: Failed password for root from 162.144.236.216 port 58888 ssh2
Sep 29 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: Connection closed by 162.144.236.216 port 58888 [preauth]
Sep 29 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user wpyan from 196.251.87.127 port 45992 ssh2
Sep 29 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Connection closed by 196.251.87.127 port 45992 [preauth]
Sep 29 12:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Failed password for root from 162.144.236.216 port 37316 ssh2
Sep 29 12:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Connection closed by 162.144.236.216 port 37316 [preauth]
Sep 29 12:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Failed password for root from 162.144.236.216 port 45358 ssh2
Sep 29 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Invalid user lara from 138.124.158.150
Sep 29 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: input_userauth_request: invalid user lara [preauth]
Sep 29 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Connection closed by 162.144.236.216 port 45358 [preauth]
Sep 29 12:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Failed password for invalid user lara from 138.124.158.150 port 34986 ssh2
Sep 29 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Received disconnect from 138.124.158.150 port 34986:11: Bye Bye [preauth]
Sep 29 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Disconnected from 138.124.158.150 port 34986 [preauth]
Sep 29 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12757]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12826]: Successful su for rubyman by root
Sep 29 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12826]: + ??? root:rubyman
Sep 29 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314650 of user rubyman.
Sep 29 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12826]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314650.
Sep 29 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session closed for user root
Sep 29 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Failed password for root from 162.144.236.216 port 54174 ssh2
Sep 29 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Connection closed by 162.144.236.216 port 54174 [preauth]
Sep 29 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12758]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: Invalid user gabriel from 103.174.114.50
Sep 29 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: input_userauth_request: invalid user gabriel [preauth]
Sep 29 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Failed password for root from 162.144.236.216 port 33100 ssh2
Sep 29 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: Failed password for invalid user gabriel from 103.174.114.50 port 38698 ssh2
Sep 29 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Connection closed by 162.144.236.216 port 33100 [preauth]
Sep 29 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: Received disconnect from 103.174.114.50 port 38698:11: Bye Bye [preauth]
Sep 29 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13055]: Disconnected from 103.174.114.50 port 38698 [preauth]
Sep 29 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: Invalid user oracle from 80.94.95.116
Sep 29 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: input_userauth_request: invalid user oracle [preauth]
Sep 29 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: Failed password for invalid user oracle from 80.94.95.116 port 41328 ssh2
Sep 29 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Failed password for root from 162.144.236.216 port 39678 ssh2
Sep 29 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13082]: Connection closed by 80.94.95.116 port 41328 [preauth]
Sep 29 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Connection closed by 162.144.236.216 port 39678 [preauth]
Sep 29 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Failed password for root from 162.144.236.216 port 44894 ssh2
Sep 29 12:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13093]: Connection closed by 162.144.236.216 port 44894 [preauth]
Sep 29 12:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session closed for user root
Sep 29 12:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Failed password for root from 162.144.236.216 port 51848 ssh2
Sep 29 12:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Connection closed by 162.144.236.216 port 51848 [preauth]
Sep 29 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: Failed password for root from 162.144.236.216 port 57238 ssh2
Sep 29 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13158]: Connection closed by 162.144.236.216 port 57238 [preauth]
Sep 29 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Failed password for root from 162.144.236.216 port 36514 ssh2
Sep 29 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Connection closed by 162.144.236.216 port 36514 [preauth]
Sep 29 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: Successful su for rubyman by root
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: + ??? root:rubyman
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314655 of user rubyman.
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13292]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314655.
Sep 29 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Failed password for root from 162.144.236.216 port 42350 ssh2
Sep 29 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Connection closed by 162.144.236.216 port 42350 [preauth]
Sep 29 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Invalid user tempuser from 138.124.158.150
Sep 29 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: input_userauth_request: invalid user tempuser [preauth]
Sep 29 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10337]: pam_unix(cron:session): session closed for user root
Sep 29 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Failed password for invalid user tempuser from 138.124.158.150 port 57072 ssh2
Sep 29 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Received disconnect from 138.124.158.150 port 57072:11: Bye Bye [preauth]
Sep 29 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Disconnected from 138.124.158.150 port 57072 [preauth]
Sep 29 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: Failed password for root from 162.144.236.216 port 47102 ssh2
Sep 29 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: Connection closed by 162.144.236.216 port 47102 [preauth]
Sep 29 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13514]: Failed password for root from 162.144.236.216 port 54936 ssh2
Sep 29 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13514]: Connection closed by 162.144.236.216 port 54936 [preauth]
Sep 29 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for root from 162.144.236.216 port 33504 ssh2
Sep 29 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Connection closed by 162.144.236.216 port 33504 [preauth]
Sep 29 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12290]: pam_unix(cron:session): session closed for user root
Sep 29 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Failed password for root from 162.144.236.216 port 39878 ssh2
Sep 29 12:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Connection closed by 162.144.236.216 port 39878 [preauth]
Sep 29 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Invalid user jira from 196.251.87.127
Sep 29 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: input_userauth_request: invalid user jira [preauth]
Sep 29 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Failed password for invalid user jira from 196.251.87.127 port 43002 ssh2
Sep 29 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Connection closed by 196.251.87.127 port 43002 [preauth]
Sep 29 12:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Failed password for root from 162.144.236.216 port 46294 ssh2
Sep 29 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Connection closed by 162.144.236.216 port 46294 [preauth]
Sep 29 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Failed password for root from 162.144.236.216 port 53478 ssh2
Sep 29 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Connection closed by 162.144.236.216 port 53478 [preauth]
Sep 29 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Invalid user geoserver from 103.174.114.50
Sep 29 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Failed password for invalid user geoserver from 103.174.114.50 port 57680 ssh2
Sep 29 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Received disconnect from 103.174.114.50 port 57680:11: Bye Bye [preauth]
Sep 29 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13654]: Disconnected from 103.174.114.50 port 57680 [preauth]
Sep 29 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13675]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13674]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13670]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13672]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: Successful su for rubyman by root
Sep 29 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: + ??? root:rubyman
Sep 29 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314659 of user rubyman.
Sep 29 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314659.
Sep 29 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13670]: pam_unix(cron:session): session closed for user root
Sep 29 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Invalid user takata from 213.209.157.9
Sep 29 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: input_userauth_request: invalid user takata [preauth]
Sep 29 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session closed for user root
Sep 29 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Failed password for invalid user takata from 213.209.157.9 port 37004 ssh2
Sep 29 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Failed password for root from 162.144.236.216 port 60302 ssh2
Sep 29 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Connection closed by 213.209.157.9 port 37004 [preauth]
Sep 29 12:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Connection closed by 162.144.236.216 port 60302 [preauth]
Sep 29 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13673]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Failed password for root from 162.144.236.216 port 41156 ssh2
Sep 29 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Connection closed by 162.144.236.216 port 41156 [preauth]
Sep 29 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 138.124.158.150 port 43612 ssh2
Sep 29 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Received disconnect from 138.124.158.150 port 43612:11: Bye Bye [preauth]
Sep 29 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Disconnected from 138.124.158.150 port 43612 [preauth]
Sep 29 12:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for root from 162.144.236.216 port 48984 ssh2
Sep 29 12:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Connection closed by 162.144.236.216 port 48984 [preauth]
Sep 29 12:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Failed password for root from 162.144.236.216 port 53596 ssh2
Sep 29 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Connection closed by 162.144.236.216 port 53596 [preauth]
Sep 29 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session closed for user root
Sep 29 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 162.144.236.216 port 57826 ssh2
Sep 29 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Connection closed by 162.144.236.216 port 57826 [preauth]
Sep 29 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Failed password for root from 162.144.236.216 port 36450 ssh2
Sep 29 12:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14255]: Connection closed by 162.144.236.216 port 36450 [preauth]
Sep 29 12:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Failed password for root from 162.144.236.216 port 44620 ssh2
Sep 29 12:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Connection closed by 162.144.236.216 port 44620 [preauth]
Sep 29 12:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session closed for user root
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14379]: Successful su for rubyman by root
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14379]: + ??? root:rubyman
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314665 of user rubyman.
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14379]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314665.
Sep 29 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session closed for user root
Sep 29 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11247]: pam_unix(cron:session): session closed for user root
Sep 29 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Failed password for root from 162.144.236.216 port 51226 ssh2
Sep 29 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Connection closed by 162.144.236.216 port 51226 [preauth]
Sep 29 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Failed password for root from 162.144.236.216 port 58862 ssh2
Sep 29 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Connection closed by 162.144.236.216 port 58862 [preauth]
Sep 29 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14655]: Failed password for root from 138.124.158.150 port 59838 ssh2
Sep 29 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14655]: Received disconnect from 138.124.158.150 port 59838:11: Bye Bye [preauth]
Sep 29 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14655]: Disconnected from 138.124.158.150 port 59838 [preauth]
Sep 29 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Failed password for root from 162.144.236.216 port 36578 ssh2
Sep 29 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Connection closed by 162.144.236.216 port 36578 [preauth]
Sep 29 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session closed for user root
Sep 29 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: Invalid user VPN from 103.174.114.50
Sep 29 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: input_userauth_request: invalid user VPN [preauth]
Sep 29 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for root from 162.144.236.216 port 45266 ssh2
Sep 29 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Connection closed by 162.144.236.216 port 45266 [preauth]
Sep 29 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: Failed password for invalid user VPN from 103.174.114.50 port 40234 ssh2
Sep 29 12:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: Received disconnect from 103.174.114.50 port 40234:11: Bye Bye [preauth]
Sep 29 12:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: Disconnected from 103.174.114.50 port 40234 [preauth]
Sep 29 12:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Invalid user vps from 196.251.87.127
Sep 29 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: input_userauth_request: invalid user vps [preauth]
Sep 29 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.127
Sep 29 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Failed password for invalid user vps from 196.251.87.127 port 40126 ssh2
Sep 29 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14718]: Failed password for root from 162.144.236.216 port 51992 ssh2
Sep 29 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Connection closed by 196.251.87.127 port 40126 [preauth]
Sep 29 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14718]: Connection closed by 162.144.236.216 port 51992 [preauth]
Sep 29 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for root from 162.144.236.216 port 34850 ssh2
Sep 29 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Connection closed by 162.144.236.216 port 34850 [preauth]
Sep 29 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14787]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14860]: Successful su for rubyman by root
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14860]: + ??? root:rubyman
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314671 of user rubyman.
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14860]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314671.
Sep 29 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11802]: pam_unix(cron:session): session closed for user root
Sep 29 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for root from 162.144.236.216 port 40654 ssh2
Sep 29 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14786]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Connection closed by 162.144.236.216 port 40654 [preauth]
Sep 29 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: Failed password for root from 162.144.236.216 port 48524 ssh2
Sep 29 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15054]: Connection closed by 162.144.236.216 port 48524 [preauth]
Sep 29 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Failed password for root from 162.144.236.216 port 54578 ssh2
Sep 29 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Connection closed by 162.144.236.216 port 54578 [preauth]
Sep 29 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Invalid user suman from 138.124.158.150
Sep 29 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: input_userauth_request: invalid user suman [preauth]
Sep 29 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Failed password for invalid user suman from 138.124.158.150 port 42282 ssh2
Sep 29 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Received disconnect from 138.124.158.150 port 42282:11: Bye Bye [preauth]
Sep 29 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Disconnected from 138.124.158.150 port 42282 [preauth]
Sep 29 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13675]: pam_unix(cron:session): session closed for user root
Sep 29 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Failed password for root from 162.144.236.216 port 35366 ssh2
Sep 29 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Connection closed by 162.144.236.216 port 35366 [preauth]
Sep 29 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Failed password for root from 162.144.236.216 port 41420 ssh2
Sep 29 12:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Connection closed by 162.144.236.216 port 41420 [preauth]
Sep 29 12:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: Failed password for root from 162.144.236.216 port 51010 ssh2
Sep 29 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15195]: Connection closed by 162.144.236.216 port 51010 [preauth]
Sep 29 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15291]: Successful su for rubyman by root
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15291]: + ??? root:rubyman
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314673 of user rubyman.
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15291]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314673.
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Failed password for root from 162.144.236.216 port 56598 ssh2
Sep 29 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Connection closed by 162.144.236.216 port 56598 [preauth]
Sep 29 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12289]: pam_unix(cron:session): session closed for user root
Sep 29 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Failed password for root from 162.144.236.216 port 33594 ssh2
Sep 29 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Connection closed by 162.144.236.216 port 33594 [preauth]
Sep 29 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Invalid user deploy from 103.174.114.50
Sep 29 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: input_userauth_request: invalid user deploy [preauth]
Sep 29 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Failed password for invalid user deploy from 103.174.114.50 port 55814 ssh2
Sep 29 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Received disconnect from 103.174.114.50 port 55814:11: Bye Bye [preauth]
Sep 29 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Disconnected from 103.174.114.50 port 55814 [preauth]
Sep 29 12:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Failed password for root from 162.144.236.216 port 40394 ssh2
Sep 29 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Connection closed by 162.144.236.216 port 40394 [preauth]
Sep 29 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Failed password for root from 162.144.236.216 port 46568 ssh2
Sep 29 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Connection closed by 162.144.236.216 port 46568 [preauth]
Sep 29 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session closed for user root
Sep 29 12:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Failed password for root from 162.144.236.216 port 52676 ssh2
Sep 29 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Connection closed by 162.144.236.216 port 52676 [preauth]
Sep 29 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Failed password for root from 138.124.158.150 port 58170 ssh2
Sep 29 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Received disconnect from 138.124.158.150 port 58170:11: Bye Bye [preauth]
Sep 29 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Disconnected from 138.124.158.150 port 58170 [preauth]
Sep 29 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Failed password for root from 162.144.236.216 port 59866 ssh2
Sep 29 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Connection closed by 162.144.236.216 port 59866 [preauth]
Sep 29 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Failed password for root from 162.144.236.216 port 38000 ssh2
Sep 29 12:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Connection closed by 162.144.236.216 port 38000 [preauth]
Sep 29 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15668]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15734]: Successful su for rubyman by root
Sep 29 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15734]: + ??? root:rubyman
Sep 29 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314678 of user rubyman.
Sep 29 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15734]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314678.
Sep 29 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Failed password for root from 162.144.236.216 port 44646 ssh2
Sep 29 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Connection closed by 162.144.236.216 port 44646 [preauth]
Sep 29 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session closed for user root
Sep 29 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Failed password for root from 162.144.236.216 port 50502 ssh2
Sep 29 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15880]: Connection closed by 162.144.236.216 port 50502 [preauth]
Sep 29 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: Failed password for root from 162.144.236.216 port 56948 ssh2
Sep 29 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15934]: Connection closed by 162.144.236.216 port 56948 [preauth]
Sep 29 12:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: Failed password for root from 162.144.236.216 port 36896 ssh2
Sep 29 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15969]: Connection closed by 162.144.236.216 port 36896 [preauth]
Sep 29 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session closed for user root
Sep 29 12:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for root from 162.144.236.216 port 42480 ssh2
Sep 29 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Connection closed by 162.144.236.216 port 42480 [preauth]
Sep 29 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Invalid user discord from 138.124.158.150
Sep 29 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: input_userauth_request: invalid user discord [preauth]
Sep 29 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Failed password for root from 162.144.236.216 port 49610 ssh2
Sep 29 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Failed password for invalid user discord from 138.124.158.150 port 50052 ssh2
Sep 29 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Received disconnect from 138.124.158.150 port 50052:11: Bye Bye [preauth]
Sep 29 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Disconnected from 138.124.158.150 port 50052 [preauth]
Sep 29 12:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Connection closed by 162.144.236.216 port 49610 [preauth]
Sep 29 12:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: Invalid user precio01 from 103.174.114.50
Sep 29 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: input_userauth_request: invalid user precio01 [preauth]
Sep 29 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: Failed password for invalid user precio01 from 103.174.114.50 port 48472 ssh2
Sep 29 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: Received disconnect from 103.174.114.50 port 48472:11: Bye Bye [preauth]
Sep 29 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16079]: Disconnected from 103.174.114.50 port 48472 [preauth]
Sep 29 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: Failed password for root from 162.144.236.216 port 55752 ssh2
Sep 29 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: Connection closed by 162.144.236.216 port 55752 [preauth]
Sep 29 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: Successful su for rubyman by root
Sep 29 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: + ??? root:rubyman
Sep 29 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314682 of user rubyman.
Sep 29 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314682.
Sep 29 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: Failed password for root from 162.144.236.216 port 34546 ssh2
Sep 29 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session closed for user root
Sep 29 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: Connection closed by 162.144.236.216 port 34546 [preauth]
Sep 29 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 162.144.236.216 port 41642 ssh2
Sep 29 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Connection closed by 162.144.236.216 port 41642 [preauth]
Sep 29 12:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Failed password for root from 162.144.236.216 port 48446 ssh2
Sep 29 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Connection closed by 162.144.236.216 port 48446 [preauth]
Sep 29 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for root from 162.144.236.216 port 56018 ssh2
Sep 29 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Connection closed by 162.144.236.216 port 56018 [preauth]
Sep 29 12:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session closed for user root
Sep 29 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for root from 162.144.236.216 port 33856 ssh2
Sep 29 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 162.144.236.216 port 33856 [preauth]
Sep 29 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16494]: Failed password for root from 162.144.236.216 port 39694 ssh2
Sep 29 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16494]: Connection closed by 162.144.236.216 port 39694 [preauth]
Sep 29 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16526]: Failed password for root from 162.144.236.216 port 46348 ssh2
Sep 29 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16526]: Connection closed by 162.144.236.216 port 46348 [preauth]
Sep 29 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Failed password for root from 138.124.158.150 port 53686 ssh2
Sep 29 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Received disconnect from 138.124.158.150 port 53686:11: Bye Bye [preauth]
Sep 29 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Disconnected from 138.124.158.150 port 53686 [preauth]
Sep 29 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session closed for user root
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16555]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Failed password for root from 162.144.236.216 port 52366 ssh2
Sep 29 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: Successful su for rubyman by root
Sep 29 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: + ??? root:rubyman
Sep 29 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314688 of user rubyman.
Sep 29 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314688.
Sep 29 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Connection closed by 162.144.236.216 port 52366 [preauth]
Sep 29 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session closed for user root
Sep 29 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13674]: pam_unix(cron:session): session closed for user root
Sep 29 12:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16557]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for root from 162.144.236.216 port 59312 ssh2
Sep 29 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Connection closed by 162.144.236.216 port 59312 [preauth]
Sep 29 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Failed password for root from 162.144.236.216 port 36820 ssh2
Sep 29 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Connection closed by 162.144.236.216 port 36820 [preauth]
Sep 29 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: Invalid user wanghao from 103.174.114.50
Sep 29 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: input_userauth_request: invalid user wanghao [preauth]
Sep 29 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: Failed password for invalid user wanghao from 103.174.114.50 port 36144 ssh2
Sep 29 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: Received disconnect from 103.174.114.50 port 36144:11: Bye Bye [preauth]
Sep 29 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16919]: Disconnected from 103.174.114.50 port 36144 [preauth]
Sep 29 12:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Failed password for root from 162.144.236.216 port 43738 ssh2
Sep 29 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Connection closed by 162.144.236.216 port 43738 [preauth]
Sep 29 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session closed for user root
Sep 29 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Failed password for root from 162.144.236.216 port 52186 ssh2
Sep 29 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Connection closed by 162.144.236.216 port 52186 [preauth]
Sep 29 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Failed password for root from 162.144.236.216 port 60578 ssh2
Sep 29 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16998]: Connection closed by 162.144.236.216 port 60578 [preauth]
Sep 29 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Failed password for root from 162.144.236.216 port 38978 ssh2
Sep 29 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Connection closed by 162.144.236.216 port 38978 [preauth]
Sep 29 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17134]: Successful su for rubyman by root
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17134]: + ??? root:rubyman
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314691 of user rubyman.
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17134]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314691.
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Invalid user qiuhan from 138.124.158.150
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: input_userauth_request: invalid user qiuhan [preauth]
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Failed password for invalid user qiuhan from 138.124.158.150 port 52182 ssh2
Sep 29 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Received disconnect from 138.124.158.150 port 52182:11: Bye Bye [preauth]
Sep 29 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Disconnected from 138.124.158.150 port 52182 [preauth]
Sep 29 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session closed for user root
Sep 29 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Failed password for root from 162.144.236.216 port 44970 ssh2
Sep 29 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Connection closed by 162.144.236.216 port 44970 [preauth]
Sep 29 12:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Invalid user admin from 185.156.73.233
Sep 29 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: input_userauth_request: invalid user admin [preauth]
Sep 29 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for root from 162.144.236.216 port 51990 ssh2
Sep 29 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Connection closed by 162.144.236.216 port 51990 [preauth]
Sep 29 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Failed password for invalid user admin from 185.156.73.233 port 44396 ssh2
Sep 29 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Connection closed by 185.156.73.233 port 44396 [preauth]
Sep 29 12:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Failed password for root from 162.144.236.216 port 58934 ssh2
Sep 29 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Connection closed by 162.144.236.216 port 58934 [preauth]
Sep 29 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16103]: pam_unix(cron:session): session closed for user root
Sep 29 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Failed password for root from 162.144.236.216 port 37746 ssh2
Sep 29 12:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Connection closed by 162.144.236.216 port 37746 [preauth]
Sep 29 12:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Failed password for root from 162.144.236.216 port 45658 ssh2
Sep 29 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Connection closed by 162.144.236.216 port 45658 [preauth]
Sep 29 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: Failed password for root from 162.144.236.216 port 49678 ssh2
Sep 29 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: Connection closed by 162.144.236.216 port 49678 [preauth]
Sep 29 12:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17519]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17519]: pam_unix(cron:session): session closed for user root
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17521]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 162.144.236.216 port 57766 ssh2
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17595]: Successful su for rubyman by root
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17595]: + ??? root:rubyman
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314695 of user rubyman.
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17595]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314695.
Sep 29 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Failed password for root from 103.174.114.50 port 55962 ssh2
Sep 29 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Received disconnect from 103.174.114.50 port 55962:11: Bye Bye [preauth]
Sep 29 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Disconnected from 103.174.114.50 port 55962 [preauth]
Sep 29 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 162.144.236.216 port 57766 [preauth]
Sep 29 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14787]: pam_unix(cron:session): session closed for user root
Sep 29 12:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Failed password for root from 162.144.236.216 port 39380 ssh2
Sep 29 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Connection closed by 162.144.236.216 port 39380 [preauth]
Sep 29 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Failed password for root from 138.124.158.150 port 53570 ssh2
Sep 29 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Received disconnect from 138.124.158.150 port 53570:11: Bye Bye [preauth]
Sep 29 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Disconnected from 138.124.158.150 port 53570 [preauth]
Sep 29 12:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Failed password for root from 162.144.236.216 port 45370 ssh2
Sep 29 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Connection closed by 162.144.236.216 port 45370 [preauth]
Sep 29 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for root from 162.144.236.216 port 53028 ssh2
Sep 29 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 162.144.236.216 port 53028 [preauth]
Sep 29 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user root
Sep 29 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Failed password for root from 162.144.236.216 port 58684 ssh2
Sep 29 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Invalid user ubnt from 93.152.230.176
Sep 29 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Connection closed by 162.144.236.216 port 58684 [preauth]
Sep 29 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for invalid user ubnt from 93.152.230.176 port 36280 ssh2
Sep 29 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Received disconnect from 93.152.230.176 port 36280:11: Client disconnecting normally [preauth]
Sep 29 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Disconnected from 93.152.230.176 port 36280 [preauth]
Sep 29 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for root from 162.144.236.216 port 37620 ssh2
Sep 29 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Connection closed by 162.144.236.216 port 37620 [preauth]
Sep 29 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: Failed password for root from 162.144.236.216 port 43050 ssh2
Sep 29 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: Connection closed by 162.144.236.216 port 43050 [preauth]
Sep 29 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18277]: Successful su for rubyman by root
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18277]: + ??? root:rubyman
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314701 of user rubyman.
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18277]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314701.
Sep 29 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Failed password for root from 162.144.236.216 port 50318 ssh2
Sep 29 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Connection closed by 162.144.236.216 port 50318 [preauth]
Sep 29 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session closed for user root
Sep 29 12:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for root from 162.144.236.216 port 57368 ssh2
Sep 29 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Connection closed by 162.144.236.216 port 57368 [preauth]
Sep 29 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Invalid user asdf from 138.124.158.150
Sep 29 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: input_userauth_request: invalid user asdf [preauth]
Sep 29 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Failed password for invalid user asdf from 138.124.158.150 port 39882 ssh2
Sep 29 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Received disconnect from 138.124.158.150 port 39882:11: Bye Bye [preauth]
Sep 29 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Disconnected from 138.124.158.150 port 39882 [preauth]
Sep 29 12:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for root from 162.144.236.216 port 38578 ssh2
Sep 29 12:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Connection closed by 162.144.236.216 port 38578 [preauth]
Sep 29 12:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Failed password for root from 162.144.236.216 port 45790 ssh2
Sep 29 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Connection closed by 162.144.236.216 port 45790 [preauth]
Sep 29 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session closed for user root
Sep 29 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Failed password for root from 162.144.236.216 port 51140 ssh2
Sep 29 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Connection closed by 162.144.236.216 port 51140 [preauth]
Sep 29 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Invalid user novinhost from 103.174.114.50
Sep 29 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: input_userauth_request: invalid user novinhost [preauth]
Sep 29 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50
Sep 29 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Failed password for invalid user novinhost from 103.174.114.50 port 35076 ssh2
Sep 29 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Received disconnect from 103.174.114.50 port 35076:11: Bye Bye [preauth]
Sep 29 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Disconnected from 103.174.114.50 port 35076 [preauth]
Sep 29 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Failed password for root from 162.144.236.216 port 56544 ssh2
Sep 29 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Connection closed by 162.144.236.216 port 56544 [preauth]
Sep 29 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for root from 162.144.236.216 port 34924 ssh2
Sep 29 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Connection closed by 162.144.236.216 port 34924 [preauth]
Sep 29 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18889]: Successful su for rubyman by root
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18889]: + ??? root:rubyman
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314705 of user rubyman.
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18889]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314705.
Sep 29 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15668]: pam_unix(cron:session): session closed for user root
Sep 29 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: Failed password for root from 162.144.236.216 port 42706 ssh2
Sep 29 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: Connection closed by 162.144.236.216 port 42706 [preauth]
Sep 29 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: Failed password for root from 162.144.236.216 port 50122 ssh2
Sep 29 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: Connection closed by 162.144.236.216 port 50122 [preauth]
Sep 29 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: Invalid user den from 138.124.158.150
Sep 29 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: input_userauth_request: invalid user den [preauth]
Sep 29 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: Failed password for root from 162.144.236.216 port 57392 ssh2
Sep 29 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19142]: Connection closed by 162.144.236.216 port 57392 [preauth]
Sep 29 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: Failed password for invalid user den from 138.124.158.150 port 57832 ssh2
Sep 29 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: Received disconnect from 138.124.158.150 port 57832:11: Bye Bye [preauth]
Sep 29 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19153]: Disconnected from 138.124.158.150 port 57832 [preauth]
Sep 29 12:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session closed for user root
Sep 29 12:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Failed password for root from 162.144.236.216 port 36616 ssh2
Sep 29 12:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Connection closed by 162.144.236.216 port 36616 [preauth]
Sep 29 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Failed password for root from 162.144.236.216 port 43176 ssh2
Sep 29 12:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Connection closed by 162.144.236.216 port 43176 [preauth]
Sep 29 12:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19249]: Failed password for root from 162.144.236.216 port 49456 ssh2
Sep 29 12:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19249]: Connection closed by 162.144.236.216 port 49456 [preauth]
Sep 29 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19352]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19350]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Failed password for root from 162.144.236.216 port 55924 ssh2
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19353]: pam_unix(cron:session): session closed for user root
Sep 29 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19348]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19577]: Successful su for rubyman by root
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19577]: + ??? root:rubyman
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314710 of user rubyman.
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19577]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314710.
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19297]: Connection closed by 162.144.236.216 port 55924 [preauth]
Sep 29 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session closed for user root
Sep 29 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19350]: pam_unix(cron:session): session closed for user root
Sep 29 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19349]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Failed password for root from 162.144.236.216 port 36208 ssh2
Sep 29 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Connection closed by 162.144.236.216 port 36208 [preauth]
Sep 29 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Failed password for root from 162.144.236.216 port 43724 ssh2
Sep 29 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Connection closed by 162.144.236.216 port 43724 [preauth]
Sep 29 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.174.114.50  user=root
Sep 29 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Failed password for root from 103.174.114.50 port 36670 ssh2
Sep 29 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Received disconnect from 103.174.114.50 port 36670:11: Bye Bye [preauth]
Sep 29 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Disconnected from 103.174.114.50 port 36670 [preauth]
Sep 29 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Failed password for root from 162.144.236.216 port 51558 ssh2
Sep 29 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Connection closed by 162.144.236.216 port 51558 [preauth]
Sep 29 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18093]: pam_unix(cron:session): session closed for user root
Sep 29 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Invalid user s3 from 138.124.158.150
Sep 29 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: input_userauth_request: invalid user s3 [preauth]
Sep 29 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user s3 from 138.124.158.150 port 45762 ssh2
Sep 29 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Received disconnect from 138.124.158.150 port 45762:11: Bye Bye [preauth]
Sep 29 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Disconnected from 138.124.158.150 port 45762 [preauth]
Sep 29 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Failed password for root from 162.144.236.216 port 57968 ssh2
Sep 29 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Connection closed by 162.144.236.216 port 57968 [preauth]
Sep 29 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: Failed password for root from 162.144.236.216 port 36288 ssh2
Sep 29 12:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: Connection closed by 162.144.236.216 port 36288 [preauth]
Sep 29 12:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 162.144.236.216 port 43542 ssh2
Sep 29 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Connection closed by 162.144.236.216 port 43542 [preauth]
Sep 29 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20168]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: Successful su for rubyman by root
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: + ??? root:rubyman
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314715 of user rubyman.
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314715.
Sep 29 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Failed password for root from 162.144.236.216 port 48766 ssh2
Sep 29 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Connection closed by 162.144.236.216 port 48766 [preauth]
Sep 29 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16561]: pam_unix(cron:session): session closed for user root
Sep 29 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20170]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: Invalid user brian from 164.68.105.9
Sep 29 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: input_userauth_request: invalid user brian [preauth]
Sep 29 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: Failed password for invalid user brian from 164.68.105.9 port 36460 ssh2
Sep 29 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20484]: Connection closed by 164.68.105.9 port 36460 [preauth]
Sep 29 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: Failed password for root from 162.144.236.216 port 55116 ssh2
Sep 29 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20432]: Connection closed by 162.144.236.216 port 55116 [preauth]
Sep 29 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Failed password for root from 162.144.236.216 port 34732 ssh2
Sep 29 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Connection closed by 162.144.236.216 port 34732 [preauth]
Sep 29 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Failed password for root from 162.144.236.216 port 41000 ssh2
Sep 29 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Connection closed by 162.144.236.216 port 41000 [preauth]
Sep 29 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session closed for user root
Sep 29 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for root from 162.144.236.216 port 48048 ssh2
Sep 29 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Connection closed by 162.144.236.216 port 48048 [preauth]
Sep 29 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Invalid user foundry from 138.124.158.150
Sep 29 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: input_userauth_request: invalid user foundry [preauth]
Sep 29 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Failed password for invalid user foundry from 138.124.158.150 port 36454 ssh2
Sep 29 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Received disconnect from 138.124.158.150 port 36454:11: Bye Bye [preauth]
Sep 29 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20613]: Disconnected from 138.124.158.150 port 36454 [preauth]
Sep 29 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for root from 162.144.236.216 port 54892 ssh2
Sep 29 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Connection closed by 162.144.236.216 port 54892 [preauth]
Sep 29 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20639]: Failed password for root from 162.144.236.216 port 33300 ssh2
Sep 29 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20639]: Connection closed by 162.144.236.216 port 33300 [preauth]
Sep 29 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20663]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20742]: Successful su for rubyman by root
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20742]: + ??? root:rubyman
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314718 of user rubyman.
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20742]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314718.
Sep 29 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Failed password for root from 162.144.236.216 port 39960 ssh2
Sep 29 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session closed for user root
Sep 29 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Connection closed by 162.144.236.216 port 39960 [preauth]
Sep 29 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Failed password for root from 162.144.236.216 port 45988 ssh2
Sep 29 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Connection closed by 162.144.236.216 port 45988 [preauth]
Sep 29 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: Failed password for root from 162.144.236.216 port 53648 ssh2
Sep 29 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20966]: Connection closed by 162.144.236.216 port 53648 [preauth]
Sep 29 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Failed password for root from 162.144.236.216 port 59580 ssh2
Sep 29 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Connection closed by 162.144.236.216 port 59580 [preauth]
Sep 29 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19352]: pam_unix(cron:session): session closed for user root
Sep 29 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: Failed password for root from 162.144.236.216 port 38590 ssh2
Sep 29 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: Connection closed by 162.144.236.216 port 38590 [preauth]
Sep 29 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Failed password for root from 162.144.236.216 port 46082 ssh2
Sep 29 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Connection closed by 162.144.236.216 port 46082 [preauth]
Sep 29 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Invalid user max from 138.124.158.150
Sep 29 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: input_userauth_request: invalid user max [preauth]
Sep 29 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Failed password for invalid user max from 138.124.158.150 port 47894 ssh2
Sep 29 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Received disconnect from 138.124.158.150 port 47894:11: Bye Bye [preauth]
Sep 29 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Disconnected from 138.124.158.150 port 47894 [preauth]
Sep 29 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Failed password for root from 162.144.236.216 port 50462 ssh2
Sep 29 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Connection closed by 162.144.236.216 port 50462 [preauth]
Sep 29 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for root from 162.144.236.216 port 56622 ssh2
Sep 29 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 162.144.236.216 port 56622 [preauth]
Sep 29 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21198]: Successful su for rubyman by root
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21198]: + ??? root:rubyman
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314723 of user rubyman.
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21198]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314723.
Sep 29 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session closed for user root
Sep 29 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Failed password for root from 162.144.236.216 port 34832 ssh2
Sep 29 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21186]: Connection closed by 162.144.236.216 port 34832 [preauth]
Sep 29 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Failed password for root from 162.144.236.216 port 41980 ssh2
Sep 29 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Connection closed by 162.144.236.216 port 41980 [preauth]
Sep 29 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: Failed password for root from 162.144.236.216 port 48514 ssh2
Sep 29 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: Connection closed by 162.144.236.216 port 48514 [preauth]
Sep 29 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session closed for user root
Sep 29 12:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Failed password for root from 162.144.236.216 port 57528 ssh2
Sep 29 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Connection closed by 162.144.236.216 port 57528 [preauth]
Sep 29 12:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: Failed password for root from 162.144.236.216 port 36010 ssh2
Sep 29 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: Connection closed by 162.144.236.216 port 36010 [preauth]
Sep 29 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: Invalid user db2fenc1 from 138.124.158.150
Sep 29 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: input_userauth_request: invalid user db2fenc1 [preauth]
Sep 29 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for root from 162.144.236.216 port 41666 ssh2
Sep 29 12:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Connection closed by 162.144.236.216 port 41666 [preauth]
Sep 29 12:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: Failed password for invalid user db2fenc1 from 138.124.158.150 port 49816 ssh2
Sep 29 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: Received disconnect from 138.124.158.150 port 49816:11: Bye Bye [preauth]
Sep 29 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: Disconnected from 138.124.158.150 port 49816 [preauth]
Sep 29 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21578]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21641]: Successful su for rubyman by root
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21641]: + ??? root:rubyman
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314726 of user rubyman.
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21641]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314726.
Sep 29 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Failed password for root from 162.144.236.216 port 48210 ssh2
Sep 29 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Connection closed by 162.144.236.216 port 48210 [preauth]
Sep 29 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session closed for user root
Sep 29 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: Failed password for root from 162.144.236.216 port 55560 ssh2
Sep 29 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: Connection closed by 162.144.236.216 port 55560 [preauth]
Sep 29 12:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for root from 162.144.236.216 port 32950 ssh2
Sep 29 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Connection closed by 162.144.236.216 port 32950 [preauth]
Sep 29 12:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Failed password for root from 162.144.236.216 port 40320 ssh2
Sep 29 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21900]: Connection closed by 162.144.236.216 port 40320 [preauth]
Sep 29 12:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session closed for user root
Sep 29 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Failed password for root from 162.144.236.216 port 46876 ssh2
Sep 29 12:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Connection closed by 162.144.236.216 port 46876 [preauth]
Sep 29 12:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Failed password for root from 162.144.236.216 port 52984 ssh2
Sep 29 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Connection closed by 162.144.236.216 port 52984 [preauth]
Sep 29 12:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Failed password for root from 162.144.236.216 port 60588 ssh2
Sep 29 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Connection closed by 162.144.236.216 port 60588 [preauth]
Sep 29 12:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: Invalid user devops from 138.124.158.150
Sep 29 12:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: input_userauth_request: invalid user devops [preauth]
Sep 29 12:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: Failed password for invalid user devops from 138.124.158.150 port 42970 ssh2
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22040]: pam_unix(cron:session): session closed for user root
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22035]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: Received disconnect from 138.124.158.150 port 42970:11: Bye Bye [preauth]
Sep 29 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22018]: Disconnected from 138.124.158.150 port 42970 [preauth]
Sep 29 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22112]: Successful su for rubyman by root
Sep 29 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22112]: + ??? root:rubyman
Sep 29 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314730 of user rubyman.
Sep 29 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22112]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314730.
Sep 29 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: Failed password for root from 162.144.236.216 port 39592 ssh2
Sep 29 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22030]: Connection closed by 162.144.236.216 port 39592 [preauth]
Sep 29 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18815]: pam_unix(cron:session): session closed for user root
Sep 29 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22037]: pam_unix(cron:session): session closed for user root
Sep 29 12:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Failed password for root from 162.144.236.216 port 46332 ssh2
Sep 29 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Connection closed by 162.144.236.216 port 46332 [preauth]
Sep 29 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Failed password for root from 162.144.236.216 port 53490 ssh2
Sep 29 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Connection closed by 162.144.236.216 port 53490 [preauth]
Sep 29 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21138]: pam_unix(cron:session): session closed for user root
Sep 29 12:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Failed password for root from 162.144.236.216 port 33576 ssh2
Sep 29 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Connection closed by 162.144.236.216 port 33576 [preauth]
Sep 29 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Failed password for root from 162.144.236.216 port 40136 ssh2
Sep 29 12:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Connection closed by 162.144.236.216 port 40136 [preauth]
Sep 29 12:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Failed password for root from 162.144.236.216 port 48436 ssh2
Sep 29 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Connection closed by 162.144.236.216 port 48436 [preauth]
Sep 29 12:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22519]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: Successful su for rubyman by root
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: + ??? root:rubyman
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314737 of user rubyman.
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314737.
Sep 29 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: Failed password for root from 162.144.236.216 port 53068 ssh2
Sep 29 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: Connection closed by 162.144.236.216 port 53068 [preauth]
Sep 29 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Invalid user sysop from 138.124.158.150
Sep 29 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: input_userauth_request: invalid user sysop [preauth]
Sep 29 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Failed password for invalid user sysop from 138.124.158.150 port 34460 ssh2
Sep 29 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Received disconnect from 138.124.158.150 port 34460:11: Bye Bye [preauth]
Sep 29 12:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Disconnected from 138.124.158.150 port 34460 [preauth]
Sep 29 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session closed for user root
Sep 29 12:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Failed password for root from 162.144.236.216 port 34064 ssh2
Sep 29 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Connection closed by 162.144.236.216 port 34064 [preauth]
Sep 29 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Invalid user RPM from 185.156.73.233
Sep 29 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: input_userauth_request: invalid user RPM [preauth]
Sep 29 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Failed password for invalid user RPM from 185.156.73.233 port 24778 ssh2
Sep 29 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23018]: Connection closed by 185.156.73.233 port 24778 [preauth]
Sep 29 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23020]: Failed password for root from 162.144.236.216 port 40934 ssh2
Sep 29 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23020]: Connection closed by 162.144.236.216 port 40934 [preauth]
Sep 29 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Failed password for root from 162.144.236.216 port 46602 ssh2
Sep 29 12:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Connection closed by 162.144.236.216 port 46602 [preauth]
Sep 29 12:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21578]: pam_unix(cron:session): session closed for user root
Sep 29 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Failed password for root from 162.144.236.216 port 52348 ssh2
Sep 29 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Connection closed by 162.144.236.216 port 52348 [preauth]
Sep 29 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Failed password for root from 162.144.236.216 port 58864 ssh2
Sep 29 12:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Connection closed by 162.144.236.216 port 58864 [preauth]
Sep 29 12:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Failed password for root from 162.144.236.216 port 37866 ssh2
Sep 29 12:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Connection closed by 162.144.236.216 port 37866 [preauth]
Sep 29 12:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23236]: Failed password for root from 162.144.236.216 port 44344 ssh2
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23255]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23252]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23236]: Connection closed by 162.144.236.216 port 44344 [preauth]
Sep 29 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: Successful su for rubyman by root
Sep 29 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: + ??? root:rubyman
Sep 29 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314741 of user rubyman.
Sep 29 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23330]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314741.
Sep 29 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20172]: pam_unix(cron:session): session closed for user root
Sep 29 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23253]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: Failed password for root from 162.144.236.216 port 50190 ssh2
Sep 29 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: Connection closed by 162.144.236.216 port 50190 [preauth]
Sep 29 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: Invalid user a from 138.124.158.150
Sep 29 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: input_userauth_request: invalid user a [preauth]
Sep 29 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: Failed password for invalid user a from 138.124.158.150 port 35112 ssh2
Sep 29 12:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: Received disconnect from 138.124.158.150 port 35112:11: Bye Bye [preauth]
Sep 29 12:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23773]: Disconnected from 138.124.158.150 port 35112 [preauth]
Sep 29 12:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: Failed password for root from 162.144.236.216 port 57028 ssh2
Sep 29 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23770]: Connection closed by 162.144.236.216 port 57028 [preauth]
Sep 29 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Failed password for root from 162.144.236.216 port 34608 ssh2
Sep 29 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Connection closed by 162.144.236.216 port 34608 [preauth]
Sep 29 12:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: Failed password for root from 162.144.236.216 port 42634 ssh2
Sep 29 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: Connection closed by 162.144.236.216 port 42634 [preauth]
Sep 29 12:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22039]: pam_unix(cron:session): session closed for user root
Sep 29 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Failed password for root from 162.144.236.216 port 49058 ssh2
Sep 29 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Connection closed by 162.144.236.216 port 49058 [preauth]
Sep 29 12:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23882]: Failed password for root from 162.144.236.216 port 56060 ssh2
Sep 29 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23882]: Connection closed by 162.144.236.216 port 56060 [preauth]
Sep 29 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23909]: Failed password for root from 162.144.236.216 port 60692 ssh2
Sep 29 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23909]: Connection closed by 162.144.236.216 port 60692 [preauth]
Sep 29 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24010]: Successful su for rubyman by root
Sep 29 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24010]: + ??? root:rubyman
Sep 29 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314745 of user rubyman.
Sep 29 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24010]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314745.
Sep 29 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session closed for user root
Sep 29 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23938]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for root from 162.144.236.216 port 39594 ssh2
Sep 29 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Connection closed by 162.144.236.216 port 39594 [preauth]
Sep 29 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Failed password for root from 162.144.236.216 port 47696 ssh2
Sep 29 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Connection closed by 162.144.236.216 port 47696 [preauth]
Sep 29 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: Invalid user ark from 138.124.158.150
Sep 29 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: input_userauth_request: invalid user ark [preauth]
Sep 29 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: Failed password for invalid user ark from 138.124.158.150 port 46938 ssh2
Sep 29 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: Received disconnect from 138.124.158.150 port 46938:11: Bye Bye [preauth]
Sep 29 12:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: Disconnected from 138.124.158.150 port 46938 [preauth]
Sep 29 12:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: Failed password for root from 162.144.236.216 port 52780 ssh2
Sep 29 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24287]: Connection closed by 162.144.236.216 port 52780 [preauth]
Sep 29 12:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: Failed password for root from 162.144.236.216 port 58052 ssh2
Sep 29 12:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: Connection closed by 162.144.236.216 port 58052 [preauth]
Sep 29 12:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22520]: pam_unix(cron:session): session closed for user root
Sep 29 12:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Failed password for root from 162.144.236.216 port 35548 ssh2
Sep 29 12:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Connection closed by 162.144.236.216 port 35548 [preauth]
Sep 29 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for root from 162.144.236.216 port 42250 ssh2
Sep 29 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Connection closed by 162.144.236.216 port 42250 [preauth]
Sep 29 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for root from 162.144.236.216 port 48356 ssh2
Sep 29 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Connection closed by 162.144.236.216 port 48356 [preauth]
Sep 29 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Failed password for root from 162.144.236.216 port 54302 ssh2
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Connection closed by 162.144.236.216 port 54302 [preauth]
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24518]: Successful su for rubyman by root
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24518]: + ??? root:rubyman
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314749 of user rubyman.
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24518]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314749.
Sep 29 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session closed for user root
Sep 29 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: Failed password for root from 162.144.236.216 port 59112 ssh2
Sep 29 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24517]: Connection closed by 162.144.236.216 port 59112 [preauth]
Sep 29 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Failed password for root from 162.144.236.216 port 36744 ssh2
Sep 29 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Connection closed by 162.144.236.216 port 36744 [preauth]
Sep 29 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Failed password for root from 162.144.236.216 port 43754 ssh2
Sep 29 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24769]: Connection closed by 162.144.236.216 port 43754 [preauth]
Sep 29 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Invalid user xxt from 138.124.158.150
Sep 29 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: input_userauth_request: invalid user xxt [preauth]
Sep 29 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Failed password for invalid user xxt from 138.124.158.150 port 33512 ssh2
Sep 29 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Received disconnect from 138.124.158.150 port 33512:11: Bye Bye [preauth]
Sep 29 12:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Disconnected from 138.124.158.150 port 33512 [preauth]
Sep 29 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Failed password for root from 162.144.236.216 port 48924 ssh2
Sep 29 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Connection closed by 162.144.236.216 port 48924 [preauth]
Sep 29 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23255]: pam_unix(cron:session): session closed for user root
Sep 29 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Failed password for root from 162.144.236.216 port 56530 ssh2
Sep 29 12:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Connection closed by 162.144.236.216 port 56530 [preauth]
Sep 29 12:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Failed password for root from 162.144.236.216 port 35242 ssh2
Sep 29 12:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Connection closed by 162.144.236.216 port 35242 [preauth]
Sep 29 12:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Failed password for root from 162.144.236.216 port 41314 ssh2
Sep 29 12:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24886]: Connection closed by 162.144.236.216 port 41314 [preauth]
Sep 29 12:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user root
Sep 29 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24999]: Successful su for rubyman by root
Sep 29 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24999]: + ??? root:rubyman
Sep 29 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314753 of user rubyman.
Sep 29 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24999]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314753.
Sep 29 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session closed for user root
Sep 29 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21577]: pam_unix(cron:session): session closed for user root
Sep 29 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: Failed password for root from 162.144.236.216 port 47036 ssh2
Sep 29 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24906]: Connection closed by 162.144.236.216 port 47036 [preauth]
Sep 29 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for root from 162.144.236.216 port 55486 ssh2
Sep 29 12:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Connection closed by 162.144.236.216 port 55486 [preauth]
Sep 29 12:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: Failed password for root from 162.144.236.216 port 34260 ssh2
Sep 29 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: Connection closed by 162.144.236.216 port 34260 [preauth]
Sep 29 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25516]: Failed password for root from 162.144.236.216 port 40216 ssh2
Sep 29 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25516]: Connection closed by 162.144.236.216 port 40216 [preauth]
Sep 29 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session closed for user root
Sep 29 12:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Failed password for root from 162.144.236.216 port 47154 ssh2
Sep 29 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Failed password for root from 138.124.158.150 port 53660 ssh2
Sep 29 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Received disconnect from 138.124.158.150 port 53660:11: Bye Bye [preauth]
Sep 29 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25583]: Disconnected from 138.124.158.150 port 53660 [preauth]
Sep 29 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Connection closed by 162.144.236.216 port 47154 [preauth]
Sep 29 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Failed password for root from 162.144.236.216 port 53358 ssh2
Sep 29 12:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Connection closed by 162.144.236.216 port 53358 [preauth]
Sep 29 12:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: Failed password for root from 162.144.236.216 port 59834 ssh2
Sep 29 12:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25631]: Connection closed by 162.144.236.216 port 59834 [preauth]
Sep 29 12:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: Successful su for rubyman by root
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: + ??? root:rubyman
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314758 of user rubyman.
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314758.
Sep 29 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Failed password for root from 162.144.236.216 port 38644 ssh2
Sep 29 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Connection closed by 162.144.236.216 port 38644 [preauth]
Sep 29 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22038]: pam_unix(cron:session): session closed for user root
Sep 29 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: Failed password for root from 162.144.236.216 port 44736 ssh2
Sep 29 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: Connection closed by 162.144.236.216 port 44736 [preauth]
Sep 29 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Failed password for root from 162.144.236.216 port 49828 ssh2
Sep 29 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26065]: Connection closed by 162.144.236.216 port 49828 [preauth]
Sep 29 12:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for root from 162.144.236.216 port 57490 ssh2
Sep 29 12:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 162.144.236.216 port 57490 [preauth]
Sep 29 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session closed for user root
Sep 29 12:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Failed password for root from 162.144.236.216 port 36066 ssh2
Sep 29 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Connection closed by 162.144.236.216 port 36066 [preauth]
Sep 29 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Failed password for root from 162.144.236.216 port 40932 ssh2
Sep 29 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: Invalid user superadmin from 138.124.158.150
Sep 29 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Connection closed by 162.144.236.216 port 40932 [preauth]
Sep 29 12:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: Failed password for invalid user superadmin from 138.124.158.150 port 48444 ssh2
Sep 29 12:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: Received disconnect from 138.124.158.150 port 48444:11: Bye Bye [preauth]
Sep 29 12:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26194]: Disconnected from 138.124.158.150 port 48444 [preauth]
Sep 29 12:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Failed password for root from 162.144.236.216 port 48262 ssh2
Sep 29 12:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26214]: Connection closed by 162.144.236.216 port 48262 [preauth]
Sep 29 12:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: Successful su for rubyman by root
Sep 29 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: + ??? root:rubyman
Sep 29 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314762 of user rubyman.
Sep 29 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26312]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314762.
Sep 29 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: Failed password for root from 162.144.236.216 port 56552 ssh2
Sep 29 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26227]: Connection closed by 162.144.236.216 port 56552 [preauth]
Sep 29 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22519]: pam_unix(cron:session): session closed for user root
Sep 29 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Failed password for root from 162.144.236.216 port 34442 ssh2
Sep 29 12:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26572]: Connection closed by 162.144.236.216 port 34442 [preauth]
Sep 29 12:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Failed password for root from 162.144.236.216 port 40154 ssh2
Sep 29 12:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Connection closed by 162.144.236.216 port 40154 [preauth]
Sep 29 12:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Failed password for root from 162.144.236.216 port 46584 ssh2
Sep 29 12:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Connection closed by 162.144.236.216 port 46584 [preauth]
Sep 29 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Failed password for root from 162.144.236.216 port 53130 ssh2
Sep 29 12:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Connection closed by 162.144.236.216 port 53130 [preauth]
Sep 29 12:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session closed for user root
Sep 29 12:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: Failed password for root from 162.144.236.216 port 58288 ssh2
Sep 29 12:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: Connection closed by 162.144.236.216 port 58288 [preauth]
Sep 29 12:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Failed password for root from 138.124.158.150 port 50110 ssh2
Sep 29 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Received disconnect from 138.124.158.150 port 50110:11: Bye Bye [preauth]
Sep 29 12:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Disconnected from 138.124.158.150 port 50110 [preauth]
Sep 29 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for root from 162.144.236.216 port 38612 ssh2
Sep 29 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Connection closed by 162.144.236.216 port 38612 [preauth]
Sep 29 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26868]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26972]: Successful su for rubyman by root
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26972]: + ??? root:rubyman
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314769 of user rubyman.
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26972]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314769.
Sep 29 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Failed password for root from 162.144.236.216 port 47980 ssh2
Sep 29 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23254]: pam_unix(cron:session): session closed for user root
Sep 29 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Connection closed by 162.144.236.216 port 47980 [preauth]
Sep 29 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Failed password for root from 162.144.236.216 port 54820 ssh2
Sep 29 12:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Connection closed by 162.144.236.216 port 54820 [preauth]
Sep 29 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: Failed password for root from 162.144.236.216 port 36586 ssh2
Sep 29 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: Connection closed by 162.144.236.216 port 36586 [preauth]
Sep 29 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user root
Sep 29 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Failed password for root from 162.144.236.216 port 42590 ssh2
Sep 29 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Connection closed by 162.144.236.216 port 42590 [preauth]
Sep 29 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Failed password for root from 162.144.236.216 port 49714 ssh2
Sep 29 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Connection closed by 162.144.236.216 port 49714 [preauth]
Sep 29 12:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Failed password for root from 162.144.236.216 port 57568 ssh2
Sep 29 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Connection closed by 162.144.236.216 port 57568 [preauth]
Sep 29 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27393]: Failed password for root from 162.144.236.216 port 35206 ssh2
Sep 29 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Invalid user  from 62.60.131.157
Sep 29 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: input_userauth_request: invalid user  [preauth]
Sep 29 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Failed none for invalid user  from 62.60.131.157 port 63001 ssh2
Sep 29 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Received disconnect from 62.60.131.157 port 63001:11: Bye [preauth]
Sep 29 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Disconnected from 62.60.131.157 port 63001 [preauth]
Sep 29 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27393]: Connection closed by 162.144.236.216 port 35206 [preauth]
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27411]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Invalid user hl from 138.124.158.150
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: input_userauth_request: invalid user hl [preauth]
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: Successful su for rubyman by root
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: + ??? root:rubyman
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314772 of user rubyman.
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27489]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314772.
Sep 29 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Failed password for invalid user hl from 138.124.158.150 port 47710 ssh2
Sep 29 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Received disconnect from 138.124.158.150 port 47710:11: Bye Bye [preauth]
Sep 29 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Disconnected from 138.124.158.150 port 47710 [preauth]
Sep 29 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session closed for user root
Sep 29 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27442]: Failed password for root from 162.144.236.216 port 41886 ssh2
Sep 29 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27442]: Connection closed by 162.144.236.216 port 41886 [preauth]
Sep 29 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Failed password for root from 162.144.236.216 port 48072 ssh2
Sep 29 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Connection closed by 162.144.236.216 port 48072 [preauth]
Sep 29 12:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 162.144.236.216 port 55914 ssh2
Sep 29 12:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Connection closed by 162.144.236.216 port 55914 [preauth]
Sep 29 12:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session closed for user root
Sep 29 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for root from 162.144.236.216 port 33512 ssh2
Sep 29 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Connection closed by 162.144.236.216 port 33512 [preauth]
Sep 29 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Failed password for root from 162.144.236.216 port 40880 ssh2
Sep 29 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27980]: Connection closed by 162.144.236.216 port 40880 [preauth]
Sep 29 12:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Failed password for root from 162.144.236.216 port 48152 ssh2
Sep 29 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28011]: Connection closed by 162.144.236.216 port 48152 [preauth]
Sep 29 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28054]: pam_unix(cron:session): session closed for user root
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: Failed password for root from 162.144.236.216 port 53002 ssh2
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28126]: Successful su for rubyman by root
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28126]: + ??? root:rubyman
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314777 of user rubyman.
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28126]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314777.
Sep 29 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: Connection closed by 162.144.236.216 port 53002 [preauth]
Sep 29 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user root
Sep 29 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28049]: pam_unix(cron:session): session closed for user root
Sep 29 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Invalid user saas from 138.124.158.150
Sep 29 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: input_userauth_request: invalid user saas [preauth]
Sep 29 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Failed password for invalid user saas from 138.124.158.150 port 51168 ssh2
Sep 29 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Received disconnect from 138.124.158.150 port 51168:11: Bye Bye [preauth]
Sep 29 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Disconnected from 138.124.158.150 port 51168 [preauth]
Sep 29 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Failed password for root from 162.144.236.216 port 33450 ssh2
Sep 29 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Connection closed by 162.144.236.216 port 33450 [preauth]
Sep 29 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Did not receive identification string from 115.28.198.131
Sep 29 12:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for root from 162.144.236.216 port 40674 ssh2
Sep 29 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 162.144.236.216 port 40674 [preauth]
Sep 29 12:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Failed password for root from 162.144.236.216 port 50232 ssh2
Sep 29 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Connection closed by 162.144.236.216 port 50232 [preauth]
Sep 29 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session closed for user root
Sep 29 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Invalid user ubuntu from 80.94.95.115
Sep 29 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Failed password for invalid user ubuntu from 80.94.95.115 port 36248 ssh2
Sep 29 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Connection closed by 80.94.95.115 port 36248 [preauth]
Sep 29 12:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Failed password for root from 162.144.236.216 port 56730 ssh2
Sep 29 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28458]: Connection closed by 162.144.236.216 port 56730 [preauth]
Sep 29 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28605]: Failed password for root from 162.144.236.216 port 35850 ssh2
Sep 29 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28605]: Connection closed by 162.144.236.216 port 35850 [preauth]
Sep 29 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28636]: Failed password for root from 162.144.236.216 port 40174 ssh2
Sep 29 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28636]: Connection closed by 162.144.236.216 port 40174 [preauth]
Sep 29 12:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: Failed password for root from 162.144.236.216 port 46954 ssh2
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28675]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: Connection closed by 162.144.236.216 port 46954 [preauth]
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28757]: Successful su for rubyman by root
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28757]: + ??? root:rubyman
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314780 of user rubyman.
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28757]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314780.
Sep 29 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24913]: pam_unix(cron:session): session closed for user root
Sep 29 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: Invalid user site from 138.124.158.150
Sep 29 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: input_userauth_request: invalid user site [preauth]
Sep 29 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Failed password for root from 162.144.236.216 port 53166 ssh2
Sep 29 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: Failed password for invalid user site from 138.124.158.150 port 44432 ssh2
Sep 29 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: Received disconnect from 138.124.158.150 port 44432:11: Bye Bye [preauth]
Sep 29 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: Disconnected from 138.124.158.150 port 44432 [preauth]
Sep 29 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Connection closed by 162.144.236.216 port 53166 [preauth]
Sep 29 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Failed password for root from 162.144.236.216 port 60514 ssh2
Sep 29 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Connection closed by 162.144.236.216 port 60514 [preauth]
Sep 29 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27411]: pam_unix(cron:session): session closed for user root
Sep 29 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Failed password for root from 162.144.236.216 port 41254 ssh2
Sep 29 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Connection closed by 162.144.236.216 port 41254 [preauth]
Sep 29 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Failed password for root from 162.144.236.216 port 48102 ssh2
Sep 29 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Connection closed by 162.144.236.216 port 48102 [preauth]
Sep 29 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29346]: Successful su for rubyman by root
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29346]: + ??? root:rubyman
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314784 of user rubyman.
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29346]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314784.
Sep 29 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: Failed password for root from 162.144.236.216 port 53672 ssh2
Sep 29 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session closed for user root
Sep 29 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: Connection closed by 162.144.236.216 port 53672 [preauth]
Sep 29 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Failed password for root from 162.144.236.216 port 60602 ssh2
Sep 29 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: Invalid user odoo12 from 138.124.158.150
Sep 29 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: input_userauth_request: invalid user odoo12 [preauth]
Sep 29 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Connection closed by 162.144.236.216 port 60602 [preauth]
Sep 29 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: Failed password for invalid user odoo12 from 138.124.158.150 port 55544 ssh2
Sep 29 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: Received disconnect from 138.124.158.150 port 55544:11: Bye Bye [preauth]
Sep 29 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: Disconnected from 138.124.158.150 port 55544 [preauth]
Sep 29 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28053]: pam_unix(cron:session): session closed for user root
Sep 29 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29606]: Failed password for root from 162.144.236.216 port 41168 ssh2
Sep 29 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29606]: Connection closed by 162.144.236.216 port 41168 [preauth]
Sep 29 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Failed password for root from 162.144.236.216 port 50292 ssh2
Sep 29 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Connection closed by 162.144.236.216 port 50292 [preauth]
Sep 29 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Failed password for root from 162.144.236.216 port 56658 ssh2
Sep 29 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29741]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Connection closed by 162.144.236.216 port 56658 [preauth]
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: Successful su for rubyman by root
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: + ??? root:rubyman
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314790 of user rubyman.
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29816]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314790.
Sep 29 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session closed for user root
Sep 29 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Failed password for root from 162.144.236.216 port 34492 ssh2
Sep 29 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Connection closed by 162.144.236.216 port 34492 [preauth]
Sep 29 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Failed password for root from 162.144.236.216 port 39588 ssh2
Sep 29 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Connection closed by 162.144.236.216 port 39588 [preauth]
Sep 29 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: Failed password for root from 138.124.158.150 port 35078 ssh2
Sep 29 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: Received disconnect from 138.124.158.150 port 35078:11: Bye Bye [preauth]
Sep 29 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30105]: Disconnected from 138.124.158.150 port 35078 [preauth]
Sep 29 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session closed for user root
Sep 29 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: Failed password for root from 162.144.236.216 port 47428 ssh2
Sep 29 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: Connection closed by 162.144.236.216 port 47428 [preauth]
Sep 29 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Failed password for root from 162.144.236.216 port 55204 ssh2
Sep 29 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Connection closed by 162.144.236.216 port 55204 [preauth]
Sep 29 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30247]: Failed password for root from 162.144.236.216 port 32950 ssh2
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30444]: Successful su for rubyman by root
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30444]: + ??? root:rubyman
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314794 of user rubyman.
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30444]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314794.
Sep 29 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30265]: pam_unix(cron:session): session closed for user root
Sep 29 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30247]: Connection closed by 162.144.236.216 port 32950 [preauth]
Sep 29 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session closed for user root
Sep 29 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Failed password for root from 162.144.236.216 port 41052 ssh2
Sep 29 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Connection closed by 162.144.236.216 port 41052 [preauth]
Sep 29 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30769]: Failed password for root from 162.144.236.216 port 46848 ssh2
Sep 29 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30769]: Connection closed by 162.144.236.216 port 46848 [preauth]
Sep 29 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Failed password for root from 162.144.236.216 port 53716 ssh2
Sep 29 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Failed password for root from 138.124.158.150 port 35234 ssh2
Sep 29 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Received disconnect from 138.124.158.150 port 35234:11: Bye Bye [preauth]
Sep 29 12:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Disconnected from 138.124.158.150 port 35234 [preauth]
Sep 29 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Connection closed by 162.144.236.216 port 53716 [preauth]
Sep 29 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29267]: pam_unix(cron:session): session closed for user root
Sep 29 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Failed password for root from 162.144.236.216 port 33044 ssh2
Sep 29 12:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Connection closed by 162.144.236.216 port 33044 [preauth]
Sep 29 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session closed for user root
Sep 29 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30939]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: Successful su for rubyman by root
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: + ??? root:rubyman
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314798 of user rubyman.
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314798.
Sep 29 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30915]: Failed password for root from 162.144.236.216 port 40624 ssh2
Sep 29 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30915]: Connection closed by 162.144.236.216 port 40624 [preauth]
Sep 29 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session closed for user root
Sep 29 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user root
Sep 29 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Failed password for root from 162.144.236.216 port 47444 ssh2
Sep 29 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Connection closed by 162.144.236.216 port 47444 [preauth]
Sep 29 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Failed password for root from 162.144.236.216 port 53784 ssh2
Sep 29 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Connection closed by 162.144.236.216 port 53784 [preauth]
Sep 29 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session closed for user root
Sep 29 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Failed password for root from 162.144.236.216 port 60764 ssh2
Sep 29 12:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Connection closed by 162.144.236.216 port 60764 [preauth]
Sep 29 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150  user=root
Sep 29 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Failed password for root from 138.124.158.150 port 33120 ssh2
Sep 29 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Received disconnect from 138.124.158.150 port 33120:11: Bye Bye [preauth]
Sep 29 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Disconnected from 138.124.158.150 port 33120 [preauth]
Sep 29 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: Invalid user admin from 139.19.117.131
Sep 29 12:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: input_userauth_request: invalid user admin [preauth]
Sep 29 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: Failed password for root from 162.144.236.216 port 40654 ssh2
Sep 29 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: Connection closed by 162.144.236.216 port 40654 [preauth]
Sep 29 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: Connection closed by 139.19.117.131 port 46610 [preauth]
Sep 29 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31569]: Successful su for rubyman by root
Sep 29 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31569]: + ??? root:rubyman
Sep 29 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314806 of user rubyman.
Sep 29 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31569]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314806.
Sep 29 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31445]: Failed password for root from 162.144.236.216 port 47862 ssh2
Sep 29 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28052]: pam_unix(cron:session): session closed for user root
Sep 29 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31445]: Connection closed by 162.144.236.216 port 47862 [preauth]
Sep 29 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31464]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31753]: Failed password for root from 162.144.236.216 port 55946 ssh2
Sep 29 12:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31753]: Connection closed by 162.144.236.216 port 55946 [preauth]
Sep 29 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Failed password for root from 162.144.236.216 port 36250 ssh2
Sep 29 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Connection closed by 162.144.236.216 port 36250 [preauth]
Sep 29 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 162.144.236.216 port 42704 ssh2
Sep 29 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection closed by 162.144.236.216 port 42704 [preauth]
Sep 29 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30272]: pam_unix(cron:session): session closed for user root
Sep 29 12:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: Failed password for root from 162.144.236.216 port 48386 ssh2
Sep 29 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: Connection closed by 162.144.236.216 port 48386 [preauth]
Sep 29 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Failed password for root from 162.144.236.216 port 54920 ssh2
Sep 29 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Connection closed by 162.144.236.216 port 54920 [preauth]
Sep 29 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: Invalid user minecraft from 138.124.158.150
Sep 29 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.158.150
Sep 29 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: Failed password for invalid user minecraft from 138.124.158.150 port 49526 ssh2
Sep 29 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: Received disconnect from 138.124.158.150 port 49526:11: Bye Bye [preauth]
Sep 29 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31920]: Disconnected from 138.124.158.150 port 49526 [preauth]
Sep 29 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Failed password for root from 162.144.236.216 port 32998 ssh2
Sep 29 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Connection closed by 162.144.236.216 port 32998 [preauth]
Sep 29 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32015]: Successful su for rubyman by root
Sep 29 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32015]: + ??? root:rubyman
Sep 29 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314808 of user rubyman.
Sep 29 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32015]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314808.
Sep 29 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: Failed password for root from 162.144.236.216 port 40200 ssh2
Sep 29 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: Connection closed by 162.144.236.216 port 40200 [preauth]
Sep 29 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session closed for user root
Sep 29 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Failed password for root from 162.144.236.216 port 46436 ssh2
Sep 29 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32147]: Connection closed by 162.144.236.216 port 46436 [preauth]
Sep 29 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Failed password for root from 162.144.236.216 port 54692 ssh2
Sep 29 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Connection closed by 162.144.236.216 port 54692 [preauth]
Sep 29 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30943]: pam_unix(cron:session): session closed for user root
Sep 29 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Failed password for root from 162.144.236.216 port 34448 ssh2
Sep 29 12:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Connection closed by 162.144.236.216 port 34448 [preauth]
Sep 29 12:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: Failed password for root from 162.144.236.216 port 42782 ssh2
Sep 29 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32392]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32393]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32390]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: Connection closed by 162.144.236.216 port 42782 [preauth]
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: Successful su for rubyman by root
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: + ??? root:rubyman
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314813 of user rubyman.
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314813.
Sep 29 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29265]: pam_unix(cron:session): session closed for user root
Sep 29 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32391]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Failed password for root from 162.144.236.216 port 50316 ssh2
Sep 29 12:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Connection closed by 162.144.236.216 port 50316 [preauth]
Sep 29 12:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: Failed password for root from 162.144.236.216 port 58624 ssh2
Sep 29 12:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: Connection closed by 162.144.236.216 port 58624 [preauth]
Sep 29 12:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Failed password for root from 162.144.236.216 port 37362 ssh2
Sep 29 12:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32707]: Connection closed by 162.144.236.216 port 37362 [preauth]
Sep 29 12:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session closed for user root
Sep 29 12:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Failed password for root from 162.144.236.216 port 44796 ssh2
Sep 29 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Connection closed by 162.144.236.216 port 44796 [preauth]
Sep 29 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: Failed password for root from 162.144.236.216 port 50706 ssh2
Sep 29 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[337]: Connection closed by 162.144.236.216 port 50706 [preauth]
Sep 29 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[370]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[453]: Successful su for rubyman by root
Sep 29 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[453]: + ??? root:rubyman
Sep 29 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314815 of user rubyman.
Sep 29 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[453]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314815.
Sep 29 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session closed for user root
Sep 29 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for root from 162.144.236.216 port 57810 ssh2
Sep 29 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Connection closed by 162.144.236.216 port 57810 [preauth]
Sep 29 12:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: Failed password for root from 162.144.236.216 port 36516 ssh2
Sep 29 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: Connection closed by 162.144.236.216 port 36516 [preauth]
Sep 29 12:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: Failed password for root from 162.144.236.216 port 43302 ssh2
Sep 29 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[694]: Connection closed by 162.144.236.216 port 43302 [preauth]
Sep 29 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Invalid user ubnt from 185.156.73.233
Sep 29 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for invalid user ubnt from 185.156.73.233 port 20804 ssh2
Sep 29 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user root
Sep 29 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 185.156.73.233 port 20804 [preauth]
Sep 29 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: Failed password for root from 162.144.236.216 port 50558 ssh2
Sep 29 12:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[721]: Connection closed by 162.144.236.216 port 50558 [preauth]
Sep 29 12:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Failed password for root from 162.144.236.216 port 56784 ssh2
Sep 29 12:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[777]: Connection closed by 162.144.236.216 port 56784 [preauth]
Sep 29 12:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session closed for user root
Sep 29 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: Successful su for rubyman by root
Sep 29 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: + ??? root:rubyman
Sep 29 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314822 of user rubyman.
Sep 29 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314822.
Sep 29 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for root from 162.144.236.216 port 34976 ssh2
Sep 29 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[865]: pam_unix(cron:session): session closed for user root
Sep 29 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30271]: pam_unix(cron:session): session closed for user root
Sep 29 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Connection closed by 162.144.236.216 port 34976 [preauth]
Sep 29 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[864]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: Failed password for root from 162.144.236.216 port 41290 ssh2
Sep 29 12:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: Connection closed by 162.144.236.216 port 41290 [preauth]
Sep 29 12:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Failed password for root from 162.144.236.216 port 47094 ssh2
Sep 29 12:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Connection closed by 162.144.236.216 port 47094 [preauth]
Sep 29 12:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32393]: pam_unix(cron:session): session closed for user root
Sep 29 12:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Failed password for root from 162.144.236.216 port 53342 ssh2
Sep 29 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Connection closed by 162.144.236.216 port 53342 [preauth]
Sep 29 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1349]: Failed password for root from 162.144.236.216 port 59290 ssh2
Sep 29 12:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1349]: Connection closed by 162.144.236.216 port 59290 [preauth]
Sep 29 12:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Failed password for root from 162.144.236.216 port 36746 ssh2
Sep 29 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Connection closed by 162.144.236.216 port 36746 [preauth]
Sep 29 12:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1411]: Failed password for root from 162.144.236.216 port 42700 ssh2
Sep 29 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1411]: Connection closed by 162.144.236.216 port 42700 [preauth]
Sep 29 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1463]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1533]: Successful su for rubyman by root
Sep 29 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1533]: + ??? root:rubyman
Sep 29 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314825 of user rubyman.
Sep 29 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1533]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314825.
Sep 29 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session closed for user root
Sep 29 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Failed password for root from 162.144.236.216 port 50184 ssh2
Sep 29 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Connection closed by 162.144.236.216 port 50184 [preauth]
Sep 29 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1464]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Failed password for root from 162.144.236.216 port 55462 ssh2
Sep 29 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Connection closed by 162.144.236.216 port 55462 [preauth]
Sep 29 12:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for root from 162.144.236.216 port 33896 ssh2
Sep 29 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 162.144.236.216 port 33896 [preauth]
Sep 29 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session closed for user root
Sep 29 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.63.245.187  user=root
Sep 29 12:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for root from 116.63.245.187 port 53856 ssh2
Sep 29 12:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for root from 116.63.245.187 port 53856 ssh2
Sep 29 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for root from 162.144.236.216 port 41356 ssh2
Sep 29 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1865]: Connection reset by 116.63.245.187 port 58974 [preauth]
Sep 29 12:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for root from 116.63.245.187 port 53856 ssh2
Sep 29 12:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Connection reset by 116.63.245.187 port 53856 [preauth]
Sep 29 12:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.63.245.187  user=root
Sep 29 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Connection closed by 162.144.236.216 port 41356 [preauth]
Sep 29 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for root from 162.144.236.216 port 49676 ssh2
Sep 29 12:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Connection closed by 162.144.236.216 port 49676 [preauth]
Sep 29 12:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1928]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1997]: Successful su for rubyman by root
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1997]: + ??? root:rubyman
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314829 of user rubyman.
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1997]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314829.
Sep 29 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31470]: pam_unix(cron:session): session closed for user root
Sep 29 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1930]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1926]: Failed password for root from 162.144.236.216 port 56228 ssh2
Sep 29 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1926]: Connection closed by 162.144.236.216 port 56228 [preauth]
Sep 29 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Failed password for root from 162.144.236.216 port 35822 ssh2
Sep 29 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2217]: Connection closed by 162.144.236.216 port 35822 [preauth]
Sep 29 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 162.144.236.216 port 42114 ssh2
Sep 29 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Connection closed by 162.144.236.216 port 42114 [preauth]
Sep 29 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Failed password for root from 162.144.236.216 port 48794 ssh2
Sep 29 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2277]: Connection closed by 162.144.236.216 port 48794 [preauth]
Sep 29 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session closed for user root
Sep 29 12:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 12:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Failed password for root from 190.103.202.7 port 39386 ssh2
Sep 29 12:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Connection closed by 190.103.202.7 port 39386 [preauth]
Sep 29 12:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for root from 162.144.236.216 port 54012 ssh2
Sep 29 12:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Connection closed by 162.144.236.216 port 54012 [preauth]
Sep 29 12:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2331]: Failed password for root from 162.144.236.216 port 60306 ssh2
Sep 29 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2331]: Connection closed by 162.144.236.216 port 60306 [preauth]
Sep 29 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Failed password for root from 162.144.236.216 port 38500 ssh2
Sep 29 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Connection closed by 162.144.236.216 port 38500 [preauth]
Sep 29 12:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2379]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2448]: Successful su for rubyman by root
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2448]: + ??? root:rubyman
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314833 of user rubyman.
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2448]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314833.
Sep 29 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: Failed password for root from 162.144.236.216 port 45076 ssh2
Sep 29 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session closed for user root
Sep 29 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2365]: Connection closed by 162.144.236.216 port 45076 [preauth]
Sep 29 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2641]: Failed password for root from 162.144.236.216 port 50780 ssh2
Sep 29 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2641]: Connection closed by 162.144.236.216 port 50780 [preauth]
Sep 29 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2689]: Failed password for root from 162.144.236.216 port 58446 ssh2
Sep 29 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1466]: pam_unix(cron:session): session closed for user root
Sep 29 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2689]: Connection closed by 162.144.236.216 port 58446 [preauth]
Sep 29 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Failed password for root from 162.144.236.216 port 37472 ssh2
Sep 29 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Connection closed by 162.144.236.216 port 37472 [preauth]
Sep 29 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Failed password for root from 162.144.236.216 port 44948 ssh2
Sep 29 12:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Connection closed by 162.144.236.216 port 44948 [preauth]
Sep 29 12:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: Successful su for rubyman by root
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: + ??? root:rubyman
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314838 of user rubyman.
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2892]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314838.
Sep 29 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Failed password for root from 162.144.236.216 port 50542 ssh2
Sep 29 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Connection closed by 162.144.236.216 port 50542 [preauth]
Sep 29 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32392]: pam_unix(cron:session): session closed for user root
Sep 29 12:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Failed password for root from 162.144.236.216 port 56510 ssh2
Sep 29 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3049]: Connection closed by 162.144.236.216 port 56510 [preauth]
Sep 29 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Failed password for root from 162.144.236.216 port 35200 ssh2
Sep 29 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Connection closed by 162.144.236.216 port 35200 [preauth]
Sep 29 12:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 162.144.236.216 port 41534 ssh2
Sep 29 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1932]: pam_unix(cron:session): session closed for user root
Sep 29 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Connection closed by 162.144.236.216 port 41534 [preauth]
Sep 29 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Failed password for root from 167.148.134.96 port 45274 ssh2
Sep 29 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Received disconnect from 167.148.134.96 port 45274:11: Bye Bye [preauth]
Sep 29 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Disconnected from 167.148.134.96 port 45274 [preauth]
Sep 29 12:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for root from 162.144.236.216 port 48460 ssh2
Sep 29 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Connection closed by 162.144.236.216 port 48460 [preauth]
Sep 29 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Invalid user 123456 from 93.152.230.176
Sep 29 12:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: input_userauth_request: invalid user 123456 [preauth]
Sep 29 12:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Failed password for invalid user 123456 from 93.152.230.176 port 19093 ssh2
Sep 29 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Received disconnect from 93.152.230.176 port 19093:11: Client disconnecting normally [preauth]
Sep 29 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Disconnected from 93.152.230.176 port 19093 [preauth]
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session closed for user root
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3259]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3336]: Successful su for rubyman by root
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3336]: + ??? root:rubyman
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314841 of user rubyman.
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3336]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314841.
Sep 29 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Failed password for root from 162.144.236.216 port 57134 ssh2
Sep 29 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[372]: pam_unix(cron:session): session closed for user root
Sep 29 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3261]: pam_unix(cron:session): session closed for user root
Sep 29 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Connection closed by 162.144.236.216 port 57134 [preauth]
Sep 29 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3260]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Failed password for root from 162.144.236.216 port 35864 ssh2
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Connection closed by 162.144.236.216 port 35864 [preauth]
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Invalid user admin from 78.128.112.74
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: input_userauth_request: invalid user admin [preauth]
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 12:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Failed password for invalid user admin from 78.128.112.74 port 34648 ssh2
Sep 29 12:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Connection closed by 78.128.112.74 port 34648 [preauth]
Sep 29 12:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Failed password for root from 162.144.236.216 port 41504 ssh2
Sep 29 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Connection closed by 162.144.236.216 port 41504 [preauth]
Sep 29 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Failed password for root from 162.144.236.216 port 47424 ssh2
Sep 29 12:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Connection closed by 162.144.236.216 port 47424 [preauth]
Sep 29 12:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2379]: pam_unix(cron:session): session closed for user root
Sep 29 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Failed password for root from 162.144.236.216 port 53178 ssh2
Sep 29 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: Connection closed by 162.144.236.216 port 53178 [preauth]
Sep 29 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Invalid user zu from 112.196.70.142
Sep 29 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: input_userauth_request: invalid user zu [preauth]
Sep 29 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Failed password for root from 162.144.236.216 port 59786 ssh2
Sep 29 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Connection closed by 162.144.236.216 port 59786 [preauth]
Sep 29 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for invalid user zu from 112.196.70.142 port 42152 ssh2
Sep 29 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Received disconnect from 112.196.70.142 port 42152:11: Bye Bye [preauth]
Sep 29 12:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Disconnected from 112.196.70.142 port 42152 [preauth]
Sep 29 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: Successful su for rubyman by root
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: + ??? root:rubyman
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314847 of user rubyman.
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3817]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314847.
Sep 29 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3710]: Failed password for root from 162.144.236.216 port 37366 ssh2
Sep 29 12:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session closed for user root
Sep 29 12:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3710]: Connection closed by 162.144.236.216 port 37366 [preauth]
Sep 29 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: User vncuser from 103.176.78.193 not allowed because not listed in AllowUsers
Sep 29 12:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: input_userauth_request: invalid user vncuser [preauth]
Sep 29 12:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=vncuser
Sep 29 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: Failed password for invalid user vncuser from 103.176.78.193 port 54640 ssh2
Sep 29 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: Received disconnect from 103.176.78.193 port 54640:11: Bye Bye [preauth]
Sep 29 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4047]: Disconnected from 103.176.78.193 port 54640 [preauth]
Sep 29 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Failed password for root from 162.144.236.216 port 44954 ssh2
Sep 29 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Connection closed by 162.144.236.216 port 44954 [preauth]
Sep 29 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Failed password for root from 162.144.236.216 port 55350 ssh2
Sep 29 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Connection closed by 162.144.236.216 port 55350 [preauth]
Sep 29 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session closed for user root
Sep 29 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Invalid user user from 62.60.131.157
Sep 29 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: input_userauth_request: invalid user user [preauth]
Sep 29 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 12:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user user from 62.60.131.157 port 60996 ssh2
Sep 29 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 162.144.236.216 port 60924 ssh2
Sep 29 12:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Connection closed by 162.144.236.216 port 60924 [preauth]
Sep 29 12:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user user from 62.60.131.157 port 60996 ssh2
Sep 29 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user user from 62.60.131.157 port 60996 ssh2
Sep 29 12:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user user from 62.60.131.157 port 60996 ssh2
Sep 29 12:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user user from 62.60.131.157 port 60996 ssh2
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Invalid user proradis from 167.148.134.96
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: input_userauth_request: invalid user proradis [preauth]
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Received disconnect from 62.60.131.157 port 60996:11: Bye [preauth]
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Disconnected from 62.60.131.157 port 60996 [preauth]
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Failed password for invalid user proradis from 167.148.134.96 port 38914 ssh2
Sep 29 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Received disconnect from 167.148.134.96 port 38914:11: Bye Bye [preauth]
Sep 29 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Disconnected from 167.148.134.96 port 38914 [preauth]
Sep 29 12:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4156]: Failed password for root from 162.144.236.216 port 39296 ssh2
Sep 29 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4213]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4214]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: Successful su for rubyman by root
Sep 29 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: + ??? root:rubyman
Sep 29 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314852 of user rubyman.
Sep 29 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4279]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314852.
Sep 29 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4156]: Connection closed by 162.144.236.216 port 39296 [preauth]
Sep 29 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1465]: pam_unix(cron:session): session closed for user root
Sep 29 12:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4212]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Invalid user admin from 80.94.95.25
Sep 29 12:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: input_userauth_request: invalid user admin [preauth]
Sep 29 12:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 12:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user admin from 80.94.95.25 port 45230 ssh2
Sep 29 12:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user admin from 80.94.95.25 port 45230 ssh2
Sep 29 12:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user admin from 80.94.95.25 port 45230 ssh2
Sep 29 12:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Invalid user staging from 112.196.70.142
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: input_userauth_request: invalid user staging [preauth]
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user admin from 80.94.95.25 port 45230 ssh2
Sep 29 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for invalid user staging from 112.196.70.142 port 41232 ssh2
Sep 29 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: Failed password for root from 162.144.236.216 port 48252 ssh2
Sep 29 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Received disconnect from 112.196.70.142 port 41232:11: Bye Bye [preauth]
Sep 29 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Disconnected from 112.196.70.142 port 41232 [preauth]
Sep 29 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user admin from 80.94.95.25 port 45230 ssh2
Sep 29 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Received disconnect from 80.94.95.25 port 45230:11: Bye [preauth]
Sep 29 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Disconnected from 80.94.95.25 port 45230 [preauth]
Sep 29 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 12:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4399]: Connection closed by 162.144.236.216 port 48252 [preauth]
Sep 29 12:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Failed password for root from 162.144.236.216 port 57710 ssh2
Sep 29 12:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Connection closed by 162.144.236.216 port 57710 [preauth]
Sep 29 12:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3263]: pam_unix(cron:session): session closed for user root
Sep 29 12:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Failed password for root from 162.144.236.216 port 35414 ssh2
Sep 29 12:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Connection closed by 162.144.236.216 port 35414 [preauth]
Sep 29 12:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Invalid user artem from 167.148.134.96
Sep 29 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: input_userauth_request: invalid user artem [preauth]
Sep 29 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 12:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Failed password for invalid user artem from 167.148.134.96 port 34568 ssh2
Sep 29 12:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Received disconnect from 167.148.134.96 port 34568:11: Bye Bye [preauth]
Sep 29 12:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Disconnected from 167.148.134.96 port 34568 [preauth]
Sep 29 12:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Failed password for root from 162.144.236.216 port 40734 ssh2
Sep 29 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4606]: Connection closed by 162.144.236.216 port 40734 [preauth]
Sep 29 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4662]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4729]: Successful su for rubyman by root
Sep 29 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4729]: + ??? root:rubyman
Sep 29 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314857 of user rubyman.
Sep 29 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4729]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314857.
Sep 29 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1931]: pam_unix(cron:session): session closed for user root
Sep 29 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4661]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: Failed password for root from 162.144.236.216 port 46708 ssh2
Sep 29 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4645]: Connection closed by 162.144.236.216 port 46708 [preauth]
Sep 29 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Failed password for root from 162.144.236.216 port 57424 ssh2
Sep 29 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Connection closed by 162.144.236.216 port 57424 [preauth]
Sep 29 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Failed password for root from 162.144.236.216 port 37406 ssh2
Sep 29 12:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Connection closed by 162.144.236.216 port 37406 [preauth]
Sep 29 12:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session closed for user root
Sep 29 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Invalid user ubuntu from 112.196.70.142
Sep 29 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Failed password for invalid user ubuntu from 112.196.70.142 port 38252 ssh2
Sep 29 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Received disconnect from 112.196.70.142 port 38252:11: Bye Bye [preauth]
Sep 29 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5019]: Disconnected from 112.196.70.142 port 38252 [preauth]
Sep 29 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Failed password for root from 162.144.236.216 port 44272 ssh2
Sep 29 12:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Connection closed by 162.144.236.216 port 44272 [preauth]
Sep 29 12:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: Failed password for root from 162.144.236.216 port 51624 ssh2
Sep 29 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5059]: Connection closed by 162.144.236.216 port 51624 [preauth]
Sep 29 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Invalid user ansible from 167.148.134.96
Sep 29 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: input_userauth_request: invalid user ansible [preauth]
Sep 29 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 12:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Failed password for invalid user ansible from 167.148.134.96 port 50594 ssh2
Sep 29 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Received disconnect from 167.148.134.96 port 50594:11: Bye Bye [preauth]
Sep 29 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5099]: Disconnected from 167.148.134.96 port 50594 [preauth]
Sep 29 12:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Failed password for root from 162.144.236.216 port 58372 ssh2
Sep 29 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5102]: Connection closed by 162.144.236.216 port 58372 [preauth]
Sep 29 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5129]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5190]: Successful su for rubyman by root
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5190]: + ??? root:rubyman
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314861 of user rubyman.
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5190]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314861.
Sep 29 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Failed password for root from 162.144.236.216 port 35594 ssh2
Sep 29 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user root
Sep 29 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Connection closed by 162.144.236.216 port 35594 [preauth]
Sep 29 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5130]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 12:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Failed password for root from 103.176.78.193 port 49130 ssh2
Sep 29 12:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Received disconnect from 103.176.78.193 port 49130:11: Bye Bye [preauth]
Sep 29 12:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Disconnected from 103.176.78.193 port 49130 [preauth]
Sep 29 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: Failed password for root from 162.144.236.216 port 42616 ssh2
Sep 29 12:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5462]: Connection closed by 162.144.236.216 port 42616 [preauth]
Sep 29 12:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5560]: User nobody from 185.156.73.233 not allowed because not listed in AllowUsers
Sep 29 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5560]: input_userauth_request: invalid user nobody [preauth]
Sep 29 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=nobody
Sep 29 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5560]: Failed password for invalid user nobody from 185.156.73.233 port 19014 ssh2
Sep 29 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5560]: Connection closed by 185.156.73.233 port 19014 [preauth]
Sep 29 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4214]: pam_unix(cron:session): session closed for user root
Sep 29 12:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Invalid user theta from 167.148.134.96
Sep 29 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: input_userauth_request: invalid user theta [preauth]
Sep 29 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 12:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Failed password for root from 162.144.236.216 port 50788 ssh2
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Invalid user wangchangyou from 112.196.70.142
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: input_userauth_request: invalid user wangchangyou [preauth]
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: Connection closed by 162.144.236.216 port 50788 [preauth]
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user theta from 167.148.134.96 port 40788 ssh2
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Received disconnect from 167.148.134.96 port 40788:11: Bye Bye [preauth]
Sep 29 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Disconnected from 167.148.134.96 port 40788 [preauth]
Sep 29 12:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user wangchangyou from 112.196.70.142 port 35264 ssh2
Sep 29 12:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Received disconnect from 112.196.70.142 port 35264:11: Bye Bye [preauth]
Sep 29 12:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Disconnected from 112.196.70.142 port 35264 [preauth]
Sep 29 12:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Failed password for root from 162.144.236.216 port 33912 ssh2
Sep 29 12:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Connection closed by 162.144.236.216 port 33912 [preauth]
Sep 29 12:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5669]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session closed for user root
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5665]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5745]: Successful su for rubyman by root
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5745]: + ??? root:rubyman
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314866 of user rubyman.
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5745]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314866.
Sep 29 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for root from 162.144.236.216 port 43460 ssh2
Sep 29 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session closed for user root
Sep 29 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session closed for user root
Sep 29 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Connection closed by 162.144.236.216 port 43460 [preauth]
Sep 29 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Failed password for root from 162.144.236.216 port 49792 ssh2
Sep 29 12:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Connection closed by 162.144.236.216 port 49792 [preauth]
Sep 29 12:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5995]: Failed password for root from 162.144.236.216 port 56606 ssh2
Sep 29 12:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5995]: Connection closed by 162.144.236.216 port 56606 [preauth]
Sep 29 12:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Failed password for root from 162.144.236.216 port 34900 ssh2
Sep 29 12:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6031]: Connection closed by 162.144.236.216 port 34900 [preauth]
Sep 29 12:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session closed for user root
Sep 29 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 12:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Failed password for root from 162.144.236.216 port 41014 ssh2
Sep 29 12:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Connection closed by 162.144.236.216 port 41014 [preauth]
Sep 29 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Failed password for root from 167.148.134.96 port 42486 ssh2
Sep 29 12:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Received disconnect from 167.148.134.96 port 42486:11: Bye Bye [preauth]
Sep 29 12:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Disconnected from 167.148.134.96 port 42486 [preauth]
Sep 29 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Failed password for root from 162.144.236.216 port 48220 ssh2
Sep 29 12:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Connection closed by 162.144.236.216 port 48220 [preauth]
Sep 29 12:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for root from 162.144.236.216 port 53820 ssh2
Sep 29 12:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Connection closed by 162.144.236.216 port 53820 [preauth]
Sep 29 12:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 12:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Failed password for root from 112.196.70.142 port 60510 ssh2
Sep 29 12:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Received disconnect from 112.196.70.142 port 60510:11: Bye Bye [preauth]
Sep 29 12:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Disconnected from 112.196.70.142 port 60510 [preauth]
Sep 29 12:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6172]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Invalid user asa from 103.176.78.193
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: input_userauth_request: invalid user asa [preauth]
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: Successful su for rubyman by root
Sep 29 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: + ??? root:rubyman
Sep 29 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314869 of user rubyman.
Sep 29 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6245]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314869.
Sep 29 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Failed password for invalid user asa from 103.176.78.193 port 35538 ssh2
Sep 29 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Received disconnect from 103.176.78.193 port 35538:11: Bye Bye [preauth]
Sep 29 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6169]: Disconnected from 103.176.78.193 port 35538 [preauth]
Sep 29 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Invalid user stephano from 80.94.95.112
Sep 29 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: input_userauth_request: invalid user stephano [preauth]
Sep 29 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: Failed password for root from 162.144.236.216 port 59088 ssh2
Sep 29 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Failed password for invalid user stephano from 80.94.95.112 port 63261 ssh2
Sep 29 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3262]: pam_unix(cron:session): session closed for user root
Sep 29 12:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: Connection closed by 162.144.236.216 port 59088 [preauth]
Sep 29 12:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6173]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Failed password for invalid user stephano from 80.94.95.112 port 63261 ssh2
Sep 29 12:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Failed password for invalid user stephano from 80.94.95.112 port 63261 ssh2
Sep 29 12:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Failed password for invalid user stephano from 80.94.95.112 port 63261 ssh2
Sep 29 12:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Failed password for invalid user stephano from 80.94.95.112 port 63261 ssh2
Sep 29 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Received disconnect from 80.94.95.112 port 63261:11: Bye [preauth]
Sep 29 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: Disconnected from 80.94.95.112 port 63261 [preauth]
Sep 29 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6312]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 12:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Failed password for root from 162.144.236.216 port 36308 ssh2
Sep 29 12:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Connection closed by 162.144.236.216 port 36308 [preauth]
Sep 29 12:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5132]: pam_unix(cron:session): session closed for user root
Sep 29 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Invalid user hadoop from 167.148.134.96
Sep 29 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Failed password for invalid user hadoop from 167.148.134.96 port 53496 ssh2
Sep 29 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Failed password for root from 162.144.236.216 port 44284 ssh2
Sep 29 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Received disconnect from 167.148.134.96 port 53496:11: Bye Bye [preauth]
Sep 29 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Disconnected from 167.148.134.96 port 53496 [preauth]
Sep 29 12:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Connection closed by 162.144.236.216 port 44284 [preauth]
Sep 29 12:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Failed password for root from 162.144.236.216 port 50606 ssh2
Sep 29 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Connection closed by 162.144.236.216 port 50606 [preauth]
Sep 29 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6728]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6725]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: Successful su for rubyman by root
Sep 29 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: + ??? root:rubyman
Sep 29 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314873 of user rubyman.
Sep 29 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6793]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314873.
Sep 29 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user root
Sep 29 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6726]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Failed password for root from 162.144.236.216 port 58414 ssh2
Sep 29 12:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Connection closed by 162.144.236.216 port 58414 [preauth]
Sep 29 12:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Invalid user harry from 112.196.70.142
Sep 29 12:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: input_userauth_request: invalid user harry [preauth]
Sep 29 12:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Failed password for invalid user harry from 112.196.70.142 port 57526 ssh2
Sep 29 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Received disconnect from 112.196.70.142 port 57526:11: Bye Bye [preauth]
Sep 29 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Disconnected from 112.196.70.142 port 57526 [preauth]
Sep 29 12:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7011]: Failed password for root from 162.144.236.216 port 37562 ssh2
Sep 29 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7011]: Connection closed by 162.144.236.216 port 37562 [preauth]
Sep 29 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Failed password for root from 162.144.236.216 port 43688 ssh2
Sep 29 12:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Connection closed by 162.144.236.216 port 43688 [preauth]
Sep 29 12:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: Failed password for root from 167.148.134.96 port 35520 ssh2
Sep 29 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: Received disconnect from 167.148.134.96 port 35520:11: Bye Bye [preauth]
Sep 29 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7104]: Disconnected from 167.148.134.96 port 35520 [preauth]
Sep 29 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: Failed password for root from 162.144.236.216 port 49872 ssh2
Sep 29 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: Connection closed by 162.144.236.216 port 49872 [preauth]
Sep 29 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5669]: pam_unix(cron:session): session closed for user root
Sep 29 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Invalid user ubuntu from 103.176.78.193
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Invalid user sammy from 20.163.71.109
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: input_userauth_request: invalid user sammy [preauth]
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Failed password for root from 162.144.236.216 port 55694 ssh2
Sep 29 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Failed password for invalid user ubuntu from 103.176.78.193 port 57350 ssh2
Sep 29 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Failed password for invalid user sammy from 20.163.71.109 port 45106 ssh2
Sep 29 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Received disconnect from 103.176.78.193 port 57350:11: Bye Bye [preauth]
Sep 29 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7218]: Disconnected from 103.176.78.193 port 57350 [preauth]
Sep 29 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Connection closed by 20.163.71.109 port 45106 [preauth]
Sep 29 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7139]: Connection closed by 162.144.236.216 port 55694 [preauth]
Sep 29 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Failed password for root from 162.144.236.216 port 37374 ssh2
Sep 29 12:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Connection closed by 162.144.236.216 port 37374 [preauth]
Sep 29 12:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Failed password for root from 162.144.236.216 port 43058 ssh2
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7277]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: Successful su for rubyman by root
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: + ??? root:rubyman
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314877 of user rubyman.
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314877.
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Connection closed by 162.144.236.216 port 43058 [preauth]
Sep 29 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4213]: pam_unix(cron:session): session closed for user root
Sep 29 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Failed password for root from 162.144.236.216 port 49612 ssh2
Sep 29 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7375]: Connection closed by 162.144.236.216 port 49612 [preauth]
Sep 29 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7558]: Failed password for root from 162.144.236.216 port 55178 ssh2
Sep 29 12:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7558]: Connection closed by 162.144.236.216 port 55178 [preauth]
Sep 29 12:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 162.144.236.216 port 34810 ssh2
Sep 29 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Connection closed by 162.144.236.216 port 34810 [preauth]
Sep 29 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 12:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Failed password for root from 167.148.134.96 port 35740 ssh2
Sep 29 12:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Received disconnect from 167.148.134.96 port 35740:11: Bye Bye [preauth]
Sep 29 12:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Disconnected from 167.148.134.96 port 35740 [preauth]
Sep 29 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7622]: Failed password for root from 162.144.236.216 port 39828 ssh2
Sep 29 12:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7622]: Connection closed by 162.144.236.216 port 39828 [preauth]
Sep 29 12:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Failed password for root from 112.196.70.142 port 54552 ssh2
Sep 29 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Received disconnect from 112.196.70.142 port 54552:11: Bye Bye [preauth]
Sep 29 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Disconnected from 112.196.70.142 port 54552 [preauth]
Sep 29 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session closed for user root
Sep 29 12:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: Failed password for root from 162.144.236.216 port 46028 ssh2
Sep 29 12:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: Connection closed by 162.144.236.216 port 46028 [preauth]
Sep 29 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Failed password for root from 162.144.236.216 port 52834 ssh2
Sep 29 12:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Connection closed by 162.144.236.216 port 52834 [preauth]
Sep 29 12:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Failed password for root from 162.144.236.216 port 60842 ssh2
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Connection closed by 162.144.236.216 port 60842 [preauth]
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7748]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7746]: pam_unix(cron:session): session closed for user p13x
Sep 29 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7823]: Successful su for rubyman by root
Sep 29 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7823]: + ??? root:rubyman
Sep 29 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314882 of user rubyman.
Sep 29 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7823]: pam_unix(su:session): session closed for user rubyman
Sep 29 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314882.
Sep 29 12:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4662]: pam_unix(cron:session): session closed for user root
Sep 29 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7747]: pam_unix(cron:session): session closed for user samftp
Sep 29 12:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Failed password for root from 162.144.236.216 port 40604 ssh2
Sep 29 12:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Connection closed by 162.144.236.216 port 40604 [preauth]
Sep 29 12:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: Invalid user zc from 103.176.78.193
Sep 29 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: input_userauth_request: invalid user zc [preauth]
Sep 29 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Invalid user anthony from 167.148.134.96
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: input_userauth_request: invalid user anthony [preauth]
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: Failed password for invalid user zc from 103.176.78.193 port 52444 ssh2
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: Received disconnect from 103.176.78.193 port 52444:11: Bye Bye [preauth]
Sep 29 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8109]: Disconnected from 103.176.78.193 port 52444 [preauth]
Sep 29 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Failed password for root from 162.144.236.216 port 47914 ssh2
Sep 29 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Failed password for invalid user anthony from 167.148.134.96 port 35174 ssh2
Sep 29 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Received disconnect from 167.148.134.96 port 35174:11: Bye Bye [preauth]
Sep 29 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Disconnected from 167.148.134.96 port 35174 [preauth]
Sep 29 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8069]: Connection closed by 162.144.236.216 port 47914 [preauth]
Sep 29 12:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6728]: pam_unix(cron:session): session closed for user root
Sep 29 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Invalid user testuser from 93.152.230.176
Sep 29 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: input_userauth_request: invalid user testuser [preauth]
Sep 29 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Failed password for invalid user testuser from 93.152.230.176 port 33834 ssh2
Sep 29 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Received disconnect from 93.152.230.176 port 33834:11: Client disconnecting normally [preauth]
Sep 29 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8197]: Disconnected from 93.152.230.176 port 33834 [preauth]
Sep 29 12:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Failed password for root from 162.144.236.216 port 56484 ssh2
Sep 29 12:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Connection closed by 162.144.236.216 port 56484 [preauth]
Sep 29 12:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: Invalid user superadmin from 112.196.70.142
Sep 29 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: Failed password for invalid user superadmin from 112.196.70.142 port 51572 ssh2
Sep 29 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: Received disconnect from 112.196.70.142 port 51572:11: Bye Bye [preauth]
Sep 29 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: Disconnected from 112.196.70.142 port 51572 [preauth]
Sep 29 12:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: Failed password for root from 162.144.236.216 port 34258 ssh2
Sep 29 12:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: Connection closed by 162.144.236.216 port 34258 [preauth]
Sep 29 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 12:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Failed password for root from 162.144.236.216 port 39866 ssh2
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8271]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8268]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8272]: pam_unix(cron:session): session closed for user root
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8268]: pam_unix(cron:session): session closed for user root
Sep 29 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8264]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: Successful su for rubyman by root
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: + ??? root:rubyman
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314886 of user rubyman.
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314886.
Sep 29 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Connection closed by 162.144.236.216 port 39866 [preauth]
Sep 29 13:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5131]: pam_unix(cron:session): session closed for user root
Sep 29 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8269]: pam_unix(cron:session): session closed for user root
Sep 29 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8265]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: Failed password for root from 162.144.236.216 port 46854 ssh2
Sep 29 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: Connection closed by 162.144.236.216 port 46854 [preauth]
Sep 29 13:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Failed password for root from 162.144.236.216 port 54696 ssh2
Sep 29 13:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Connection closed by 162.144.236.216 port 54696 [preauth]
Sep 29 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Invalid user aaaa from 167.148.134.96
Sep 29 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: input_userauth_request: invalid user aaaa [preauth]
Sep 29 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Failed password for invalid user aaaa from 167.148.134.96 port 45142 ssh2
Sep 29 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Received disconnect from 167.148.134.96 port 45142:11: Bye Bye [preauth]
Sep 29 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Disconnected from 167.148.134.96 port 45142 [preauth]
Sep 29 13:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Failed password for root from 162.144.236.216 port 33354 ssh2
Sep 29 13:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Connection closed by 162.144.236.216 port 33354 [preauth]
Sep 29 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session closed for user root
Sep 29 13:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Failed password for root from 162.144.236.216 port 39610 ssh2
Sep 29 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8714]: Connection closed by 162.144.236.216 port 39610 [preauth]
Sep 29 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8892]: Failed password for root from 162.144.236.216 port 45940 ssh2
Sep 29 13:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8892]: Connection closed by 162.144.236.216 port 45940 [preauth]
Sep 29 13:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8963]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8959]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9040]: Successful su for rubyman by root
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9040]: + ??? root:rubyman
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314893 of user rubyman.
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9040]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314893.
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Invalid user ubuntu from 103.176.78.193
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Failed password for invalid user ubuntu from 103.176.78.193 port 38676 ssh2
Sep 29 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Received disconnect from 103.176.78.193 port 38676:11: Bye Bye [preauth]
Sep 29 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Disconnected from 103.176.78.193 port 38676 [preauth]
Sep 29 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Invalid user ftptest from 112.196.70.142
Sep 29 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: input_userauth_request: invalid user ftptest [preauth]
Sep 29 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user root
Sep 29 13:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Failed password for invalid user ftptest from 112.196.70.142 port 48594 ssh2
Sep 29 13:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Received disconnect from 112.196.70.142 port 48594:11: Bye Bye [preauth]
Sep 29 13:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Disconnected from 112.196.70.142 port 48594 [preauth]
Sep 29 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8960]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Failed password for root from 162.144.236.216 port 54404 ssh2
Sep 29 13:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8937]: Connection closed by 162.144.236.216 port 54404 [preauth]
Sep 29 13:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: Invalid user ehsan from 167.148.134.96
Sep 29 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: input_userauth_request: invalid user ehsan [preauth]
Sep 29 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: Failed password for root from 162.144.236.216 port 60904 ssh2
Sep 29 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: Failed password for invalid user ehsan from 167.148.134.96 port 35608 ssh2
Sep 29 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: Received disconnect from 167.148.134.96 port 35608:11: Bye Bye [preauth]
Sep 29 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: Disconnected from 167.148.134.96 port 35608 [preauth]
Sep 29 13:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9350]: Connection closed by 162.144.236.216 port 60904 [preauth]
Sep 29 13:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Failed password for root from 162.144.236.216 port 39982 ssh2
Sep 29 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Connection closed by 162.144.236.216 port 39982 [preauth]
Sep 29 13:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session closed for user root
Sep 29 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Failed password for root from 162.144.236.216 port 47728 ssh2
Sep 29 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9432]: Connection closed by 162.144.236.216 port 47728 [preauth]
Sep 29 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: Failed password for root from 162.144.236.216 port 55318 ssh2
Sep 29 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9475]: Connection closed by 162.144.236.216 port 55318 [preauth]
Sep 29 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Failed password for root from 162.144.236.216 port 35442 ssh2
Sep 29 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Connection closed by 162.144.236.216 port 35442 [preauth]
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9599]: Successful su for rubyman by root
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9599]: + ??? root:rubyman
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314898 of user rubyman.
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9599]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314898.
Sep 29 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6174]: pam_unix(cron:session): session closed for user root
Sep 29 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for root from 162.144.236.216 port 43108 ssh2
Sep 29 13:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9530]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Connection closed by 162.144.236.216 port 43108 [preauth]
Sep 29 13:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: Invalid user mine from 167.148.134.96
Sep 29 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: input_userauth_request: invalid user mine [preauth]
Sep 29 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: Failed password for invalid user mine from 167.148.134.96 port 52688 ssh2
Sep 29 13:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: Received disconnect from 167.148.134.96 port 52688:11: Bye Bye [preauth]
Sep 29 13:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: Disconnected from 167.148.134.96 port 52688 [preauth]
Sep 29 13:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Invalid user ftpuser1 from 112.196.70.142
Sep 29 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: input_userauth_request: invalid user ftpuser1 [preauth]
Sep 29 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9926]: Failed password for root from 162.144.236.216 port 49024 ssh2
Sep 29 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9926]: Connection closed by 162.144.236.216 port 49024 [preauth]
Sep 29 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Failed password for invalid user ftpuser1 from 112.196.70.142 port 45610 ssh2
Sep 29 13:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Received disconnect from 112.196.70.142 port 45610:11: Bye Bye [preauth]
Sep 29 13:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Disconnected from 112.196.70.142 port 45610 [preauth]
Sep 29 13:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Failed password for root from 162.144.236.216 port 56360 ssh2
Sep 29 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Connection closed by 162.144.236.216 port 56360 [preauth]
Sep 29 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8271]: pam_unix(cron:session): session closed for user root
Sep 29 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Failed password for root from 162.144.236.216 port 37454 ssh2
Sep 29 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Connection closed by 162.144.236.216 port 37454 [preauth]
Sep 29 13:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Invalid user bacon from 103.176.78.193
Sep 29 13:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: input_userauth_request: invalid user bacon [preauth]
Sep 29 13:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Failed password for invalid user bacon from 103.176.78.193 port 48742 ssh2
Sep 29 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Received disconnect from 103.176.78.193 port 48742:11: Bye Bye [preauth]
Sep 29 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Disconnected from 103.176.78.193 port 48742 [preauth]
Sep 29 13:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Failed password for root from 162.144.236.216 port 45656 ssh2
Sep 29 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Connection closed by 162.144.236.216 port 45656 [preauth]
Sep 29 13:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Failed password for root from 162.144.236.216 port 51876 ssh2
Sep 29 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Connection closed by 162.144.236.216 port 51876 [preauth]
Sep 29 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: Successful su for rubyman by root
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: + ??? root:rubyman
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314903 of user rubyman.
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314903.
Sep 29 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Failed password for root from 162.144.236.216 port 58978 ssh2
Sep 29 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Connection closed by 162.144.236.216 port 58978 [preauth]
Sep 29 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6727]: pam_unix(cron:session): session closed for user root
Sep 29 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Invalid user marc from 167.148.134.96
Sep 29 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: input_userauth_request: invalid user marc [preauth]
Sep 29 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Failed password for invalid user marc from 167.148.134.96 port 45858 ssh2
Sep 29 13:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Received disconnect from 167.148.134.96 port 45858:11: Bye Bye [preauth]
Sep 29 13:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Disconnected from 167.148.134.96 port 45858 [preauth]
Sep 29 13:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Failed password for root from 162.144.236.216 port 38572 ssh2
Sep 29 13:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Connection closed by 162.144.236.216 port 38572 [preauth]
Sep 29 13:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Failed password for root from 162.144.236.216 port 44750 ssh2
Sep 29 13:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Connection closed by 162.144.236.216 port 44750 [preauth]
Sep 29 13:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Failed password for root from 162.144.236.216 port 50330 ssh2
Sep 29 13:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Connection closed by 162.144.236.216 port 50330 [preauth]
Sep 29 13:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Invalid user minecraft from 112.196.70.142
Sep 29 13:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 13:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Failed password for invalid user minecraft from 112.196.70.142 port 42622 ssh2
Sep 29 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Received disconnect from 112.196.70.142 port 42622:11: Bye Bye [preauth]
Sep 29 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Disconnected from 112.196.70.142 port 42622 [preauth]
Sep 29 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8963]: pam_unix(cron:session): session closed for user root
Sep 29 13:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Failed password for root from 162.144.236.216 port 58576 ssh2
Sep 29 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Connection closed by 162.144.236.216 port 58576 [preauth]
Sep 29 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Failed password for root from 162.144.236.216 port 40220 ssh2
Sep 29 13:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Connection closed by 162.144.236.216 port 40220 [preauth]
Sep 29 13:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Failed password for root from 162.144.236.216 port 48102 ssh2
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Connection closed by 162.144.236.216 port 48102 [preauth]
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10597]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: Successful su for rubyman by root
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: + ??? root:rubyman
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314904 of user rubyman.
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314904.
Sep 29 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session closed for user root
Sep 29 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Failed password for root from 162.144.236.216 port 55496 ssh2
Sep 29 13:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Connection closed by 162.144.236.216 port 55496 [preauth]
Sep 29 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Failed password for root from 167.148.134.96 port 59046 ssh2
Sep 29 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Received disconnect from 167.148.134.96 port 59046:11: Bye Bye [preauth]
Sep 29 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Disconnected from 167.148.134.96 port 59046 [preauth]
Sep 29 13:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: Invalid user zak from 103.176.78.193
Sep 29 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: input_userauth_request: invalid user zak [preauth]
Sep 29 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: Failed password for invalid user zak from 103.176.78.193 port 37066 ssh2
Sep 29 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: Received disconnect from 103.176.78.193 port 37066:11: Bye Bye [preauth]
Sep 29 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: Disconnected from 103.176.78.193 port 37066 [preauth]
Sep 29 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Failed password for root from 162.144.236.216 port 33932 ssh2
Sep 29 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Connection closed by 162.144.236.216 port 33932 [preauth]
Sep 29 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9533]: pam_unix(cron:session): session closed for user root
Sep 29 13:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Failed password for root from 162.144.236.216 port 40376 ssh2
Sep 29 13:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Connection closed by 162.144.236.216 port 40376 [preauth]
Sep 29 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: Failed password for root from 162.144.236.216 port 46738 ssh2
Sep 29 13:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10988]: Connection closed by 162.144.236.216 port 46738 [preauth]
Sep 29 13:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: Invalid user dev from 112.196.70.142
Sep 29 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: input_userauth_request: invalid user dev [preauth]
Sep 29 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: Failed password for invalid user dev from 112.196.70.142 port 39652 ssh2
Sep 29 13:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: Received disconnect from 112.196.70.142 port 39652:11: Bye Bye [preauth]
Sep 29 13:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11035]: Disconnected from 112.196.70.142 port 39652 [preauth]
Sep 29 13:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11050]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11052]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11051]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11052]: pam_unix(cron:session): session closed for user root
Sep 29 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11119]: Successful su for rubyman by root
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11119]: + ??? root:rubyman
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314910 of user rubyman.
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11119]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314910.
Sep 29 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Failed password for root from 162.144.236.216 port 52866 ssh2
Sep 29 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Connection closed by 162.144.236.216 port 52866 [preauth]
Sep 29 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11049]: pam_unix(cron:session): session closed for user root
Sep 29 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7748]: pam_unix(cron:session): session closed for user root
Sep 29 13:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11209]: Failed password for root from 162.144.236.216 port 59666 ssh2
Sep 29 13:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11209]: Connection closed by 162.144.236.216 port 59666 [preauth]
Sep 29 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Failed password for root from 167.148.134.96 port 42860 ssh2
Sep 29 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Received disconnect from 167.148.134.96 port 42860:11: Bye Bye [preauth]
Sep 29 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Disconnected from 167.148.134.96 port 42860 [preauth]
Sep 29 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Invalid user admin from 80.94.95.115
Sep 29 13:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: input_userauth_request: invalid user admin [preauth]
Sep 29 13:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Failed password for root from 162.144.236.216 port 37170 ssh2
Sep 29 13:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Failed password for invalid user admin from 80.94.95.115 port 48428 ssh2
Sep 29 13:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11398]: Connection closed by 80.94.95.115 port 48428 [preauth]
Sep 29 13:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Connection closed by 162.144.236.216 port 37170 [preauth]
Sep 29 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user root
Sep 29 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11421]: Failed password for root from 162.144.236.216 port 43264 ssh2
Sep 29 13:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11421]: Connection closed by 162.144.236.216 port 43264 [preauth]
Sep 29 13:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Failed password for root from 162.144.236.216 port 52164 ssh2
Sep 29 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Connection closed by 162.144.236.216 port 52164 [preauth]
Sep 29 13:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Failed password for root from 103.176.78.193 port 51168 ssh2
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Received disconnect from 103.176.78.193 port 51168:11: Bye Bye [preauth]
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Disconnected from 103.176.78.193 port 51168 [preauth]
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11590]: Successful su for rubyman by root
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11590]: + ??? root:rubyman
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314916 of user rubyman.
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11590]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314916.
Sep 29 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Failed password for root from 162.144.236.216 port 59292 ssh2
Sep 29 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Connection closed by 162.144.236.216 port 59292 [preauth]
Sep 29 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8270]: pam_unix(cron:session): session closed for user root
Sep 29 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for root from 162.144.236.216 port 38984 ssh2
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Connection closed by 162.144.236.216 port 38984 [preauth]
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Invalid user bareos from 167.148.134.96
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: input_userauth_request: invalid user bareos [preauth]
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Failed password for invalid user bareos from 167.148.134.96 port 57648 ssh2
Sep 29 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Received disconnect from 167.148.134.96 port 57648:11: Bye Bye [preauth]
Sep 29 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Disconnected from 167.148.134.96 port 57648 [preauth]
Sep 29 13:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Failed password for root from 162.144.236.216 port 45758 ssh2
Sep 29 13:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Failed password for root from 112.196.70.142 port 36688 ssh2
Sep 29 13:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Received disconnect from 112.196.70.142 port 36688:11: Bye Bye [preauth]
Sep 29 13:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Disconnected from 112.196.70.142 port 36688 [preauth]
Sep 29 13:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Connection closed by 162.144.236.216 port 45758 [preauth]
Sep 29 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Failed password for root from 162.144.236.216 port 54030 ssh2
Sep 29 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Connection closed by 162.144.236.216 port 54030 [preauth]
Sep 29 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user root
Sep 29 13:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: Failed password for root from 162.144.236.216 port 60830 ssh2
Sep 29 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: Connection closed by 162.144.236.216 port 60830 [preauth]
Sep 29 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Failed password for root from 162.144.236.216 port 38214 ssh2
Sep 29 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Connection closed by 162.144.236.216 port 38214 [preauth]
Sep 29 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: Failed password for root from 162.144.236.216 port 44834 ssh2
Sep 29 13:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: Connection closed by 162.144.236.216 port 44834 [preauth]
Sep 29 13:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12134]: Successful su for rubyman by root
Sep 29 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12134]: + ??? root:rubyman
Sep 29 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314918 of user rubyman.
Sep 29 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12134]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314918.
Sep 29 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Failed password for root from 162.144.236.216 port 52686 ssh2
Sep 29 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Connection closed by 162.144.236.216 port 52686 [preauth]
Sep 29 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8961]: pam_unix(cron:session): session closed for user root
Sep 29 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Invalid user test from 167.148.134.96
Sep 29 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: input_userauth_request: invalid user test [preauth]
Sep 29 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Failed password for invalid user test from 167.148.134.96 port 48658 ssh2
Sep 29 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Received disconnect from 167.148.134.96 port 48658:11: Bye Bye [preauth]
Sep 29 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Disconnected from 167.148.134.96 port 48658 [preauth]
Sep 29 13:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Failed password for root from 162.144.236.216 port 58578 ssh2
Sep 29 13:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Connection closed by 162.144.236.216 port 58578 [preauth]
Sep 29 13:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Failed password for root from 162.144.236.216 port 36732 ssh2
Sep 29 13:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11051]: pam_unix(cron:session): session closed for user root
Sep 29 13:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Connection closed by 162.144.236.216 port 36732 [preauth]
Sep 29 13:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Invalid user zc from 112.196.70.142
Sep 29 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: input_userauth_request: invalid user zc [preauth]
Sep 29 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Invalid user zu from 103.176.78.193
Sep 29 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: input_userauth_request: invalid user zu [preauth]
Sep 29 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Failed password for invalid user zc from 112.196.70.142 port 33706 ssh2
Sep 29 13:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Received disconnect from 112.196.70.142 port 33706:11: Bye Bye [preauth]
Sep 29 13:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Disconnected from 112.196.70.142 port 33706 [preauth]
Sep 29 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Failed password for invalid user zu from 103.176.78.193 port 59822 ssh2
Sep 29 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Received disconnect from 103.176.78.193 port 59822:11: Bye Bye [preauth]
Sep 29 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Disconnected from 103.176.78.193 port 59822 [preauth]
Sep 29 13:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Failed password for root from 162.144.236.216 port 45180 ssh2
Sep 29 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Connection closed by 162.144.236.216 port 45180 [preauth]
Sep 29 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Failed password for root from 162.144.236.216 port 52968 ssh2
Sep 29 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Connection closed by 162.144.236.216 port 52968 [preauth]
Sep 29 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12527]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12526]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: Successful su for rubyman by root
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: + ??? root:rubyman
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314922 of user rubyman.
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314922.
Sep 29 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9531]: pam_unix(cron:session): session closed for user root
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Invalid user minecraft from 167.148.134.96
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Failed password for root from 162.144.236.216 port 60680 ssh2
Sep 29 13:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Failed password for invalid user minecraft from 167.148.134.96 port 56114 ssh2
Sep 29 13:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Received disconnect from 167.148.134.96 port 56114:11: Bye Bye [preauth]
Sep 29 13:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Disconnected from 167.148.134.96 port 56114 [preauth]
Sep 29 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12522]: Connection closed by 162.144.236.216 port 60680 [preauth]
Sep 29 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: Failed password for root from 162.144.236.216 port 40702 ssh2
Sep 29 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: Connection closed by 162.144.236.216 port 40702 [preauth]
Sep 29 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Invalid user a from 138.68.58.124
Sep 29 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: input_userauth_request: invalid user a [preauth]
Sep 29 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: Failed password for root from 162.144.236.216 port 48332 ssh2
Sep 29 13:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Failed password for invalid user a from 138.68.58.124 port 33120 ssh2
Sep 29 13:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Connection closed by 138.68.58.124 port 33120 [preauth]
Sep 29 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: Connection closed by 162.144.236.216 port 48332 [preauth]
Sep 29 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session closed for user root
Sep 29 13:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Failed password for root from 162.144.236.216 port 53284 ssh2
Sep 29 13:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Connection closed by 162.144.236.216 port 53284 [preauth]
Sep 29 13:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Failed password for root from 162.144.236.216 port 60276 ssh2
Sep 29 13:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12934]: Connection closed by 162.144.236.216 port 60276 [preauth]
Sep 29 13:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Invalid user zak from 112.196.70.142
Sep 29 13:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: input_userauth_request: invalid user zak [preauth]
Sep 29 13:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Failed password for root from 162.144.236.216 port 40702 ssh2
Sep 29 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Connection closed by 162.144.236.216 port 40702 [preauth]
Sep 29 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user zak from 112.196.70.142 port 58952 ssh2
Sep 29 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Received disconnect from 112.196.70.142 port 58952:11: Bye Bye [preauth]
Sep 29 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Disconnected from 112.196.70.142 port 58952 [preauth]
Sep 29 13:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: Failed password for root from 162.144.236.216 port 46670 ssh2
Sep 29 13:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: Connection closed by 162.144.236.216 port 46670 [preauth]
Sep 29 13:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Invalid user app from 167.148.134.96
Sep 29 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: input_userauth_request: invalid user app [preauth]
Sep 29 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13022]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13021]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: Successful su for rubyman by root
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: + ??? root:rubyman
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314927 of user rubyman.
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314927.
Sep 29 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Failed password for invalid user app from 167.148.134.96 port 43192 ssh2
Sep 29 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user root
Sep 29 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Received disconnect from 167.148.134.96 port 43192:11: Bye Bye [preauth]
Sep 29 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Disconnected from 167.148.134.96 port 43192 [preauth]
Sep 29 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Invalid user sam from 93.152.230.176
Sep 29 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: input_userauth_request: invalid user sam [preauth]
Sep 29 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for root from 162.144.236.216 port 50680 ssh2
Sep 29 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 162.144.236.216 port 50680 [preauth]
Sep 29 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session closed for user root
Sep 29 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Failed password for invalid user sam from 93.152.230.176 port 40489 ssh2
Sep 29 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Received disconnect from 93.152.230.176 port 40489:11: Client disconnecting normally [preauth]
Sep 29 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13244]: Disconnected from 93.152.230.176 port 40489 [preauth]
Sep 29 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: Failed password for root from 162.144.236.216 port 56886 ssh2
Sep 29 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: Connection closed by 162.144.236.216 port 56886 [preauth]
Sep 29 13:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Invalid user superadmin from 103.176.78.193
Sep 29 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Failed password for root from 162.144.236.216 port 33880 ssh2
Sep 29 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Failed password for invalid user superadmin from 103.176.78.193 port 45186 ssh2
Sep 29 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Received disconnect from 103.176.78.193 port 45186:11: Bye Bye [preauth]
Sep 29 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13435]: Disconnected from 103.176.78.193 port 45186 [preauth]
Sep 29 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Connection closed by 162.144.236.216 port 33880 [preauth]
Sep 29 13:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session closed for user root
Sep 29 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13446]: Failed password for root from 162.144.236.216 port 41352 ssh2
Sep 29 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13446]: Connection closed by 162.144.236.216 port 41352 [preauth]
Sep 29 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13552]: Failed password for root from 167.148.134.96 port 57500 ssh2
Sep 29 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13552]: Received disconnect from 167.148.134.96 port 57500:11: Bye Bye [preauth]
Sep 29 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13552]: Disconnected from 167.148.134.96 port 57500 [preauth]
Sep 29 13:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Failed password for root from 162.144.236.216 port 51632 ssh2
Sep 29 13:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13533]: Connection closed by 162.144.236.216 port 51632 [preauth]
Sep 29 13:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13572]: pam_unix(cron:session): session closed for user root
Sep 29 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13634]: Successful su for rubyman by root
Sep 29 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13634]: + ??? root:rubyman
Sep 29 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314933 of user rubyman.
Sep 29 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13634]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314933.
Sep 29 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13567]: pam_unix(cron:session): session closed for user root
Sep 29 13:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session closed for user root
Sep 29 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Invalid user asa from 112.196.70.142
Sep 29 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: input_userauth_request: invalid user asa [preauth]
Sep 29 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Failed password for root from 162.144.236.216 port 58744 ssh2
Sep 29 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Failed password for invalid user asa from 112.196.70.142 port 55976 ssh2
Sep 29 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Connection closed by 162.144.236.216 port 58744 [preauth]
Sep 29 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Received disconnect from 112.196.70.142 port 55976:11: Bye Bye [preauth]
Sep 29 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13844]: Disconnected from 112.196.70.142 port 55976 [preauth]
Sep 29 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for root from 162.144.236.216 port 37958 ssh2
Sep 29 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Connection closed by 162.144.236.216 port 37958 [preauth]
Sep 29 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Failed password for root from 162.144.236.216 port 44464 ssh2
Sep 29 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12527]: pam_unix(cron:session): session closed for user root
Sep 29 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Connection closed by 162.144.236.216 port 44464 [preauth]
Sep 29 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: Failed password for root from 162.144.236.216 port 52806 ssh2
Sep 29 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: Connection closed by 162.144.236.216 port 52806 [preauth]
Sep 29 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Invalid user song from 167.148.134.96
Sep 29 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: input_userauth_request: invalid user song [preauth]
Sep 29 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Failed password for invalid user song from 167.148.134.96 port 48748 ssh2
Sep 29 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Received disconnect from 167.148.134.96 port 48748:11: Bye Bye [preauth]
Sep 29 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14010]: Disconnected from 167.148.134.96 port 48748 [preauth]
Sep 29 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Invalid user ftpuser1 from 103.176.78.193
Sep 29 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: input_userauth_request: invalid user ftpuser1 [preauth]
Sep 29 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14206]: Successful su for rubyman by root
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14206]: + ??? root:rubyman
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314938 of user rubyman.
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14206]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314938.
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Failed password for invalid user ftpuser1 from 103.176.78.193 port 39090 ssh2
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Received disconnect from 103.176.78.193 port 39090:11: Bye Bye [preauth]
Sep 29 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14123]: Disconnected from 103.176.78.193 port 39090 [preauth]
Sep 29 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14013]: Failed password for root from 162.144.236.216 port 58894 ssh2
Sep 29 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14013]: Connection closed by 162.144.236.216 port 58894 [preauth]
Sep 29 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11050]: pam_unix(cron:session): session closed for user root
Sep 29 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Failed password for root from 162.144.236.216 port 37922 ssh2
Sep 29 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Connection closed by 162.144.236.216 port 37922 [preauth]
Sep 29 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Failed password for root from 162.144.236.216 port 46610 ssh2
Sep 29 13:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Connection closed by 162.144.236.216 port 46610 [preauth]
Sep 29 13:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Failed password for root from 112.196.70.142 port 52998 ssh2
Sep 29 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Received disconnect from 112.196.70.142 port 52998:11: Bye Bye [preauth]
Sep 29 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Disconnected from 112.196.70.142 port 52998 [preauth]
Sep 29 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Failed password for root from 162.144.236.216 port 53350 ssh2
Sep 29 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13022]: pam_unix(cron:session): session closed for user root
Sep 29 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Connection closed by 162.144.236.216 port 53350 [preauth]
Sep 29 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Failed password for root from 162.144.236.216 port 33584 ssh2
Sep 29 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14497]: Connection closed by 162.144.236.216 port 33584 [preauth]
Sep 29 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 167.148.134.96 port 47336 ssh2
Sep 29 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Received disconnect from 167.148.134.96 port 47336:11: Bye Bye [preauth]
Sep 29 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Disconnected from 167.148.134.96 port 47336 [preauth]
Sep 29 13:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Failed password for root from 162.144.236.216 port 40592 ssh2
Sep 29 13:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Connection closed by 162.144.236.216 port 40592 [preauth]
Sep 29 13:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: Successful su for rubyman by root
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: + ??? root:rubyman
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314941 of user rubyman.
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14637]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314941.
Sep 29 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Failed password for root from 162.144.236.216 port 48322 ssh2
Sep 29 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14557]: Connection closed by 162.144.236.216 port 48322 [preauth]
Sep 29 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11523]: pam_unix(cron:session): session closed for user root
Sep 29 13:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Failed password for root from 162.144.236.216 port 56030 ssh2
Sep 29 13:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Connection closed by 162.144.236.216 port 56030 [preauth]
Sep 29 13:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Failed password for root from 162.144.236.216 port 35214 ssh2
Sep 29 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Connection closed by 162.144.236.216 port 35214 [preauth]
Sep 29 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Failed password for root from 162.144.236.216 port 39420 ssh2
Sep 29 13:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Connection closed by 162.144.236.216 port 39420 [preauth]
Sep 29 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: Failed password for root from 162.144.236.216 port 45578 ssh2
Sep 29 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14901]: Connection closed by 162.144.236.216 port 45578 [preauth]
Sep 29 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session closed for user root
Sep 29 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Failed password for root from 162.144.236.216 port 52896 ssh2
Sep 29 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Invalid user vbox from 167.148.134.96
Sep 29 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: input_userauth_request: invalid user vbox [preauth]
Sep 29 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Failed password for root from 112.196.70.142 port 50018 ssh2
Sep 29 13:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Received disconnect from 112.196.70.142 port 50018:11: Bye Bye [preauth]
Sep 29 13:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14955]: Disconnected from 112.196.70.142 port 50018 [preauth]
Sep 29 13:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Failed password for root from 103.176.78.193 port 43584 ssh2
Sep 29 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Received disconnect from 103.176.78.193 port 43584:11: Bye Bye [preauth]
Sep 29 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Disconnected from 103.176.78.193 port 43584 [preauth]
Sep 29 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Failed password for invalid user vbox from 167.148.134.96 port 56028 ssh2
Sep 29 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Received disconnect from 167.148.134.96 port 56028:11: Bye Bye [preauth]
Sep 29 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14962]: Disconnected from 167.148.134.96 port 56028 [preauth]
Sep 29 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Connection closed by 162.144.236.216 port 52896 [preauth]
Sep 29 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15010]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: Successful su for rubyman by root
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: + ??? root:rubyman
Sep 29 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314945 of user rubyman.
Sep 29 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15071]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314945.
Sep 29 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session closed for user root
Sep 29 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Failed password for root from 162.144.236.216 port 59512 ssh2
Sep 29 13:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15008]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Connection closed by 162.144.236.216 port 59512 [preauth]
Sep 29 13:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 162.144.236.216 port 40442 ssh2
Sep 29 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Connection closed by 162.144.236.216 port 40442 [preauth]
Sep 29 13:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Connection closed by 103.29.69.96 port 33024 [preauth]
Sep 29 13:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Failed password for root from 162.144.236.216 port 49910 ssh2
Sep 29 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Connection closed by 162.144.236.216 port 49910 [preauth]
Sep 29 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
Sep 29 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Failed password for root from 162.144.236.216 port 54938 ssh2
Sep 29 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Invalid user git from 167.148.134.96
Sep 29 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: input_userauth_request: invalid user git [preauth]
Sep 29 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Connection closed by 162.144.236.216 port 54938 [preauth]
Sep 29 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Failed password for invalid user git from 167.148.134.96 port 46024 ssh2
Sep 29 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Received disconnect from 167.148.134.96 port 46024:11: Bye Bye [preauth]
Sep 29 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Disconnected from 167.148.134.96 port 46024 [preauth]
Sep 29 13:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for root from 162.144.236.216 port 60200 ssh2
Sep 29 13:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Connection closed by 162.144.236.216 port 60200 [preauth]
Sep 29 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: Failed password for root from 162.144.236.216 port 41132 ssh2
Sep 29 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15423]: Connection closed by 162.144.236.216 port 41132 [preauth]
Sep 29 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15449]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15507]: Successful su for rubyman by root
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15507]: + ??? root:rubyman
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314950 of user rubyman.
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15507]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314950.
Sep 29 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for root from 112.196.70.142 port 47038 ssh2
Sep 29 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Received disconnect from 112.196.70.142 port 47038:11: Bye Bye [preauth]
Sep 29 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Disconnected from 112.196.70.142 port 47038 [preauth]
Sep 29 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12526]: pam_unix(cron:session): session closed for user root
Sep 29 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Failed password for root from 162.144.236.216 port 48436 ssh2
Sep 29 13:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Connection closed by 162.144.236.216 port 48436 [preauth]
Sep 29 13:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 13:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Failed password for root from 103.176.78.193 port 46284 ssh2
Sep 29 13:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Received disconnect from 103.176.78.193 port 46284:11: Bye Bye [preauth]
Sep 29 13:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Disconnected from 103.176.78.193 port 46284 [preauth]
Sep 29 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: Failed password for root from 185.156.73.233 port 55480 ssh2
Sep 29 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15756]: Connection closed by 185.156.73.233 port 55480 [preauth]
Sep 29 13:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Invalid user foundry from 167.148.134.96
Sep 29 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: input_userauth_request: invalid user foundry [preauth]
Sep 29 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Failed password for invalid user foundry from 167.148.134.96 port 36718 ssh2
Sep 29 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Received disconnect from 167.148.134.96 port 36718:11: Bye Bye [preauth]
Sep 29 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Disconnected from 167.148.134.96 port 36718 [preauth]
Sep 29 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Failed password for root from 162.144.236.216 port 56234 ssh2
Sep 29 13:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session closed for user root
Sep 29 13:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Connection closed by 162.144.236.216 port 56234 [preauth]
Sep 29 13:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: Failed password for root from 162.144.236.216 port 36210 ssh2
Sep 29 13:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15812]: Connection closed by 162.144.236.216 port 36210 [preauth]
Sep 29 13:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Failed password for root from 162.144.236.216 port 43756 ssh2
Sep 29 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Connection closed by 162.144.236.216 port 43756 [preauth]
Sep 29 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Failed password for root from 36.89.28.139 port 59556 ssh2
Sep 29 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Received disconnect from 36.89.28.139 port 59556:11: Bye Bye [preauth]
Sep 29 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Disconnected from 36.89.28.139 port 59556 [preauth]
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15886]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15884]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15887]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session closed for user root
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15882]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15954]: Successful su for rubyman by root
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15954]: + ??? root:rubyman
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314957 of user rubyman.
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15954]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314957.
Sep 29 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15884]: pam_unix(cron:session): session closed for user root
Sep 29 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Failed password for root from 162.144.236.216 port 50510 ssh2
Sep 29 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15870]: Connection closed by 162.144.236.216 port 50510 [preauth]
Sep 29 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13021]: pam_unix(cron:session): session closed for user root
Sep 29 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15883]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Failed password for root from 162.144.236.216 port 57686 ssh2
Sep 29 13:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Invalid user sysadmin from 112.196.70.142
Sep 29 13:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: input_userauth_request: invalid user sysadmin [preauth]
Sep 29 13:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Connection closed by 162.144.236.216 port 57686 [preauth]
Sep 29 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user sysadmin from 112.196.70.142 port 44052 ssh2
Sep 29 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Received disconnect from 112.196.70.142 port 44052:11: Bye Bye [preauth]
Sep 29 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Disconnected from 112.196.70.142 port 44052 [preauth]
Sep 29 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for root from 162.144.236.216 port 37036 ssh2
Sep 29 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 162.144.236.216 port 37036 [preauth]
Sep 29 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Invalid user superadmin from 167.148.134.96
Sep 29 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Failed password for invalid user superadmin from 167.148.134.96 port 38944 ssh2
Sep 29 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Received disconnect from 167.148.134.96 port 38944:11: Bye Bye [preauth]
Sep 29 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Disconnected from 167.148.134.96 port 38944 [preauth]
Sep 29 13:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Failed password for root from 162.144.236.216 port 42976 ssh2
Sep 29 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Connection closed by 162.144.236.216 port 42976 [preauth]
Sep 29 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15010]: pam_unix(cron:session): session closed for user root
Sep 29 13:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Failed password for root from 162.144.236.216 port 48332 ssh2
Sep 29 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Connection closed by 162.144.236.216 port 48332 [preauth]
Sep 29 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 162.144.236.216 port 56118 ssh2
Sep 29 13:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Connection closed by 162.144.236.216 port 56118 [preauth]
Sep 29 13:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Failed password for root from 162.144.236.216 port 35684 ssh2
Sep 29 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Failed password for root from 103.176.78.193 port 35260 ssh2
Sep 29 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Connection closed by 162.144.236.216 port 35684 [preauth]
Sep 29 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Received disconnect from 103.176.78.193 port 35260:11: Bye Bye [preauth]
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Disconnected from 103.176.78.193 port 35260 [preauth]
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16443]: Successful su for rubyman by root
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16443]: + ??? root:rubyman
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314960 of user rubyman.
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16443]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314960.
Sep 29 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session closed for user root
Sep 29 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: Failed password for root from 162.144.236.216 port 45104 ssh2
Sep 29 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: Connection closed by 162.144.236.216 port 45104 [preauth]
Sep 29 13:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Failed password for root from 162.144.236.216 port 52338 ssh2
Sep 29 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16657]: Connection closed by 162.144.236.216 port 52338 [preauth]
Sep 29 13:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Failed password for root from 167.148.134.96 port 40314 ssh2
Sep 29 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Received disconnect from 167.148.134.96 port 40314:11: Bye Bye [preauth]
Sep 29 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Disconnected from 167.148.134.96 port 40314 [preauth]
Sep 29 13:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: Failed password for root from 162.144.236.216 port 33220 ssh2
Sep 29 13:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: Connection closed by 162.144.236.216 port 33220 [preauth]
Sep 29 13:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15450]: pam_unix(cron:session): session closed for user root
Sep 29 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Failed password for root from 112.196.70.142 port 41072 ssh2
Sep 29 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Received disconnect from 112.196.70.142 port 41072:11: Bye Bye [preauth]
Sep 29 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Disconnected from 112.196.70.142 port 41072 [preauth]
Sep 29 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: Failed password for root from 162.144.236.216 port 39626 ssh2
Sep 29 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: Connection closed by 162.144.236.216 port 39626 [preauth]
Sep 29 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Failed password for root from 162.144.236.216 port 46050 ssh2
Sep 29 13:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Connection closed by 162.144.236.216 port 46050 [preauth]
Sep 29 13:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16803]: Failed password for root from 162.144.236.216 port 53332 ssh2
Sep 29 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16803]: Connection closed by 162.144.236.216 port 53332 [preauth]
Sep 29 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarabas.com@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 13:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 13:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarabas.com rhost=::ffff:79.124.49.146
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16851]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16852]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user root
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: Successful su for rubyman by root
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: + ??? root:rubyman
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314964 of user rubyman.
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314964.
Sep 29 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Failed password for root from 162.144.236.216 port 60048 ssh2
Sep 29 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Connection closed by 162.144.236.216 port 60048 [preauth]
Sep 29 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user root
Sep 29 13:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Failed password for root from 162.144.236.216 port 38648 ssh2
Sep 29 13:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Connection closed by 162.144.236.216 port 38648 [preauth]
Sep 29 13:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Failed password for root from 162.144.236.216 port 45822 ssh2
Sep 29 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Connection closed by 162.144.236.216 port 45822 [preauth]
Sep 29 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Invalid user hadoop from 62.60.131.157
Sep 29 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 13:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for invalid user hadoop from 62.60.131.157 port 63196 ssh2
Sep 29 13:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for invalid user hadoop from 62.60.131.157 port 63196 ssh2
Sep 29 13:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for root from 167.148.134.96 port 46664 ssh2
Sep 29 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Received disconnect from 167.148.134.96 port 46664:11: Bye Bye [preauth]
Sep 29 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Disconnected from 167.148.134.96 port 46664 [preauth]
Sep 29 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for invalid user hadoop from 62.60.131.157 port 63196 ssh2
Sep 29 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Failed password for root from 162.144.236.216 port 51378 ssh2
Sep 29 13:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for invalid user hadoop from 62.60.131.157 port 63196 ssh2
Sep 29 13:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17170]: Connection closed by 162.144.236.216 port 51378 [preauth]
Sep 29 13:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for invalid user hadoop from 62.60.131.157 port 63196 ssh2
Sep 29 13:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Received disconnect from 62.60.131.157 port 63196:11: Bye [preauth]
Sep 29 13:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Disconnected from 62.60.131.157 port 63196 [preauth]
Sep 29 13:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 13:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15887]: pam_unix(cron:session): session closed for user root
Sep 29 13:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Failed password for root from 162.144.236.216 port 59350 ssh2
Sep 29 13:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Connection closed by 162.144.236.216 port 59350 [preauth]
Sep 29 13:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Invalid user nfsuser from 103.176.78.193
Sep 29 13:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: input_userauth_request: invalid user nfsuser [preauth]
Sep 29 13:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Failed password for invalid user nfsuser from 103.176.78.193 port 46792 ssh2
Sep 29 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Received disconnect from 103.176.78.193 port 46792:11: Bye Bye [preauth]
Sep 29 13:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Disconnected from 103.176.78.193 port 46792 [preauth]
Sep 29 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Failed password for root from 162.144.236.216 port 38306 ssh2
Sep 29 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Connection closed by 162.144.236.216 port 38306 [preauth]
Sep 29 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: User vncuser from 112.196.70.142 not allowed because not listed in AllowUsers
Sep 29 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: input_userauth_request: invalid user vncuser [preauth]
Sep 29 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=vncuser
Sep 29 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Failed password for invalid user vncuser from 112.196.70.142 port 38098 ssh2
Sep 29 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Received disconnect from 112.196.70.142 port 38098:11: Bye Bye [preauth]
Sep 29 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Disconnected from 112.196.70.142 port 38098 [preauth]
Sep 29 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for root from 162.144.236.216 port 44534 ssh2
Sep 29 13:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Connection closed by 162.144.236.216 port 44534 [preauth]
Sep 29 13:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17324]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17322]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17396]: Successful su for rubyman by root
Sep 29 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17396]: + ??? root:rubyman
Sep 29 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314969 of user rubyman.
Sep 29 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17396]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314969.
Sep 29 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user root
Sep 29 13:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17323]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Failed password for root from 162.144.236.216 port 51114 ssh2
Sep 29 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Connection closed by 162.144.236.216 port 51114 [preauth]
Sep 29 13:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Invalid user jirka from 167.148.134.96
Sep 29 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: input_userauth_request: invalid user jirka [preauth]
Sep 29 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Failed password for invalid user jirka from 167.148.134.96 port 47788 ssh2
Sep 29 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Received disconnect from 167.148.134.96 port 47788:11: Bye Bye [preauth]
Sep 29 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Disconnected from 167.148.134.96 port 47788 [preauth]
Sep 29 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for root from 162.144.236.216 port 58688 ssh2
Sep 29 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 162.144.236.216 port 58688 [preauth]
Sep 29 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user root
Sep 29 13:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Failed password for root from 93.152.230.176 port 33156 ssh2
Sep 29 13:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: Failed password for root from 162.144.236.216 port 36688 ssh2
Sep 29 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Received disconnect from 93.152.230.176 port 33156:11: Client disconnecting normally [preauth]
Sep 29 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Disconnected from 93.152.230.176 port 33156 [preauth]
Sep 29 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: Connection closed by 162.144.236.216 port 36688 [preauth]
Sep 29 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: Failed password for root from 162.144.236.216 port 44880 ssh2
Sep 29 13:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: Connection closed by 162.144.236.216 port 44880 [preauth]
Sep 29 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Failed password for root from 162.144.236.216 port 53034 ssh2
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17861]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17852]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17933]: Successful su for rubyman by root
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17933]: + ??? root:rubyman
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314973 of user rubyman.
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17933]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314973.
Sep 29 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Connection closed by 162.144.236.216 port 53034 [preauth]
Sep 29 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15009]: pam_unix(cron:session): session closed for user root
Sep 29 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17853]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for root from 162.144.236.216 port 34276 ssh2
Sep 29 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Connection closed by 162.144.236.216 port 34276 [preauth]
Sep 29 13:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Invalid user celeryuser from 112.196.70.142
Sep 29 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: input_userauth_request: invalid user celeryuser [preauth]
Sep 29 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Failed password for invalid user celeryuser from 112.196.70.142 port 35128 ssh2
Sep 29 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Received disconnect from 112.196.70.142 port 35128:11: Bye Bye [preauth]
Sep 29 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Disconnected from 112.196.70.142 port 35128 [preauth]
Sep 29 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Invalid user minecraft from 36.89.28.139
Sep 29 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Failed password for invalid user minecraft from 36.89.28.139 port 33768 ssh2
Sep 29 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Received disconnect from 36.89.28.139 port 33768:11: Bye Bye [preauth]
Sep 29 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Disconnected from 36.89.28.139 port 33768 [preauth]
Sep 29 13:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Failed password for root from 103.176.78.193 port 51652 ssh2
Sep 29 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Failed password for root from 162.144.236.216 port 40152 ssh2
Sep 29 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Received disconnect from 103.176.78.193 port 51652:11: Bye Bye [preauth]
Sep 29 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Disconnected from 103.176.78.193 port 51652 [preauth]
Sep 29 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Invalid user postgres from 167.148.134.96
Sep 29 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: input_userauth_request: invalid user postgres [preauth]
Sep 29 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Connection closed by 162.144.236.216 port 40152 [preauth]
Sep 29 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Failed password for invalid user postgres from 167.148.134.96 port 46584 ssh2
Sep 29 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Received disconnect from 167.148.134.96 port 46584:11: Bye Bye [preauth]
Sep 29 13:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Disconnected from 167.148.134.96 port 46584 [preauth]
Sep 29 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16852]: pam_unix(cron:session): session closed for user root
Sep 29 13:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Failed password for root from 162.144.236.216 port 47754 ssh2
Sep 29 13:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Connection closed by 162.144.236.216 port 47754 [preauth]
Sep 29 13:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Failed password for root from 162.144.236.216 port 55100 ssh2
Sep 29 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Connection closed by 162.144.236.216 port 55100 [preauth]
Sep 29 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18586]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18588]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18588]: pam_unix(cron:session): session closed for user root
Sep 29 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: Successful su for rubyman by root
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: + ??? root:rubyman
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314976 of user rubyman.
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18668]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314976.
Sep 29 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18566]: Failed password for root from 162.144.236.216 port 32848 ssh2
Sep 29 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18566]: Connection closed by 162.144.236.216 port 32848 [preauth]
Sep 29 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15449]: pam_unix(cron:session): session closed for user root
Sep 29 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session closed for user root
Sep 29 13:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Failed password for root from 162.144.236.216 port 39660 ssh2
Sep 29 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Connection closed by 162.144.236.216 port 39660 [preauth]
Sep 29 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Invalid user sendmail from 167.148.134.96
Sep 29 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: input_userauth_request: invalid user sendmail [preauth]
Sep 29 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Failed password for invalid user sendmail from 167.148.134.96 port 35520 ssh2
Sep 29 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Received disconnect from 167.148.134.96 port 35520:11: Bye Bye [preauth]
Sep 29 13:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Disconnected from 167.148.134.96 port 35520 [preauth]
Sep 29 13:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: Invalid user matthew from 36.89.28.139
Sep 29 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: input_userauth_request: invalid user matthew [preauth]
Sep 29 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: Failed password for invalid user matthew from 36.89.28.139 port 59136 ssh2
Sep 29 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: Received disconnect from 36.89.28.139 port 59136:11: Bye Bye [preauth]
Sep 29 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19001]: Disconnected from 36.89.28.139 port 59136 [preauth]
Sep 29 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Invalid user foundry from 112.196.70.142
Sep 29 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: input_userauth_request: invalid user foundry [preauth]
Sep 29 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session closed for user root
Sep 29 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Failed password for invalid user foundry from 112.196.70.142 port 60382 ssh2
Sep 29 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Received disconnect from 112.196.70.142 port 60382:11: Bye Bye [preauth]
Sep 29 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Disconnected from 112.196.70.142 port 60382 [preauth]
Sep 29 13:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: Failed password for root from 162.144.236.216 port 48224 ssh2
Sep 29 13:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: Connection closed by 162.144.236.216 port 48224 [preauth]
Sep 29 13:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: Failed password for root from 162.144.236.216 port 56662 ssh2
Sep 29 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: Connection closed by 162.144.236.216 port 56662 [preauth]
Sep 29 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Invalid user wangchangyou from 103.176.78.193
Sep 29 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: input_userauth_request: invalid user wangchangyou [preauth]
Sep 29 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 162.144.236.216 port 34900 ssh2
Sep 29 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Failed password for invalid user wangchangyou from 103.176.78.193 port 35634 ssh2
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19113]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Received disconnect from 103.176.78.193 port 35634:11: Bye Bye [preauth]
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Disconnected from 103.176.78.193 port 35634 [preauth]
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19191]: Successful su for rubyman by root
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19191]: + ??? root:rubyman
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314984 of user rubyman.
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19191]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314984.
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Connection closed by 162.144.236.216 port 34900 [preauth]
Sep 29 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15886]: pam_unix(cron:session): session closed for user root
Sep 29 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: Failed password for root from 162.144.236.216 port 41166 ssh2
Sep 29 13:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19218]: Connection closed by 162.144.236.216 port 41166 [preauth]
Sep 29 13:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Failed password for root from 162.144.236.216 port 47634 ssh2
Sep 29 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: Failed password for root from 167.148.134.96 port 54186 ssh2
Sep 29 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: Received disconnect from 167.148.134.96 port 54186:11: Bye Bye [preauth]
Sep 29 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: Disconnected from 167.148.134.96 port 54186 [preauth]
Sep 29 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Connection closed by 162.144.236.216 port 47634 [preauth]
Sep 29 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Failed password for root from 162.144.236.216 port 53636 ssh2
Sep 29 13:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Connection closed by 162.144.236.216 port 53636 [preauth]
Sep 29 13:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: Failed password for root from 162.144.236.216 port 59316 ssh2
Sep 29 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: Connection closed by 162.144.236.216 port 59316 [preauth]
Sep 29 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17861]: pam_unix(cron:session): session closed for user root
Sep 29 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for root from 36.89.28.139 port 33096 ssh2
Sep 29 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Failed password for root from 162.144.236.216 port 39320 ssh2
Sep 29 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Received disconnect from 36.89.28.139 port 33096:11: Bye Bye [preauth]
Sep 29 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Disconnected from 36.89.28.139 port 33096 [preauth]
Sep 29 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Connection closed by 162.144.236.216 port 39320 [preauth]
Sep 29 13:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Invalid user bot2 from 112.196.70.142
Sep 29 13:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: input_userauth_request: invalid user bot2 [preauth]
Sep 29 13:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Failed password for invalid user bot2 from 112.196.70.142 port 57398 ssh2
Sep 29 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Received disconnect from 112.196.70.142 port 57398:11: Bye Bye [preauth]
Sep 29 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Disconnected from 112.196.70.142 port 57398 [preauth]
Sep 29 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Failed password for root from 162.144.236.216 port 46054 ssh2
Sep 29 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Connection closed by 162.144.236.216 port 46054 [preauth]
Sep 29 13:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Failed password for root from 162.144.236.216 port 54254 ssh2
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19927]: Connection closed by 162.144.236.216 port 54254 [preauth]
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19952]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19951]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19949]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: Successful su for rubyman by root
Sep 29 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: + ??? root:rubyman
Sep 29 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314986 of user rubyman.
Sep 29 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20027]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314986.
Sep 29 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user root
Sep 29 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19950]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Failed password for root from 162.144.236.216 port 33004 ssh2
Sep 29 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Connection closed by 162.144.236.216 port 33004 [preauth]
Sep 29 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Failed password for root from 167.148.134.96 port 57244 ssh2
Sep 29 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Received disconnect from 167.148.134.96 port 57244:11: Bye Bye [preauth]
Sep 29 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Disconnected from 167.148.134.96 port 57244 [preauth]
Sep 29 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for root from 162.144.236.216 port 39382 ssh2
Sep 29 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Connection closed by 162.144.236.216 port 39382 [preauth]
Sep 29 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Failed password for root from 162.144.236.216 port 46198 ssh2
Sep 29 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20306]: Connection closed by 162.144.236.216 port 46198 [preauth]
Sep 29 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18587]: pam_unix(cron:session): session closed for user root
Sep 29 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: Failed password for root from 162.144.236.216 port 53168 ssh2
Sep 29 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Invalid user rootadmin from 103.176.78.193
Sep 29 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: input_userauth_request: invalid user rootadmin [preauth]
Sep 29 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: Connection closed by 162.144.236.216 port 53168 [preauth]
Sep 29 13:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Failed password for invalid user rootadmin from 103.176.78.193 port 50248 ssh2
Sep 29 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Received disconnect from 103.176.78.193 port 50248:11: Bye Bye [preauth]
Sep 29 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20372]: Disconnected from 103.176.78.193 port 50248 [preauth]
Sep 29 13:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Invalid user sftpuser from 36.89.28.139
Sep 29 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: input_userauth_request: invalid user sftpuser [preauth]
Sep 29 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for invalid user sftpuser from 36.89.28.139 port 51670 ssh2
Sep 29 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Received disconnect from 36.89.28.139 port 51670:11: Bye Bye [preauth]
Sep 29 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Disconnected from 36.89.28.139 port 51670 [preauth]
Sep 29 13:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Failed password for root from 162.144.236.216 port 33074 ssh2
Sep 29 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Connection closed by 162.144.236.216 port 33074 [preauth]
Sep 29 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20459]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20529]: Successful su for rubyman by root
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20529]: + ??? root:rubyman
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314992 of user rubyman.
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20529]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314992.
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: Invalid user bacon from 112.196.70.142
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: input_userauth_request: invalid user bacon [preauth]
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: Failed password for invalid user bacon from 112.196.70.142 port 54416 ssh2
Sep 29 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: Received disconnect from 112.196.70.142 port 54416:11: Bye Bye [preauth]
Sep 29 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20455]: Disconnected from 112.196.70.142 port 54416 [preauth]
Sep 29 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16851]: pam_unix(cron:session): session closed for user root
Sep 29 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Failed password for root from 167.148.134.96 port 58642 ssh2
Sep 29 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Received disconnect from 167.148.134.96 port 58642:11: Bye Bye [preauth]
Sep 29 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Disconnected from 167.148.134.96 port 58642 [preauth]
Sep 29 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20460]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: Failed password for root from 162.144.236.216 port 39960 ssh2
Sep 29 13:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: Connection closed by 162.144.236.216 port 39960 [preauth]
Sep 29 13:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Invalid user  from 62.60.131.157
Sep 29 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: input_userauth_request: invalid user  [preauth]
Sep 29 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Failed none for invalid user  from 62.60.131.157 port 63033 ssh2
Sep 29 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Received disconnect from 62.60.131.157 port 63033:11: Bye [preauth]
Sep 29 13:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Disconnected from 62.60.131.157 port 63033 [preauth]
Sep 29 13:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20749]: Failed password for root from 162.144.236.216 port 46348 ssh2
Sep 29 13:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20749]: Connection closed by 162.144.236.216 port 46348 [preauth]
Sep 29 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user root
Sep 29 13:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Failed password for root from 162.144.236.216 port 57700 ssh2
Sep 29 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Connection closed by 162.144.236.216 port 57700 [preauth]
Sep 29 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Invalid user eren from 36.89.28.139
Sep 29 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: input_userauth_request: invalid user eren [preauth]
Sep 29 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Failed password for invalid user eren from 36.89.28.139 port 55836 ssh2
Sep 29 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Received disconnect from 36.89.28.139 port 55836:11: Bye Bye [preauth]
Sep 29 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20897]: Disconnected from 36.89.28.139 port 55836 [preauth]
Sep 29 13:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Failed password for root from 162.144.236.216 port 37444 ssh2
Sep 29 13:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Connection closed by 162.144.236.216 port 37444 [preauth]
Sep 29 13:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20989]: Successful su for rubyman by root
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20989]: + ??? root:rubyman
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 314995 of user rubyman.
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20989]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 314995.
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96  user=root
Sep 29 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Failed password for root from 167.148.134.96 port 57810 ssh2
Sep 29 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Received disconnect from 167.148.134.96 port 57810:11: Bye Bye [preauth]
Sep 29 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Disconnected from 167.148.134.96 port 57810 [preauth]
Sep 29 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17324]: pam_unix(cron:session): session closed for user root
Sep 29 13:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Failed password for root from 162.144.236.216 port 43206 ssh2
Sep 29 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20917]: Connection closed by 162.144.236.216 port 43206 [preauth]
Sep 29 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21195]: Failed password for root from 162.144.236.216 port 49696 ssh2
Sep 29 13:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21195]: Connection closed by 162.144.236.216 port 49696 [preauth]
Sep 29 13:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Invalid user bot2 from 103.176.78.193
Sep 29 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: input_userauth_request: invalid user bot2 [preauth]
Sep 29 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Failed password for root from 112.196.70.142 port 51440 ssh2
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Failed password for invalid user bot2 from 103.176.78.193 port 60572 ssh2
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Received disconnect from 112.196.70.142 port 51440:11: Bye Bye [preauth]
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Disconnected from 112.196.70.142 port 51440 [preauth]
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Received disconnect from 103.176.78.193 port 60572:11: Bye Bye [preauth]
Sep 29 13:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21240]: Disconnected from 103.176.78.193 port 60572 [preauth]
Sep 29 13:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for root from 162.144.236.216 port 57494 ssh2
Sep 29 13:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Connection closed by 162.144.236.216 port 57494 [preauth]
Sep 29 13:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Failed password for root from 162.144.236.216 port 36186 ssh2
Sep 29 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Connection closed by 162.144.236.216 port 36186 [preauth]
Sep 29 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19952]: pam_unix(cron:session): session closed for user root
Sep 29 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Failed password for root from 162.144.236.216 port 40924 ssh2
Sep 29 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21279]: Connection closed by 162.144.236.216 port 40924 [preauth]
Sep 29 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Sep 29 13:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21318]: Failed password for root from 162.144.236.216 port 49036 ssh2
Sep 29 13:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: Failed password for root from 80.94.95.115 port 23394 ssh2
Sep 29 13:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21342]: Connection closed by 80.94.95.115 port 23394 [preauth]
Sep 29 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21318]: Connection closed by 162.144.236.216 port 49036 [preauth]
Sep 29 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Invalid user dls from 36.89.28.139
Sep 29 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: input_userauth_request: invalid user dls [preauth]
Sep 29 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: Invalid user steam from 167.148.134.96
Sep 29 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: input_userauth_request: invalid user steam [preauth]
Sep 29 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.148.134.96
Sep 29 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Failed password for root from 162.144.236.216 port 57900 ssh2
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Failed password for invalid user dls from 36.89.28.139 port 38196 ssh2
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Received disconnect from 36.89.28.139 port 38196:11: Bye Bye [preauth]
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Disconnected from 36.89.28.139 port 38196 [preauth]
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21355]: Connection closed by 162.144.236.216 port 57900 [preauth]
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: Failed password for invalid user steam from 167.148.134.96 port 60930 ssh2
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session closed for user root
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: Received disconnect from 167.148.134.96 port 60930:11: Bye Bye [preauth]
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21372]: Disconnected from 167.148.134.96 port 60930 [preauth]
Sep 29 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21456]: Successful su for rubyman by root
Sep 29 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21456]: + ??? root:rubyman
Sep 29 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315000 of user rubyman.
Sep 29 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21456]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315000.
Sep 29 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17854]: pam_unix(cron:session): session closed for user root
Sep 29 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session closed for user root
Sep 29 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21415]: Failed password for root from 162.144.236.216 port 35220 ssh2
Sep 29 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21415]: Connection closed by 162.144.236.216 port 35220 [preauth]
Sep 29 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21659]: Failed password for root from 162.144.236.216 port 41730 ssh2
Sep 29 13:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21659]: Connection closed by 162.144.236.216 port 41730 [preauth]
Sep 29 13:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Failed password for root from 162.144.236.216 port 49144 ssh2
Sep 29 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Connection closed by 162.144.236.216 port 49144 [preauth]
Sep 29 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20462]: pam_unix(cron:session): session closed for user root
Sep 29 13:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: Failed password for root from 162.144.236.216 port 55828 ssh2
Sep 29 13:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: Connection closed by 162.144.236.216 port 55828 [preauth]
Sep 29 13:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Failed password for root from 112.196.70.142 port 48456 ssh2
Sep 29 13:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Received disconnect from 112.196.70.142 port 48456:11: Bye Bye [preauth]
Sep 29 13:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Disconnected from 112.196.70.142 port 48456 [preauth]
Sep 29 13:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Failed password for root from 162.144.236.216 port 35376 ssh2
Sep 29 13:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Connection closed by 162.144.236.216 port 35376 [preauth]
Sep 29 13:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Failed password for root from 162.144.236.216 port 41600 ssh2
Sep 29 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Connection closed by 162.144.236.216 port 41600 [preauth]
Sep 29 13:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21869]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21866]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: Successful su for rubyman by root
Sep 29 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: + ??? root:rubyman
Sep 29 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315004 of user rubyman.
Sep 29 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315004.
Sep 29 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for root from 162.144.236.216 port 48630 ssh2
Sep 29 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Connection closed by 162.144.236.216 port 48630 [preauth]
Sep 29 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Invalid user test from 36.89.28.139
Sep 29 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: input_userauth_request: invalid user test [preauth]
Sep 29 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Failed password for invalid user test from 36.89.28.139 port 47374 ssh2
Sep 29 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Received disconnect from 36.89.28.139 port 47374:11: Bye Bye [preauth]
Sep 29 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Disconnected from 36.89.28.139 port 47374 [preauth]
Sep 29 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Failed password for root from 103.176.78.193 port 37030 ssh2
Sep 29 13:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18586]: pam_unix(cron:session): session closed for user root
Sep 29 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Received disconnect from 103.176.78.193 port 37030:11: Bye Bye [preauth]
Sep 29 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22094]: Disconnected from 103.176.78.193 port 37030 [preauth]
Sep 29 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Failed password for root from 162.144.236.216 port 56708 ssh2
Sep 29 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Connection closed by 162.144.236.216 port 56708 [preauth]
Sep 29 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Failed password for root from 162.144.236.216 port 33852 ssh2
Sep 29 13:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22159]: Connection closed by 162.144.236.216 port 33852 [preauth]
Sep 29 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: Invalid user ts3server from 164.68.105.9
Sep 29 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: input_userauth_request: invalid user ts3server [preauth]
Sep 29 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: Failed password for invalid user ts3server from 164.68.105.9 port 43638 ssh2
Sep 29 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22196]: Connection closed by 164.68.105.9 port 43638 [preauth]
Sep 29 13:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Failed password for root from 162.144.236.216 port 39866 ssh2
Sep 29 13:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Connection closed by 162.144.236.216 port 39866 [preauth]
Sep 29 13:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session closed for user root
Sep 29 13:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for root from 162.144.236.216 port 46816 ssh2
Sep 29 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Connection closed by 162.144.236.216 port 46816 [preauth]
Sep 29 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: Failed password for root from 162.144.236.216 port 55698 ssh2
Sep 29 13:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: Connection closed by 162.144.236.216 port 55698 [preauth]
Sep 29 13:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Failed password for root from 112.196.70.142 port 45474 ssh2
Sep 29 13:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Received disconnect from 112.196.70.142 port 45474:11: Bye Bye [preauth]
Sep 29 13:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Disconnected from 112.196.70.142 port 45474 [preauth]
Sep 29 13:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: Failed password for root from 162.144.236.216 port 33244 ssh2
Sep 29 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22307]: Connection closed by 162.144.236.216 port 33244 [preauth]
Sep 29 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22334]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22404]: Successful su for rubyman by root
Sep 29 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22404]: + ??? root:rubyman
Sep 29 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315009 of user rubyman.
Sep 29 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22404]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315009.
Sep 29 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user root
Sep 29 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22336]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Failed password for root from 162.144.236.216 port 39860 ssh2
Sep 29 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Failed password for root from 36.89.28.139 port 35026 ssh2
Sep 29 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Received disconnect from 36.89.28.139 port 35026:11: Bye Bye [preauth]
Sep 29 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Disconnected from 36.89.28.139 port 35026 [preauth]
Sep 29 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Connection closed by 162.144.236.216 port 39860 [preauth]
Sep 29 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Failed password for root from 162.144.236.216 port 48002 ssh2
Sep 29 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Connection closed by 162.144.236.216 port 48002 [preauth]
Sep 29 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Failed password for root from 162.144.236.216 port 56538 ssh2
Sep 29 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22666]: Connection closed by 162.144.236.216 port 56538 [preauth]
Sep 29 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Failed password for root from 93.152.230.176 port 3804 ssh2
Sep 29 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Received disconnect from 93.152.230.176 port 3804:11: Client disconnecting normally [preauth]
Sep 29 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Disconnected from 93.152.230.176 port 3804 [preauth]
Sep 29 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Failed password for root from 162.144.236.216 port 36092 ssh2
Sep 29 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session closed for user root
Sep 29 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Connection closed by 162.144.236.216 port 36092 [preauth]
Sep 29 13:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Invalid user sysadmin from 103.176.78.193
Sep 29 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: input_userauth_request: invalid user sysadmin [preauth]
Sep 29 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: Failed password for root from 162.144.236.216 port 43894 ssh2
Sep 29 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Failed password for invalid user sysadmin from 103.176.78.193 port 38460 ssh2
Sep 29 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Received disconnect from 103.176.78.193 port 38460:11: Bye Bye [preauth]
Sep 29 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Disconnected from 103.176.78.193 port 38460 [preauth]
Sep 29 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: Connection closed by 162.144.236.216 port 43894 [preauth]
Sep 29 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for root from 162.144.236.216 port 51178 ssh2
Sep 29 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Connection closed by 162.144.236.216 port 51178 [preauth]
Sep 29 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23001]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: Successful su for rubyman by root
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: + ??? root:rubyman
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315012 of user rubyman.
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23088]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315012.
Sep 29 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Invalid user nfsuser from 112.196.70.142
Sep 29 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: input_userauth_request: invalid user nfsuser [preauth]
Sep 29 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Failed password for root from 162.144.236.216 port 56716 ssh2
Sep 29 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Connection closed by 162.144.236.216 port 56716 [preauth]
Sep 29 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19951]: pam_unix(cron:session): session closed for user root
Sep 29 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Failed password for invalid user nfsuser from 112.196.70.142 port 42492 ssh2
Sep 29 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Received disconnect from 112.196.70.142 port 42492:11: Bye Bye [preauth]
Sep 29 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Disconnected from 112.196.70.142 port 42492 [preauth]
Sep 29 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23002]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Failed password for root from 36.89.28.139 port 39984 ssh2
Sep 29 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Received disconnect from 36.89.28.139 port 39984:11: Bye Bye [preauth]
Sep 29 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23341]: Disconnected from 36.89.28.139 port 39984 [preauth]
Sep 29 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for root from 162.144.236.216 port 35706 ssh2
Sep 29 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Connection closed by 162.144.236.216 port 35706 [preauth]
Sep 29 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Failed password for root from 162.144.236.216 port 41212 ssh2
Sep 29 13:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23365]: Connection closed by 162.144.236.216 port 41212 [preauth]
Sep 29 13:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Failed password for root from 162.144.236.216 port 49348 ssh2
Sep 29 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Connection closed by 162.144.236.216 port 49348 [preauth]
Sep 29 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21869]: pam_unix(cron:session): session closed for user root
Sep 29 13:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Failed password for root from 162.144.236.216 port 56506 ssh2
Sep 29 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Connection closed by 162.144.236.216 port 56506 [preauth]
Sep 29 13:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Failed password for root from 162.144.236.216 port 34556 ssh2
Sep 29 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23486]: Connection closed by 162.144.236.216 port 34556 [preauth]
Sep 29 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Failed password for root from 162.144.236.216 port 41540 ssh2
Sep 29 13:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Connection closed by 162.144.236.216 port 41540 [preauth]
Sep 29 13:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: Successful su for rubyman by root
Sep 29 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: + ??? root:rubyman
Sep 29 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315017 of user rubyman.
Sep 29 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23822]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315017.
Sep 29 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Failed password for root from 162.144.236.216 port 48590 ssh2
Sep 29 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session closed for user root
Sep 29 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Connection closed by 162.144.236.216 port 48590 [preauth]
Sep 29 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: Failed password for root from 36.89.28.139 port 38792 ssh2
Sep 29 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Failed password for root from 162.144.236.216 port 56420 ssh2
Sep 29 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: Received disconnect from 36.89.28.139 port 38792:11: Bye Bye [preauth]
Sep 29 13:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24044]: Disconnected from 36.89.28.139 port 38792 [preauth]
Sep 29 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Connection closed by 162.144.236.216 port 56420 [preauth]
Sep 29 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: Invalid user deploy from 112.196.70.142
Sep 29 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: input_userauth_request: invalid user deploy [preauth]
Sep 29 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Failed password for root from 162.144.236.216 port 34946 ssh2
Sep 29 13:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: Failed password for invalid user deploy from 112.196.70.142 port 39506 ssh2
Sep 29 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: Received disconnect from 112.196.70.142 port 39506:11: Bye Bye [preauth]
Sep 29 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24074]: Disconnected from 112.196.70.142 port 39506 [preauth]
Sep 29 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Connection closed by 162.144.236.216 port 34946 [preauth]
Sep 29 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Invalid user foundry from 103.176.78.193
Sep 29 13:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: input_userauth_request: invalid user foundry [preauth]
Sep 29 13:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Failed password for invalid user foundry from 103.176.78.193 port 59214 ssh2
Sep 29 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Received disconnect from 103.176.78.193 port 59214:11: Bye Bye [preauth]
Sep 29 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Disconnected from 103.176.78.193 port 59214 [preauth]
Sep 29 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Failed password for root from 162.144.236.216 port 41834 ssh2
Sep 29 13:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Connection closed by 162.144.236.216 port 41834 [preauth]
Sep 29 13:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session closed for user root
Sep 29 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Failed password for root from 162.144.236.216 port 46308 ssh2
Sep 29 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Connection closed by 162.144.236.216 port 46308 [preauth]
Sep 29 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: Failed password for root from 162.144.236.216 port 54358 ssh2
Sep 29 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24185]: Connection closed by 162.144.236.216 port 54358 [preauth]
Sep 29 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Failed password for root from 162.144.236.216 port 33250 ssh2
Sep 29 13:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24214]: Connection closed by 162.144.236.216 port 33250 [preauth]
Sep 29 13:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24252]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24256]: pam_unix(cron:session): session closed for user root
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: Successful su for rubyman by root
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: + ??? root:rubyman
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315020 of user rubyman.
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24327]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315020.
Sep 29 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Failed password for root from 162.144.236.216 port 39612 ssh2
Sep 29 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Connection closed by 162.144.236.216 port 39612 [preauth]
Sep 29 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24252]: pam_unix(cron:session): session closed for user root
Sep 29 13:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session closed for user root
Sep 29 13:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Failed password for root from 162.144.236.216 port 46156 ssh2
Sep 29 13:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Connection closed by 162.144.236.216 port 46156 [preauth]
Sep 29 13:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: Failed password for root from 36.89.28.139 port 56700 ssh2
Sep 29 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: Received disconnect from 36.89.28.139 port 56700:11: Bye Bye [preauth]
Sep 29 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24623]: Disconnected from 36.89.28.139 port 56700 [preauth]
Sep 29 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Failed password for root from 162.144.236.216 port 52218 ssh2
Sep 29 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Connection closed by 162.144.236.216 port 52218 [preauth]
Sep 29 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Failed password for root from 162.144.236.216 port 59876 ssh2
Sep 29 13:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Connection closed by 162.144.236.216 port 59876 [preauth]
Sep 29 13:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23004]: pam_unix(cron:session): session closed for user root
Sep 29 13:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Failed password for root from 162.144.236.216 port 37724 ssh2
Sep 29 13:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24661]: Connection closed by 162.144.236.216 port 37724 [preauth]
Sep 29 13:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Invalid user rootadmin from 112.196.70.142
Sep 29 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: input_userauth_request: invalid user rootadmin [preauth]
Sep 29 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Failed password for invalid user rootadmin from 112.196.70.142 port 36532 ssh2
Sep 29 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Received disconnect from 112.196.70.142 port 36532:11: Bye Bye [preauth]
Sep 29 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24707]: Disconnected from 112.196.70.142 port 36532 [preauth]
Sep 29 13:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Invalid user user from 80.94.95.112
Sep 29 13:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: input_userauth_request: invalid user user [preauth]
Sep 29 13:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 13:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Failed password for root from 162.144.236.216 port 45396 ssh2
Sep 29 13:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for invalid user user from 80.94.95.112 port 63207 ssh2
Sep 29 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Connection closed by 162.144.236.216 port 45396 [preauth]
Sep 29 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for invalid user user from 80.94.95.112 port 63207 ssh2
Sep 29 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for invalid user user from 80.94.95.112 port 63207 ssh2
Sep 29 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for invalid user user from 80.94.95.112 port 63207 ssh2
Sep 29 13:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Failed password for root from 162.144.236.216 port 52074 ssh2
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Connection closed by 162.144.236.216 port 52074 [preauth]
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for invalid user user from 80.94.95.112 port 63207 ssh2
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Received disconnect from 80.94.95.112 port 63207:11: Bye [preauth]
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Disconnected from 80.94.95.112 port 63207 [preauth]
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24780]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24848]: Successful su for rubyman by root
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24848]: + ??? root:rubyman
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315026 of user rubyman.
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24848]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315026.
Sep 29 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 162.144.236.216 port 58974 ssh2
Sep 29 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Connection closed by 162.144.236.216 port 58974 [preauth]
Sep 29 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: Invalid user deploy from 103.176.78.193
Sep 29 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: input_userauth_request: invalid user deploy [preauth]
Sep 29 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: Failed password for invalid user deploy from 103.176.78.193 port 52832 ssh2
Sep 29 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24781]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: Received disconnect from 103.176.78.193 port 52832:11: Bye Bye [preauth]
Sep 29 13:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24900]: Disconnected from 103.176.78.193 port 52832 [preauth]
Sep 29 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session closed for user root
Sep 29 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Failed password for root from 162.144.236.216 port 37604 ssh2
Sep 29 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Connection closed by 162.144.236.216 port 37604 [preauth]
Sep 29 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: Failed password for root from 162.144.236.216 port 45088 ssh2
Sep 29 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25075]: Connection closed by 162.144.236.216 port 45088 [preauth]
Sep 29 13:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Invalid user leon from 36.89.28.139
Sep 29 13:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: input_userauth_request: invalid user leon [preauth]
Sep 29 13:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Failed password for invalid user leon from 36.89.28.139 port 34480 ssh2
Sep 29 13:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Received disconnect from 36.89.28.139 port 34480:11: Bye Bye [preauth]
Sep 29 13:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Disconnected from 36.89.28.139 port 34480 [preauth]
Sep 29 13:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Failed password for root from 162.144.236.216 port 50842 ssh2
Sep 29 13:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Connection closed by 162.144.236.216 port 50842 [preauth]
Sep 29 13:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session closed for user root
Sep 29 13:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25140]: Failed password for root from 162.144.236.216 port 56788 ssh2
Sep 29 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25140]: Connection closed by 162.144.236.216 port 56788 [preauth]
Sep 29 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Failed password for root from 162.144.236.216 port 35272 ssh2
Sep 29 13:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Connection closed by 162.144.236.216 port 35272 [preauth]
Sep 29 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: Failed password for root from 162.144.236.216 port 42184 ssh2
Sep 29 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: Connection closed by 162.144.236.216 port 42184 [preauth]
Sep 29 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Failed password for root from 162.144.236.216 port 48538 ssh2
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Failed password for root from 112.196.70.142 port 33558 ssh2
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Received disconnect from 112.196.70.142 port 33558:11: Bye Bye [preauth]
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Disconnected from 112.196.70.142 port 33558 [preauth]
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25556]: Successful su for rubyman by root
Sep 29 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25556]: + ??? root:rubyman
Sep 29 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315031 of user rubyman.
Sep 29 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25556]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315031.
Sep 29 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Connection closed by 162.144.236.216 port 48538 [preauth]
Sep 29 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session closed for user root
Sep 29 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25614]: Failed password for root from 162.144.236.216 port 56330 ssh2
Sep 29 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25614]: Connection closed by 162.144.236.216 port 56330 [preauth]
Sep 29 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Failed password for root from 162.144.236.216 port 34644 ssh2
Sep 29 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Connection closed by 162.144.236.216 port 34644 [preauth]
Sep 29 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: Failed password for root from 162.144.236.216 port 43318 ssh2
Sep 29 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: Connection closed by 162.144.236.216 port 43318 [preauth]
Sep 29 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session closed for user root
Sep 29 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Failed password for root from 36.89.28.139 port 44764 ssh2
Sep 29 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Received disconnect from 36.89.28.139 port 44764:11: Bye Bye [preauth]
Sep 29 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Disconnected from 36.89.28.139 port 44764 [preauth]
Sep 29 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: Failed password for root from 162.144.236.216 port 49208 ssh2
Sep 29 13:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25940]: Connection closed by 162.144.236.216 port 49208 [preauth]
Sep 29 13:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Failed password for root from 103.176.78.193 port 60768 ssh2
Sep 29 13:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Received disconnect from 103.176.78.193 port 60768:11: Bye Bye [preauth]
Sep 29 13:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Disconnected from 103.176.78.193 port 60768 [preauth]
Sep 29 13:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: Failed password for root from 162.144.236.216 port 54674 ssh2
Sep 29 13:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: Connection closed by 162.144.236.216 port 54674 [preauth]
Sep 29 13:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Failed password for root from 162.144.236.216 port 35536 ssh2
Sep 29 13:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Connection closed by 162.144.236.216 port 35536 [preauth]
Sep 29 13:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26067]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: Successful su for rubyman by root
Sep 29 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: + ??? root:rubyman
Sep 29 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315035 of user rubyman.
Sep 29 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315035.
Sep 29 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session closed for user root
Sep 29 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Failed password for root from 162.144.236.216 port 43166 ssh2
Sep 29 13:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Connection closed by 162.144.236.216 port 43166 [preauth]
Sep 29 13:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: Failed password for root from 162.144.236.216 port 49846 ssh2
Sep 29 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: Connection closed by 162.144.236.216 port 49846 [preauth]
Sep 29 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Invalid user ubuntu from 112.196.70.142
Sep 29 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Failed password for invalid user ubuntu from 112.196.70.142 port 58814 ssh2
Sep 29 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Received disconnect from 112.196.70.142 port 58814:11: Bye Bye [preauth]
Sep 29 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Disconnected from 112.196.70.142 port 58814 [preauth]
Sep 29 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Failed password for root from 162.144.236.216 port 57340 ssh2
Sep 29 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Connection closed by 162.144.236.216 port 57340 [preauth]
Sep 29 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session closed for user root
Sep 29 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Failed password for root from 162.144.236.216 port 36060 ssh2
Sep 29 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Connection closed by 162.144.236.216 port 36060 [preauth]
Sep 29 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Sep 29 13:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: Failed password for root from 80.94.95.115 port 17368 ssh2
Sep 29 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26566]: Connection closed by 80.94.95.115 port 17368 [preauth]
Sep 29 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 36.89.28.139 port 33840 ssh2
Sep 29 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Received disconnect from 36.89.28.139 port 33840:11: Bye Bye [preauth]
Sep 29 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Disconnected from 36.89.28.139 port 33840 [preauth]
Sep 29 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Failed password for root from 162.144.236.216 port 43540 ssh2
Sep 29 13:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Connection closed by 162.144.236.216 port 43540 [preauth]
Sep 29 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26593]: Failed password for root from 162.144.236.216 port 50362 ssh2
Sep 29 13:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26593]: Connection closed by 162.144.236.216 port 50362 [preauth]
Sep 29 13:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Failed password for root from 162.144.236.216 port 58070 ssh2
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Connection closed by 162.144.236.216 port 58070 [preauth]
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26716]: Successful su for rubyman by root
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26716]: + ??? root:rubyman
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315038 of user rubyman.
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26716]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315038.
Sep 29 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23003]: pam_unix(cron:session): session closed for user root
Sep 29 13:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26728]: Failed password for root from 162.144.236.216 port 36452 ssh2
Sep 29 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26728]: Connection closed by 162.144.236.216 port 36452 [preauth]
Sep 29 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Failed password for root from 162.144.236.216 port 44912 ssh2
Sep 29 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Connection closed by 162.144.236.216 port 44912 [preauth]
Sep 29 13:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Failed password for root from 103.176.78.193 port 59576 ssh2
Sep 29 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Received disconnect from 103.176.78.193 port 59576:11: Bye Bye [preauth]
Sep 29 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Disconnected from 103.176.78.193 port 59576 [preauth]
Sep 29 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Failed password for root from 162.144.236.216 port 50110 ssh2
Sep 29 13:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Connection closed by 162.144.236.216 port 50110 [preauth]
Sep 29 13:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session closed for user root
Sep 29 13:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Failed password for root from 112.196.70.142 port 55830 ssh2
Sep 29 13:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Received disconnect from 112.196.70.142 port 55830:11: Bye Bye [preauth]
Sep 29 13:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Disconnected from 112.196.70.142 port 55830 [preauth]
Sep 29 13:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: Failed password for root from 162.144.236.216 port 57036 ssh2
Sep 29 13:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27097]: Connection closed by 162.144.236.216 port 57036 [preauth]
Sep 29 13:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: Failed password for root from 162.144.236.216 port 36098 ssh2
Sep 29 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: Connection closed by 162.144.236.216 port 36098 [preauth]
Sep 29 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: Invalid user bpm from 36.89.28.139
Sep 29 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: input_userauth_request: invalid user bpm [preauth]
Sep 29 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: Failed password for invalid user bpm from 36.89.28.139 port 58092 ssh2
Sep 29 13:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: Received disconnect from 36.89.28.139 port 58092:11: Bye Bye [preauth]
Sep 29 13:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27194]: Disconnected from 36.89.28.139 port 58092 [preauth]
Sep 29 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Failed password for root from 162.144.236.216 port 44998 ssh2
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session closed for user root
Sep 29 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Connection closed by 162.144.236.216 port 44998 [preauth]
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27294]: Successful su for rubyman by root
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27294]: + ??? root:rubyman
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315046 of user rubyman.
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27294]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315046.
Sep 29 13:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27222]: pam_unix(cron:session): session closed for user root
Sep 29 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session closed for user root
Sep 29 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Failed password for root from 162.144.236.216 port 54304 ssh2
Sep 29 13:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Connection closed by 162.144.236.216 port 54304 [preauth]
Sep 29 13:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Failed password for root from 162.144.236.216 port 32892 ssh2
Sep 29 13:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Connection closed by 162.144.236.216 port 32892 [preauth]
Sep 29 13:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Failed password for root from 162.144.236.216 port 37600 ssh2
Sep 29 13:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Connection closed by 162.144.236.216 port 37600 [preauth]
Sep 29 13:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: Failed password for root from 162.144.236.216 port 43590 ssh2
Sep 29 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27772]: Connection closed by 162.144.236.216 port 43590 [preauth]
Sep 29 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26067]: pam_unix(cron:session): session closed for user root
Sep 29 13:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Failed password for root from 162.144.236.216 port 50278 ssh2
Sep 29 13:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27797]: Connection closed by 162.144.236.216 port 50278 [preauth]
Sep 29 13:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Failed password for root from 162.144.236.216 port 57368 ssh2
Sep 29 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Connection closed by 162.144.236.216 port 57368 [preauth]
Sep 29 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142  user=root
Sep 29 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Failed password for root from 112.196.70.142 port 52852 ssh2
Sep 29 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Received disconnect from 112.196.70.142 port 52852:11: Bye Bye [preauth]
Sep 29 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Disconnected from 112.196.70.142 port 52852 [preauth]
Sep 29 13:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Failed password for root from 162.144.236.216 port 36094 ssh2
Sep 29 13:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Connection closed by 162.144.236.216 port 36094 [preauth]
Sep 29 13:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Failed password for root from 36.89.28.139 port 53556 ssh2
Sep 29 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Received disconnect from 36.89.28.139 port 53556:11: Bye Bye [preauth]
Sep 29 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Disconnected from 36.89.28.139 port 53556 [preauth]
Sep 29 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: Successful su for rubyman by root
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: + ??? root:rubyman
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315049 of user rubyman.
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27989]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315049.
Sep 29 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 162.144.236.216 port 42184 ssh2
Sep 29 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session closed for user root
Sep 29 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Failed password for root from 103.176.78.193 port 55002 ssh2
Sep 29 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Received disconnect from 103.176.78.193 port 55002:11: Bye Bye [preauth]
Sep 29 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28016]: Disconnected from 103.176.78.193 port 55002 [preauth]
Sep 29 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Connection closed by 162.144.236.216 port 42184 [preauth]
Sep 29 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Failed password for root from 162.144.236.216 port 49444 ssh2
Sep 29 13:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Connection closed by 162.144.236.216 port 49444 [preauth]
Sep 29 13:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 13:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Failed password for root from 93.152.230.176 port 9418 ssh2
Sep 29 13:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Received disconnect from 93.152.230.176 port 9418:11: Client disconnecting normally [preauth]
Sep 29 13:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Disconnected from 93.152.230.176 port 9418 [preauth]
Sep 29 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Failed password for root from 162.144.236.216 port 57344 ssh2
Sep 29 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Connection closed by 162.144.236.216 port 57344 [preauth]
Sep 29 13:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session closed for user root
Sep 29 13:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for root from 162.144.236.216 port 34682 ssh2
Sep 29 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Connection closed by 162.144.236.216 port 34682 [preauth]
Sep 29 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Failed password for root from 162.144.236.216 port 42430 ssh2
Sep 29 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Connection closed by 162.144.236.216 port 42430 [preauth]
Sep 29 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28389]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28471]: Successful su for rubyman by root
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28471]: + ??? root:rubyman
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315054 of user rubyman.
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28471]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315054.
Sep 29 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for root from 162.144.236.216 port 47690 ssh2
Sep 29 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Connection closed by 162.144.236.216 port 47690 [preauth]
Sep 29 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24782]: pam_unix(cron:session): session closed for user root
Sep 29 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Invalid user test from 112.196.70.142
Sep 29 13:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: input_userauth_request: invalid user test [preauth]
Sep 29 13:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.70.142
Sep 29 13:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Failed password for root from 162.144.236.216 port 53676 ssh2
Sep 29 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Failed password for invalid user test from 112.196.70.142 port 49876 ssh2
Sep 29 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Received disconnect from 112.196.70.142 port 49876:11: Bye Bye [preauth]
Sep 29 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Disconnected from 112.196.70.142 port 49876 [preauth]
Sep 29 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28649]: Connection closed by 162.144.236.216 port 53676 [preauth]
Sep 29 13:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: Failed password for root from 36.89.28.139 port 45248 ssh2
Sep 29 13:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: Received disconnect from 36.89.28.139 port 45248:11: Bye Bye [preauth]
Sep 29 13:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: Disconnected from 36.89.28.139 port 45248 [preauth]
Sep 29 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Failed password for root from 162.144.236.216 port 60720 ssh2
Sep 29 13:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28804]: Connection closed by 162.144.236.216 port 60720 [preauth]
Sep 29 13:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28830]: Failed password for root from 162.144.236.216 port 40058 ssh2
Sep 29 13:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28830]: Connection closed by 162.144.236.216 port 40058 [preauth]
Sep 29 13:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user root
Sep 29 13:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Invalid user harry from 103.176.78.193
Sep 29 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: input_userauth_request: invalid user harry [preauth]
Sep 29 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Failed password for invalid user harry from 103.176.78.193 port 43996 ssh2
Sep 29 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: Failed password for root from 162.144.236.216 port 46912 ssh2
Sep 29 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Received disconnect from 103.176.78.193 port 43996:11: Bye Bye [preauth]
Sep 29 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Disconnected from 103.176.78.193 port 43996 [preauth]
Sep 29 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: Connection closed by 162.144.236.216 port 46912 [preauth]
Sep 29 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: Failed password for root from 162.144.236.216 port 54374 ssh2
Sep 29 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29087]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: Successful su for rubyman by root
Sep 29 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: + ??? root:rubyman
Sep 29 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315056 of user rubyman.
Sep 29 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29154]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315056.
Sep 29 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: Connection closed by 162.144.236.216 port 54374 [preauth]
Sep 29 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session closed for user root
Sep 29 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29088]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Failed password for root from 162.144.236.216 port 60862 ssh2
Sep 29 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Connection closed by 162.144.236.216 port 60862 [preauth]
Sep 29 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Invalid user gateway from 36.89.28.139
Sep 29 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: input_userauth_request: invalid user gateway [preauth]
Sep 29 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Failed password for root from 162.144.236.216 port 40256 ssh2
Sep 29 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Failed password for invalid user gateway from 36.89.28.139 port 36186 ssh2
Sep 29 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Received disconnect from 36.89.28.139 port 36186:11: Bye Bye [preauth]
Sep 29 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Disconnected from 36.89.28.139 port 36186 [preauth]
Sep 29 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Connection closed by 162.144.236.216 port 40256 [preauth]
Sep 29 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Failed password for root from 162.144.236.216 port 47630 ssh2
Sep 29 13:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Connection closed by 162.144.236.216 port 47630 [preauth]
Sep 29 13:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user root
Sep 29 13:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Failed password for root from 162.144.236.216 port 54790 ssh2
Sep 29 13:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Connection closed by 162.144.236.216 port 54790 [preauth]
Sep 29 13:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Failed password for root from 162.144.236.216 port 58580 ssh2
Sep 29 13:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Connection closed by 162.144.236.216 port 58580 [preauth]
Sep 29 13:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Failed password for root from 162.144.236.216 port 39172 ssh2
Sep 29 13:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Connection closed by 162.144.236.216 port 39172 [preauth]
Sep 29 13:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29578]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29575]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29731]: Successful su for rubyman by root
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29731]: + ??? root:rubyman
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315061 of user rubyman.
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29731]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315061.
Sep 29 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29573]: pam_unix(cron:session): session closed for user root
Sep 29 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Failed password for root from 162.144.236.216 port 47400 ssh2
Sep 29 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26066]: pam_unix(cron:session): session closed for user root
Sep 29 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Connection closed by 162.144.236.216 port 47400 [preauth]
Sep 29 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29576]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Failed password for root from 162.144.236.216 port 54368 ssh2
Sep 29 13:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Connection closed by 162.144.236.216 port 54368 [preauth]
Sep 29 13:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29989]: Failed password for root from 162.144.236.216 port 57872 ssh2
Sep 29 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29989]: Connection closed by 162.144.236.216 port 57872 [preauth]
Sep 29 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Failed password for root from 162.144.236.216 port 36616 ssh2
Sep 29 13:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Failed password for root from 36.89.28.139 port 44704 ssh2
Sep 29 13:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Received disconnect from 36.89.28.139 port 44704:11: Bye Bye [preauth]
Sep 29 13:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Disconnected from 36.89.28.139 port 44704 [preauth]
Sep 29 13:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Invalid user staging from 103.176.78.193
Sep 29 13:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: input_userauth_request: invalid user staging [preauth]
Sep 29 13:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Connection closed by 162.144.236.216 port 36616 [preauth]
Sep 29 13:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Failed password for invalid user staging from 103.176.78.193 port 35232 ssh2
Sep 29 13:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Received disconnect from 103.176.78.193 port 35232:11: Bye Bye [preauth]
Sep 29 13:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30054]: Disconnected from 103.176.78.193 port 35232 [preauth]
Sep 29 13:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session closed for user root
Sep 29 13:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Failed password for root from 162.144.236.216 port 44240 ssh2
Sep 29 13:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Connection closed by 162.144.236.216 port 44240 [preauth]
Sep 29 13:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Failed password for root from 162.144.236.216 port 49218 ssh2
Sep 29 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30109]: Connection closed by 162.144.236.216 port 49218 [preauth]
Sep 29 13:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Failed password for root from 162.144.236.216 port 54502 ssh2
Sep 29 13:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Connection closed by 162.144.236.216 port 54502 [preauth]
Sep 29 13:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Failed password for root from 162.144.236.216 port 58308 ssh2
Sep 29 13:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Connection closed by 162.144.236.216 port 58308 [preauth]
Sep 29 13:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for root from 162.144.236.216 port 36026 ssh2
Sep 29 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Connection closed by 162.144.236.216 port 36026 [preauth]
Sep 29 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30205]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30205]: pam_unix(cron:session): session closed for user root
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: Successful su for rubyman by root
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: + ??? root:rubyman
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315065 of user rubyman.
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315065.
Sep 29 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session closed for user root
Sep 29 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26636]: pam_unix(cron:session): session closed for user root
Sep 29 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 29 13:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Failed password for root from 162.144.236.216 port 41792 ssh2
Sep 29 13:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Failed password for root from 20.163.71.109 port 46464 ssh2
Sep 29 13:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Connection closed by 20.163.71.109 port 46464 [preauth]
Sep 29 13:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Connection closed by 162.144.236.216 port 41792 [preauth]
Sep 29 13:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Failed password for root from 162.144.236.216 port 48514 ssh2
Sep 29 13:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Connection closed by 162.144.236.216 port 48514 [preauth]
Sep 29 13:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Invalid user superadmin from 36.89.28.139
Sep 29 13:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 13:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Failed password for invalid user superadmin from 36.89.28.139 port 41010 ssh2
Sep 29 13:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Received disconnect from 36.89.28.139 port 41010:11: Bye Bye [preauth]
Sep 29 13:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Disconnected from 36.89.28.139 port 41010 [preauth]
Sep 29 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29090]: pam_unix(cron:session): session closed for user root
Sep 29 13:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Failed password for root from 162.144.236.216 port 55708 ssh2
Sep 29 13:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30689]: Connection closed by 162.144.236.216 port 55708 [preauth]
Sep 29 13:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Invalid user admin from 139.19.117.131
Sep 29 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: input_userauth_request: invalid user admin [preauth]
Sep 29 13:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: Failed password for root from 162.144.236.216 port 35510 ssh2
Sep 29 13:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: Connection closed by 162.144.236.216 port 35510 [preauth]
Sep 29 13:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Connection closed by 139.19.117.131 port 35104 [preauth]
Sep 29 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: Failed password for root from 162.144.236.216 port 42778 ssh2
Sep 29 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: Successful su for rubyman by root
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: + ??? root:rubyman
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315073 of user rubyman.
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315073.
Sep 29 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30804]: Connection closed by 162.144.236.216 port 42778 [preauth]
Sep 29 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session closed for user root
Sep 29 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: Failed password for root from 103.176.78.193 port 41528 ssh2
Sep 29 13:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: Received disconnect from 103.176.78.193 port 41528:11: Bye Bye [preauth]
Sep 29 13:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31071]: Disconnected from 103.176.78.193 port 41528 [preauth]
Sep 29 13:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: Failed password for root from 162.144.236.216 port 50664 ssh2
Sep 29 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: Connection closed by 162.144.236.216 port 50664 [preauth]
Sep 29 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco rhost=::ffff:45.142.193.185
Sep 29 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Invalid user ubuntu from 36.89.28.139
Sep 29 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Failed password for invalid user ubuntu from 36.89.28.139 port 55130 ssh2
Sep 29 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Received disconnect from 36.89.28.139 port 55130:11: Bye Bye [preauth]
Sep 29 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Disconnected from 36.89.28.139 port 55130 [preauth]
Sep 29 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29578]: pam_unix(cron:session): session closed for user root
Sep 29 13:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for root from 162.144.236.216 port 60242 ssh2
Sep 29 13:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Connection closed by 162.144.236.216 port 60242 [preauth]
Sep 29 13:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Failed password for root from 162.144.236.216 port 40150 ssh2
Sep 29 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Connection closed by 162.144.236.216 port 40150 [preauth]
Sep 29 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31370]: Successful su for rubyman by root
Sep 29 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31370]: + ??? root:rubyman
Sep 29 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315076 of user rubyman.
Sep 29 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31370]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315076.
Sep 29 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session closed for user root
Sep 29 13:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Failed password for root from 162.144.236.216 port 47630 ssh2
Sep 29 13:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Connection closed by 162.144.236.216 port 47630 [preauth]
Sep 29 13:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: Failed password for root from 162.144.236.216 port 57226 ssh2
Sep 29 13:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31659]: Connection closed by 162.144.236.216 port 57226 [preauth]
Sep 29 13:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30203]: pam_unix(cron:session): session closed for user root
Sep 29 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Failed password for root from 162.144.236.216 port 35742 ssh2
Sep 29 13:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Connection closed by 162.144.236.216 port 35742 [preauth]
Sep 29 13:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: Invalid user kamran from 36.89.28.139
Sep 29 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: input_userauth_request: invalid user kamran [preauth]
Sep 29 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: Failed password for invalid user kamran from 36.89.28.139 port 32980 ssh2
Sep 29 13:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: Received disconnect from 36.89.28.139 port 32980:11: Bye Bye [preauth]
Sep 29 13:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31727]: Disconnected from 36.89.28.139 port 32980 [preauth]
Sep 29 13:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Failed password for root from 162.144.236.216 port 43118 ssh2
Sep 29 13:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Connection closed by 162.144.236.216 port 43118 [preauth]
Sep 29 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Invalid user ftptest from 103.176.78.193
Sep 29 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: input_userauth_request: invalid user ftptest [preauth]
Sep 29 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Failed password for root from 162.144.236.216 port 49230 ssh2
Sep 29 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for invalid user ftptest from 103.176.78.193 port 51542 ssh2
Sep 29 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Received disconnect from 103.176.78.193 port 51542:11: Bye Bye [preauth]
Sep 29 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Disconnected from 103.176.78.193 port 51542 [preauth]
Sep 29 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Connection closed by 162.144.236.216 port 49230 [preauth]
Sep 29 13:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: Failed password for root from 162.144.236.216 port 56358 ssh2
Sep 29 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31790]: Connection closed by 162.144.236.216 port 56358 [preauth]
Sep 29 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: Successful su for rubyman by root
Sep 29 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: + ??? root:rubyman
Sep 29 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315080 of user rubyman.
Sep 29 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31872]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315080.
Sep 29 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session closed for user root
Sep 29 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for root from 162.144.236.216 port 34112 ssh2
Sep 29 13:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Connection closed by 162.144.236.216 port 34112 [preauth]
Sep 29 13:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Failed password for root from 162.144.236.216 port 43400 ssh2
Sep 29 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Invalid user test from 185.156.73.233
Sep 29 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: input_userauth_request: invalid user test [preauth]
Sep 29 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Connection closed by 162.144.236.216 port 43400 [preauth]
Sep 29 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Failed password for invalid user test from 185.156.73.233 port 41510 ssh2
Sep 29 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Connection closed by 185.156.73.233 port 41510 [preauth]
Sep 29 13:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session closed for user root
Sep 29 13:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Failed password for root from 162.144.236.216 port 49952 ssh2
Sep 29 13:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32139]: Connection closed by 162.144.236.216 port 49952 [preauth]
Sep 29 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Failed password for root from 36.89.28.139 port 58778 ssh2
Sep 29 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Received disconnect from 36.89.28.139 port 58778:11: Bye Bye [preauth]
Sep 29 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Disconnected from 36.89.28.139 port 58778 [preauth]
Sep 29 13:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: Failed password for root from 162.144.236.216 port 33274 ssh2
Sep 29 13:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32237]: Connection closed by 162.144.236.216 port 33274 [preauth]
Sep 29 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32260]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: Successful su for rubyman by root
Sep 29 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: + ??? root:rubyman
Sep 29 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315083 of user rubyman.
Sep 29 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32321]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315083.
Sep 29 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29089]: pam_unix(cron:session): session closed for user root
Sep 29 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: Failed password for root from 162.144.236.216 port 38062 ssh2
Sep 29 13:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32261]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32257]: Connection closed by 162.144.236.216 port 38062 [preauth]
Sep 29 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32533]: Failed password for root from 162.144.236.216 port 47620 ssh2
Sep 29 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32533]: Connection closed by 162.144.236.216 port 47620 [preauth]
Sep 29 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Failed password for root from 162.144.236.216 port 53256 ssh2
Sep 29 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Connection closed by 162.144.236.216 port 53256 [preauth]
Sep 29 13:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Invalid user celeryuser from 103.176.78.193
Sep 29 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: input_userauth_request: invalid user celeryuser [preauth]
Sep 29 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Failed password for invalid user celeryuser from 103.176.78.193 port 44018 ssh2
Sep 29 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Received disconnect from 103.176.78.193 port 44018:11: Bye Bye [preauth]
Sep 29 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Disconnected from 103.176.78.193 port 44018 [preauth]
Sep 29 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Failed password for root from 162.144.236.216 port 59842 ssh2
Sep 29 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session closed for user root
Sep 29 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Connection closed by 162.144.236.216 port 59842 [preauth]
Sep 29 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: Failed password for root from 162.144.236.216 port 39956 ssh2
Sep 29 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32646]: Did not receive identification string from 167.99.55.34
Sep 29 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: Connection closed by 162.144.236.216 port 39956 [preauth]
Sep 29 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Failed password for root from 162.144.236.216 port 44476 ssh2
Sep 29 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32647]: Connection closed by 162.144.236.216 port 44476 [preauth]
Sep 29 13:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Invalid user under from 36.89.28.139
Sep 29 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: input_userauth_request: invalid user under [preauth]
Sep 29 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Failed password for root from 162.144.236.216 port 51364 ssh2
Sep 29 13:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32684]: Connection closed by 162.144.236.216 port 51364 [preauth]
Sep 29 13:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Failed password for invalid user under from 36.89.28.139 port 38340 ssh2
Sep 29 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Received disconnect from 36.89.28.139 port 38340:11: Bye Bye [preauth]
Sep 29 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Disconnected from 36.89.28.139 port 38340 [preauth]
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32713]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32713]: pam_unix(cron:session): session closed for user root
Sep 29 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32708]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: Successful su for rubyman by root
Sep 29 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: + ??? root:rubyman
Sep 29 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315087 of user rubyman.
Sep 29 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315087.
Sep 29 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: Failed password for root from 162.144.236.216 port 58272 ssh2
Sep 29 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32700]: Connection closed by 162.144.236.216 port 58272 [preauth]
Sep 29 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32710]: pam_unix(cron:session): session closed for user root
Sep 29 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29577]: pam_unix(cron:session): session closed for user root
Sep 29 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32709]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Failed password for root from 162.144.236.216 port 35874 ssh2
Sep 29 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Connection closed by 162.144.236.216 port 35874 [preauth]
Sep 29 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Failed password for root from 162.144.236.216 port 41262 ssh2
Sep 29 13:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Connection closed by 162.144.236.216 port 41262 [preauth]
Sep 29 13:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for root from 162.144.236.216 port 48890 ssh2
Sep 29 13:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Connection closed by 162.144.236.216 port 48890 [preauth]
Sep 29 13:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session closed for user root
Sep 29 13:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Failed password for root from 162.144.236.216 port 54206 ssh2
Sep 29 13:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[631]: Connection closed by 162.144.236.216 port 54206 [preauth]
Sep 29 13:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Failed password for root from 162.144.236.216 port 60618 ssh2
Sep 29 13:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Connection closed by 162.144.236.216 port 60618 [preauth]
Sep 29 13:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Failed password for root from 162.144.236.216 port 40348 ssh2
Sep 29 13:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[700]: Connection closed by 162.144.236.216 port 40348 [preauth]
Sep 29 13:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[826]: Successful su for rubyman by root
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[826]: + ??? root:rubyman
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315095 of user rubyman.
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[826]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315095.
Sep 29 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for root from 162.144.236.216 port 50008 ssh2
Sep 29 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 162.144.236.216 port 50008 [preauth]
Sep 29 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session closed for user root
Sep 29 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Failed password for root from 36.89.28.139 port 53858 ssh2
Sep 29 13:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Received disconnect from 36.89.28.139 port 53858:11: Bye Bye [preauth]
Sep 29 13:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Disconnected from 36.89.28.139 port 53858 [preauth]
Sep 29 13:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Failed password for root from 103.176.78.193 port 50624 ssh2
Sep 29 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Received disconnect from 103.176.78.193 port 50624:11: Bye Bye [preauth]
Sep 29 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1123]: Disconnected from 103.176.78.193 port 50624 [preauth]
Sep 29 13:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Failed password for root from 162.144.236.216 port 55906 ssh2
Sep 29 13:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Connection closed by 162.144.236.216 port 55906 [preauth]
Sep 29 13:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Failed password for root from 162.144.236.216 port 32870 ssh2
Sep 29 13:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Connection closed by 162.144.236.216 port 32870 [preauth]
Sep 29 13:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session closed for user root
Sep 29 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: Failed password for root from 162.144.236.216 port 39760 ssh2
Sep 29 13:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1189]: Connection closed by 162.144.236.216 port 39760 [preauth]
Sep 29 13:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Failed password for root from 162.144.236.216 port 46006 ssh2
Sep 29 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Connection closed by 162.144.236.216 port 46006 [preauth]
Sep 29 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Failed password for root from 162.144.236.216 port 52006 ssh2
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Connection closed by 162.144.236.216 port 52006 [preauth]
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1301]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: Successful su for rubyman by root
Sep 29 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: + ??? root:rubyman
Sep 29 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315097 of user rubyman.
Sep 29 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315097.
Sep 29 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30818]: pam_unix(cron:session): session closed for user root
Sep 29 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1302]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for root from 162.144.236.216 port 58556 ssh2
Sep 29 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Connection closed by 162.144.236.216 port 58556 [preauth]
Sep 29 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Invalid user gianluca from 36.89.28.139
Sep 29 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: input_userauth_request: invalid user gianluca [preauth]
Sep 29 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Failed password for invalid user gianluca from 36.89.28.139 port 41400 ssh2
Sep 29 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Received disconnect from 36.89.28.139 port 41400:11: Bye Bye [preauth]
Sep 29 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Disconnected from 36.89.28.139 port 41400 [preauth]
Sep 29 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Failed password for root from 162.144.236.216 port 37948 ssh2
Sep 29 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Connection closed by 162.144.236.216 port 37948 [preauth]
Sep 29 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Failed password for root from 162.144.236.216 port 43178 ssh2
Sep 29 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Connection closed by 162.144.236.216 port 43178 [preauth]
Sep 29 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Failed password for root from 162.144.236.216 port 50674 ssh2
Sep 29 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Connection closed by 162.144.236.216 port 50674 [preauth]
Sep 29 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32712]: pam_unix(cron:session): session closed for user root
Sep 29 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Failed password for root from 162.144.236.216 port 58142 ssh2
Sep 29 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Connection closed by 162.144.236.216 port 58142 [preauth]
Sep 29 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Invalid user dev from 103.176.78.193
Sep 29 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: input_userauth_request: invalid user dev [preauth]
Sep 29 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for invalid user dev from 103.176.78.193 port 54478 ssh2
Sep 29 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Received disconnect from 103.176.78.193 port 54478:11: Bye Bye [preauth]
Sep 29 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Disconnected from 103.176.78.193 port 54478 [preauth]
Sep 29 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1766]: Failed password for root from 162.144.236.216 port 37570 ssh2
Sep 29 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1766]: Connection closed by 162.144.236.216 port 37570 [preauth]
Sep 29 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Failed password for root from 162.144.236.216 port 43776 ssh2
Sep 29 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1789]: Connection closed by 162.144.236.216 port 43776 [preauth]
Sep 29 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1808]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1805]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1871]: Successful su for rubyman by root
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1871]: + ??? root:rubyman
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315102 of user rubyman.
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1871]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315102.
Sep 29 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session closed for user root
Sep 29 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for root from 162.144.236.216 port 50230 ssh2
Sep 29 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1806]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Connection closed by 162.144.236.216 port 50230 [preauth]
Sep 29 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: Failed password for root from 162.144.236.216 port 57234 ssh2
Sep 29 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2078]: Connection closed by 162.144.236.216 port 57234 [preauth]
Sep 29 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139  user=root
Sep 29 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Failed password for root from 36.89.28.139 port 36100 ssh2
Sep 29 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Received disconnect from 36.89.28.139 port 36100:11: Bye Bye [preauth]
Sep 29 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Disconnected from 36.89.28.139 port 36100 [preauth]
Sep 29 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Failed password for root from 162.144.236.216 port 36280 ssh2
Sep 29 13:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Connection closed by 162.144.236.216 port 36280 [preauth]
Sep 29 13:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session closed for user root
Sep 29 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Failed password for root from 162.144.236.216 port 43852 ssh2
Sep 29 13:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2152]: Connection closed by 162.144.236.216 port 43852 [preauth]
Sep 29 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Failed password for root from 162.144.236.216 port 51092 ssh2
Sep 29 13:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Connection closed by 162.144.236.216 port 51092 [preauth]
Sep 29 13:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Invalid user rstudio-server from 190.103.202.7
Sep 29 13:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: input_userauth_request: invalid user rstudio-server [preauth]
Sep 29 13:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 13:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for invalid user rstudio-server from 190.103.202.7 port 38030 ssh2
Sep 29 13:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Connection closed by 190.103.202.7 port 38030 [preauth]
Sep 29 13:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for root from 162.144.236.216 port 57830 ssh2
Sep 29 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Connection closed by 162.144.236.216 port 57830 [preauth]
Sep 29 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Failed password for root from 162.144.236.216 port 35682 ssh2
Sep 29 13:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Connection closed by 162.144.236.216 port 35682 [preauth]
Sep 29 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: Successful su for rubyman by root
Sep 29 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: + ??? root:rubyman
Sep 29 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315106 of user rubyman.
Sep 29 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2329]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315106.
Sep 29 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session closed for user root
Sep 29 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: Invalid user node from 167.99.55.34
Sep 29 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: input_userauth_request: invalid user node [preauth]
Sep 29 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Failed password for root from 162.144.236.216 port 41868 ssh2
Sep 29 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Connection closed by 162.144.236.216 port 41868 [preauth]
Sep 29 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: Failed password for invalid user node from 167.99.55.34 port 53684 ssh2
Sep 29 13:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: Connection closed by 167.99.55.34 port 53684 [preauth]
Sep 29 13:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Failed password for root from 162.144.236.216 port 49900 ssh2
Sep 29 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Connection closed by 162.144.236.216 port 49900 [preauth]
Sep 29 13:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Failed password for root from 162.144.236.216 port 55754 ssh2
Sep 29 13:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Connection closed by 162.144.236.216 port 55754 [preauth]
Sep 29 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Invalid user ftpuser from 36.89.28.139
Sep 29 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Failed password for invalid user ftpuser from 36.89.28.139 port 52868 ssh2
Sep 29 13:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Received disconnect from 36.89.28.139 port 52868:11: Bye Bye [preauth]
Sep 29 13:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2588]: Disconnected from 36.89.28.139 port 52868 [preauth]
Sep 29 13:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193  user=root
Sep 29 13:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for root from 162.144.236.216 port 33532 ssh2
Sep 29 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Connection closed by 162.144.236.216 port 33532 [preauth]
Sep 29 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Failed password for root from 103.176.78.193 port 46144 ssh2
Sep 29 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Received disconnect from 103.176.78.193 port 46144:11: Bye Bye [preauth]
Sep 29 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Disconnected from 103.176.78.193 port 46144 [preauth]
Sep 29 13:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1304]: pam_unix(cron:session): session closed for user root
Sep 29 13:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Failed password for root from 162.144.236.216 port 39104 ssh2
Sep 29 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2626]: Connection closed by 162.144.236.216 port 39104 [preauth]
Sep 29 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: Failed password for root from 162.144.236.216 port 45486 ssh2
Sep 29 13:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2658]: Connection closed by 162.144.236.216 port 45486 [preauth]
Sep 29 13:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Failed password for root from 162.144.236.216 port 53166 ssh2
Sep 29 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Connection closed by 162.144.236.216 port 53166 [preauth]
Sep 29 13:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2720]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2721]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2721]: pam_unix(cron:session): session closed for user root
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2788]: Successful su for rubyman by root
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2788]: + ??? root:rubyman
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315112 of user rubyman.
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2788]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315112.
Sep 29 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2718]: pam_unix(cron:session): session closed for user root
Sep 29 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32262]: pam_unix(cron:session): session closed for user root
Sep 29 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Failed password for root from 162.144.236.216 port 59824 ssh2
Sep 29 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Connection closed by 162.144.236.216 port 59824 [preauth]
Sep 29 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2717]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Failed password for root from 162.144.236.216 port 38756 ssh2
Sep 29 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3000]: Connection closed by 162.144.236.216 port 38756 [preauth]
Sep 29 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Failed password for root from 162.144.236.216 port 44932 ssh2
Sep 29 13:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Connection closed by 162.144.236.216 port 44932 [preauth]
Sep 29 13:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: Failed password for root from 162.144.236.216 port 51392 ssh2
Sep 29 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3062]: Connection closed by 162.144.236.216 port 51392 [preauth]
Sep 29 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1809]: pam_unix(cron:session): session closed for user root
Sep 29 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Invalid user ctf from 36.89.28.139
Sep 29 13:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: input_userauth_request: invalid user ctf [preauth]
Sep 29 13:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Failed password for invalid user ctf from 36.89.28.139 port 60902 ssh2
Sep 29 13:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Received disconnect from 36.89.28.139 port 60902:11: Bye Bye [preauth]
Sep 29 13:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Disconnected from 36.89.28.139 port 60902 [preauth]
Sep 29 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Failed password for root from 162.144.236.216 port 59866 ssh2
Sep 29 13:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Connection closed by 162.144.236.216 port 59866 [preauth]
Sep 29 13:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Failed password for root from 162.144.236.216 port 38630 ssh2
Sep 29 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Connection closed by 162.144.236.216 port 38630 [preauth]
Sep 29 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Failed password for root from 162.144.236.216 port 44960 ssh2
Sep 29 13:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Connection closed by 162.144.236.216 port 44960 [preauth]
Sep 29 13:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3261]: Successful su for rubyman by root
Sep 29 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3261]: + ??? root:rubyman
Sep 29 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315116 of user rubyman.
Sep 29 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3261]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315116.
Sep 29 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32711]: pam_unix(cron:session): session closed for user root
Sep 29 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for root from 162.144.236.216 port 51626 ssh2
Sep 29 13:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Connection closed by 162.144.236.216 port 51626 [preauth]
Sep 29 13:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Invalid user minecraft from 103.176.78.193
Sep 29 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Failed password for invalid user minecraft from 103.176.78.193 port 51744 ssh2
Sep 29 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Received disconnect from 103.176.78.193 port 51744:11: Bye Bye [preauth]
Sep 29 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Disconnected from 103.176.78.193 port 51744 [preauth]
Sep 29 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Failed password for root from 162.144.236.216 port 58592 ssh2
Sep 29 13:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Connection closed by 162.144.236.216 port 58592 [preauth]
Sep 29 13:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Failed password for root from 162.144.236.216 port 36870 ssh2
Sep 29 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Connection closed by 162.144.236.216 port 36870 [preauth]
Sep 29 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Failed password for root from 162.144.236.216 port 44180 ssh2
Sep 29 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Connection closed by 162.144.236.216 port 44180 [preauth]
Sep 29 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session closed for user root
Sep 29 13:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Invalid user jason1 from 36.89.28.139
Sep 29 13:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: input_userauth_request: invalid user jason1 [preauth]
Sep 29 13:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Failed password for root from 162.144.236.216 port 52088 ssh2
Sep 29 13:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Failed password for invalid user jason1 from 36.89.28.139 port 47562 ssh2
Sep 29 13:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Received disconnect from 36.89.28.139 port 47562:11: Bye Bye [preauth]
Sep 29 13:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3580]: Disconnected from 36.89.28.139 port 47562 [preauth]
Sep 29 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Connection closed by 162.144.236.216 port 52088 [preauth]
Sep 29 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Failed password for root from 162.144.236.216 port 60376 ssh2
Sep 29 13:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Connection closed by 162.144.236.216 port 60376 [preauth]
Sep 29 13:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3699]: Successful su for rubyman by root
Sep 29 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3699]: + ??? root:rubyman
Sep 29 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315121 of user rubyman.
Sep 29 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3699]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315121.
Sep 29 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session closed for user root
Sep 29 13:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Failed password for root from 162.144.236.216 port 37768 ssh2
Sep 29 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3631]: Connection closed by 162.144.236.216 port 37768 [preauth]
Sep 29 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: Failed password for root from 162.144.236.216 port 44754 ssh2
Sep 29 13:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: Connection closed by 162.144.236.216 port 44754 [preauth]
Sep 29 13:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2720]: pam_unix(cron:session): session closed for user root
Sep 29 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Failed password for root from 162.144.236.216 port 53442 ssh2
Sep 29 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Connection closed by 162.144.236.216 port 53442 [preauth]
Sep 29 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Failed password for root from 162.144.236.216 port 60980 ssh2
Sep 29 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Invalid user sysadmin from 36.89.28.139
Sep 29 13:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: input_userauth_request: invalid user sysadmin [preauth]
Sep 29 13:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Connection closed by 162.144.236.216 port 60980 [preauth]
Sep 29 13:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Failed password for invalid user sysadmin from 36.89.28.139 port 55760 ssh2
Sep 29 13:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Received disconnect from 36.89.28.139 port 55760:11: Bye Bye [preauth]
Sep 29 13:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Disconnected from 36.89.28.139 port 55760 [preauth]
Sep 29 13:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Invalid user test from 103.176.78.193
Sep 29 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: input_userauth_request: invalid user test [preauth]
Sep 29 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.193
Sep 29 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Failed password for root from 162.144.236.216 port 38336 ssh2
Sep 29 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Failed password for invalid user test from 103.176.78.193 port 44220 ssh2
Sep 29 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Received disconnect from 103.176.78.193 port 44220:11: Bye Bye [preauth]
Sep 29 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Disconnected from 103.176.78.193 port 44220 [preauth]
Sep 29 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Connection closed by 162.144.236.216 port 38336 [preauth]
Sep 29 13:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for root from 162.144.236.216 port 44930 ssh2
Sep 29 13:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Connection closed by 162.144.236.216 port 44930 [preauth]
Sep 29 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4169]: Successful su for rubyman by root
Sep 29 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4169]: + ??? root:rubyman
Sep 29 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315124 of user rubyman.
Sep 29 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4169]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315124.
Sep 29 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Invalid user user from 62.60.131.157
Sep 29 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: input_userauth_request: invalid user user [preauth]
Sep 29 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1303]: pam_unix(cron:session): session closed for user root
Sep 29 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Failed password for invalid user user from 62.60.131.157 port 12929 ssh2
Sep 29 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Failed password for invalid user user from 62.60.131.157 port 12929 ssh2
Sep 29 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Invalid user debian from 80.94.95.116
Sep 29 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: input_userauth_request: invalid user debian [preauth]
Sep 29 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Failed password for invalid user user from 62.60.131.157 port 12929 ssh2
Sep 29 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Failed password for invalid user debian from 80.94.95.116 port 27056 ssh2
Sep 29 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Connection closed by 80.94.95.116 port 27056 [preauth]
Sep 29 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Failed password for invalid user user from 62.60.131.157 port 12929 ssh2
Sep 29 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Failed password for root from 162.144.236.216 port 50122 ssh2
Sep 29 13:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Failed password for invalid user user from 62.60.131.157 port 12929 ssh2
Sep 29 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Received disconnect from 62.60.131.157 port 12929:11: Bye [preauth]
Sep 29 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: Disconnected from 62.60.131.157 port 12929 [preauth]
Sep 29 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 13:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4242]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 13:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Connection closed by 162.144.236.216 port 50122 [preauth]
Sep 29 13:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Failed password for root from 162.144.236.216 port 58762 ssh2
Sep 29 13:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Connection closed by 162.144.236.216 port 58762 [preauth]
Sep 29 13:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session closed for user root
Sep 29 13:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Failed password for root from 162.144.236.216 port 35988 ssh2
Sep 29 13:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Connection closed by 162.144.236.216 port 35988 [preauth]
Sep 29 13:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Invalid user one from 36.89.28.139
Sep 29 13:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: input_userauth_request: invalid user one [preauth]
Sep 29 13:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Failed password for invalid user one from 36.89.28.139 port 37470 ssh2
Sep 29 13:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Received disconnect from 36.89.28.139 port 37470:11: Bye Bye [preauth]
Sep 29 13:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Disconnected from 36.89.28.139 port 37470 [preauth]
Sep 29 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for root from 162.144.236.216 port 44130 ssh2
Sep 29 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Connection closed by 162.144.236.216 port 44130 [preauth]
Sep 29 13:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4545]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: Successful su for rubyman by root
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: + ??? root:rubyman
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315127 of user rubyman.
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315127.
Sep 29 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Failed password for root from 162.144.236.216 port 52366 ssh2
Sep 29 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1808]: pam_unix(cron:session): session closed for user root
Sep 29 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Connection closed by 162.144.236.216 port 52366 [preauth]
Sep 29 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for root from 162.144.236.216 port 59152 ssh2
Sep 29 13:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Connection closed by 162.144.236.216 port 59152 [preauth]
Sep 29 13:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4855]: Failed password for root from 162.144.236.216 port 39664 ssh2
Sep 29 13:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
Sep 29 13:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4855]: Connection closed by 162.144.236.216 port 39664 [preauth]
Sep 29 13:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Invalid user marek from 36.89.28.139
Sep 29 13:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: input_userauth_request: invalid user marek [preauth]
Sep 29 13:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Failed password for root from 162.144.236.216 port 49636 ssh2
Sep 29 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Failed password for invalid user marek from 36.89.28.139 port 50202 ssh2
Sep 29 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Received disconnect from 36.89.28.139 port 50202:11: Bye Bye [preauth]
Sep 29 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4971]: Disconnected from 36.89.28.139 port 50202 [preauth]
Sep 29 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Connection closed by 162.144.236.216 port 49636 [preauth]
Sep 29 13:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5004]: pam_unix(cron:session): session closed for user root
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4999]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5083]: Successful su for rubyman by root
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5083]: + ??? root:rubyman
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315131 of user rubyman.
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5083]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315131.
Sep 29 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5001]: pam_unix(cron:session): session closed for user root
Sep 29 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Failed password for root from 162.144.236.216 port 58226 ssh2
Sep 29 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2269]: pam_unix(cron:session): session closed for user root
Sep 29 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Connection closed by 162.144.236.216 port 58226 [preauth]
Sep 29 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5000]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: Failed password for root from 162.144.236.216 port 36310 ssh2
Sep 29 13:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5297]: Connection closed by 162.144.236.216 port 36310 [preauth]
Sep 29 13:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5443]: Failed password for root from 162.144.236.216 port 44278 ssh2
Sep 29 13:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5443]: Connection closed by 162.144.236.216 port 44278 [preauth]
Sep 29 13:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5453]: Failed password for root from 162.144.236.216 port 49352 ssh2
Sep 29 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session closed for user root
Sep 29 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5453]: Connection closed by 162.144.236.216 port 49352 [preauth]
Sep 29 13:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5517]: Failed password for root from 162.144.236.216 port 57076 ssh2
Sep 29 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5517]: Connection closed by 162.144.236.216 port 57076 [preauth]
Sep 29 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Invalid user puneet from 36.89.28.139
Sep 29 13:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: input_userauth_request: invalid user puneet [preauth]
Sep 29 13:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5657]: Successful su for rubyman by root
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5657]: + ??? root:rubyman
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315137 of user rubyman.
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5657]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315137.
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for invalid user puneet from 36.89.28.139 port 43442 ssh2
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Received disconnect from 36.89.28.139 port 43442:11: Bye Bye [preauth]
Sep 29 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Disconnected from 36.89.28.139 port 43442 [preauth]
Sep 29 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Bad protocol version identification '\026\003\001\001\027\001' from 152.32.219.77 port 56886
Sep 29 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session closed for user root
Sep 29 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Failed password for root from 162.144.236.216 port 36092 ssh2
Sep 29 13:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5567]: Connection closed by 162.144.236.216 port 36092 [preauth]
Sep 29 13:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Failed password for root from 162.144.236.216 port 43432 ssh2
Sep 29 13:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5874]: Connection closed by 162.144.236.216 port 43432 [preauth]
Sep 29 13:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Did not receive identification string from 152.32.219.77
Sep 29 13:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5924]: Connection closed by 152.32.219.77 port 50712 [preauth]
Sep 29 13:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Protocol major versions differ for 152.32.219.77: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Sep 29 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for root from 162.144.236.216 port 50304 ssh2
Sep 29 13:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Connection closed by 162.144.236.216 port 50304 [preauth]
Sep 29 13:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for root from 162.144.236.216 port 57906 ssh2
Sep 29 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session closed for user root
Sep 29 13:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 162.144.236.216 port 57906 [preauth]
Sep 29 13:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Invalid user mapr from 167.99.55.34
Sep 29 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: input_userauth_request: invalid user mapr [preauth]
Sep 29 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Failed password for invalid user mapr from 167.99.55.34 port 57246 ssh2
Sep 29 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: Failed password for root from 162.144.236.216 port 35232 ssh2
Sep 29 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Connection closed by 167.99.55.34 port 57246 [preauth]
Sep 29 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: Connection closed by 162.144.236.216 port 35232 [preauth]
Sep 29 13:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for root from 162.144.236.216 port 43776 ssh2
Sep 29 13:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Connection closed by 162.144.236.216 port 43776 [preauth]
Sep 29 13:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Failed password for root from 162.144.236.216 port 49746 ssh2
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6056]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6032]: Connection closed by 162.144.236.216 port 49746 [preauth]
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6121]: Successful su for rubyman by root
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6121]: + ??? root:rubyman
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315142 of user rubyman.
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6121]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315142.
Sep 29 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session closed for user root
Sep 29 13:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6057]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Invalid user jy from 36.89.28.139
Sep 29 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: input_userauth_request: invalid user jy [preauth]
Sep 29 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Failed password for invalid user jy from 36.89.28.139 port 52160 ssh2
Sep 29 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Received disconnect from 36.89.28.139 port 52160:11: Bye Bye [preauth]
Sep 29 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Disconnected from 36.89.28.139 port 52160 [preauth]
Sep 29 13:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6120]: Failed password for root from 162.144.236.216 port 57658 ssh2
Sep 29 13:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6120]: Connection closed by 162.144.236.216 port 57658 [preauth]
Sep 29 13:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: Failed password for root from 162.144.236.216 port 36222 ssh2
Sep 29 13:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: Connection closed by 162.144.236.216 port 36222 [preauth]
Sep 29 13:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6372]: Failed password for root from 162.144.236.216 port 42998 ssh2
Sep 29 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5003]: pam_unix(cron:session): session closed for user root
Sep 29 13:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6372]: Connection closed by 162.144.236.216 port 42998 [preauth]
Sep 29 13:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Failed password for root from 162.144.236.216 port 51188 ssh2
Sep 29 13:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Connection closed by 162.144.236.216 port 51188 [preauth]
Sep 29 13:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: Successful su for rubyman by root
Sep 29 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: + ??? root:rubyman
Sep 29 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315145 of user rubyman.
Sep 29 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315145.
Sep 29 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user root
Sep 29 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Failed password for root from 162.144.236.216 port 60122 ssh2
Sep 29 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Connection closed by 162.144.236.216 port 60122 [preauth]
Sep 29 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Invalid user foundry from 36.89.28.139
Sep 29 13:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: input_userauth_request: invalid user foundry [preauth]
Sep 29 13:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 13:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.89.28.139
Sep 29 13:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for root from 162.144.236.216 port 39802 ssh2
Sep 29 13:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Connection closed by 162.144.236.216 port 39802 [preauth]
Sep 29 13:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for invalid user foundry from 36.89.28.139 port 46074 ssh2
Sep 29 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Received disconnect from 36.89.28.139 port 46074:11: Bye Bye [preauth]
Sep 29 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Disconnected from 36.89.28.139 port 46074 [preauth]
Sep 29 13:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: Failed password for root from 162.144.236.216 port 45544 ssh2
Sep 29 13:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6915]: Connection closed by 162.144.236.216 port 45544 [preauth]
Sep 29 13:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5584]: pam_unix(cron:session): session closed for user root
Sep 29 13:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Failed password for root from 162.144.236.216 port 53884 ssh2
Sep 29 13:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Connection closed by 162.144.236.216 port 53884 [preauth]
Sep 29 13:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Failed password for root from 162.144.236.216 port 60936 ssh2
Sep 29 13:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Connection closed by 162.144.236.216 port 60936 [preauth]
Sep 29 13:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session closed for user p13x
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: Successful su for rubyman by root
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: + ??? root:rubyman
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315150 of user rubyman.
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7217]: pam_unix(su:session): session closed for user rubyman
Sep 29 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315150.
Sep 29 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session closed for user root
Sep 29 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: Failed password for root from 162.144.236.216 port 40450 ssh2
Sep 29 13:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session closed for user samftp
Sep 29 13:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: Connection closed by 162.144.236.216 port 40450 [preauth]
Sep 29 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Failed password for root from 162.144.236.216 port 48524 ssh2
Sep 29 13:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Connection closed by 162.144.236.216 port 48524 [preauth]
Sep 29 13:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for root from 162.144.236.216 port 54224 ssh2
Sep 29 13:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection closed by 162.144.236.216 port 54224 [preauth]
Sep 29 13:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6059]: pam_unix(cron:session): session closed for user root
Sep 29 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Failed password for root from 162.144.236.216 port 60004 ssh2
Sep 29 13:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7498]: Connection closed by 162.144.236.216 port 60004 [preauth]
Sep 29 13:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Failed password for root from 162.144.236.216 port 38688 ssh2
Sep 29 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Connection closed by 162.144.236.216 port 38688 [preauth]
Sep 29 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 13:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 13:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: Failed password for root from 162.144.236.216 port 42272 ssh2
Sep 29 13:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7554]: Connection closed by 162.144.236.216 port 42272 [preauth]
Sep 29 13:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user root
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session closed for user root
Sep 29 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: Successful su for rubyman by root
Sep 29 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: + ??? root:rubyman
Sep 29 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315159 of user rubyman.
Sep 29 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315159.
Sep 29 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Failed password for root from 162.144.236.216 port 50404 ssh2
Sep 29 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Connection closed by 162.144.236.216 port 50404 [preauth]
Sep 29 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user root
Sep 29 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session closed for user root
Sep 29 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7608]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Failed password for root from 162.144.236.216 port 59058 ssh2
Sep 29 14:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Connection closed by 162.144.236.216 port 59058 [preauth]
Sep 29 14:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Failed password for root from 162.144.236.216 port 36718 ssh2
Sep 29 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7992]: Connection closed by 162.144.236.216 port 36718 [preauth]
Sep 29 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6501]: pam_unix(cron:session): session closed for user root
Sep 29 14:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Failed password for root from 162.144.236.216 port 44642 ssh2
Sep 29 14:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Connection closed by 162.144.236.216 port 44642 [preauth]
Sep 29 14:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Did not receive identification string from 162.144.236.216
Sep 29 14:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8227]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: Successful su for rubyman by root
Sep 29 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: + ??? root:rubyman
Sep 29 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315161 of user rubyman.
Sep 29 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8300]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315161.
Sep 29 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Failed password for root from 162.144.236.216 port 56462 ssh2
Sep 29 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8192]: Connection closed by 162.144.236.216 port 56462 [preauth]
Sep 29 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5002]: pam_unix(cron:session): session closed for user root
Sep 29 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8228]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8472]: Failed password for root from 162.144.236.216 port 36848 ssh2
Sep 29 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8472]: Connection closed by 162.144.236.216 port 36848 [preauth]
Sep 29 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Failed password for root from 162.144.236.216 port 42614 ssh2
Sep 29 14:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Connection closed by 162.144.236.216 port 42614 [preauth]
Sep 29 14:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Failed password for root from 162.144.236.216 port 48862 ssh2
Sep 29 14:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Connection closed by 162.144.236.216 port 48862 [preauth]
Sep 29 14:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7069]: pam_unix(cron:session): session closed for user root
Sep 29 14:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: Failed password for root from 162.144.236.216 port 56950 ssh2
Sep 29 14:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8599]: Connection closed by 162.144.236.216 port 56950 [preauth]
Sep 29 14:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Failed password for root from 162.144.236.216 port 34408 ssh2
Sep 29 14:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Connection closed by 162.144.236.216 port 34408 [preauth]
Sep 29 14:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Invalid user asd from 164.68.105.9
Sep 29 14:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: input_userauth_request: invalid user asd [preauth]
Sep 29 14:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 14:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Failed password for invalid user asd from 164.68.105.9 port 39136 ssh2
Sep 29 14:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Connection closed by 164.68.105.9 port 39136 [preauth]
Sep 29 14:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Failed password for root from 162.144.236.216 port 42464 ssh2
Sep 29 14:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8683]: Connection closed by 162.144.236.216 port 42464 [preauth]
Sep 29 14:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8717]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8715]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8889]: Successful su for rubyman by root
Sep 29 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8889]: + ??? root:rubyman
Sep 29 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315165 of user rubyman.
Sep 29 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8889]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315165.
Sep 29 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session closed for user root
Sep 29 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Failed password for root from 162.144.236.216 port 50150 ssh2
Sep 29 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Connection closed by 162.144.236.216 port 50150 [preauth]
Sep 29 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8716]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Failed password for root from 162.144.236.216 port 57304 ssh2
Sep 29 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Connection closed by 162.144.236.216 port 57304 [preauth]
Sep 29 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Invalid user admin from 185.156.73.233
Sep 29 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: input_userauth_request: invalid user admin [preauth]
Sep 29 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 14:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Failed password for root from 162.144.236.216 port 34934 ssh2
Sep 29 14:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Connection closed by 162.144.236.216 port 34934 [preauth]
Sep 29 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Failed password for invalid user admin from 185.156.73.233 port 15458 ssh2
Sep 29 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9129]: Connection closed by 185.156.73.233 port 15458 [preauth]
Sep 29 14:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Failed password for root from 162.144.236.216 port 42742 ssh2
Sep 29 14:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Connection closed by 162.144.236.216 port 42742 [preauth]
Sep 29 14:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session closed for user root
Sep 29 14:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Failed password for root from 162.144.236.216 port 49832 ssh2
Sep 29 14:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Connection closed by 162.144.236.216 port 49832 [preauth]
Sep 29 14:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9391]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9385]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: Successful su for rubyman by root
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: + ??? root:rubyman
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315169 of user rubyman.
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315169.
Sep 29 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6058]: pam_unix(cron:session): session closed for user root
Sep 29 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Failed password for root from 162.144.236.216 port 57848 ssh2
Sep 29 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Connection closed by 162.144.236.216 port 57848 [preauth]
Sep 29 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9390]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Failed password for root from 162.144.236.216 port 37908 ssh2
Sep 29 14:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Connection closed by 162.144.236.216 port 37908 [preauth]
Sep 29 14:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for root from 162.144.236.216 port 46248 ssh2
Sep 29 14:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session closed for user root
Sep 29 14:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Connection closed by 162.144.236.216 port 46248 [preauth]
Sep 29 14:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: Failed password for root from 162.144.236.216 port 54294 ssh2
Sep 29 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: Connection closed by 162.144.236.216 port 54294 [preauth]
Sep 29 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9947]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: Successful su for rubyman by root
Sep 29 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: + ??? root:rubyman
Sep 29 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315172 of user rubyman.
Sep 29 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315172.
Sep 29 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6500]: pam_unix(cron:session): session closed for user root
Sep 29 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9934]: Failed password for root from 162.144.236.216 port 34364 ssh2
Sep 29 14:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9934]: Connection closed by 162.144.236.216 port 34364 [preauth]
Sep 29 14:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: Invalid user oneadmin from 167.99.55.34
Sep 29 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: input_userauth_request: invalid user oneadmin [preauth]
Sep 29 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Failed password for root from 162.144.236.216 port 41548 ssh2
Sep 29 14:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: Failed password for invalid user oneadmin from 167.99.55.34 port 56234 ssh2
Sep 29 14:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10246]: Connection closed by 167.99.55.34 port 56234 [preauth]
Sep 29 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10233]: Connection closed by 162.144.236.216 port 41548 [preauth]
Sep 29 14:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Failed password for root from 162.144.236.216 port 49398 ssh2
Sep 29 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Connection closed by 162.144.236.216 port 49398 [preauth]
Sep 29 14:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8718]: pam_unix(cron:session): session closed for user root
Sep 29 14:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Failed password for root from 162.144.236.216 port 56834 ssh2
Sep 29 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Connection closed by 162.144.236.216 port 56834 [preauth]
Sep 29 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Failed password for root from 162.144.236.216 port 36340 ssh2
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10397]: Connection closed by 162.144.236.216 port 36340 [preauth]
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session closed for user root
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: Successful su for rubyman by root
Sep 29 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: + ??? root:rubyman
Sep 29 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315177 of user rubyman.
Sep 29 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10503]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315177.
Sep 29 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user root
Sep 29 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session closed for user root
Sep 29 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: Failed password for root from 162.144.236.216 port 42896 ssh2
Sep 29 14:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10490]: Connection closed by 162.144.236.216 port 42896 [preauth]
Sep 29 14:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for root from 162.144.236.216 port 49928 ssh2
Sep 29 14:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Connection closed by 162.144.236.216 port 49928 [preauth]
Sep 29 14:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Failed password for root from 162.144.236.216 port 56324 ssh2
Sep 29 14:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Connection closed by 162.144.236.216 port 56324 [preauth]
Sep 29 14:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: Failed password for root from 162.144.236.216 port 36260 ssh2
Sep 29 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session closed for user root
Sep 29 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10807]: Connection closed by 162.144.236.216 port 36260 [preauth]
Sep 29 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for root from 162.144.236.216 port 42804 ssh2
Sep 29 14:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Connection closed by 162.144.236.216 port 42804 [preauth]
Sep 29 14:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Failed password for root from 162.144.236.216 port 48926 ssh2
Sep 29 14:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Connection closed by 162.144.236.216 port 48926 [preauth]
Sep 29 14:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: Successful su for rubyman by root
Sep 29 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: + ??? root:rubyman
Sep 29 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315183 of user rubyman.
Sep 29 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10989]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315183.
Sep 29 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Failed password for root from 162.144.236.216 port 57602 ssh2
Sep 29 14:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10901]: Connection closed by 162.144.236.216 port 57602 [preauth]
Sep 29 14:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session closed for user root
Sep 29 14:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Failed password for root from 162.144.236.216 port 36514 ssh2
Sep 29 14:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Connection closed by 162.144.236.216 port 36514 [preauth]
Sep 29 14:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11213]: Failed password for root from 162.144.236.216 port 42660 ssh2
Sep 29 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session closed for user root
Sep 29 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11213]: Connection closed by 162.144.236.216 port 42660 [preauth]
Sep 29 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for root from 162.144.236.216 port 51698 ssh2
Sep 29 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 162.144.236.216 port 51698 [preauth]
Sep 29 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Failed password for root from 162.144.236.216 port 59266 ssh2
Sep 29 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=brentdwi@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Connection closed by 162.144.236.216 port 59266 [preauth]
Sep 29 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 14:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=brentdwi rhost=::ffff:45.142.193.185
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: Successful su for rubyman by root
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: + ??? root:rubyman
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315186 of user rubyman.
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315186.
Sep 29 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session closed for user root
Sep 29 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for root from 162.144.236.216 port 38720 ssh2
Sep 29 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Connection closed by 162.144.236.216 port 38720 [preauth]
Sep 29 14:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Invalid user admin from 80.94.95.112
Sep 29 14:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: input_userauth_request: invalid user admin [preauth]
Sep 29 14:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user admin from 80.94.95.112 port 35239 ssh2
Sep 29 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user admin from 80.94.95.112 port 35239 ssh2
Sep 29 14:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Failed password for root from 162.144.236.216 port 46378 ssh2
Sep 29 14:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user admin from 80.94.95.112 port 35239 ssh2
Sep 29 14:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11654]: Connection closed by 162.144.236.216 port 46378 [preauth]
Sep 29 14:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user admin from 80.94.95.112 port 35239 ssh2
Sep 29 14:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user admin from 80.94.95.112 port 35239 ssh2
Sep 29 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Received disconnect from 80.94.95.112 port 35239:11: Bye [preauth]
Sep 29 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Disconnected from 80.94.95.112 port 35239 [preauth]
Sep 29 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 14:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user root
Sep 29 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for root from 162.144.236.216 port 53076 ssh2
Sep 29 14:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Connection closed by 162.144.236.216 port 53076 [preauth]
Sep 29 14:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Failed password for root from 162.144.236.216 port 58306 ssh2
Sep 29 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11848]: Connection closed by 162.144.236.216 port 58306 [preauth]
Sep 29 14:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 162.144.236.216 port 36858 ssh2
Sep 29 14:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Connection closed by 162.144.236.216 port 36858 [preauth]
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11969]: Successful su for rubyman by root
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11969]: + ??? root:rubyman
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315191 of user rubyman.
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11969]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315191.
Sep 29 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8717]: pam_unix(cron:session): session closed for user root
Sep 29 14:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.120.29 port 58398
Sep 29 14:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: Failed password for root from 162.144.236.216 port 43474 ssh2
Sep 29 14:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12173]: Did not receive identification string from 165.154.120.29
Sep 29 14:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12241]: Connection closed by 165.154.120.29 port 33508 [preauth]
Sep 29 14:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: Protocol major versions differ for 165.154.120.29: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Sep 29 14:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12036]: Connection closed by 162.144.236.216 port 43474 [preauth]
Sep 29 14:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10916]: pam_unix(cron:session): session closed for user root
Sep 29 14:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Failed password for root from 162.144.236.216 port 54376 ssh2
Sep 29 14:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Connection closed by 162.144.236.216 port 54376 [preauth]
Sep 29 14:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12321]: Failed password for root from 162.144.236.216 port 35038 ssh2
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12345]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12346]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12340]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12321]: Connection closed by 162.144.236.216 port 35038 [preauth]
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: Successful su for rubyman by root
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: + ??? root:rubyman
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315195 of user rubyman.
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315195.
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12340]: pam_unix(cron:session): session closed for user root
Sep 29 14:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9391]: pam_unix(cron:session): session closed for user root
Sep 29 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Failed password for root from 162.144.236.216 port 42332 ssh2
Sep 29 14:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Connection closed by 162.144.236.216 port 42332 [preauth]
Sep 29 14:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12726]: Failed password for root from 162.144.236.216 port 47738 ssh2
Sep 29 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12726]: Connection closed by 162.144.236.216 port 47738 [preauth]
Sep 29 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Invalid user ubnt from 93.152.230.176
Sep 29 14:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 14:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Failed password for invalid user ubnt from 93.152.230.176 port 29947 ssh2
Sep 29 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Received disconnect from 93.152.230.176 port 29947:11: Client disconnecting normally [preauth]
Sep 29 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Disconnected from 93.152.230.176 port 29947 [preauth]
Sep 29 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user root
Sep 29 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Failed password for root from 162.144.236.216 port 54516 ssh2
Sep 29 14:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Connection closed by 162.144.236.216 port 54516 [preauth]
Sep 29 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Failed password for root from 162.144.236.216 port 34882 ssh2
Sep 29 14:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Connection closed by 162.144.236.216 port 34882 [preauth]
Sep 29 14:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session closed for user root
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12904]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: Successful su for rubyman by root
Sep 29 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: + ??? root:rubyman
Sep 29 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315200 of user rubyman.
Sep 29 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12988]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315200.
Sep 29 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Failed password for root from 162.144.236.216 port 43510 ssh2
Sep 29 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Connection closed by 162.144.236.216 port 43510 [preauth]
Sep 29 14:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12907]: pam_unix(cron:session): session closed for user root
Sep 29 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9947]: pam_unix(cron:session): session closed for user root
Sep 29 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12906]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13132]: Failed password for root from 162.144.236.216 port 51188 ssh2
Sep 29 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13132]: Connection closed by 162.144.236.216 port 51188 [preauth]
Sep 29 14:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Failed password for root from 162.144.236.216 port 56598 ssh2
Sep 29 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Connection closed by 162.144.236.216 port 56598 [preauth]
Sep 29 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: Failed password for root from 162.144.236.216 port 35742 ssh2
Sep 29 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13267]: Connection closed by 162.144.236.216 port 35742 [preauth]
Sep 29 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11907]: pam_unix(cron:session): session closed for user root
Sep 29 14:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: Failed password for root from 162.144.236.216 port 42928 ssh2
Sep 29 14:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13314]: Connection closed by 162.144.236.216 port 42928 [preauth]
Sep 29 14:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Failed password for root from 162.144.236.216 port 49118 ssh2
Sep 29 14:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Connection closed by 162.144.236.216 port 49118 [preauth]
Sep 29 14:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13480]: Successful su for rubyman by root
Sep 29 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13480]: + ??? root:rubyman
Sep 29 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315207 of user rubyman.
Sep 29 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13480]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315207.
Sep 29 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user root
Sep 29 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for root from 162.144.236.216 port 54136 ssh2
Sep 29 14:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 162.144.236.216 port 54136 [preauth]
Sep 29 14:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Failed password for root from 162.144.236.216 port 34526 ssh2
Sep 29 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Connection closed by 162.144.236.216 port 34526 [preauth]
Sep 29 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Failed password for root from 162.144.236.216 port 40528 ssh2
Sep 29 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Connection closed by 162.144.236.216 port 40528 [preauth]
Sep 29 14:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12346]: pam_unix(cron:session): session closed for user root
Sep 29 14:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Invalid user vyos from 167.99.55.34
Sep 29 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: input_userauth_request: invalid user vyos [preauth]
Sep 29 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for invalid user vyos from 167.99.55.34 port 60886 ssh2
Sep 29 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Connection closed by 167.99.55.34 port 60886 [preauth]
Sep 29 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Failed password for root from 162.144.236.216 port 47190 ssh2
Sep 29 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Connection closed by 162.144.236.216 port 47190 [preauth]
Sep 29 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13830]: Failed password for root from 162.144.236.216 port 53502 ssh2
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13852]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13853]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13850]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13912]: Successful su for rubyman by root
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13912]: + ??? root:rubyman
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315209 of user rubyman.
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13912]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315209.
Sep 29 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session closed for user root
Sep 29 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13830]: Connection closed by 162.144.236.216 port 53502 [preauth]
Sep 29 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13851]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: Failed password for root from 162.144.236.216 port 60950 ssh2
Sep 29 14:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14185]: Connection closed by 162.144.236.216 port 60950 [preauth]
Sep 29 14:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Invalid user  from 62.60.131.157
Sep 29 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: input_userauth_request: invalid user  [preauth]
Sep 29 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Failed none for invalid user  from 62.60.131.157 port 64043 ssh2
Sep 29 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Received disconnect from 62.60.131.157 port 64043:11: Bye [preauth]
Sep 29 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Disconnected from 62.60.131.157 port 64043 [preauth]
Sep 29 14:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14239]: Failed password for root from 162.144.236.216 port 40740 ssh2
Sep 29 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14239]: Connection closed by 162.144.236.216 port 40740 [preauth]
Sep 29 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: Failed password for root from 162.144.236.216 port 46266 ssh2
Sep 29 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: Connection closed by 162.144.236.216 port 46266 [preauth]
Sep 29 14:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session closed for user root
Sep 29 14:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Failed password for root from 162.144.236.216 port 52666 ssh2
Sep 29 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Connection closed by 162.144.236.216 port 52666 [preauth]
Sep 29 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14316]: Failed password for root from 162.144.236.216 port 58094 ssh2
Sep 29 14:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14316]: Connection closed by 162.144.236.216 port 58094 [preauth]
Sep 29 14:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14372]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14370]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: Successful su for rubyman by root
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: + ??? root:rubyman
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315213 of user rubyman.
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14429]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315213.
Sep 29 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session closed for user root
Sep 29 14:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14371]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Failed password for root from 162.144.236.216 port 37742 ssh2
Sep 29 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Connection closed by 162.144.236.216 port 37742 [preauth]
Sep 29 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Failed password for root from 162.144.236.216 port 46034 ssh2
Sep 29 14:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Connection closed by 162.144.236.216 port 46034 [preauth]
Sep 29 14:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user root
Sep 29 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: Invalid user support from 194.0.234.19
Sep 29 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: input_userauth_request: invalid user support [preauth]
Sep 29 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 14:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Failed password for root from 162.144.236.216 port 54234 ssh2
Sep 29 14:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: Failed password for invalid user support from 194.0.234.19 port 16994 ssh2
Sep 29 14:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: Connection closed by 194.0.234.19 port 16994 [preauth]
Sep 29 14:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14697]: Connection closed by 162.144.236.216 port 54234 [preauth]
Sep 29 14:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14765]: Failed password for root from 162.144.236.216 port 33588 ssh2
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14765]: Connection closed by 162.144.236.216 port 33588 [preauth]
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14859]: Successful su for rubyman by root
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14859]: + ??? root:rubyman
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315218 of user rubyman.
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14859]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315218.
Sep 29 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session closed for user root
Sep 29 14:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Failed password for root from 162.144.236.216 port 39032 ssh2
Sep 29 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Connection closed by 162.144.236.216 port 39032 [preauth]
Sep 29 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Failed password for root from 162.144.236.216 port 46192 ssh2
Sep 29 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15063]: Connection closed by 162.144.236.216 port 46192 [preauth]
Sep 29 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13853]: pam_unix(cron:session): session closed for user root
Sep 29 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15096]: Failed password for root from 162.144.236.216 port 53630 ssh2
Sep 29 14:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15096]: Connection closed by 162.144.236.216 port 53630 [preauth]
Sep 29 14:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Failed password for root from 162.144.236.216 port 35934 ssh2
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15214]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15212]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15213]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session closed for user root
Sep 29 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15208]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: Successful su for rubyman by root
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: + ??? root:rubyman
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315223 of user rubyman.
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315223.
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Connection closed by 162.144.236.216 port 35934 [preauth]
Sep 29 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15212]: pam_unix(cron:session): session closed for user root
Sep 29 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12345]: pam_unix(cron:session): session closed for user root
Sep 29 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Failed password for root from 162.144.236.216 port 42918 ssh2
Sep 29 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Connection closed by 162.144.236.216 port 42918 [preauth]
Sep 29 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: Failed password for root from 162.144.236.216 port 49634 ssh2
Sep 29 14:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: Connection closed by 162.144.236.216 port 49634 [preauth]
Sep 29 14:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Failed password for root from 162.144.236.216 port 54596 ssh2
Sep 29 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Connection closed by 162.144.236.216 port 54596 [preauth]
Sep 29 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14373]: pam_unix(cron:session): session closed for user root
Sep 29 14:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Failed password for root from 162.144.236.216 port 34226 ssh2
Sep 29 14:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Connection closed by 162.144.236.216 port 34226 [preauth]
Sep 29 14:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15667]: Did not receive identification string from 162.144.236.216
Sep 29 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: Successful su for rubyman by root
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: + ??? root:rubyman
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315228 of user rubyman.
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315228.
Sep 29 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: Failed password for root from 162.144.236.216 port 42906 ssh2
Sep 29 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15676]: Connection closed by 162.144.236.216 port 42906 [preauth]
Sep 29 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session closed for user root
Sep 29 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Failed password for root from 162.144.236.216 port 50578 ssh2
Sep 29 14:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Connection closed by 162.144.236.216 port 50578 [preauth]
Sep 29 14:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Failed password for root from 162.144.236.216 port 60080 ssh2
Sep 29 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Connection closed by 162.144.236.216 port 60080 [preauth]
Sep 29 14:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session closed for user root
Sep 29 14:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for root from 162.144.236.216 port 38008 ssh2
Sep 29 14:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Connection closed by 162.144.236.216 port 38008 [preauth]
Sep 29 14:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: Failed password for root from 162.144.236.216 port 46476 ssh2
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user root
Sep 29 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: Successful su for rubyman by root
Sep 29 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: + ??? root:rubyman
Sep 29 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315233 of user rubyman.
Sep 29 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16197]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315233.
Sep 29 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16073]: Connection closed by 162.144.236.216 port 46476 [preauth]
Sep 29 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session closed for user root
Sep 29 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: Failed password for root from 162.144.236.216 port 56508 ssh2
Sep 29 14:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: Connection closed by 162.144.236.216 port 56508 [preauth]
Sep 29 14:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16443]: Failed password for root from 162.144.236.216 port 36876 ssh2
Sep 29 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16443]: Connection closed by 162.144.236.216 port 36876 [preauth]
Sep 29 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15214]: pam_unix(cron:session): session closed for user root
Sep 29 14:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16494]: Did not receive identification string from 162.144.236.216
Sep 29 14:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: Failed password for root from 162.144.236.216 port 46984 ssh2
Sep 29 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16519]: Connection closed by 162.144.236.216 port 46984 [preauth]
Sep 29 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16585]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16651]: Successful su for rubyman by root
Sep 29 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16651]: + ??? root:rubyman
Sep 29 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315236 of user rubyman.
Sep 29 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16651]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315236.
Sep 29 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13852]: pam_unix(cron:session): session closed for user root
Sep 29 14:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16586]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Failed password for root from 162.144.236.216 port 55042 ssh2
Sep 29 14:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16568]: Connection closed by 162.144.236.216 port 55042 [preauth]
Sep 29 14:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for root from 162.144.236.216 port 35120 ssh2
Sep 29 14:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Connection closed by 162.144.236.216 port 35120 [preauth]
Sep 29 14:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
Sep 29 14:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Failed password for root from 162.144.236.216 port 43240 ssh2
Sep 29 14:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Connection closed by 162.144.236.216 port 43240 [preauth]
Sep 29 14:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Invalid user system from 213.209.157.9
Sep 29 14:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: input_userauth_request: invalid user system [preauth]
Sep 29 14:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 14:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Failed password for invalid user system from 213.209.157.9 port 14774 ssh2
Sep 29 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Connection closed by 213.209.157.9 port 14774 [preauth]
Sep 29 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: Failed password for root from 162.144.236.216 port 50334 ssh2
Sep 29 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: Connection closed by 162.144.236.216 port 50334 [preauth]
Sep 29 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17032]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17101]: Successful su for rubyman by root
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17101]: + ??? root:rubyman
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315240 of user rubyman.
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17101]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315240.
Sep 29 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14372]: pam_unix(cron:session): session closed for user root
Sep 29 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: Failed password for root from 162.144.236.216 port 58588 ssh2
Sep 29 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17016]: Connection closed by 162.144.236.216 port 58588 [preauth]
Sep 29 14:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Failed password for root from 162.144.236.216 port 37714 ssh2
Sep 29 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17313]: Connection closed by 162.144.236.216 port 37714 [preauth]
Sep 29 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Invalid user hpc-riscv from 167.99.55.34
Sep 29 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: input_userauth_request: invalid user hpc-riscv [preauth]
Sep 29 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Failed password for invalid user hpc-riscv from 167.99.55.34 port 39436 ssh2
Sep 29 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Connection closed by 167.99.55.34 port 39436 [preauth]
Sep 29 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Failed password for root from 162.144.236.216 port 46492 ssh2
Sep 29 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Connection closed by 162.144.236.216 port 46492 [preauth]
Sep 29 14:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Failed password for root from 162.144.236.216 port 52392 ssh2
Sep 29 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session closed for user root
Sep 29 14:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Connection closed by 162.144.236.216 port 52392 [preauth]
Sep 29 14:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Failed password for root from 162.144.236.216 port 60600 ssh2
Sep 29 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Connection closed by 162.144.236.216 port 60600 [preauth]
Sep 29 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17491]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session closed for user root
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17563]: Successful su for rubyman by root
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17563]: + ??? root:rubyman
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315249 of user rubyman.
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17563]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315249.
Sep 29 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Invalid user test from 185.156.73.233
Sep 29 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: input_userauth_request: invalid user test [preauth]
Sep 29 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user root
Sep 29 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 14:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session closed for user root
Sep 29 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Failed password for invalid user test from 185.156.73.233 port 19384 ssh2
Sep 29 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Connection closed by 185.156.73.233 port 19384 [preauth]
Sep 29 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17488]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Failed password for root from 162.144.236.216 port 40978 ssh2
Sep 29 14:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Connection closed by 162.144.236.216 port 40978 [preauth]
Sep 29 14:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Failed password for root from 162.144.236.216 port 49960 ssh2
Sep 29 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Connection closed by 162.144.236.216 port 49960 [preauth]
Sep 29 14:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16589]: pam_unix(cron:session): session closed for user root
Sep 29 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for root from 162.144.236.216 port 58900 ssh2
Sep 29 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Connection closed by 162.144.236.216 port 58900 [preauth]
Sep 29 14:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: Failed password for root from 162.144.236.216 port 37148 ssh2
Sep 29 14:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: Connection closed by 162.144.236.216 port 37148 [preauth]
Sep 29 14:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18273]: Successful su for rubyman by root
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18273]: + ??? root:rubyman
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315252 of user rubyman.
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18273]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315252.
Sep 29 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15213]: pam_unix(cron:session): session closed for user root
Sep 29 14:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Failed password for root from 162.144.236.216 port 41766 ssh2
Sep 29 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Connection closed by 162.144.236.216 port 41766 [preauth]
Sep 29 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Failed password for root from 162.144.236.216 port 48716 ssh2
Sep 29 14:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Connection closed by 162.144.236.216 port 48716 [preauth]
Sep 29 14:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17032]: pam_unix(cron:session): session closed for user root
Sep 29 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for root from 162.144.236.216 port 56208 ssh2
Sep 29 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Connection closed by 162.144.236.216 port 56208 [preauth]
Sep 29 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Failed password for root from 162.144.236.216 port 35040 ssh2
Sep 29 14:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Connection closed by 162.144.236.216 port 35040 [preauth]
Sep 29 14:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18793]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18868]: Successful su for rubyman by root
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18868]: + ??? root:rubyman
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315255 of user rubyman.
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18868]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315255.
Sep 29 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: Failed password for root from 162.144.236.216 port 40206 ssh2
Sep 29 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user root
Sep 29 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: Connection closed by 162.144.236.216 port 40206 [preauth]
Sep 29 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for root from 162.144.236.216 port 49152 ssh2
Sep 29 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Connection closed by 162.144.236.216 port 49152 [preauth]
Sep 29 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Failed password for root from 162.144.236.216 port 55348 ssh2
Sep 29 14:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Connection closed by 162.144.236.216 port 55348 [preauth]
Sep 29 14:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Failed password for root from 162.144.236.216 port 60698 ssh2
Sep 29 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17491]: pam_unix(cron:session): session closed for user root
Sep 29 14:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Connection closed by 162.144.236.216 port 60698 [preauth]
Sep 29 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Failed password for root from 162.144.236.216 port 39922 ssh2
Sep 29 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Connection closed by 162.144.236.216 port 39922 [preauth]
Sep 29 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: Successful su for rubyman by root
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: + ??? root:rubyman
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315259 of user rubyman.
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315259.
Sep 29 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Failed password for root from 162.144.236.216 port 47438 ssh2
Sep 29 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16127]: pam_unix(cron:session): session closed for user root
Sep 29 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Connection closed by 162.144.236.216 port 47438 [preauth]
Sep 29 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19299]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19878]: Failed password for root from 162.144.236.216 port 53490 ssh2
Sep 29 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19878]: Connection closed by 162.144.236.216 port 53490 [preauth]
Sep 29 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Failed password for root from 162.144.236.216 port 60168 ssh2
Sep 29 14:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19936]: Connection closed by 162.144.236.216 port 60168 [preauth]
Sep 29 14:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Failed password for root from 162.144.236.216 port 38968 ssh2
Sep 29 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Connection closed by 162.144.236.216 port 38968 [preauth]
Sep 29 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18079]: pam_unix(cron:session): session closed for user root
Sep 29 14:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Failed password for root from 162.144.236.216 port 44260 ssh2
Sep 29 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19989]: Connection closed by 162.144.236.216 port 44260 [preauth]
Sep 29 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20102]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20170]: Successful su for rubyman by root
Sep 29 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20170]: + ??? root:rubyman
Sep 29 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315263 of user rubyman.
Sep 29 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20170]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315263.
Sep 29 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16587]: pam_unix(cron:session): session closed for user root
Sep 29 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: Failed password for root from 162.144.236.216 port 51788 ssh2
Sep 29 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20103]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: Connection closed by 162.144.236.216 port 51788 [preauth]
Sep 29 14:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for root from 162.144.236.216 port 32814 ssh2
Sep 29 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Connection closed by 162.144.236.216 port 32814 [preauth]
Sep 29 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: Failed password for root from 162.144.236.216 port 38064 ssh2
Sep 29 14:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: Connection closed by 162.144.236.216 port 38064 [preauth]
Sep 29 14:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session closed for user root
Sep 29 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Failed password for root from 162.144.236.216 port 46176 ssh2
Sep 29 14:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Connection closed by 162.144.236.216 port 46176 [preauth]
Sep 29 14:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Invalid user ftpuser from 93.152.230.176
Sep 29 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Failed password for invalid user ftpuser from 93.152.230.176 port 14860 ssh2
Sep 29 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Received disconnect from 93.152.230.176 port 14860:11: Client disconnecting normally [preauth]
Sep 29 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Disconnected from 93.152.230.176 port 14860 [preauth]
Sep 29 14:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Failed password for root from 162.144.236.216 port 54852 ssh2
Sep 29 14:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Connection closed by 162.144.236.216 port 54852 [preauth]
Sep 29 14:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Failed password for root from 162.144.236.216 port 32862 ssh2
Sep 29 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Connection closed by 162.144.236.216 port 32862 [preauth]
Sep 29 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session closed for user root
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: Successful su for rubyman by root
Sep 29 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: + ??? root:rubyman
Sep 29 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315267 of user rubyman.
Sep 29 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315267.
Sep 29 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Failed password for root from 162.144.236.216 port 40548 ssh2
Sep 29 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Connection closed by 162.144.236.216 port 40548 [preauth]
Sep 29 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session closed for user root
Sep 29 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session closed for user root
Sep 29 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Invalid user songsong from 138.68.58.124
Sep 29 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: input_userauth_request: invalid user songsong [preauth]
Sep 29 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Failed password for invalid user songsong from 138.68.58.124 port 48350 ssh2
Sep 29 14:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Connection closed by 138.68.58.124 port 48350 [preauth]
Sep 29 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: Failed password for root from 162.144.236.216 port 47790 ssh2
Sep 29 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20781]: Connection closed by 162.144.236.216 port 47790 [preauth]
Sep 29 14:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Failed password for root from 162.144.236.216 port 52886 ssh2
Sep 29 14:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Connection closed by 162.144.236.216 port 52886 [preauth]
Sep 29 14:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Failed password for root from 162.144.236.216 port 32834 ssh2
Sep 29 14:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Connection closed by 162.144.236.216 port 32834 [preauth]
Sep 29 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session closed for user root
Sep 29 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Failed password for root from 162.144.236.216 port 40762 ssh2
Sep 29 14:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Connection closed by 162.144.236.216 port 40762 [preauth]
Sep 29 14:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: Failed password for root from 162.144.236.216 port 48004 ssh2
Sep 29 14:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21023]: Connection closed by 162.144.236.216 port 48004 [preauth]
Sep 29 14:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: Failed password for root from 162.144.236.216 port 55366 ssh2
Sep 29 14:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: Connection closed by 162.144.236.216 port 55366 [preauth]
Sep 29 14:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21095]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21096]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: Successful su for rubyman by root
Sep 29 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: + ??? root:rubyman
Sep 29 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315274 of user rubyman.
Sep 29 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21165]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315274.
Sep 29 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session closed for user root
Sep 29 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Failed password for root from 162.144.236.216 port 35566 ssh2
Sep 29 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21094]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Connection closed by 162.144.236.216 port 35566 [preauth]
Sep 29 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: Failed password for root from 162.144.236.216 port 42500 ssh2
Sep 29 14:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21354]: Connection closed by 162.144.236.216 port 42500 [preauth]
Sep 29 14:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Failed password for root from 162.144.236.216 port 49424 ssh2
Sep 29 14:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Connection closed by 162.144.236.216 port 49424 [preauth]
Sep 29 14:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20105]: pam_unix(cron:session): session closed for user root
Sep 29 14:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for root from 162.144.236.216 port 57136 ssh2
Sep 29 14:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Connection closed by 162.144.236.216 port 57136 [preauth]
Sep 29 14:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Failed password for root from 162.144.236.216 port 37674 ssh2
Sep 29 14:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Connection closed by 162.144.236.216 port 37674 [preauth]
Sep 29 14:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: Invalid user riscv from 167.99.55.34
Sep 29 14:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: input_userauth_request: invalid user riscv [preauth]
Sep 29 14:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for root from 162.144.236.216 port 44830 ssh2
Sep 29 14:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Connection closed by 162.144.236.216 port 44830 [preauth]
Sep 29 14:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: Failed password for invalid user riscv from 167.99.55.34 port 57692 ssh2
Sep 29 14:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21509]: Connection closed by 167.99.55.34 port 57692 [preauth]
Sep 29 14:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21537]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21535]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21604]: Successful su for rubyman by root
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21604]: + ??? root:rubyman
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315277 of user rubyman.
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21604]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315277.
Sep 29 14:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21522]: Failed password for root from 162.144.236.216 port 52696 ssh2
Sep 29 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21522]: Connection closed by 162.144.236.216 port 52696 [preauth]
Sep 29 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session closed for user root
Sep 29 14:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Failed password for root from 162.144.236.216 port 58458 ssh2
Sep 29 14:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21727]: Connection closed by 162.144.236.216 port 58458 [preauth]
Sep 29 14:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Failed password for root from 162.144.236.216 port 36572 ssh2
Sep 29 14:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Connection closed by 162.144.236.216 port 36572 [preauth]
Sep 29 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Invalid user sultan from 80.94.95.112
Sep 29 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: input_userauth_request: invalid user sultan [preauth]
Sep 29 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for invalid user sultan from 80.94.95.112 port 63085 ssh2
Sep 29 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for invalid user sultan from 80.94.95.112 port 63085 ssh2
Sep 29 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for invalid user sultan from 80.94.95.112 port 63085 ssh2
Sep 29 14:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for invalid user sultan from 80.94.95.112 port 63085 ssh2
Sep 29 14:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for invalid user sultan from 80.94.95.112 port 63085 ssh2
Sep 29 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Received disconnect from 80.94.95.112 port 63085:11: Bye [preauth]
Sep 29 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Disconnected from 80.94.95.112 port 63085 [preauth]
Sep 29 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Failed password for root from 162.144.236.216 port 43030 ssh2
Sep 29 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Connection closed by 162.144.236.216 port 43030 [preauth]
Sep 29 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session closed for user root
Sep 29 14:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: Failed password for root from 162.144.236.216 port 49988 ssh2
Sep 29 14:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21929]: Connection closed by 162.144.236.216 port 49988 [preauth]
Sep 29 14:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21987]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22059]: Successful su for rubyman by root
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22059]: + ??? root:rubyman
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315280 of user rubyman.
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22059]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315280.
Sep 29 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18796]: pam_unix(cron:session): session closed for user root
Sep 29 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21964]: Failed password for root from 162.144.236.216 port 57098 ssh2
Sep 29 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21964]: Connection closed by 162.144.236.216 port 57098 [preauth]
Sep 29 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21990]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Failed password for root from 162.144.236.216 port 37610 ssh2
Sep 29 14:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Connection closed by 162.144.236.216 port 37610 [preauth]
Sep 29 14:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: Failed password for root from 162.144.236.216 port 44076 ssh2
Sep 29 14:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22283]: Connection closed by 162.144.236.216 port 44076 [preauth]
Sep 29 14:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: Failed password for root from 162.144.236.216 port 52026 ssh2
Sep 29 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22316]: Connection closed by 162.144.236.216 port 52026 [preauth]
Sep 29 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21096]: pam_unix(cron:session): session closed for user root
Sep 29 14:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22353]: Failed password for root from 162.144.236.216 port 59434 ssh2
Sep 29 14:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22353]: Connection closed by 162.144.236.216 port 59434 [preauth]
Sep 29 14:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Failed password for root from 162.144.236.216 port 37408 ssh2
Sep 29 14:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Connection closed by 162.144.236.216 port 37408 [preauth]
Sep 29 14:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: Failed password for root from 162.144.236.216 port 43912 ssh2
Sep 29 14:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22415]: Connection closed by 162.144.236.216 port 43912 [preauth]
Sep 29 14:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: Successful su for rubyman by root
Sep 29 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: + ??? root:rubyman
Sep 29 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315286 of user rubyman.
Sep 29 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315286.
Sep 29 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22441]: Failed password for root from 162.144.236.216 port 49476 ssh2
Sep 29 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session closed for user root
Sep 29 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22441]: Connection closed by 162.144.236.216 port 49476 [preauth]
Sep 29 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Failed password for root from 162.144.236.216 port 57042 ssh2
Sep 29 14:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Connection closed by 162.144.236.216 port 57042 [preauth]
Sep 29 14:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Failed password for root from 162.144.236.216 port 35272 ssh2
Sep 29 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Connection closed by 162.144.236.216 port 35272 [preauth]
Sep 29 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22970]: Failed password for root from 162.144.236.216 port 41626 ssh2
Sep 29 14:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22970]: Connection closed by 162.144.236.216 port 41626 [preauth]
Sep 29 14:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session closed for user root
Sep 29 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Failed password for root from 162.144.236.216 port 47606 ssh2
Sep 29 14:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23004]: Connection closed by 162.144.236.216 port 47606 [preauth]
Sep 29 14:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Failed password for root from 162.144.236.216 port 51846 ssh2
Sep 29 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Connection closed by 162.144.236.216 port 51846 [preauth]
Sep 29 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Failed password for root from 162.144.236.216 port 58906 ssh2
Sep 29 14:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Connection closed by 162.144.236.216 port 58906 [preauth]
Sep 29 14:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Failed password for root from 162.144.236.216 port 36882 ssh2
Sep 29 14:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Connection closed by 162.144.236.216 port 36882 [preauth]
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23149]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23147]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23148]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23149]: pam_unix(cron:session): session closed for user root
Sep 29 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: Successful su for rubyman by root
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: + ??? root:rubyman
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315288 of user rubyman.
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315288.
Sep 29 14:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session closed for user root
Sep 29 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20104]: pam_unix(cron:session): session closed for user root
Sep 29 14:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Failed password for root from 162.144.236.216 port 45300 ssh2
Sep 29 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Connection closed by 162.144.236.216 port 45300 [preauth]
Sep 29 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for root from 162.144.236.216 port 53168 ssh2
Sep 29 14:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Connection closed by 162.144.236.216 port 53168 [preauth]
Sep 29 14:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: Failed password for root from 162.144.236.216 port 34262 ssh2
Sep 29 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23762]: Connection closed by 162.144.236.216 port 34262 [preauth]
Sep 29 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session closed for user root
Sep 29 14:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: Failed password for root from 162.144.236.216 port 39968 ssh2
Sep 29 14:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: Connection closed by 162.144.236.216 port 39968 [preauth]
Sep 29 14:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23823]: Failed password for root from 162.144.236.216 port 44022 ssh2
Sep 29 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23823]: Connection closed by 162.144.236.216 port 44022 [preauth]
Sep 29 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23833]: Failed password for root from 162.144.236.216 port 50638 ssh2
Sep 29 14:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23833]: Connection closed by 162.144.236.216 port 50638 [preauth]
Sep 29 14:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: Failed password for root from 162.144.236.216 port 56754 ssh2
Sep 29 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23866]: Connection closed by 162.144.236.216 port 56754 [preauth]
Sep 29 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23893]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23890]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: Successful su for rubyman by root
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: + ??? root:rubyman
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315295 of user rubyman.
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315295.
Sep 29 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Failed password for root from 162.144.236.216 port 34976 ssh2
Sep 29 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Connection closed by 162.144.236.216 port 34976 [preauth]
Sep 29 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session closed for user root
Sep 29 14:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Failed password for root from 162.144.236.216 port 41006 ssh2
Sep 29 14:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Connection closed by 162.144.236.216 port 41006 [preauth]
Sep 29 14:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Failed password for root from 162.144.236.216 port 46866 ssh2
Sep 29 14:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Connection closed by 162.144.236.216 port 46866 [preauth]
Sep 29 14:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Failed password for root from 162.144.236.216 port 52770 ssh2
Sep 29 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Connection closed by 162.144.236.216 port 52770 [preauth]
Sep 29 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22457]: pam_unix(cron:session): session closed for user root
Sep 29 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Failed password for root from 162.144.236.216 port 58188 ssh2
Sep 29 14:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Connection closed by 162.144.236.216 port 58188 [preauth]
Sep 29 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Failed password for root from 162.144.236.216 port 36972 ssh2
Sep 29 14:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24323]: Connection closed by 162.144.236.216 port 36972 [preauth]
Sep 29 14:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Failed password for root from 162.144.236.216 port 44242 ssh2
Sep 29 14:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Connection closed by 162.144.236.216 port 44242 [preauth]
Sep 29 14:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: Failed password for root from 162.144.236.216 port 50810 ssh2
Sep 29 14:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24381]: Connection closed by 162.144.236.216 port 50810 [preauth]
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: Successful su for rubyman by root
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: + ??? root:rubyman
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315300 of user rubyman.
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24477]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315300.
Sep 29 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21095]: pam_unix(cron:session): session closed for user root
Sep 29 14:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Failed password for root from 162.144.236.216 port 57352 ssh2
Sep 29 14:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Connection closed by 162.144.236.216 port 57352 [preauth]
Sep 29 14:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for root from 162.144.236.216 port 35152 ssh2
Sep 29 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Connection closed by 162.144.236.216 port 35152 [preauth]
Sep 29 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for root from 162.144.236.216 port 41714 ssh2
Sep 29 14:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Connection closed by 162.144.236.216 port 41714 [preauth]
Sep 29 14:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Failed password for root from 162.144.236.216 port 47798 ssh2
Sep 29 14:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24759]: Connection closed by 162.144.236.216 port 47798 [preauth]
Sep 29 14:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23148]: pam_unix(cron:session): session closed for user root
Sep 29 14:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Failed password for root from 162.144.236.216 port 53990 ssh2
Sep 29 14:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Connection closed by 162.144.236.216 port 53990 [preauth]
Sep 29 14:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Failed password for root from 162.144.236.216 port 60050 ssh2
Sep 29 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Connection closed by 162.144.236.216 port 60050 [preauth]
Sep 29 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: Invalid user admin from 194.0.234.93
Sep 29 14:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: input_userauth_request: invalid user admin [preauth]
Sep 29 14:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Sep 29 14:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: Failed password for invalid user admin from 194.0.234.93 port 16332 ssh2
Sep 29 14:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: Connection closed by 194.0.234.93 port 16332 [preauth]
Sep 29 14:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: Failed password for root from 162.144.236.216 port 40706 ssh2
Sep 29 14:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24850]: Connection closed by 162.144.236.216 port 40706 [preauth]
Sep 29 14:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24873]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24939]: Successful su for rubyman by root
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24939]: + ??? root:rubyman
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315302 of user rubyman.
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24939]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315302.
Sep 29 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21537]: pam_unix(cron:session): session closed for user root
Sep 29 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Failed password for root from 162.144.236.216 port 47412 ssh2
Sep 29 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Connection closed by 162.144.236.216 port 47412 [preauth]
Sep 29 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Failed password for root from 162.144.236.216 port 54834 ssh2
Sep 29 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25161]: Connection closed by 162.144.236.216 port 54834 [preauth]
Sep 29 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Failed password for root from 162.144.236.216 port 35918 ssh2
Sep 29 14:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Connection closed by 162.144.236.216 port 35918 [preauth]
Sep 29 14:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23893]: pam_unix(cron:session): session closed for user root
Sep 29 14:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25254]: Failed password for root from 162.144.236.216 port 42858 ssh2
Sep 29 14:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25254]: Connection closed by 162.144.236.216 port 42858 [preauth]
Sep 29 14:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Failed password for root from 162.144.236.216 port 49798 ssh2
Sep 29 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Connection closed by 162.144.236.216 port 49798 [preauth]
Sep 29 14:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Failed password for root from 162.144.236.216 port 55666 ssh2
Sep 29 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Connection closed by 162.144.236.216 port 55666 [preauth]
Sep 29 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Failed password for root from 162.144.236.216 port 34698 ssh2
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25646]: Successful su for rubyman by root
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25646]: + ??? root:rubyman
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315307 of user rubyman.
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25646]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315307.
Sep 29 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Connection closed by 162.144.236.216 port 34698 [preauth]
Sep 29 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session closed for user root
Sep 29 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: Failed password for root from 162.144.236.216 port 42096 ssh2
Sep 29 14:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25714]: Connection closed by 162.144.236.216 port 42096 [preauth]
Sep 29 14:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Failed password for root from 162.144.236.216 port 47988 ssh2
Sep 29 14:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Connection closed by 162.144.236.216 port 47988 [preauth]
Sep 29 14:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: Failed password for root from 162.144.236.216 port 54616 ssh2
Sep 29 14:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26009]: Connection closed by 162.144.236.216 port 54616 [preauth]
Sep 29 14:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: Invalid user riscv from 167.99.55.34
Sep 29 14:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: input_userauth_request: invalid user riscv [preauth]
Sep 29 14:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: Failed password for invalid user riscv from 167.99.55.34 port 58936 ssh2
Sep 29 14:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26047]: Connection closed by 167.99.55.34 port 58936 [preauth]
Sep 29 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: Failed password for root from 162.144.236.216 port 60378 ssh2
Sep 29 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26044]: Connection closed by 162.144.236.216 port 60378 [preauth]
Sep 29 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session closed for user root
Sep 29 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for root from 162.144.236.216 port 38496 ssh2
Sep 29 14:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Connection closed by 162.144.236.216 port 38496 [preauth]
Sep 29 14:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Invalid user ubnt from 62.60.131.157
Sep 29 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user ubnt from 62.60.131.157 port 63231 ssh2
Sep 29 14:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Failed password for root from 162.144.236.216 port 45114 ssh2
Sep 29 14:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Connection closed by 162.144.236.216 port 45114 [preauth]
Sep 29 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user ubnt from 62.60.131.157 port 63231 ssh2
Sep 29 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user ubnt from 62.60.131.157 port 63231 ssh2
Sep 29 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user ubnt from 62.60.131.157 port 63231 ssh2
Sep 29 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Failed password for root from 162.144.236.216 port 54374 ssh2
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Connection closed by 162.144.236.216 port 54374 [preauth]
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user ubnt from 62.60.131.157 port 63231 ssh2
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Received disconnect from 62.60.131.157 port 63231:11: Bye [preauth]
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Disconnected from 62.60.131.157 port 63231 [preauth]
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 14:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user root
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26239]: Successful su for rubyman by root
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26239]: + ??? root:rubyman
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315310 of user rubyman.
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26239]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315310.
Sep 29 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session closed for user root
Sep 29 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user root
Sep 29 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: Failed password for root from 162.144.236.216 port 59374 ssh2
Sep 29 14:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26152]: Connection closed by 162.144.236.216 port 59374 [preauth]
Sep 29 14:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: Failed password for root from 162.144.236.216 port 39920 ssh2
Sep 29 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: Connection closed by 162.144.236.216 port 39920 [preauth]
Sep 29 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Failed password for root from 162.144.236.216 port 46632 ssh2
Sep 29 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Connection closed by 162.144.236.216 port 46632 [preauth]
Sep 29 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session closed for user root
Sep 29 14:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for root from 162.144.236.216 port 53086 ssh2
Sep 29 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Connection closed by 162.144.236.216 port 53086 [preauth]
Sep 29 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: Failed password for root from 162.144.236.216 port 59886 ssh2
Sep 29 14:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: Connection closed by 162.144.236.216 port 59886 [preauth]
Sep 29 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26782]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26893]: Successful su for rubyman by root
Sep 29 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26893]: + ??? root:rubyman
Sep 29 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315317 of user rubyman.
Sep 29 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26893]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315317.
Sep 29 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23147]: pam_unix(cron:session): session closed for user root
Sep 29 14:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Failed password for root from 162.144.236.216 port 38992 ssh2
Sep 29 14:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Connection closed by 162.144.236.216 port 38992 [preauth]
Sep 29 14:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Failed password for root from 162.144.236.216 port 45532 ssh2
Sep 29 14:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Connection closed by 162.144.236.216 port 45532 [preauth]
Sep 29 14:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for root from 162.144.236.216 port 52238 ssh2
Sep 29 14:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Connection closed by 162.144.236.216 port 52238 [preauth]
Sep 29 14:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session closed for user root
Sep 29 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: Failed password for root from 162.144.236.216 port 59718 ssh2
Sep 29 14:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: Connection closed by 162.144.236.216 port 59718 [preauth]
Sep 29 14:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27283]: Failed password for root from 162.144.236.216 port 40186 ssh2
Sep 29 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Invalid user zcm from 202.139.196.49
Sep 29 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: input_userauth_request: invalid user zcm [preauth]
Sep 29 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27283]: Connection closed by 162.144.236.216 port 40186 [preauth]
Sep 29 14:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Failed password for invalid user zcm from 202.139.196.49 port 59920 ssh2
Sep 29 14:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Received disconnect from 202.139.196.49 port 59920:11: Bye Bye [preauth]
Sep 29 14:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Disconnected from 202.139.196.49 port 59920 [preauth]
Sep 29 14:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Failed password for root from 162.144.236.216 port 47020 ssh2
Sep 29 14:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Connection closed by 162.144.236.216 port 47020 [preauth]
Sep 29 14:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27354]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27428]: Successful su for rubyman by root
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27428]: + ??? root:rubyman
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315321 of user rubyman.
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27428]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315321.
Sep 29 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Failed password for root from 162.144.236.216 port 52706 ssh2
Sep 29 14:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23892]: pam_unix(cron:session): session closed for user root
Sep 29 14:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Connection closed by 162.144.236.216 port 52706 [preauth]
Sep 29 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Failed password for root from 162.144.236.216 port 33698 ssh2
Sep 29 14:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Connection closed by 162.144.236.216 port 33698 [preauth]
Sep 29 14:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27838]: Failed password for root from 162.144.236.216 port 40052 ssh2
Sep 29 14:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27838]: Connection closed by 162.144.236.216 port 40052 [preauth]
Sep 29 14:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Failed password for root from 162.144.236.216 port 46382 ssh2
Sep 29 14:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27865]: Connection closed by 162.144.236.216 port 46382 [preauth]
Sep 29 14:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session closed for user root
Sep 29 14:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Failed password for root from 162.144.236.216 port 53702 ssh2
Sep 29 14:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27895]: Connection closed by 162.144.236.216 port 53702 [preauth]
Sep 29 14:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Failed password for root from 162.144.236.216 port 33274 ssh2
Sep 29 14:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Invalid user admin from 139.19.117.131
Sep 29 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: input_userauth_request: invalid user admin [preauth]
Sep 29 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Connection closed by 162.144.236.216 port 33274 [preauth]
Sep 29 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Failed password for root from 162.144.236.216 port 40972 ssh2
Sep 29 14:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Connection closed by 162.144.236.216 port 40972 [preauth]
Sep 29 14:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27968]: Connection closed by 139.19.117.131 port 46202 [preauth]
Sep 29 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28005]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28003]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: Successful su for rubyman by root
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: + ??? root:rubyman
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315326 of user rubyman.
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315326.
Sep 29 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session closed for user root
Sep 29 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Failed password for root from 162.144.236.216 port 47410 ssh2
Sep 29 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Connection closed by 162.144.236.216 port 47410 [preauth]
Sep 29 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28004]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28255]: Failed password for root from 162.144.236.216 port 53288 ssh2
Sep 29 14:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28255]: Connection closed by 162.144.236.216 port 53288 [preauth]
Sep 29 14:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Invalid user odoo from 164.68.105.9
Sep 29 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: input_userauth_request: invalid user odoo [preauth]
Sep 29 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: Failed password for root from 162.144.236.216 port 59796 ssh2
Sep 29 14:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: Connection closed by 162.144.236.216 port 59796 [preauth]
Sep 29 14:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Failed password for invalid user odoo from 164.68.105.9 port 47952 ssh2
Sep 29 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Connection closed by 164.68.105.9 port 47952 [preauth]
Sep 29 14:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: Failed password for root from 162.144.236.216 port 37244 ssh2
Sep 29 14:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: Connection closed by 162.144.236.216 port 37244 [preauth]
Sep 29 14:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Invalid user iqbal from 152.200.181.42
Sep 29 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: input_userauth_request: invalid user iqbal [preauth]
Sep 29 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Failed password for invalid user iqbal from 152.200.181.42 port 36744 ssh2
Sep 29 14:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session closed for user root
Sep 29 14:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Received disconnect from 152.200.181.42 port 36744:11: Bye Bye [preauth]
Sep 29 14:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Disconnected from 152.200.181.42 port 36744 [preauth]
Sep 29 14:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Failed password for root from 162.144.236.216 port 43522 ssh2
Sep 29 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Connection closed by 162.144.236.216 port 43522 [preauth]
Sep 29 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Failed password for root from 162.144.236.216 port 51170 ssh2
Sep 29 14:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Connection closed by 162.144.236.216 port 51170 [preauth]
Sep 29 14:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: Failed password for root from 162.144.236.216 port 58500 ssh2
Sep 29 14:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: Connection closed by 162.144.236.216 port 58500 [preauth]
Sep 29 14:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28486]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28754]: Successful su for rubyman by root
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28754]: + ??? root:rubyman
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315330 of user rubyman.
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28754]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315330.
Sep 29 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Invalid user sunil from 101.36.98.91
Sep 29 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: input_userauth_request: invalid user sunil [preauth]
Sep 29 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session closed for user root
Sep 29 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: Failed password for root from 162.144.236.216 port 38082 ssh2
Sep 29 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: Connection closed by 162.144.236.216 port 38082 [preauth]
Sep 29 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session closed for user root
Sep 29 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Failed password for invalid user sunil from 101.36.98.91 port 55346 ssh2
Sep 29 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Received disconnect from 101.36.98.91 port 55346:11: Bye Bye [preauth]
Sep 29 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Disconnected from 101.36.98.91 port 55346 [preauth]
Sep 29 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28487]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Failed password for root from 162.144.236.216 port 44928 ssh2
Sep 29 14:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Connection closed by 162.144.236.216 port 44928 [preauth]
Sep 29 14:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 14:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil18@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 14:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 14:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil18 rhost=::ffff:45.142.193.185
Sep 29 14:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: Failed password for root from 162.144.236.216 port 51258 ssh2
Sep 29 14:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29103]: Connection closed by 162.144.236.216 port 51258 [preauth]
Sep 29 14:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Failed password for root from 162.144.236.216 port 57692 ssh2
Sep 29 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Connection closed by 162.144.236.216 port 57692 [preauth]
Sep 29 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session closed for user root
Sep 29 14:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Failed password for root from 162.144.236.216 port 38140 ssh2
Sep 29 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Connection closed by 162.144.236.216 port 38140 [preauth]
Sep 29 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Invalid user neo4j from 212.193.3.74
Sep 29 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: input_userauth_request: invalid user neo4j [preauth]
Sep 29 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Failed password for invalid user neo4j from 212.193.3.74 port 36954 ssh2
Sep 29 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Received disconnect from 212.193.3.74 port 36954:11: Bye Bye [preauth]
Sep 29 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Disconnected from 212.193.3.74 port 36954 [preauth]
Sep 29 14:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Failed password for root from 162.144.236.216 port 44808 ssh2
Sep 29 14:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Connection closed by 162.144.236.216 port 44808 [preauth]
Sep 29 14:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: Failed password for root from 162.144.236.216 port 51676 ssh2
Sep 29 14:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29280]: Connection closed by 162.144.236.216 port 51676 [preauth]
Sep 29 14:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session closed for user root
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29393]: Successful su for rubyman by root
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29393]: + ??? root:rubyman
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315337 of user rubyman.
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29393]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315337.
Sep 29 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Failed password for root from 162.144.236.216 port 56248 ssh2
Sep 29 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user root
Sep 29 14:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Connection closed by 162.144.236.216 port 56248 [preauth]
Sep 29 14:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session closed for user root
Sep 29 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: Failed password for root from 162.144.236.216 port 35400 ssh2
Sep 29 14:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: Connection closed by 162.144.236.216 port 35400 [preauth]
Sep 29 14:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Failed password for root from 162.144.236.216 port 41890 ssh2
Sep 29 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Connection closed by 162.144.236.216 port 41890 [preauth]
Sep 29 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Failed password for root from 162.144.236.216 port 47972 ssh2
Sep 29 14:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Connection closed by 162.144.236.216 port 47972 [preauth]
Sep 29 14:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28006]: pam_unix(cron:session): session closed for user root
Sep 29 14:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Failed password for root from 162.144.236.216 port 55586 ssh2
Sep 29 14:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Connection closed by 162.144.236.216 port 55586 [preauth]
Sep 29 14:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: Failed password for root from 162.144.236.216 port 34124 ssh2
Sep 29 14:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29760]: Connection closed by 162.144.236.216 port 34124 [preauth]
Sep 29 14:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for root from 162.144.236.216 port 41538 ssh2
Sep 29 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 162.144.236.216 port 41538 [preauth]
Sep 29 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: Successful su for rubyman by root
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: + ??? root:rubyman
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315341 of user rubyman.
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29918]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315341.
Sep 29 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29826]: Failed password for root from 101.36.98.91 port 53690 ssh2
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29826]: Received disconnect from 101.36.98.91 port 53690:11: Bye Bye [preauth]
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29826]: Disconnected from 101.36.98.91 port 53690 [preauth]
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29822]: Failed password for root from 202.139.196.49 port 34572 ssh2
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Failed password for root from 162.144.236.216 port 49086 ssh2
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29822]: Received disconnect from 202.139.196.49 port 34572:11: Bye Bye [preauth]
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29822]: Disconnected from 202.139.196.49 port 34572 [preauth]
Sep 29 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29811]: Connection closed by 162.144.236.216 port 49086 [preauth]
Sep 29 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Invalid user test from 212.193.3.74
Sep 29 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: input_userauth_request: invalid user test [preauth]
Sep 29 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Failed password for invalid user test from 212.193.3.74 port 37138 ssh2
Sep 29 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Received disconnect from 212.193.3.74 port 37138:11: Bye Bye [preauth]
Sep 29 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Disconnected from 212.193.3.74 port 37138 [preauth]
Sep 29 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session closed for user root
Sep 29 14:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29832]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Failed password for root from 162.144.236.216 port 54768 ssh2
Sep 29 14:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Connection closed by 162.144.236.216 port 54768 [preauth]
Sep 29 14:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Failed password for root from 162.144.236.216 port 33482 ssh2
Sep 29 14:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Connection closed by 162.144.236.216 port 33482 [preauth]
Sep 29 14:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Failed password for root from 162.144.236.216 port 40828 ssh2
Sep 29 14:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Connection closed by 162.144.236.216 port 40828 [preauth]
Sep 29 14:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28489]: pam_unix(cron:session): session closed for user root
Sep 29 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Failed password for root from 162.144.236.216 port 49448 ssh2
Sep 29 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30255]: Connection closed by 162.144.236.216 port 49448 [preauth]
Sep 29 14:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: Failed password for root from 162.144.236.216 port 55394 ssh2
Sep 29 14:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: Connection closed by 162.144.236.216 port 55394 [preauth]
Sep 29 14:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Failed password for root from 162.144.236.216 port 34062 ssh2
Sep 29 14:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Connection closed by 162.144.236.216 port 34062 [preauth]
Sep 29 14:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: Failed password for root from 162.144.236.216 port 40216 ssh2
Sep 29 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30361]: Connection closed by 162.144.236.216 port 40216 [preauth]
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Failed password for root from 101.36.98.91 port 36700 ssh2
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Received disconnect from 101.36.98.91 port 36700:11: Bye Bye [preauth]
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Disconnected from 101.36.98.91 port 36700 [preauth]
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30381]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: Successful su for rubyman by root
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: + ??? root:rubyman
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315344 of user rubyman.
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315344.
Sep 29 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Failed password for root from 212.193.3.74 port 46160 ssh2
Sep 29 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Received disconnect from 212.193.3.74 port 46160:11: Bye Bye [preauth]
Sep 29 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30376]: Disconnected from 212.193.3.74 port 46160 [preauth]
Sep 29 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session closed for user root
Sep 29 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Invalid user riscv from 167.99.55.34
Sep 29 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: input_userauth_request: invalid user riscv [preauth]
Sep 29 14:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Failed password for invalid user riscv from 167.99.55.34 port 33648 ssh2
Sep 29 14:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Connection closed by 167.99.55.34 port 33648 [preauth]
Sep 29 14:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Failed password for root from 162.144.236.216 port 43666 ssh2
Sep 29 14:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Connection closed by 162.144.236.216 port 43666 [preauth]
Sep 29 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Invalid user amax from 202.139.196.49
Sep 29 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: input_userauth_request: invalid user amax [preauth]
Sep 29 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Failed password for invalid user amax from 202.139.196.49 port 52156 ssh2
Sep 29 14:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Received disconnect from 202.139.196.49 port 52156:11: Bye Bye [preauth]
Sep 29 14:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Disconnected from 202.139.196.49 port 52156 [preauth]
Sep 29 14:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30768]: Failed password for root from 162.144.236.216 port 51712 ssh2
Sep 29 14:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30768]: Connection closed by 162.144.236.216 port 51712 [preauth]
Sep 29 14:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: Invalid user operator from 194.0.234.19
Sep 29 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: input_userauth_request: invalid user operator [preauth]
Sep 29 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Failed password for root from 162.144.236.216 port 58028 ssh2
Sep 29 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: Failed password for invalid user operator from 194.0.234.19 port 28562 ssh2
Sep 29 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30798]: Connection closed by 194.0.234.19 port 28562 [preauth]
Sep 29 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Connection closed by 162.144.236.216 port 58028 [preauth]
Sep 29 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Failed password for root from 162.144.236.216 port 34926 ssh2
Sep 29 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29317]: pam_unix(cron:session): session closed for user root
Sep 29 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Connection closed by 162.144.236.216 port 34926 [preauth]
Sep 29 14:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: Failed password for root from 162.144.236.216 port 42820 ssh2
Sep 29 14:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: Connection closed by 162.144.236.216 port 42820 [preauth]
Sep 29 14:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Failed password for root from 162.144.236.216 port 50252 ssh2
Sep 29 14:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Connection closed by 162.144.236.216 port 50252 [preauth]
Sep 29 14:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30921]: Failed password for root from 212.193.3.74 port 49194 ssh2
Sep 29 14:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30921]: Received disconnect from 212.193.3.74 port 49194:11: Bye Bye [preauth]
Sep 29 14:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30921]: Disconnected from 212.193.3.74 port 49194 [preauth]
Sep 29 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Failed password for root from 162.144.236.216 port 57382 ssh2
Sep 29 14:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Connection closed by 162.144.236.216 port 57382 [preauth]
Sep 29 14:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30947]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31027]: Successful su for rubyman by root
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31027]: + ??? root:rubyman
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315347 of user rubyman.
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31027]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315347.
Sep 29 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Invalid user nokia from 101.36.98.91
Sep 29 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: input_userauth_request: invalid user nokia [preauth]
Sep 29 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Failed password for invalid user nokia from 101.36.98.91 port 37370 ssh2
Sep 29 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Received disconnect from 101.36.98.91 port 37370:11: Bye Bye [preauth]
Sep 29 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Disconnected from 101.36.98.91 port 37370 [preauth]
Sep 29 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session closed for user root
Sep 29 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: Failed password for root from 162.144.236.216 port 33906 ssh2
Sep 29 14:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: Connection closed by 162.144.236.216 port 33906 [preauth]
Sep 29 14:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30948]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: Failed password for root from 162.144.236.216 port 40570 ssh2
Sep 29 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31239]: Connection closed by 162.144.236.216 port 40570 [preauth]
Sep 29 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Invalid user neo4j from 202.139.196.49
Sep 29 14:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: input_userauth_request: invalid user neo4j [preauth]
Sep 29 14:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Failed password for invalid user neo4j from 202.139.196.49 port 40294 ssh2
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Invalid user foundry from 152.200.181.42
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: input_userauth_request: invalid user foundry [preauth]
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Received disconnect from 202.139.196.49 port 40294:11: Bye Bye [preauth]
Sep 29 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Disconnected from 202.139.196.49 port 40294 [preauth]
Sep 29 14:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Failed password for root from 162.144.236.216 port 46056 ssh2
Sep 29 14:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Connection closed by 162.144.236.216 port 46056 [preauth]
Sep 29 14:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Failed password for invalid user foundry from 152.200.181.42 port 35001 ssh2
Sep 29 14:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Received disconnect from 152.200.181.42 port 35001:11: Bye Bye [preauth]
Sep 29 14:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Disconnected from 152.200.181.42 port 35001 [preauth]
Sep 29 14:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Failed password for root from 162.144.236.216 port 51170 ssh2
Sep 29 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Connection closed by 162.144.236.216 port 51170 [preauth]
Sep 29 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29834]: pam_unix(cron:session): session closed for user root
Sep 29 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: Failed password for root from 162.144.236.216 port 57878 ssh2
Sep 29 14:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31314]: Connection closed by 162.144.236.216 port 57878 [preauth]
Sep 29 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: Failed password for root from 212.193.3.74 port 55048 ssh2
Sep 29 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: Received disconnect from 212.193.3.74 port 55048:11: Bye Bye [preauth]
Sep 29 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31374]: Disconnected from 212.193.3.74 port 55048 [preauth]
Sep 29 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Failed password for root from 162.144.236.216 port 35900 ssh2
Sep 29 14:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Connection closed by 162.144.236.216 port 35900 [preauth]
Sep 29 14:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for root from 162.144.236.216 port 44594 ssh2
Sep 29 14:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Connection closed by 162.144.236.216 port 44594 [preauth]
Sep 29 14:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Invalid user minecraft from 101.36.98.91
Sep 29 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Failed password for invalid user minecraft from 101.36.98.91 port 38916 ssh2
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Received disconnect from 101.36.98.91 port 38916:11: Bye Bye [preauth]
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Disconnected from 101.36.98.91 port 38916 [preauth]
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31423]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31534]: Successful su for rubyman by root
Sep 29 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31534]: + ??? root:rubyman
Sep 29 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315352 of user rubyman.
Sep 29 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31534]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315352.
Sep 29 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28005]: pam_unix(cron:session): session closed for user root
Sep 29 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Failed password for root from 162.144.236.216 port 52040 ssh2
Sep 29 14:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Connection closed by 162.144.236.216 port 52040 [preauth]
Sep 29 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for root from 162.144.236.216 port 59966 ssh2
Sep 29 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 162.144.236.216 port 59966 [preauth]
Sep 29 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Failed password for root from 202.139.196.49 port 56076 ssh2
Sep 29 14:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Failed password for root from 162.144.236.216 port 38174 ssh2
Sep 29 14:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Received disconnect from 202.139.196.49 port 56076:11: Bye Bye [preauth]
Sep 29 14:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Disconnected from 202.139.196.49 port 56076 [preauth]
Sep 29 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31777]: Connection closed by 162.144.236.216 port 38174 [preauth]
Sep 29 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Failed password for root from 162.144.236.216 port 44780 ssh2
Sep 29 14:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Connection closed by 162.144.236.216 port 44780 [preauth]
Sep 29 14:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session closed for user root
Sep 29 14:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Invalid user donald from 212.193.3.74
Sep 29 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: input_userauth_request: invalid user donald [preauth]
Sep 29 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 162.144.236.216 port 51356 ssh2
Sep 29 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection closed by 162.144.236.216 port 51356 [preauth]
Sep 29 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Failed password for invalid user donald from 212.193.3.74 port 49036 ssh2
Sep 29 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Received disconnect from 212.193.3.74 port 49036:11: Bye Bye [preauth]
Sep 29 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Disconnected from 212.193.3.74 port 49036 [preauth]
Sep 29 14:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Failed password for root from 162.144.236.216 port 56124 ssh2
Sep 29 14:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Connection closed by 162.144.236.216 port 56124 [preauth]
Sep 29 14:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Failed password for root from 162.144.236.216 port 34050 ssh2
Sep 29 14:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Connection closed by 162.144.236.216 port 34050 [preauth]
Sep 29 14:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Failed password for root from 101.36.98.91 port 53376 ssh2
Sep 29 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Received disconnect from 101.36.98.91 port 53376:11: Bye Bye [preauth]
Sep 29 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Disconnected from 101.36.98.91 port 53376 [preauth]
Sep 29 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31935]: pam_unix(cron:session): session closed for user root
Sep 29 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: Successful su for rubyman by root
Sep 29 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: + ??? root:rubyman
Sep 29 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315355 of user rubyman.
Sep 29 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315355.
Sep 29 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Failed password for root from 162.144.236.216 port 41354 ssh2
Sep 29 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Connection closed by 162.144.236.216 port 41354 [preauth]
Sep 29 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31932]: pam_unix(cron:session): session closed for user root
Sep 29 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session closed for user root
Sep 29 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Invalid user admin from 78.128.112.74
Sep 29 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: input_userauth_request: invalid user admin [preauth]
Sep 29 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Failed password for invalid user admin from 78.128.112.74 port 51746 ssh2
Sep 29 14:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32199]: Connection closed by 78.128.112.74 port 51746 [preauth]
Sep 29 14:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Failed password for root from 162.144.236.216 port 48712 ssh2
Sep 29 14:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32132]: Connection closed by 162.144.236.216 port 48712 [preauth]
Sep 29 14:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Failed password for root from 162.144.236.216 port 56396 ssh2
Sep 29 14:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Connection closed by 162.144.236.216 port 56396 [preauth]
Sep 29 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Invalid user caja from 202.139.196.49
Sep 29 14:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: input_userauth_request: invalid user caja [preauth]
Sep 29 14:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Failed password for invalid user caja from 202.139.196.49 port 44448 ssh2
Sep 29 14:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Received disconnect from 202.139.196.49 port 44448:11: Bye Bye [preauth]
Sep 29 14:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32289]: Disconnected from 202.139.196.49 port 44448 [preauth]
Sep 29 14:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32288]: Failed password for root from 162.144.236.216 port 35734 ssh2
Sep 29 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Failed password for root from 212.193.3.74 port 58410 ssh2
Sep 29 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Received disconnect from 212.193.3.74 port 58410:11: Bye Bye [preauth]
Sep 29 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Disconnected from 212.193.3.74 port 58410 [preauth]
Sep 29 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32288]: Connection closed by 162.144.236.216 port 35734 [preauth]
Sep 29 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30950]: pam_unix(cron:session): session closed for user root
Sep 29 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: Failed password for root from 162.144.236.216 port 41908 ssh2
Sep 29 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: Connection closed by 162.144.236.216 port 41908 [preauth]
Sep 29 14:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32354]: Failed password for root from 162.144.236.216 port 46712 ssh2
Sep 29 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32354]: Connection closed by 162.144.236.216 port 46712 [preauth]
Sep 29 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Invalid user runcloud from 101.36.98.91
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: input_userauth_request: invalid user runcloud [preauth]
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Failed password for invalid user runcloud from 101.36.98.91 port 53474 ssh2
Sep 29 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Received disconnect from 101.36.98.91 port 53474:11: Bye Bye [preauth]
Sep 29 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32392]: Disconnected from 101.36.98.91 port 53474 [preauth]
Sep 29 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Failed password for root from 162.144.236.216 port 53036 ssh2
Sep 29 14:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 14:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Connection closed by 162.144.236.216 port 53036 [preauth]
Sep 29 14:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Failed password for root from 152.200.181.42 port 47357 ssh2
Sep 29 14:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Received disconnect from 152.200.181.42 port 47357:11: Bye Bye [preauth]
Sep 29 14:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Disconnected from 152.200.181.42 port 47357 [preauth]
Sep 29 14:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32432]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session closed for user root
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32511]: Successful su for rubyman by root
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32511]: + ??? root:rubyman
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315362 of user rubyman.
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32511]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315362.
Sep 29 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for root from 162.144.236.216 port 59358 ssh2
Sep 29 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 162.144.236.216 port 59358 [preauth]
Sep 29 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
Sep 29 14:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32576]: Failed password for root from 162.144.236.216 port 39178 ssh2
Sep 29 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32576]: Connection closed by 162.144.236.216 port 39178 [preauth]
Sep 29 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Failed password for root from 162.144.236.216 port 45632 ssh2
Sep 29 14:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Connection closed by 162.144.236.216 port 45632 [preauth]
Sep 29 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Invalid user sentry from 212.193.3.74
Sep 29 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: input_userauth_request: invalid user sentry [preauth]
Sep 29 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Failed password for invalid user sentry from 212.193.3.74 port 50636 ssh2
Sep 29 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Received disconnect from 212.193.3.74 port 50636:11: Bye Bye [preauth]
Sep 29 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Disconnected from 212.193.3.74 port 50636 [preauth]
Sep 29 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Failed password for root from 162.144.236.216 port 51876 ssh2
Sep 29 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Connection closed by 162.144.236.216 port 51876 [preauth]
Sep 29 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Invalid user sentry from 202.139.196.49
Sep 29 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: input_userauth_request: invalid user sentry [preauth]
Sep 29 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Failed password for invalid user sentry from 202.139.196.49 port 34214 ssh2
Sep 29 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Received disconnect from 202.139.196.49 port 34214:11: Bye Bye [preauth]
Sep 29 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Disconnected from 202.139.196.49 port 34214 [preauth]
Sep 29 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Failed password for root from 162.144.236.216 port 57938 ssh2
Sep 29 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Connection closed by 162.144.236.216 port 57938 [preauth]
Sep 29 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session closed for user root
Sep 29 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: Failed password for root from 162.144.236.216 port 35632 ssh2
Sep 29 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[353]: Connection closed by 162.144.236.216 port 35632 [preauth]
Sep 29 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Failed password for root from 101.36.98.91 port 44108 ssh2
Sep 29 14:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Received disconnect from 101.36.98.91 port 44108:11: Bye Bye [preauth]
Sep 29 14:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[384]: Disconnected from 101.36.98.91 port 44108 [preauth]
Sep 29 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: Failed password for root from 162.144.236.216 port 41682 ssh2
Sep 29 14:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: Connection closed by 162.144.236.216 port 41682 [preauth]
Sep 29 14:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[416]: Failed password for root from 162.144.236.216 port 49168 ssh2
Sep 29 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[416]: Connection closed by 162.144.236.216 port 49168 [preauth]
Sep 29 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: Successful su for rubyman by root
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: + ??? root:rubyman
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315367 of user rubyman.
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315367.
Sep 29 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29833]: pam_unix(cron:session): session closed for user root
Sep 29 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[440]: Failed password for root from 162.144.236.216 port 56274 ssh2
Sep 29 14:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[451]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[440]: Connection closed by 162.144.236.216 port 56274 [preauth]
Sep 29 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: Failed password for root from 162.144.236.216 port 34648 ssh2
Sep 29 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[710]: Connection closed by 162.144.236.216 port 34648 [preauth]
Sep 29 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Invalid user sunil from 212.193.3.74
Sep 29 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: input_userauth_request: invalid user sunil [preauth]
Sep 29 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Failed password for invalid user sunil from 212.193.3.74 port 51458 ssh2
Sep 29 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Received disconnect from 212.193.3.74 port 51458:11: Bye Bye [preauth]
Sep 29 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Disconnected from 212.193.3.74 port 51458 [preauth]
Sep 29 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Failed password for root from 162.144.236.216 port 41152 ssh2
Sep 29 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[749]: Connection closed by 162.144.236.216 port 41152 [preauth]
Sep 29 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Failed password for root from 162.144.236.216 port 48760 ssh2
Sep 29 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[783]: Connection closed by 162.144.236.216 port 48760 [preauth]
Sep 29 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31934]: pam_unix(cron:session): session closed for user root
Sep 29 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Failed password for root from 202.139.196.49 port 51482 ssh2
Sep 29 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Received disconnect from 202.139.196.49 port 51482:11: Bye Bye [preauth]
Sep 29 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Disconnected from 202.139.196.49 port 51482 [preauth]
Sep 29 14:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Failed password for root from 162.144.236.216 port 56044 ssh2
Sep 29 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Connection closed by 162.144.236.216 port 56044 [preauth]
Sep 29 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Failed password for root from 101.36.98.91 port 55090 ssh2
Sep 29 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Received disconnect from 101.36.98.91 port 55090:11: Bye Bye [preauth]
Sep 29 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Disconnected from 101.36.98.91 port 55090 [preauth]
Sep 29 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: Failed password for root from 162.144.236.216 port 35996 ssh2
Sep 29 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[906]: Connection closed by 162.144.236.216 port 35996 [preauth]
Sep 29 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: Failed password for root from 162.144.236.216 port 41840 ssh2
Sep 29 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: Connection closed by 162.144.236.216 port 41840 [preauth]
Sep 29 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[983]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[982]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[979]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1073]: Successful su for rubyman by root
Sep 29 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1073]: + ??? root:rubyman
Sep 29 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315370 of user rubyman.
Sep 29 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1073]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315370.
Sep 29 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session closed for user root
Sep 29 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[969]: Failed password for root from 162.144.236.216 port 48470 ssh2
Sep 29 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[981]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[969]: Connection closed by 162.144.236.216 port 48470 [preauth]
Sep 29 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Invalid user nokia from 212.193.3.74
Sep 29 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: input_userauth_request: invalid user nokia [preauth]
Sep 29 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Failed password for invalid user nokia from 212.193.3.74 port 47138 ssh2
Sep 29 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Received disconnect from 212.193.3.74 port 47138:11: Bye Bye [preauth]
Sep 29 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1281]: Disconnected from 212.193.3.74 port 47138 [preauth]
Sep 29 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Failed password for root from 162.144.236.216 port 55544 ssh2
Sep 29 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Invalid user ubuntu from 152.200.181.42
Sep 29 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Connection closed by 162.144.236.216 port 55544 [preauth]
Sep 29 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Failed password for invalid user ubuntu from 152.200.181.42 port 59703 ssh2
Sep 29 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Received disconnect from 152.200.181.42 port 59703:11: Bye Bye [preauth]
Sep 29 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1300]: Disconnected from 152.200.181.42 port 59703 [preauth]
Sep 29 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: Invalid user vpn from 185.156.73.233
Sep 29 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: input_userauth_request: invalid user vpn [preauth]
Sep 29 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: Failed password for invalid user vpn from 185.156.73.233 port 48830 ssh2
Sep 29 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1323]: Connection closed by 185.156.73.233 port 48830 [preauth]
Sep 29 14:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Failed password for root from 162.144.236.216 port 34010 ssh2
Sep 29 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1322]: Connection closed by 162.144.236.216 port 34010 [preauth]
Sep 29 14:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32432]: pam_unix(cron:session): session closed for user root
Sep 29 14:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Invalid user sentry from 101.36.98.91
Sep 29 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: input_userauth_request: invalid user sentry [preauth]
Sep 29 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for root from 162.144.236.216 port 40088 ssh2
Sep 29 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Failed password for invalid user sentry from 101.36.98.91 port 44324 ssh2
Sep 29 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Received disconnect from 101.36.98.91 port 44324:11: Bye Bye [preauth]
Sep 29 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Disconnected from 101.36.98.91 port 44324 [preauth]
Sep 29 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Connection closed by 162.144.236.216 port 40088 [preauth]
Sep 29 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Invalid user runcloud from 202.139.196.49
Sep 29 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: input_userauth_request: invalid user runcloud [preauth]
Sep 29 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Failed password for invalid user runcloud from 202.139.196.49 port 41308 ssh2
Sep 29 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Received disconnect from 202.139.196.49 port 41308:11: Bye Bye [preauth]
Sep 29 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Disconnected from 202.139.196.49 port 41308 [preauth]
Sep 29 14:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Failed password for root from 162.144.236.216 port 49430 ssh2
Sep 29 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: Successful su for rubyman by root
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: + ??? root:rubyman
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315375 of user rubyman.
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1565]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315375.
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Connection closed by 162.144.236.216 port 49430 [preauth]
Sep 29 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Invalid user admin from 212.193.3.74
Sep 29 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: input_userauth_request: invalid user admin [preauth]
Sep 29 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30949]: pam_unix(cron:session): session closed for user root
Sep 29 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Failed password for invalid user admin from 212.193.3.74 port 47246 ssh2
Sep 29 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Received disconnect from 212.193.3.74 port 47246:11: Bye Bye [preauth]
Sep 29 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Disconnected from 212.193.3.74 port 47246 [preauth]
Sep 29 14:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Failed password for root from 162.144.236.216 port 58138 ssh2
Sep 29 14:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Connection closed by 162.144.236.216 port 58138 [preauth]
Sep 29 14:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[453]: pam_unix(cron:session): session closed for user root
Sep 29 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Failed password for root from 162.144.236.216 port 36196 ssh2
Sep 29 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: Invalid user amax from 101.36.98.91
Sep 29 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: input_userauth_request: invalid user amax [preauth]
Sep 29 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: Failed password for invalid user amax from 101.36.98.91 port 37462 ssh2
Sep 29 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: Received disconnect from 101.36.98.91 port 37462:11: Bye Bye [preauth]
Sep 29 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: Disconnected from 101.36.98.91 port 37462 [preauth]
Sep 29 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Connection closed by 162.144.236.216 port 36196 [preauth]
Sep 29 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: Invalid user riscv from 167.99.55.34
Sep 29 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: input_userauth_request: invalid user riscv [preauth]
Sep 29 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: Failed password for invalid user riscv from 167.99.55.34 port 37116 ssh2
Sep 29 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1896]: Connection closed by 167.99.55.34 port 37116 [preauth]
Sep 29 14:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: Invalid user sunil from 202.139.196.49
Sep 29 14:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: input_userauth_request: invalid user sunil [preauth]
Sep 29 14:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: Failed password for invalid user sunil from 202.139.196.49 port 58570 ssh2
Sep 29 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: Received disconnect from 202.139.196.49 port 58570:11: Bye Bye [preauth]
Sep 29 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1928]: Disconnected from 202.139.196.49 port 58570 [preauth]
Sep 29 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1895]: Failed password for root from 162.144.236.216 port 44642 ssh2
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1895]: Connection closed by 162.144.236.216 port 44642 [preauth]
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Invalid user zcm from 212.193.3.74
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: input_userauth_request: invalid user zcm [preauth]
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Failed password for invalid user zcm from 212.193.3.74 port 50728 ssh2
Sep 29 14:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Received disconnect from 212.193.3.74 port 50728:11: Bye Bye [preauth]
Sep 29 14:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Disconnected from 212.193.3.74 port 50728 [preauth]
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1969]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1970]: pam_unix(cron:session): session closed for user root
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1965]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2042]: Successful su for rubyman by root
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2042]: + ??? root:rubyman
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315381 of user rubyman.
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2042]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315381.
Sep 29 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session closed for user root
Sep 29 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1951]: Failed password for root from 162.144.236.216 port 50962 ssh2
Sep 29 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1951]: Connection closed by 162.144.236.216 port 50962 [preauth]
Sep 29 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
Sep 29 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1966]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: Failed password for root from 162.144.236.216 port 55142 ssh2
Sep 29 14:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: Connection closed by 162.144.236.216 port 55142 [preauth]
Sep 29 14:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for root from 162.144.236.216 port 33710 ssh2
Sep 29 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Connection closed by 162.144.236.216 port 33710 [preauth]
Sep 29 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Invalid user donald from 101.36.98.91
Sep 29 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: input_userauth_request: invalid user donald [preauth]
Sep 29 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: Failed password for root from 162.144.236.216 port 39176 ssh2
Sep 29 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2318]: Connection closed by 162.144.236.216 port 39176 [preauth]
Sep 29 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Failed password for invalid user donald from 101.36.98.91 port 45876 ssh2
Sep 29 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Received disconnect from 101.36.98.91 port 45876:11: Bye Bye [preauth]
Sep 29 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Disconnected from 101.36.98.91 port 45876 [preauth]
Sep 29 14:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[983]: pam_unix(cron:session): session closed for user root
Sep 29 14:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: Failed password for root from 162.144.236.216 port 46812 ssh2
Sep 29 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2344]: Connection closed by 162.144.236.216 port 46812 [preauth]
Sep 29 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 14:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Failed password for root from 152.200.181.42 port 43837 ssh2
Sep 29 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Received disconnect from 152.200.181.42 port 43837:11: Bye Bye [preauth]
Sep 29 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Disconnected from 152.200.181.42 port 43837 [preauth]
Sep 29 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for root from 162.144.236.216 port 52394 ssh2
Sep 29 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Connection closed by 162.144.236.216 port 52394 [preauth]
Sep 29 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Invalid user god from 212.193.3.74
Sep 29 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: input_userauth_request: invalid user god [preauth]
Sep 29 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Failed password for invalid user god from 212.193.3.74 port 57388 ssh2
Sep 29 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Received disconnect from 212.193.3.74 port 57388:11: Bye Bye [preauth]
Sep 29 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Disconnected from 212.193.3.74 port 57388 [preauth]
Sep 29 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 14:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: Failed password for root from 162.144.236.216 port 58202 ssh2
Sep 29 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Failed password for root from 202.139.196.49 port 46176 ssh2
Sep 29 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Received disconnect from 202.139.196.49 port 46176:11: Bye Bye [preauth]
Sep 29 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Disconnected from 202.139.196.49 port 46176 [preauth]
Sep 29 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2411]: Connection closed by 162.144.236.216 port 58202 [preauth]
Sep 29 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Failed password for root from 162.144.236.216 port 36070 ssh2
Sep 29 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Connection closed by 162.144.236.216 port 36070 [preauth]
Sep 29 14:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2465]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2543]: Successful su for rubyman by root
Sep 29 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2543]: + ??? root:rubyman
Sep 29 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315384 of user rubyman.
Sep 29 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2543]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315384.
Sep 29 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31933]: pam_unix(cron:session): session closed for user root
Sep 29 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: Failed password for root from 162.144.236.216 port 41958 ssh2
Sep 29 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2463]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: Connection closed by 162.144.236.216 port 41958 [preauth]
Sep 29 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Failed password for root from 162.144.236.216 port 50002 ssh2
Sep 29 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Connection closed by 162.144.236.216 port 50002 [preauth]
Sep 29 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Invalid user sharon from 101.36.98.91
Sep 29 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: input_userauth_request: invalid user sharon [preauth]
Sep 29 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Failed password for invalid user sharon from 101.36.98.91 port 35944 ssh2
Sep 29 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Received disconnect from 101.36.98.91 port 35944:11: Bye Bye [preauth]
Sep 29 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Disconnected from 101.36.98.91 port 35944 [preauth]
Sep 29 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for root from 162.144.236.216 port 58512 ssh2
Sep 29 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Connection closed by 162.144.236.216 port 58512 [preauth]
Sep 29 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user root
Sep 29 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Invalid user sharon from 212.193.3.74
Sep 29 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: input_userauth_request: invalid user sharon [preauth]
Sep 29 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2833]: Did not receive identification string from 162.144.236.216
Sep 29 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Failed password for invalid user sharon from 212.193.3.74 port 45666 ssh2
Sep 29 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Received disconnect from 212.193.3.74 port 45666:11: Bye Bye [preauth]
Sep 29 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Disconnected from 212.193.3.74 port 45666 [preauth]
Sep 29 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Invalid user sharon from 202.139.196.49
Sep 29 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: input_userauth_request: invalid user sharon [preauth]
Sep 29 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Failed password for invalid user sharon from 202.139.196.49 port 34486 ssh2
Sep 29 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Received disconnect from 202.139.196.49 port 34486:11: Bye Bye [preauth]
Sep 29 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Disconnected from 202.139.196.49 port 34486 [preauth]
Sep 29 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Failed password for root from 162.144.236.216 port 39242 ssh2
Sep 29 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2850]: Connection closed by 162.144.236.216 port 39242 [preauth]
Sep 29 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2921]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2980]: Successful su for rubyman by root
Sep 29 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2980]: + ??? root:rubyman
Sep 29 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315389 of user rubyman.
Sep 29 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2980]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315389.
Sep 29 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session closed for user root
Sep 29 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for root from 162.144.236.216 port 48618 ssh2
Sep 29 14:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection closed by 162.144.236.216 port 48618 [preauth]
Sep 29 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3185]: Did not receive identification string from 195.184.76.71
Sep 29 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for root from 162.144.236.216 port 54148 ssh2
Sep 29 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Connection closed by 162.144.236.216 port 54148 [preauth]
Sep 29 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Failed password for root from 162.144.236.216 port 32878 ssh2
Sep 29 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Failed password for root from 101.36.98.91 port 32790 ssh2
Sep 29 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Connection closed by 162.144.236.216 port 32878 [preauth]
Sep 29 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Received disconnect from 101.36.98.91 port 32790:11: Bye Bye [preauth]
Sep 29 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Disconnected from 101.36.98.91 port 32790 [preauth]
Sep 29 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Did not receive identification string from 195.184.76.69
Sep 29 14:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Failed password for root from 162.144.236.216 port 40008 ssh2
Sep 29 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1969]: pam_unix(cron:session): session closed for user root
Sep 29 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Connection closed by 162.144.236.216 port 40008 [preauth]
Sep 29 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Failed password for root from 212.193.3.74 port 51448 ssh2
Sep 29 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Received disconnect from 212.193.3.74 port 51448:11: Bye Bye [preauth]
Sep 29 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Disconnected from 212.193.3.74 port 51448 [preauth]
Sep 29 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Failed password for root from 162.144.236.216 port 47684 ssh2
Sep 29 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Connection closed by 162.144.236.216 port 47684 [preauth]
Sep 29 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 162.144.236.216 port 54284 ssh2
Sep 29 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Connection closed by 162.144.236.216 port 54284 [preauth]
Sep 29 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: Failed password for root from 162.144.236.216 port 59756 ssh2
Sep 29 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3335]: Connection closed by 162.144.236.216 port 59756 [preauth]
Sep 29 14:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Invalid user local from 152.200.181.42
Sep 29 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: input_userauth_request: invalid user local [preauth]
Sep 29 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Failed password for invalid user local from 152.200.181.42 port 56195 ssh2
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Received disconnect from 152.200.181.42 port 56195:11: Bye Bye [preauth]
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3348]: Disconnected from 152.200.181.42 port 56195 [preauth]
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3366]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: Successful su for rubyman by root
Sep 29 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: + ??? root:rubyman
Sep 29 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315393 of user rubyman.
Sep 29 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3429]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315393.
Sep 29 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[452]: pam_unix(cron:session): session closed for user root
Sep 29 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Failed password for root from 162.144.236.216 port 37982 ssh2
Sep 29 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Connection closed by 162.144.236.216 port 37982 [preauth]
Sep 29 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Invalid user zomboid from 202.139.196.49
Sep 29 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: input_userauth_request: invalid user zomboid [preauth]
Sep 29 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Failed password for invalid user zomboid from 202.139.196.49 port 52650 ssh2
Sep 29 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Received disconnect from 202.139.196.49 port 52650:11: Bye Bye [preauth]
Sep 29 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Disconnected from 202.139.196.49 port 52650 [preauth]
Sep 29 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Failed password for root from 162.144.236.216 port 44858 ssh2
Sep 29 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Connection closed by 162.144.236.216 port 44858 [preauth]
Sep 29 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for root from 162.144.236.216 port 52722 ssh2
Sep 29 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: Invalid user neo4j from 101.36.98.91
Sep 29 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: input_userauth_request: invalid user neo4j [preauth]
Sep 29 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Connection closed by 162.144.236.216 port 52722 [preauth]
Sep 29 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: Failed password for invalid user neo4j from 101.36.98.91 port 36360 ssh2
Sep 29 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: Received disconnect from 101.36.98.91 port 36360:11: Bye Bye [preauth]
Sep 29 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: Disconnected from 101.36.98.91 port 36360 [preauth]
Sep 29 14:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Failed password for root from 162.144.236.216 port 59470 ssh2
Sep 29 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Connection closed by 162.144.236.216 port 59470 [preauth]
Sep 29 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2466]: pam_unix(cron:session): session closed for user root
Sep 29 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Failed password for root from 162.144.236.216 port 36928 ssh2
Sep 29 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Failed password for root from 212.193.3.74 port 53154 ssh2
Sep 29 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Received disconnect from 212.193.3.74 port 53154:11: Bye Bye [preauth]
Sep 29 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Disconnected from 212.193.3.74 port 53154 [preauth]
Sep 29 14:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Connection closed by 162.144.236.216 port 36928 [preauth]
Sep 29 14:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: Failed password for root from 162.144.236.216 port 43020 ssh2
Sep 29 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: Connection closed by 162.144.236.216 port 43020 [preauth]
Sep 29 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Invalid user user from 62.60.131.157
Sep 29 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: input_userauth_request: invalid user user [preauth]
Sep 29 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: Failed password for root from 162.144.236.216 port 51182 ssh2
Sep 29 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3787]: Connection closed by 162.144.236.216 port 51182 [preauth]
Sep 29 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for invalid user user from 62.60.131.157 port 59618 ssh2
Sep 29 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for invalid user user from 62.60.131.157 port 59618 ssh2
Sep 29 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for invalid user user from 62.60.131.157 port 59618 ssh2
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3815]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3890]: Successful su for rubyman by root
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3890]: + ??? root:rubyman
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315397 of user rubyman.
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3890]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315397.
Sep 29 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for invalid user user from 62.60.131.157 port 59618 ssh2
Sep 29 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Failed password for root from 162.144.236.216 port 56712 ssh2
Sep 29 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[982]: pam_unix(cron:session): session closed for user root
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Failed password for invalid user user from 62.60.131.157 port 59618 ssh2
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Received disconnect from 62.60.131.157 port 59618:11: Bye [preauth]
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: Disconnected from 62.60.131.157 port 59618 [preauth]
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3799]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Connection closed by 162.144.236.216 port 56712 [preauth]
Sep 29 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3816]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for root from 162.144.236.216 port 35362 ssh2
Sep 29 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Invalid user noc from 103.206.72.2
Sep 29 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: input_userauth_request: invalid user noc [preauth]
Sep 29 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2
Sep 29 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Connection closed by 162.144.236.216 port 35362 [preauth]
Sep 29 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Failed password for invalid user noc from 103.206.72.2 port 53870 ssh2
Sep 29 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Received disconnect from 103.206.72.2 port 53870:11: Bye Bye [preauth]
Sep 29 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4096]: Disconnected from 103.206.72.2 port 53870 [preauth]
Sep 29 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Invalid user donald from 202.139.196.49
Sep 29 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: input_userauth_request: invalid user donald [preauth]
Sep 29 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Failed password for invalid user donald from 202.139.196.49 port 42384 ssh2
Sep 29 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Received disconnect from 202.139.196.49 port 42384:11: Bye Bye [preauth]
Sep 29 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Disconnected from 202.139.196.49 port 42384 [preauth]
Sep 29 14:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Failed password for root from 162.144.236.216 port 42678 ssh2
Sep 29 14:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Connection closed by 162.144.236.216 port 42678 [preauth]
Sep 29 14:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Failed password for root from 101.36.98.91 port 52772 ssh2
Sep 29 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Received disconnect from 101.36.98.91 port 52772:11: Bye Bye [preauth]
Sep 29 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4175]: Disconnected from 101.36.98.91 port 52772 [preauth]
Sep 29 14:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for root from 162.144.236.216 port 50880 ssh2
Sep 29 14:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Connection closed by 162.144.236.216 port 50880 [preauth]
Sep 29 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2921]: pam_unix(cron:session): session closed for user root
Sep 29 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Failed password for root from 212.193.3.74 port 57400 ssh2
Sep 29 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Received disconnect from 212.193.3.74 port 57400:11: Bye Bye [preauth]
Sep 29 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Disconnected from 212.193.3.74 port 57400 [preauth]
Sep 29 14:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Failed password for root from 162.144.236.216 port 56178 ssh2
Sep 29 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Connection closed by 162.144.236.216 port 56178 [preauth]
Sep 29 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: Failed password for root from 162.144.236.216 port 34662 ssh2
Sep 29 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: Connection closed by 162.144.236.216 port 34662 [preauth]
Sep 29 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: Failed password for root from 162.144.236.216 port 42706 ssh2
Sep 29 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4260]: Connection closed by 162.144.236.216 port 42706 [preauth]
Sep 29 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4294]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4292]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4291]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4293]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4294]: pam_unix(cron:session): session closed for user root
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4288]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4360]: Successful su for rubyman by root
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4360]: + ??? root:rubyman
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315400 of user rubyman.
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4360]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315400.
Sep 29 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Failed password for root from 162.144.236.216 port 48752 ssh2
Sep 29 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4291]: pam_unix(cron:session): session closed for user root
Sep 29 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Connection closed by 162.144.236.216 port 48752 [preauth]
Sep 29 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
Sep 29 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4290]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: Failed password for root from 162.144.236.216 port 53962 ssh2
Sep 29 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: Connection closed by 162.144.236.216 port 53962 [preauth]
Sep 29 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Invalid user jak from 152.200.181.42
Sep 29 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: input_userauth_request: invalid user jak [preauth]
Sep 29 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Failed password for invalid user jak from 152.200.181.42 port 40313 ssh2
Sep 29 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Received disconnect from 152.200.181.42 port 40313:11: Bye Bye [preauth]
Sep 29 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Disconnected from 152.200.181.42 port 40313 [preauth]
Sep 29 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: Failed password for root from 162.144.236.216 port 34086 ssh2
Sep 29 14:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4620]: Connection closed by 162.144.236.216 port 34086 [preauth]
Sep 29 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Failed password for root from 101.36.98.91 port 43518 ssh2
Sep 29 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Received disconnect from 101.36.98.91 port 43518:11: Bye Bye [preauth]
Sep 29 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Disconnected from 101.36.98.91 port 43518 [preauth]
Sep 29 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Invalid user nokia from 202.139.196.49
Sep 29 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: input_userauth_request: invalid user nokia [preauth]
Sep 29 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: Failed password for root from 162.144.236.216 port 41446 ssh2
Sep 29 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Failed password for root from 212.193.3.74 port 48520 ssh2
Sep 29 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Received disconnect from 212.193.3.74 port 48520:11: Bye Bye [preauth]
Sep 29 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Disconnected from 212.193.3.74 port 48520 [preauth]
Sep 29 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: Connection closed by 162.144.236.216 port 41446 [preauth]
Sep 29 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session closed for user root
Sep 29 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Failed password for invalid user nokia from 202.139.196.49 port 33388 ssh2
Sep 29 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Received disconnect from 202.139.196.49 port 33388:11: Bye Bye [preauth]
Sep 29 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Disconnected from 202.139.196.49 port 33388 [preauth]
Sep 29 14:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Failed password for root from 162.144.236.216 port 49098 ssh2
Sep 29 14:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4686]: Connection closed by 162.144.236.216 port 49098 [preauth]
Sep 29 14:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Failed password for root from 162.144.236.216 port 56772 ssh2
Sep 29 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Connection closed by 162.144.236.216 port 56772 [preauth]
Sep 29 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4850]: Successful su for rubyman by root
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4850]: + ??? root:rubyman
Sep 29 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315406 of user rubyman.
Sep 29 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4850]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315406.
Sep 29 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Failed password for root from 162.144.236.216 port 36542 ssh2
Sep 29 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Connection closed by 162.144.236.216 port 36542 [preauth]
Sep 29 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session closed for user root
Sep 29 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4945]: Failed password for root from 162.144.236.216 port 44596 ssh2
Sep 29 14:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4945]: Connection closed by 162.144.236.216 port 44596 [preauth]
Sep 29 14:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Failed password for root from 162.144.236.216 port 51454 ssh2
Sep 29 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5078]: Connection closed by 162.144.236.216 port 51454 [preauth]
Sep 29 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Invalid user zcm from 101.36.98.91
Sep 29 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: input_userauth_request: invalid user zcm [preauth]
Sep 29 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Failed password for invalid user zcm from 101.36.98.91 port 54040 ssh2
Sep 29 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Received disconnect from 101.36.98.91 port 54040:11: Bye Bye [preauth]
Sep 29 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5109]: Disconnected from 101.36.98.91 port 54040 [preauth]
Sep 29 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Failed password for root from 162.144.236.216 port 58060 ssh2
Sep 29 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5123]: Connection closed by 162.144.236.216 port 58060 [preauth]
Sep 29 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5146]: Failed password for root from 212.193.3.74 port 37116 ssh2
Sep 29 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5146]: Received disconnect from 212.193.3.74 port 37116:11: Bye Bye [preauth]
Sep 29 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5146]: Disconnected from 212.193.3.74 port 37116 [preauth]
Sep 29 14:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Failed password for root from 162.144.236.216 port 33766 ssh2
Sep 29 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Connection closed by 162.144.236.216 port 33766 [preauth]
Sep 29 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3818]: pam_unix(cron:session): session closed for user root
Sep 29 14:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Invalid user god from 202.139.196.49
Sep 29 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: input_userauth_request: invalid user god [preauth]
Sep 29 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Failed password for invalid user god from 202.139.196.49 port 50066 ssh2
Sep 29 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Received disconnect from 202.139.196.49 port 50066:11: Bye Bye [preauth]
Sep 29 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Disconnected from 202.139.196.49 port 50066 [preauth]
Sep 29 14:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: Failed password for root from 162.144.236.216 port 41242 ssh2
Sep 29 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5174]: Connection closed by 162.144.236.216 port 41242 [preauth]
Sep 29 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Failed password for root from 162.144.236.216 port 46938 ssh2
Sep 29 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Connection closed by 162.144.236.216 port 46938 [preauth]
Sep 29 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Invalid user test from 93.152.230.176
Sep 29 14:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: input_userauth_request: invalid user test [preauth]
Sep 29 14:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 14:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Failed password for root from 162.144.236.216 port 55230 ssh2
Sep 29 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Failed password for invalid user test from 93.152.230.176 port 17932 ssh2
Sep 29 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Received disconnect from 93.152.230.176 port 17932:11: Client disconnecting normally [preauth]
Sep 29 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Disconnected from 93.152.230.176 port 17932 [preauth]
Sep 29 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Connection closed by 162.144.236.216 port 55230 [preauth]
Sep 29 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: Successful su for rubyman by root
Sep 29 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: + ??? root:rubyman
Sep 29 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315411 of user rubyman.
Sep 29 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5420]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315411.
Sep 29 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2465]: pam_unix(cron:session): session closed for user root
Sep 29 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5259]: Failed password for root from 162.144.236.216 port 33650 ssh2
Sep 29 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5259]: Connection closed by 162.144.236.216 port 33650 [preauth]
Sep 29 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Failed password for root from 162.144.236.216 port 41402 ssh2
Sep 29 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Invalid user partimag from 167.99.55.34
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: input_userauth_request: invalid user partimag [preauth]
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Connection closed by 162.144.236.216 port 41402 [preauth]
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Failed password for root from 101.36.98.91 port 47984 ssh2
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Received disconnect from 101.36.98.91 port 47984:11: Bye Bye [preauth]
Sep 29 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5649]: Disconnected from 101.36.98.91 port 47984 [preauth]
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Failed password for invalid user partimag from 167.99.55.34 port 58820 ssh2
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Connection closed by 167.99.55.34 port 58820 [preauth]
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Invalid user superadmin from 212.193.3.74
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Failed password for invalid user superadmin from 212.193.3.74 port 59704 ssh2
Sep 29 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Received disconnect from 212.193.3.74 port 59704:11: Bye Bye [preauth]
Sep 29 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Disconnected from 212.193.3.74 port 59704 [preauth]
Sep 29 14:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: Failed password for root from 162.144.236.216 port 47840 ssh2
Sep 29 14:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: Connection closed by 162.144.236.216 port 47840 [preauth]
Sep 29 14:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Invalid user flutter from 185.50.38.169
Sep 29 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: input_userauth_request: invalid user flutter [preauth]
Sep 29 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Failed password for root from 162.144.236.216 port 55490 ssh2
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Connection closed by 162.144.236.216 port 55490 [preauth]
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Failed password for invalid user flutter from 185.50.38.169 port 55316 ssh2
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Received disconnect from 185.50.38.169 port 55316:11: Bye Bye [preauth]
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Disconnected from 185.50.38.169 port 55316 [preauth]
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4293]: pam_unix(cron:session): session closed for user root
Sep 29 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Invalid user in from 152.200.181.42
Sep 29 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: input_userauth_request: invalid user in [preauth]
Sep 29 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for invalid user in from 152.200.181.42 port 52653 ssh2
Sep 29 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Invalid user sambauser from 202.139.196.49
Sep 29 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: input_userauth_request: invalid user sambauser [preauth]
Sep 29 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Received disconnect from 152.200.181.42 port 52653:11: Bye Bye [preauth]
Sep 29 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Disconnected from 152.200.181.42 port 52653 [preauth]
Sep 29 14:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Failed password for root from 162.144.236.216 port 33318 ssh2
Sep 29 14:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for invalid user sambauser from 202.139.196.49 port 37616 ssh2
Sep 29 14:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Received disconnect from 202.139.196.49 port 37616:11: Bye Bye [preauth]
Sep 29 14:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Disconnected from 202.139.196.49 port 37616 [preauth]
Sep 29 14:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Connection closed by 162.144.236.216 port 33318 [preauth]
Sep 29 14:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Failed password for root from 162.144.236.216 port 40198 ssh2
Sep 29 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Connection closed by 162.144.236.216 port 40198 [preauth]
Sep 29 14:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Failed password for root from 162.144.236.216 port 47152 ssh2
Sep 29 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Connection closed by 162.144.236.216 port 47152 [preauth]
Sep 29 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5822]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: Successful su for rubyman by root
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: + ??? root:rubyman
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315415 of user rubyman.
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5892]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315415.
Sep 29 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user root
Sep 29 14:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5823]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Failed password for root from 162.144.236.216 port 54768 ssh2
Sep 29 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Connection closed by 162.144.236.216 port 54768 [preauth]
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Invalid user sambauser from 212.193.3.74
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: input_userauth_request: invalid user sambauser [preauth]
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 14:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Failed password for invalid user sambauser from 212.193.3.74 port 33628 ssh2
Sep 29 14:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Received disconnect from 212.193.3.74 port 33628:11: Bye Bye [preauth]
Sep 29 14:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Disconnected from 212.193.3.74 port 33628 [preauth]
Sep 29 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: Failed password for root from 101.36.98.91 port 44668 ssh2
Sep 29 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: Received disconnect from 101.36.98.91 port 44668:11: Bye Bye [preauth]
Sep 29 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6106]: Disconnected from 101.36.98.91 port 44668 [preauth]
Sep 29 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for root from 162.144.236.216 port 34406 ssh2
Sep 29 14:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Connection closed by 162.144.236.216 port 34406 [preauth]
Sep 29 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session closed for user root
Sep 29 14:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Bad protocol version identification '\026\003\003\001\246\001' from 195.184.76.68 port 34323
Sep 29 14:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Failed password for root from 162.144.236.216 port 40564 ssh2
Sep 29 14:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6207]: Did not receive identification string from 195.184.76.69
Sep 29 14:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Connection closed by 162.144.236.216 port 40564 [preauth]
Sep 29 14:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Invalid user foundry from 202.139.196.49
Sep 29 14:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: input_userauth_request: invalid user foundry [preauth]
Sep 29 14:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 14:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Failed password for invalid user foundry from 202.139.196.49 port 53786 ssh2
Sep 29 14:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Received disconnect from 202.139.196.49 port 53786:11: Bye Bye [preauth]
Sep 29 14:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Disconnected from 202.139.196.49 port 53786 [preauth]
Sep 29 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for root from 162.144.236.216 port 48486 ssh2
Sep 29 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Connection closed by 162.144.236.216 port 48486 [preauth]
Sep 29 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session closed for user p13x
Sep 29 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: Successful su for rubyman by root
Sep 29 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: + ??? root:rubyman
Sep 29 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315420 of user rubyman.
Sep 29 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: pam_unix(su:session): session closed for user rubyman
Sep 29 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315420.
Sep 29 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: Failed password for root from 162.144.236.216 port 56600 ssh2
Sep 29 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6263]: Connection closed by 162.144.236.216 port 56600 [preauth]
Sep 29 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Invalid user runcloud from 212.193.3.74
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: input_userauth_request: invalid user runcloud [preauth]
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session closed for user root
Sep 29 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2  user=root
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for invalid user runcloud from 212.193.3.74 port 53570 ssh2
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Received disconnect from 212.193.3.74 port 53570:11: Bye Bye [preauth]
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Disconnected from 212.193.3.74 port 53570 [preauth]
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: Failed password for root from 103.206.72.2 port 56404 ssh2
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: Received disconnect from 103.206.72.2 port 56404:11: Bye Bye [preauth]
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: Disconnected from 103.206.72.2 port 56404 [preauth]
Sep 29 14:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user samftp
Sep 29 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Invalid user caja from 101.36.98.91
Sep 29 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: input_userauth_request: invalid user caja [preauth]
Sep 29 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Failed password for invalid user caja from 101.36.98.91 port 39498 ssh2
Sep 29 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Received disconnect from 101.36.98.91 port 39498:11: Bye Bye [preauth]
Sep 29 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Disconnected from 101.36.98.91 port 39498 [preauth]
Sep 29 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Failed password for root from 162.144.236.216 port 35212 ssh2
Sep 29 14:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Connection closed by 162.144.236.216 port 35212 [preauth]
Sep 29 14:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Failed password for root from 162.144.236.216 port 41548 ssh2
Sep 29 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Connection closed by 162.144.236.216 port 41548 [preauth]
Sep 29 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Invalid user chris from 185.50.38.169
Sep 29 14:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: input_userauth_request: invalid user chris [preauth]
Sep 29 14:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 14:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Failed password for invalid user chris from 185.50.38.169 port 3030 ssh2
Sep 29 14:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Received disconnect from 185.50.38.169 port 3030:11: Bye Bye [preauth]
Sep 29 14:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Disconnected from 185.50.38.169 port 3030 [preauth]
Sep 29 14:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6695]: Failed password for root from 162.144.236.216 port 47388 ssh2
Sep 29 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6695]: Connection closed by 162.144.236.216 port 47388 [preauth]
Sep 29 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session closed for user root
Sep 29 14:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Failed password for root from 162.144.236.216 port 53698 ssh2
Sep 29 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Connection closed by 162.144.236.216 port 53698 [preauth]
Sep 29 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Failed password for root from 162.144.236.216 port 60392 ssh2
Sep 29 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6776]: Connection closed by 162.144.236.216 port 60392 [preauth]
Sep 29 14:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 14:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Failed password for root from 202.139.196.49 port 42288 ssh2
Sep 29 14:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Received disconnect from 202.139.196.49 port 42288:11: Bye Bye [preauth]
Sep 29 14:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Disconnected from 202.139.196.49 port 42288 [preauth]
Sep 29 14:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Failed password for root from 162.144.236.216 port 38438 ssh2
Sep 29 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Connection closed by 162.144.236.216 port 38438 [preauth]
Sep 29 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Invalid user user from 80.94.95.112
Sep 29 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: input_userauth_request: invalid user user [preauth]
Sep 29 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 14:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for invalid user user from 80.94.95.112 port 64442 ssh2
Sep 29 14:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 14:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Invalid user marina from 212.193.3.74
Sep 29 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: input_userauth_request: invalid user marina [preauth]
Sep 29 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6845]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session closed for user root
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session closed for user root
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6841]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for invalid user user from 80.94.95.112 port 64442 ssh2
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: Successful su for rubyman by root
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: + ??? root:rubyman
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315425 of user rubyman.
Sep 29 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6957]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315425.
Sep 29 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Failed password for invalid user marina from 212.193.3.74 port 33992 ssh2
Sep 29 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Received disconnect from 212.193.3.74 port 33992:11: Bye Bye [preauth]
Sep 29 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6838]: Disconnected from 212.193.3.74 port 33992 [preauth]
Sep 29 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Connection closed by 152.200.181.42 port 36808 [preauth]
Sep 29 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for root from 162.144.236.216 port 47216 ssh2
Sep 29 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for invalid user user from 80.94.95.112 port 64442 ssh2
Sep 29 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Connection closed by 162.144.236.216 port 47216 [preauth]
Sep 29 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6845]: pam_unix(cron:session): session closed for user root
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session closed for user root
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for invalid user user from 80.94.95.112 port 64442 ssh2
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Invalid user marina from 101.36.98.91
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: input_userauth_request: invalid user marina [preauth]
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for invalid user user from 80.94.95.112 port 64442 ssh2
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Received disconnect from 80.94.95.112 port 64442:11: Bye [preauth]
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Disconnected from 80.94.95.112 port 64442 [preauth]
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Failed password for invalid user marina from 101.36.98.91 port 41018 ssh2
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Received disconnect from 101.36.98.91 port 41018:11: Bye Bye [preauth]
Sep 29 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Disconnected from 101.36.98.91 port 41018 [preauth]
Sep 29 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7105]: Failed password for root from 162.144.236.216 port 53138 ssh2
Sep 29 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7105]: Connection closed by 162.144.236.216 port 53138 [preauth]
Sep 29 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Invalid user spectrum from 185.50.38.169
Sep 29 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: input_userauth_request: invalid user spectrum [preauth]
Sep 29 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Failed password for invalid user spectrum from 185.50.38.169 port 56060 ssh2
Sep 29 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Failed password for root from 162.144.236.216 port 57780 ssh2
Sep 29 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Received disconnect from 185.50.38.169 port 56060:11: Bye Bye [preauth]
Sep 29 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Disconnected from 185.50.38.169 port 56060 [preauth]
Sep 29 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7305]: Connection closed by 162.144.236.216 port 57780 [preauth]
Sep 29 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5825]: pam_unix(cron:session): session closed for user root
Sep 29 15:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Failed password for root from 162.144.236.216 port 39704 ssh2
Sep 29 15:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7438]: Connection closed by 162.144.236.216 port 39704 [preauth]
Sep 29 15:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for root from 162.144.236.216 port 47260 ssh2
Sep 29 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Failed password for root from 212.193.3.74 port 36772 ssh2
Sep 29 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Received disconnect from 212.193.3.74 port 36772:11: Bye Bye [preauth]
Sep 29 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7493]: Disconnected from 212.193.3.74 port 36772 [preauth]
Sep 29 15:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Connection closed by 162.144.236.216 port 47260 [preauth]
Sep 29 15:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7495]: Failed password for root from 202.139.196.49 port 60656 ssh2
Sep 29 15:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7495]: Received disconnect from 202.139.196.49 port 60656:11: Bye Bye [preauth]
Sep 29 15:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7495]: Disconnected from 202.139.196.49 port 60656 [preauth]
Sep 29 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7509]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: Successful su for rubyman by root
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: + ??? root:rubyman
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315429 of user rubyman.
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315429.
Sep 29 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Invalid user admin from 62.60.131.157
Sep 29 15:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4292]: pam_unix(cron:session): session closed for user root
Sep 29 15:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: Failed password for root from 162.144.236.216 port 53810 ssh2
Sep 29 15:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Failed password for invalid user admin from 62.60.131.157 port 62687 ssh2
Sep 29 15:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7497]: Connection closed by 162.144.236.216 port 53810 [preauth]
Sep 29 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7510]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Failed password for invalid user admin from 62.60.131.157 port 62687 ssh2
Sep 29 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Failed password for invalid user admin from 62.60.131.157 port 62687 ssh2
Sep 29 15:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Invalid user admin from 101.36.98.91
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Failed password for invalid user admin from 62.60.131.157 port 62687 ssh2
Sep 29 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for invalid user admin from 101.36.98.91 port 41404 ssh2
Sep 29 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7798]: Failed password for root from 162.144.236.216 port 60422 ssh2
Sep 29 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Received disconnect from 101.36.98.91 port 41404:11: Bye Bye [preauth]
Sep 29 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Disconnected from 101.36.98.91 port 41404 [preauth]
Sep 29 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Failed password for invalid user admin from 62.60.131.157 port 62687 ssh2
Sep 29 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Received disconnect from 62.60.131.157 port 62687:11: Bye [preauth]
Sep 29 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Disconnected from 62.60.131.157 port 62687 [preauth]
Sep 29 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 15:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7798]: Connection closed by 162.144.236.216 port 60422 [preauth]
Sep 29 15:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for root from 162.144.236.216 port 38994 ssh2
Sep 29 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Connection closed by 162.144.236.216 port 38994 [preauth]
Sep 29 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Failed password for root from 162.144.236.216 port 43192 ssh2
Sep 29 15:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Connection closed by 162.144.236.216 port 43192 [preauth]
Sep 29 15:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Invalid user user from 194.0.234.19
Sep 29 15:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: input_userauth_request: invalid user user [preauth]
Sep 29 15:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 15:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Invalid user tmpuser from 185.50.38.169
Sep 29 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: input_userauth_request: invalid user tmpuser [preauth]
Sep 29 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for invalid user user from 194.0.234.19 port 52938 ssh2
Sep 29 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Connection closed by 194.0.234.19 port 52938 [preauth]
Sep 29 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Failed password for root from 162.144.236.216 port 48578 ssh2
Sep 29 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Failed password for invalid user tmpuser from 185.50.38.169 port 14034 ssh2
Sep 29 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7898]: Connection closed by 162.144.236.216 port 48578 [preauth]
Sep 29 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Received disconnect from 185.50.38.169 port 14034:11: Bye Bye [preauth]
Sep 29 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7901]: Disconnected from 185.50.38.169 port 14034 [preauth]
Sep 29 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user root
Sep 29 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Invalid user minecraft from 103.206.72.2
Sep 29 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2
Sep 29 15:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Failed password for invalid user minecraft from 103.206.72.2 port 40620 ssh2
Sep 29 15:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Received disconnect from 103.206.72.2 port 40620:11: Bye Bye [preauth]
Sep 29 15:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7939]: Disconnected from 103.206.72.2 port 40620 [preauth]
Sep 29 15:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: Failed password for root from 162.144.236.216 port 52912 ssh2
Sep 29 15:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: Connection closed by 162.144.236.216 port 52912 [preauth]
Sep 29 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Invalid user zomboid from 212.193.3.74
Sep 29 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: input_userauth_request: invalid user zomboid [preauth]
Sep 29 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Failed password for invalid user zomboid from 212.193.3.74 port 33768 ssh2
Sep 29 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Received disconnect from 212.193.3.74 port 33768:11: Bye Bye [preauth]
Sep 29 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7976]: Disconnected from 212.193.3.74 port 33768 [preauth]
Sep 29 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for root from 162.144.236.216 port 59816 ssh2
Sep 29 15:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Connection closed by 162.144.236.216 port 59816 [preauth]
Sep 29 15:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: Successful su for rubyman by root
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: + ??? root:rubyman
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315433 of user rubyman.
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8097]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315433.
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7999]: Failed password for root from 162.144.236.216 port 39966 ssh2
Sep 29 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7999]: Connection closed by 162.144.236.216 port 39966 [preauth]
Sep 29 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session closed for user root
Sep 29 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Failed password for root from 202.139.196.49 port 49360 ssh2
Sep 29 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Received disconnect from 202.139.196.49 port 49360:11: Bye Bye [preauth]
Sep 29 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Disconnected from 202.139.196.49 port 49360 [preauth]
Sep 29 15:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Failed password for root from 162.144.236.216 port 48964 ssh2
Sep 29 15:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Connection closed by 162.144.236.216 port 48964 [preauth]
Sep 29 15:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Failed password for root from 101.36.98.91 port 49682 ssh2
Sep 29 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Received disconnect from 101.36.98.91 port 49682:11: Bye Bye [preauth]
Sep 29 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Disconnected from 101.36.98.91 port 49682 [preauth]
Sep 29 15:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Failed password for root from 162.144.236.216 port 55364 ssh2
Sep 29 15:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Connection closed by 162.144.236.216 port 55364 [preauth]
Sep 29 15:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Invalid user systems from 152.200.181.42
Sep 29 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: input_userauth_request: invalid user systems [preauth]
Sep 29 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for invalid user systems from 152.200.181.42 port 49160 ssh2
Sep 29 15:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Received disconnect from 152.200.181.42 port 49160:11: Bye Bye [preauth]
Sep 29 15:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Disconnected from 152.200.181.42 port 49160 [preauth]
Sep 29 15:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for root from 162.144.236.216 port 33454 ssh2
Sep 29 15:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 162.144.236.216 port 33454 [preauth]
Sep 29 15:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Invalid user naveen from 185.50.38.169
Sep 29 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: input_userauth_request: invalid user naveen [preauth]
Sep 29 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Failed password for invalid user naveen from 185.50.38.169 port 48448 ssh2
Sep 29 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Received disconnect from 185.50.38.169 port 48448:11: Bye Bye [preauth]
Sep 29 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Disconnected from 185.50.38.169 port 48448 [preauth]
Sep 29 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Failed password for root from 162.144.236.216 port 38966 ssh2
Sep 29 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8418]: Connection closed by 162.144.236.216 port 38966 [preauth]
Sep 29 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6847]: pam_unix(cron:session): session closed for user root
Sep 29 15:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Failed password for root from 162.144.236.216 port 45570 ssh2
Sep 29 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Invalid user nb from 212.193.3.74
Sep 29 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: input_userauth_request: invalid user nb [preauth]
Sep 29 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Connection closed by 162.144.236.216 port 45570 [preauth]
Sep 29 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Failed password for invalid user nb from 212.193.3.74 port 34776 ssh2
Sep 29 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Received disconnect from 212.193.3.74 port 34776:11: Bye Bye [preauth]
Sep 29 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Disconnected from 212.193.3.74 port 34776 [preauth]
Sep 29 15:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Failed password for root from 162.144.236.216 port 51592 ssh2
Sep 29 15:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Connection closed by 162.144.236.216 port 51592 [preauth]
Sep 29 15:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Failed password for root from 162.144.236.216 port 58948 ssh2
Sep 29 15:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Connection closed by 162.144.236.216 port 58948 [preauth]
Sep 29 15:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8534]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8604]: Successful su for rubyman by root
Sep 29 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8604]: + ??? root:rubyman
Sep 29 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315438 of user rubyman.
Sep 29 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8604]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315438.
Sep 29 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Invalid user superadmin from 101.36.98.91
Sep 29 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session closed for user root
Sep 29 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Failed password for invalid user superadmin from 101.36.98.91 port 54072 ssh2
Sep 29 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Received disconnect from 101.36.98.91 port 54072:11: Bye Bye [preauth]
Sep 29 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Disconnected from 101.36.98.91 port 54072 [preauth]
Sep 29 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Failed password for root from 162.144.236.216 port 37378 ssh2
Sep 29 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Connection closed by 162.144.236.216 port 37378 [preauth]
Sep 29 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: Failed password for root from 202.139.196.49 port 38908 ssh2
Sep 29 15:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: Received disconnect from 202.139.196.49 port 38908:11: Bye Bye [preauth]
Sep 29 15:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8925]: Disconnected from 202.139.196.49 port 38908 [preauth]
Sep 29 15:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Failed password for root from 162.144.236.216 port 45748 ssh2
Sep 29 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8927]: Connection closed by 162.144.236.216 port 45748 [preauth]
Sep 29 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: Failed password for root from 162.144.236.216 port 51770 ssh2
Sep 29 15:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8961]: Connection closed by 162.144.236.216 port 51770 [preauth]
Sep 29 15:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: Invalid user foundry from 185.50.38.169
Sep 29 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: input_userauth_request: invalid user foundry [preauth]
Sep 29 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session closed for user root
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: Failed password for invalid user foundry from 185.50.38.169 port 7384 ssh2
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Failed password for root from 212.193.3.74 port 41566 ssh2
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: Received disconnect from 185.50.38.169 port 7384:11: Bye Bye [preauth]
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9005]: Disconnected from 185.50.38.169 port 7384 [preauth]
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Received disconnect from 212.193.3.74 port 41566:11: Bye Bye [preauth]
Sep 29 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9017]: Disconnected from 212.193.3.74 port 41566 [preauth]
Sep 29 15:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Failed password for root from 162.144.236.216 port 59668 ssh2
Sep 29 15:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Connection closed by 162.144.236.216 port 59668 [preauth]
Sep 29 15:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Failed password for root from 162.144.236.216 port 38582 ssh2
Sep 29 15:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Connection closed by 162.144.236.216 port 38582 [preauth]
Sep 29 15:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Failed password for root from 162.144.236.216 port 44336 ssh2
Sep 29 15:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Invalid user foundry from 101.36.98.91
Sep 29 15:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: input_userauth_request: invalid user foundry [preauth]
Sep 29 15:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Connection closed by 162.144.236.216 port 44336 [preauth]
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: Successful su for rubyman by root
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: + ??? root:rubyman
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315441 of user rubyman.
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315441.
Sep 29 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Failed password for invalid user foundry from 101.36.98.91 port 34126 ssh2
Sep 29 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Received disconnect from 101.36.98.91 port 34126:11: Bye Bye [preauth]
Sep 29 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Disconnected from 101.36.98.91 port 34126 [preauth]
Sep 29 15:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5824]: pam_unix(cron:session): session closed for user root
Sep 29 15:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Failed password for root from 202.139.196.49 port 55092 ssh2
Sep 29 15:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Received disconnect from 202.139.196.49 port 55092:11: Bye Bye [preauth]
Sep 29 15:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Disconnected from 202.139.196.49 port 55092 [preauth]
Sep 29 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Failed password for root from 162.144.236.216 port 53820 ssh2
Sep 29 15:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Connection closed by 162.144.236.216 port 53820 [preauth]
Sep 29 15:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Invalid user foundry from 212.193.3.74
Sep 29 15:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: input_userauth_request: invalid user foundry [preauth]
Sep 29 15:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Failed password for root from 162.144.236.216 port 34538 ssh2
Sep 29 15:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Connection closed by 162.144.236.216 port 34538 [preauth]
Sep 29 15:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Failed password for invalid user foundry from 212.193.3.74 port 36226 ssh2
Sep 29 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Received disconnect from 212.193.3.74 port 36226:11: Bye Bye [preauth]
Sep 29 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Disconnected from 212.193.3.74 port 36226 [preauth]
Sep 29 15:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session closed for user root
Sep 29 15:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Invalid user elk from 185.50.38.169
Sep 29 15:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: input_userauth_request: invalid user elk [preauth]
Sep 29 15:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Failed password for invalid user elk from 185.50.38.169 port 43436 ssh2
Sep 29 15:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Received disconnect from 185.50.38.169 port 43436:11: Bye Bye [preauth]
Sep 29 15:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Disconnected from 185.50.38.169 port 43436 [preauth]
Sep 29 15:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: Failed password for root from 162.144.236.216 port 40910 ssh2
Sep 29 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9578]: Connection closed by 162.144.236.216 port 40910 [preauth]
Sep 29 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: Invalid user monitor from 152.200.181.42
Sep 29 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: input_userauth_request: invalid user monitor [preauth]
Sep 29 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: Failed password for root from 162.144.236.216 port 48096 ssh2
Sep 29 15:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: Connection closed by 162.144.236.216 port 48096 [preauth]
Sep 29 15:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: Failed password for invalid user monitor from 152.200.181.42 port 33282 ssh2
Sep 29 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Invalid user hadoop from 167.99.55.34
Sep 29 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: Received disconnect from 152.200.181.42 port 33282:11: Bye Bye [preauth]
Sep 29 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: Disconnected from 152.200.181.42 port 33282 [preauth]
Sep 29 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Failed password for invalid user hadoop from 167.99.55.34 port 37012 ssh2
Sep 29 15:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Connection closed by 167.99.55.34 port 37012 [preauth]
Sep 29 15:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Failed password for root from 162.144.236.216 port 54222 ssh2
Sep 29 15:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Connection closed by 162.144.236.216 port 54222 [preauth]
Sep 29 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Invalid user god from 101.36.98.91
Sep 29 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: input_userauth_request: invalid user god [preauth]
Sep 29 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Failed password for invalid user god from 101.36.98.91 port 35188 ssh2
Sep 29 15:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Received disconnect from 101.36.98.91 port 35188:11: Bye Bye [preauth]
Sep 29 15:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Disconnected from 101.36.98.91 port 35188 [preauth]
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9794]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: Successful su for rubyman by root
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: + ??? root:rubyman
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315450 of user rubyman.
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315450.
Sep 29 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session closed for user root
Sep 29 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 162.144.236.216 port 60810 ssh2
Sep 29 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user root
Sep 29 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Connection closed by 162.144.236.216 port 60810 [preauth]
Sep 29 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Failed password for root from 162.144.236.216 port 39574 ssh2
Sep 29 15:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Connection closed by 162.144.236.216 port 39574 [preauth]
Sep 29 15:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Failed password for root from 162.144.236.216 port 45424 ssh2
Sep 29 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Connection closed by 162.144.236.216 port 45424 [preauth]
Sep 29 15:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Failed password for root from 202.139.196.49 port 45300 ssh2
Sep 29 15:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Received disconnect from 202.139.196.49 port 45300:11: Bye Bye [preauth]
Sep 29 15:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Disconnected from 202.139.196.49 port 45300 [preauth]
Sep 29 15:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Failed password for root from 212.193.3.74 port 45374 ssh2
Sep 29 15:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Received disconnect from 212.193.3.74 port 45374:11: Bye Bye [preauth]
Sep 29 15:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Disconnected from 212.193.3.74 port 45374 [preauth]
Sep 29 15:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Failed password for root from 162.144.236.216 port 52274 ssh2
Sep 29 15:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Connection closed by 162.144.236.216 port 52274 [preauth]
Sep 29 15:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8534]: pam_unix(cron:session): session closed for user root
Sep 29 15:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Failed password for root from 162.144.236.216 port 60428 ssh2
Sep 29 15:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Invalid user apt from 185.50.38.169
Sep 29 15:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: input_userauth_request: invalid user apt [preauth]
Sep 29 15:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Connection closed by 162.144.236.216 port 60428 [preauth]
Sep 29 15:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Failed password for invalid user apt from 185.50.38.169 port 23354 ssh2
Sep 29 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Received disconnect from 185.50.38.169 port 23354:11: Bye Bye [preauth]
Sep 29 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Disconnected from 185.50.38.169 port 23354 [preauth]
Sep 29 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Failed password for root from 101.36.98.91 port 50226 ssh2
Sep 29 15:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Received disconnect from 101.36.98.91 port 50226:11: Bye Bye [preauth]
Sep 29 15:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Disconnected from 101.36.98.91 port 50226 [preauth]
Sep 29 15:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10321]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10281]: Failed password for root from 162.144.236.216 port 39364 ssh2
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: Successful su for rubyman by root
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: + ??? root:rubyman
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315451 of user rubyman.
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315451.
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10281]: Connection closed by 162.144.236.216 port 39364 [preauth]
Sep 29 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6846]: pam_unix(cron:session): session closed for user root
Sep 29 15:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Failed password for root from 162.144.236.216 port 45750 ssh2
Sep 29 15:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Connection closed by 162.144.236.216 port 45750 [preauth]
Sep 29 15:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Failed password for root from 162.144.236.216 port 50828 ssh2
Sep 29 15:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10620]: Connection closed by 162.144.236.216 port 50828 [preauth]
Sep 29 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Invalid user minecraft from 212.193.3.74
Sep 29 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Failed password for invalid user minecraft from 212.193.3.74 port 50900 ssh2
Sep 29 15:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Received disconnect from 212.193.3.74 port 50900:11: Bye Bye [preauth]
Sep 29 15:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Disconnected from 212.193.3.74 port 50900 [preauth]
Sep 29 15:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Invalid user test123 from 93.152.230.176
Sep 29 15:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: input_userauth_request: invalid user test123 [preauth]
Sep 29 15:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Failed password for root from 162.144.236.216 port 58278 ssh2
Sep 29 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Failed password for invalid user test123 from 93.152.230.176 port 4377 ssh2
Sep 29 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Received disconnect from 93.152.230.176 port 4377:11: Client disconnecting normally [preauth]
Sep 29 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Disconnected from 93.152.230.176 port 4377 [preauth]
Sep 29 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Connection closed by 162.144.236.216 port 58278 [preauth]
Sep 29 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session closed for user root
Sep 29 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: Failed password for root from 202.139.196.49 port 35582 ssh2
Sep 29 15:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: Received disconnect from 202.139.196.49 port 35582:11: Bye Bye [preauth]
Sep 29 15:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10698]: Disconnected from 202.139.196.49 port 35582 [preauth]
Sep 29 15:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Failed password for root from 162.144.236.216 port 37942 ssh2
Sep 29 15:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Connection closed by 162.144.236.216 port 37942 [preauth]
Sep 29 15:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Failed password for root from 162.144.236.216 port 44572 ssh2
Sep 29 15:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10739]: Connection closed by 162.144.236.216 port 44572 [preauth]
Sep 29 15:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Failed password for root from 185.50.38.169 port 34866 ssh2
Sep 29 15:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Received disconnect from 185.50.38.169 port 34866:11: Bye Bye [preauth]
Sep 29 15:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Disconnected from 185.50.38.169 port 34866 [preauth]
Sep 29 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Failed password for root from 162.144.236.216 port 49850 ssh2
Sep 29 15:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: Connection closed by 162.144.236.216 port 49850 [preauth]
Sep 29 15:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Invalid user test from 101.36.98.91
Sep 29 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: input_userauth_request: invalid user test [preauth]
Sep 29 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Failed password for invalid user test from 101.36.98.91 port 33356 ssh2
Sep 29 15:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Received disconnect from 101.36.98.91 port 33356:11: Bye Bye [preauth]
Sep 29 15:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Disconnected from 101.36.98.91 port 33356 [preauth]
Sep 29 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Failed password for root from 162.144.236.216 port 56900 ssh2
Sep 29 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10800]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Connection closed by 162.144.236.216 port 56900 [preauth]
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10869]: Successful su for rubyman by root
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10869]: + ??? root:rubyman
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315455 of user rubyman.
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10869]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315455.
Sep 29 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7512]: pam_unix(cron:session): session closed for user root
Sep 29 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 15:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Failed password for root from 162.144.236.216 port 33954 ssh2
Sep 29 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Failed password for root from 152.200.181.42 port 45637 ssh2
Sep 29 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Connection closed by 162.144.236.216 port 33954 [preauth]
Sep 29 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Received disconnect from 152.200.181.42 port 45637:11: Bye Bye [preauth]
Sep 29 15:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11042]: Disconnected from 152.200.181.42 port 45637 [preauth]
Sep 29 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Failed password for root from 162.144.236.216 port 40040 ssh2
Sep 29 15:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11082]: Connection closed by 162.144.236.216 port 40040 [preauth]
Sep 29 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Failed password for root from 212.193.3.74 port 45624 ssh2
Sep 29 15:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Received disconnect from 212.193.3.74 port 45624:11: Bye Bye [preauth]
Sep 29 15:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Disconnected from 212.193.3.74 port 45624 [preauth]
Sep 29 15:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Failed password for root from 162.144.236.216 port 47020 ssh2
Sep 29 15:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11108]: Connection closed by 162.144.236.216 port 47020 [preauth]
Sep 29 15:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9794]: pam_unix(cron:session): session closed for user root
Sep 29 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11141]: Failed password for root from 162.144.236.216 port 53574 ssh2
Sep 29 15:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11141]: Connection closed by 162.144.236.216 port 53574 [preauth]
Sep 29 15:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Failed password for root from 162.144.236.216 port 60202 ssh2
Sep 29 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Failed password for root from 202.139.196.49 port 52680 ssh2
Sep 29 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Connection closed by 162.144.236.216 port 60202 [preauth]
Sep 29 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Received disconnect from 202.139.196.49 port 52680:11: Bye Bye [preauth]
Sep 29 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Disconnected from 202.139.196.49 port 52680 [preauth]
Sep 29 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Failed password for root from 162.144.236.216 port 38460 ssh2
Sep 29 15:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Connection closed by 162.144.236.216 port 38460 [preauth]
Sep 29 15:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Failed password for root from 185.50.38.169 port 41764 ssh2
Sep 29 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Received disconnect from 185.50.38.169 port 41764:11: Bye Bye [preauth]
Sep 29 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Disconnected from 185.50.38.169 port 41764 [preauth]
Sep 29 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Failed password for root from 162.144.236.216 port 46300 ssh2
Sep 29 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11231]: Connection closed by 162.144.236.216 port 46300 [preauth]
Sep 29 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for root from 101.36.98.91 port 35446 ssh2
Sep 29 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Received disconnect from 101.36.98.91 port 35446:11: Bye Bye [preauth]
Sep 29 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Disconnected from 101.36.98.91 port 35446 [preauth]
Sep 29 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: Successful su for rubyman by root
Sep 29 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: + ??? root:rubyman
Sep 29 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315459 of user rubyman.
Sep 29 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11325]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315459.
Sep 29 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session closed for user root
Sep 29 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Failed password for root from 162.144.236.216 port 51948 ssh2
Sep 29 15:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11247]: Connection closed by 162.144.236.216 port 51948 [preauth]
Sep 29 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Failed password for root from 162.144.236.216 port 57572 ssh2
Sep 29 15:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for root from 212.193.3.74 port 38784 ssh2
Sep 29 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Received disconnect from 212.193.3.74 port 38784:11: Bye Bye [preauth]
Sep 29 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Disconnected from 212.193.3.74 port 38784 [preauth]
Sep 29 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Connection closed by 162.144.236.216 port 57572 [preauth]
Sep 29 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Failed password for root from 162.144.236.216 port 36792 ssh2
Sep 29 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11554]: Connection closed by 162.144.236.216 port 36792 [preauth]
Sep 29 15:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10321]: pam_unix(cron:session): session closed for user root
Sep 29 15:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Failed password for root from 162.144.236.216 port 45512 ssh2
Sep 29 15:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Connection closed by 162.144.236.216 port 45512 [preauth]
Sep 29 15:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for root from 162.144.236.216 port 52976 ssh2
Sep 29 15:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 162.144.236.216 port 52976 [preauth]
Sep 29 15:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Invalid user test from 202.139.196.49
Sep 29 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: input_userauth_request: invalid user test [preauth]
Sep 29 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Failed password for root from 162.144.236.216 port 59786 ssh2
Sep 29 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Connection closed by 162.144.236.216 port 59786 [preauth]
Sep 29 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Failed password for invalid user test from 202.139.196.49 port 42242 ssh2
Sep 29 15:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Received disconnect from 202.139.196.49 port 42242:11: Bye Bye [preauth]
Sep 29 15:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Disconnected from 202.139.196.49 port 42242 [preauth]
Sep 29 15:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Failed password for root from 101.36.98.91 port 44664 ssh2
Sep 29 15:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Received disconnect from 101.36.98.91 port 44664:11: Bye Bye [preauth]
Sep 29 15:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Disconnected from 101.36.98.91 port 44664 [preauth]
Sep 29 15:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11795]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11798]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11950]: Successful su for rubyman by root
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11950]: + ??? root:rubyman
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315466 of user rubyman.
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11950]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315466.
Sep 29 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11795]: pam_unix(cron:session): session closed for user root
Sep 29 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Failed password for root from 185.50.38.169 port 41590 ssh2
Sep 29 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Received disconnect from 185.50.38.169 port 41590:11: Bye Bye [preauth]
Sep 29 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Disconnected from 185.50.38.169 port 41590 [preauth]
Sep 29 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session closed for user root
Sep 29 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Failed password for root from 162.144.236.216 port 39488 ssh2
Sep 29 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Connection closed by 162.144.236.216 port 39488 [preauth]
Sep 29 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11799]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: Invalid user  from 45.78.196.183
Sep 29 15:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: input_userauth_request: invalid user  [preauth]
Sep 29 15:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Invalid user amax from 212.193.3.74
Sep 29 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: input_userauth_request: invalid user amax [preauth]
Sep 29 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Failed password for invalid user amax from 212.193.3.74 port 36112 ssh2
Sep 29 15:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Received disconnect from 212.193.3.74 port 36112:11: Bye Bye [preauth]
Sep 29 15:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Disconnected from 212.193.3.74 port 36112 [preauth]
Sep 29 15:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12153]: Connection closed by 45.78.196.183 port 37478 [preauth]
Sep 29 15:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Failed password for root from 162.144.236.216 port 48376 ssh2
Sep 29 15:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Connection closed by 162.144.236.216 port 48376 [preauth]
Sep 29 15:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for root from 162.144.236.216 port 56068 ssh2
Sep 29 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Invalid user hardy from 152.200.181.42
Sep 29 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: input_userauth_request: invalid user hardy [preauth]
Sep 29 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Connection closed by 162.144.236.216 port 56068 [preauth]
Sep 29 15:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Failed password for invalid user hardy from 152.200.181.42 port 57984 ssh2
Sep 29 15:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Received disconnect from 152.200.181.42 port 57984:11: Bye Bye [preauth]
Sep 29 15:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Disconnected from 152.200.181.42 port 57984 [preauth]
Sep 29 15:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Failed password for root from 162.144.236.216 port 35626 ssh2
Sep 29 15:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Connection closed by 162.144.236.216 port 35626 [preauth]
Sep 29 15:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session closed for user root
Sep 29 15:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Failed password for root from 162.144.236.216 port 42854 ssh2
Sep 29 15:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Connection closed by 162.144.236.216 port 42854 [preauth]
Sep 29 15:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: Failed password for root from 162.144.236.216 port 50154 ssh2
Sep 29 15:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: Connection closed by 162.144.236.216 port 50154 [preauth]
Sep 29 15:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for root from 101.36.98.91 port 59432 ssh2
Sep 29 15:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Received disconnect from 101.36.98.91 port 59432:11: Bye Bye [preauth]
Sep 29 15:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Disconnected from 101.36.98.91 port 59432 [preauth]
Sep 29 15:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12362]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12362]: pam_unix(cron:session): session closed for user root
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12352]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Invalid user nb from 202.139.196.49
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: input_userauth_request: invalid user nb [preauth]
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: Successful su for rubyman by root
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: + ??? root:rubyman
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315471 of user rubyman.
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315471.
Sep 29 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Failed password for root from 162.144.236.216 port 57176 ssh2
Sep 29 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user nb from 202.139.196.49 port 50662 ssh2
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Invalid user caja from 212.193.3.74
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: input_userauth_request: invalid user caja [preauth]
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Received disconnect from 202.139.196.49 port 50662:11: Bye Bye [preauth]
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Disconnected from 202.139.196.49 port 50662 [preauth]
Sep 29 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Connection closed by 162.144.236.216 port 57176 [preauth]
Sep 29 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Failed password for invalid user caja from 212.193.3.74 port 48242 ssh2
Sep 29 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session closed for user root
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Received disconnect from 212.193.3.74 port 48242:11: Bye Bye [preauth]
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Disconnected from 212.193.3.74 port 48242 [preauth]
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session closed for user root
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Invalid user pippo from 185.50.38.169
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: input_userauth_request: invalid user pippo [preauth]
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Failed password for invalid user pippo from 185.50.38.169 port 41426 ssh2
Sep 29 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Received disconnect from 185.50.38.169 port 41426:11: Bye Bye [preauth]
Sep 29 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Disconnected from 185.50.38.169 port 41426 [preauth]
Sep 29 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12353]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Failed password for root from 162.144.236.216 port 38204 ssh2
Sep 29 15:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Connection closed by 162.144.236.216 port 38204 [preauth]
Sep 29 15:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for root from 162.144.236.216 port 43656 ssh2
Sep 29 15:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 162.144.236.216 port 43656 [preauth]
Sep 29 15:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for root from 162.144.236.216 port 49938 ssh2
Sep 29 15:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Connection closed by 162.144.236.216 port 49938 [preauth]
Sep 29 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Failed password for root from 162.144.236.216 port 56182 ssh2
Sep 29 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Invalid user 1 from 194.0.234.93
Sep 29 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: input_userauth_request: invalid user 1 [preauth]
Sep 29 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Sep 29 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session closed for user root
Sep 29 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Connection closed by 162.144.236.216 port 56182 [preauth]
Sep 29 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Failed password for invalid user 1 from 194.0.234.93 port 56500 ssh2
Sep 29 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Connection closed by 194.0.234.93 port 56500 [preauth]
Sep 29 15:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Failed password for root from 162.144.236.216 port 33764 ssh2
Sep 29 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Connection closed by 162.144.236.216 port 33764 [preauth]
Sep 29 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Failed password for root from 101.36.98.91 port 41498 ssh2
Sep 29 15:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Received disconnect from 101.36.98.91 port 41498:11: Bye Bye [preauth]
Sep 29 15:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Disconnected from 101.36.98.91 port 41498 [preauth]
Sep 29 15:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Failed password for root from 162.144.236.216 port 41982 ssh2
Sep 29 15:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Connection closed by 162.144.236.216 port 41982 [preauth]
Sep 29 15:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Failed password for root from 212.193.3.74 port 34936 ssh2
Sep 29 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Received disconnect from 212.193.3.74 port 34936:11: Bye Bye [preauth]
Sep 29 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Disconnected from 212.193.3.74 port 34936 [preauth]
Sep 29 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Failed password for root from 162.144.236.216 port 48794 ssh2
Sep 29 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Connection closed by 162.144.236.216 port 48794 [preauth]
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12862]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: Successful su for rubyman by root
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: + ??? root:rubyman
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315477 of user rubyman.
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315477.
Sep 29 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session closed for user root
Sep 29 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Failed password for root from 162.144.236.216 port 55104 ssh2
Sep 29 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12863]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Connection closed by 162.144.236.216 port 55104 [preauth]
Sep 29 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Invalid user minecraft from 202.139.196.49
Sep 29 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 15:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for invalid user minecraft from 202.139.196.49 port 45732 ssh2
Sep 29 15:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Received disconnect from 202.139.196.49 port 45732:11: Bye Bye [preauth]
Sep 29 15:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Disconnected from 202.139.196.49 port 45732 [preauth]
Sep 29 15:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Failed password for root from 162.144.236.216 port 60572 ssh2
Sep 29 15:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Connection closed by 162.144.236.216 port 60572 [preauth]
Sep 29 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Invalid user alex from 185.50.38.169
Sep 29 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: input_userauth_request: invalid user alex [preauth]
Sep 29 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Failed password for invalid user alex from 185.50.38.169 port 32522 ssh2
Sep 29 15:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Received disconnect from 185.50.38.169 port 32522:11: Bye Bye [preauth]
Sep 29 15:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Disconnected from 185.50.38.169 port 32522 [preauth]
Sep 29 15:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Failed password for root from 162.144.236.216 port 39394 ssh2
Sep 29 15:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Connection closed by 162.144.236.216 port 39394 [preauth]
Sep 29 15:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session closed for user root
Sep 29 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: Failed password for root from 162.144.236.216 port 46038 ssh2
Sep 29 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: Connection closed by 162.144.236.216 port 46038 [preauth]
Sep 29 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for root from 162.144.236.216 port 54802 ssh2
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Invalid user minecraft from 152.200.181.42
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: Invalid user zomboid from 101.36.98.91
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: input_userauth_request: invalid user zomboid [preauth]
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 162.144.236.216 port 54802 [preauth]
Sep 29 15:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Failed password for invalid user minecraft from 152.200.181.42 port 42128 ssh2
Sep 29 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Received disconnect from 152.200.181.42 port 42128:11: Bye Bye [preauth]
Sep 29 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Disconnected from 152.200.181.42 port 42128 [preauth]
Sep 29 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: Failed password for invalid user zomboid from 101.36.98.91 port 43734 ssh2
Sep 29 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: Received disconnect from 101.36.98.91 port 43734:11: Bye Bye [preauth]
Sep 29 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13301]: Disconnected from 101.36.98.91 port 43734 [preauth]
Sep 29 15:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Failed password for root from 162.144.236.216 port 34694 ssh2
Sep 29 15:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13306]: Connection closed by 162.144.236.216 port 34694 [preauth]
Sep 29 15:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Failed password for root from 212.193.3.74 port 59104 ssh2
Sep 29 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Received disconnect from 212.193.3.74 port 59104:11: Bye Bye [preauth]
Sep 29 15:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Disconnected from 212.193.3.74 port 59104 [preauth]
Sep 29 15:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: Failed password for root from 162.144.236.216 port 41616 ssh2
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: Successful su for rubyman by root
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: + ??? root:rubyman
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315478 of user rubyman.
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13420]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315478.
Sep 29 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: Connection closed by 162.144.236.216 port 41616 [preauth]
Sep 29 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session closed for user root
Sep 29 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: Failed password for root from 162.144.236.216 port 47664 ssh2
Sep 29 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: Connection closed by 162.144.236.216 port 47664 [preauth]
Sep 29 15:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Failed password for root from 162.144.236.216 port 53908 ssh2
Sep 29 15:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Connection closed by 162.144.236.216 port 53908 [preauth]
Sep 29 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Failed password for root from 202.139.196.49 port 54822 ssh2
Sep 29 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Received disconnect from 202.139.196.49 port 54822:11: Bye Bye [preauth]
Sep 29 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13641]: Disconnected from 202.139.196.49 port 54822 [preauth]
Sep 29 15:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Failed password for root from 162.144.236.216 port 60032 ssh2
Sep 29 15:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Connection closed by 162.144.236.216 port 60032 [preauth]
Sep 29 15:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Invalid user fatima from 167.99.55.34
Sep 29 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: input_userauth_request: invalid user fatima [preauth]
Sep 29 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Invalid user whatsapp from 185.50.38.169
Sep 29 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: input_userauth_request: invalid user whatsapp [preauth]
Sep 29 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Failed password for invalid user fatima from 167.99.55.34 port 60248 ssh2
Sep 29 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Connection closed by 167.99.55.34 port 60248 [preauth]
Sep 29 15:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Failed password for invalid user whatsapp from 185.50.38.169 port 26462 ssh2
Sep 29 15:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Received disconnect from 185.50.38.169 port 26462:11: Bye Bye [preauth]
Sep 29 15:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Disconnected from 185.50.38.169 port 26462 [preauth]
Sep 29 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Failed password for root from 162.144.236.216 port 38104 ssh2
Sep 29 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Connection closed by 162.144.236.216 port 38104 [preauth]
Sep 29 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12361]: pam_unix(cron:session): session closed for user root
Sep 29 15:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Failed password for root from 162.144.236.216 port 45120 ssh2
Sep 29 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Connection closed by 162.144.236.216 port 45120 [preauth]
Sep 29 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91  user=root
Sep 29 15:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Failed password for root from 101.36.98.91 port 57866 ssh2
Sep 29 15:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Received disconnect from 101.36.98.91 port 57866:11: Bye Bye [preauth]
Sep 29 15:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Disconnected from 101.36.98.91 port 57866 [preauth]
Sep 29 15:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.193.3.74  user=root
Sep 29 15:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Failed password for root from 162.144.236.216 port 51334 ssh2
Sep 29 15:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for root from 212.193.3.74 port 49244 ssh2
Sep 29 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Received disconnect from 212.193.3.74 port 49244:11: Bye Bye [preauth]
Sep 29 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Disconnected from 212.193.3.74 port 49244 [preauth]
Sep 29 15:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Connection closed by 162.144.236.216 port 51334 [preauth]
Sep 29 15:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Failed password for root from 162.144.236.216 port 58906 ssh2
Sep 29 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13778]: Connection closed by 162.144.236.216 port 58906 [preauth]
Sep 29 15:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13807]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13873]: Successful su for rubyman by root
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13873]: + ??? root:rubyman
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315482 of user rubyman.
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13873]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315482.
Sep 29 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session closed for user root
Sep 29 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: Failed password for root from 162.144.236.216 port 37982 ssh2
Sep 29 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: Connection closed by 162.144.236.216 port 37982 [preauth]
Sep 29 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Failed password for root from 162.144.236.216 port 44598 ssh2
Sep 29 15:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Connection closed by 162.144.236.216 port 44598 [preauth]
Sep 29 15:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Failed password for root from 162.144.236.216 port 51774 ssh2
Sep 29 15:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Connection closed by 162.144.236.216 port 51774 [preauth]
Sep 29 15:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Invalid user superadmin from 202.139.196.49
Sep 29 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Failed password for invalid user superadmin from 202.139.196.49 port 37114 ssh2
Sep 29 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Received disconnect from 202.139.196.49 port 37114:11: Bye Bye [preauth]
Sep 29 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Disconnected from 202.139.196.49 port 37114 [preauth]
Sep 29 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Failed password for root from 162.144.236.216 port 58456 ssh2
Sep 29 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Connection closed by 162.144.236.216 port 58456 [preauth]
Sep 29 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session closed for user root
Sep 29 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Failed password for root from 162.144.236.216 port 36374 ssh2
Sep 29 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Failed password for root from 185.50.38.169 port 28578 ssh2
Sep 29 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Received disconnect from 185.50.38.169 port 28578:11: Bye Bye [preauth]
Sep 29 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Disconnected from 185.50.38.169 port 28578 [preauth]
Sep 29 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Connection closed by 162.144.236.216 port 36374 [preauth]
Sep 29 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Invalid user gitea from 20.163.71.109
Sep 29 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: input_userauth_request: invalid user gitea [preauth]
Sep 29 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Failed password for invalid user gitea from 20.163.71.109 port 55410 ssh2
Sep 29 15:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Connection closed by 20.163.71.109 port 55410 [preauth]
Sep 29 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Invalid user sambauser from 101.36.98.91
Sep 29 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: input_userauth_request: invalid user sambauser [preauth]
Sep 29 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user sambauser from 101.36.98.91 port 57172 ssh2
Sep 29 15:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Received disconnect from 101.36.98.91 port 57172:11: Bye Bye [preauth]
Sep 29 15:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Disconnected from 101.36.98.91 port 57172 [preauth]
Sep 29 15:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Failed password for root from 162.144.236.216 port 43412 ssh2
Sep 29 15:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Connection closed by 162.144.236.216 port 43412 [preauth]
Sep 29 15:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for root from 162.144.236.216 port 49206 ssh2
Sep 29 15:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Connection closed by 162.144.236.216 port 49206 [preauth]
Sep 29 15:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Failed password for root from 162.144.236.216 port 54516 ssh2
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14322]: Connection closed by 162.144.236.216 port 54516 [preauth]
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14334]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14396]: Successful su for rubyman by root
Sep 29 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14396]: + ??? root:rubyman
Sep 29 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315486 of user rubyman.
Sep 29 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14396]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315486.
Sep 29 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user root
Sep 29 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: Failed password for root from 162.144.236.216 port 59730 ssh2
Sep 29 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14335]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14382]: Connection closed by 162.144.236.216 port 59730 [preauth]
Sep 29 15:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Connection closed by 152.200.181.42 port 54487 [preauth]
Sep 29 15:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Failed password for root from 162.144.236.216 port 36806 ssh2
Sep 29 15:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14594]: Connection closed by 162.144.236.216 port 36806 [preauth]
Sep 29 15:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Failed password for root from 162.144.236.216 port 43420 ssh2
Sep 29 15:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Connection closed by 162.144.236.216 port 43420 [preauth]
Sep 29 15:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: Failed password for root from 162.144.236.216 port 49798 ssh2
Sep 29 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session closed for user root
Sep 29 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: Connection closed by 162.144.236.216 port 49798 [preauth]
Sep 29 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Invalid user marina from 202.139.196.49
Sep 29 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: input_userauth_request: invalid user marina [preauth]
Sep 29 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 15:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user marina from 202.139.196.49 port 47584 ssh2
Sep 29 15:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Received disconnect from 202.139.196.49 port 47584:11: Bye Bye [preauth]
Sep 29 15:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Disconnected from 202.139.196.49 port 47584 [preauth]
Sep 29 15:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Invalid user nb from 101.36.98.91
Sep 29 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: input_userauth_request: invalid user nb [preauth]
Sep 29 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.98.91
Sep 29 15:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Failed password for root from 162.144.236.216 port 57912 ssh2
Sep 29 15:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Connection closed by 162.144.236.216 port 57912 [preauth]
Sep 29 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Failed password for invalid user nb from 101.36.98.91 port 46348 ssh2
Sep 29 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Received disconnect from 101.36.98.91 port 46348:11: Bye Bye [preauth]
Sep 29 15:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14711]: Disconnected from 101.36.98.91 port 46348 [preauth]
Sep 29 15:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: Failed password for root from 185.50.38.169 port 11506 ssh2
Sep 29 15:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: Received disconnect from 185.50.38.169 port 11506:11: Bye Bye [preauth]
Sep 29 15:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: Disconnected from 185.50.38.169 port 11506 [preauth]
Sep 29 15:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Failed password for root from 162.144.236.216 port 37500 ssh2
Sep 29 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Connection closed by 162.144.236.216 port 37500 [preauth]
Sep 29 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14768]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session closed for user root
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14765]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14844]: Successful su for rubyman by root
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14844]: + ??? root:rubyman
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315493 of user rubyman.
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14844]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315493.
Sep 29 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14751]: Failed password for root from 162.144.236.216 port 46628 ssh2
Sep 29 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14751]: Connection closed by 162.144.236.216 port 46628 [preauth]
Sep 29 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14767]: pam_unix(cron:session): session closed for user root
Sep 29 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11802]: pam_unix(cron:session): session closed for user root
Sep 29 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14766]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Failed password for root from 162.144.236.216 port 53576 ssh2
Sep 29 15:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Connection closed by 162.144.236.216 port 53576 [preauth]
Sep 29 15:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Failed password for root from 162.144.236.216 port 59304 ssh2
Sep 29 15:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Connection closed by 162.144.236.216 port 59304 [preauth]
Sep 29 15:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15100]: Failed password for root from 162.144.236.216 port 37944 ssh2
Sep 29 15:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15100]: Connection closed by 162.144.236.216 port 37944 [preauth]
Sep 29 15:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13807]: pam_unix(cron:session): session closed for user root
Sep 29 15:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15135]: Failed password for root from 162.144.236.216 port 44512 ssh2
Sep 29 15:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15135]: Connection closed by 162.144.236.216 port 44512 [preauth]
Sep 29 15:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Failed password for root from 202.139.196.49 port 57018 ssh2
Sep 29 15:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Received disconnect from 202.139.196.49 port 57018:11: Bye Bye [preauth]
Sep 29 15:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Disconnected from 202.139.196.49 port 57018 [preauth]
Sep 29 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 162.144.236.216 port 52154 ssh2
Sep 29 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Connection closed by 162.144.236.216 port 52154 [preauth]
Sep 29 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Invalid user reboot from 93.152.230.176
Sep 29 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: input_userauth_request: invalid user reboot [preauth]
Sep 29 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for invalid user reboot from 93.152.230.176 port 16509 ssh2
Sep 29 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Received disconnect from 93.152.230.176 port 16509:11: Client disconnecting normally [preauth]
Sep 29 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Disconnected from 93.152.230.176 port 16509 [preauth]
Sep 29 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Invalid user fast from 185.50.38.169
Sep 29 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: input_userauth_request: invalid user fast [preauth]
Sep 29 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Failed password for invalid user fast from 185.50.38.169 port 31478 ssh2
Sep 29 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Received disconnect from 185.50.38.169 port 31478:11: Bye Bye [preauth]
Sep 29 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Disconnected from 185.50.38.169 port 31478 [preauth]
Sep 29 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Failed password for root from 162.144.236.216 port 58982 ssh2
Sep 29 15:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15199]: Connection closed by 162.144.236.216 port 58982 [preauth]
Sep 29 15:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15236]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: Successful su for rubyman by root
Sep 29 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: + ??? root:rubyman
Sep 29 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315497 of user rubyman.
Sep 29 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15318]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315497.
Sep 29 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Failed password for root from 162.144.236.216 port 38392 ssh2
Sep 29 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Connection closed by 162.144.236.216 port 38392 [preauth]
Sep 29 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session closed for user root
Sep 29 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15237]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: Failed password for root from 162.144.236.216 port 47102 ssh2
Sep 29 15:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: Connection closed by 162.144.236.216 port 47102 [preauth]
Sep 29 15:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Failed password for root from 162.144.236.216 port 53686 ssh2
Sep 29 15:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Connection closed by 162.144.236.216 port 53686 [preauth]
Sep 29 15:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 15:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Failed password for root from 185.156.73.233 port 20176 ssh2
Sep 29 15:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15555]: Connection closed by 185.156.73.233 port 20176 [preauth]
Sep 29 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 15:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for root from 162.144.236.216 port 58104 ssh2
Sep 29 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 152.200.181.42 port 38608 ssh2
Sep 29 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Connection closed by 162.144.236.216 port 58104 [preauth]
Sep 29 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user root
Sep 29 15:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Received disconnect from 152.200.181.42 port 38608:11: Bye Bye [preauth]
Sep 29 15:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Disconnected from 152.200.181.42 port 38608 [preauth]
Sep 29 15:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Failed password for root from 162.144.236.216 port 37724 ssh2
Sep 29 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Connection closed by 162.144.236.216 port 37724 [preauth]
Sep 29 15:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Failed password for root from 202.139.196.49 port 43904 ssh2
Sep 29 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Received disconnect from 202.139.196.49 port 43904:11: Bye Bye [preauth]
Sep 29 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Disconnected from 202.139.196.49 port 43904 [preauth]
Sep 29 15:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Failed password for root from 162.144.236.216 port 44392 ssh2
Sep 29 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Connection closed by 162.144.236.216 port 44392 [preauth]
Sep 29 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Failed password for root from 162.144.236.216 port 52152 ssh2
Sep 29 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Connection closed by 162.144.236.216 port 52152 [preauth]
Sep 29 15:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Invalid user julian from 185.50.38.169
Sep 29 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: input_userauth_request: invalid user julian [preauth]
Sep 29 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Failed password for invalid user julian from 185.50.38.169 port 10828 ssh2
Sep 29 15:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Received disconnect from 185.50.38.169 port 10828:11: Bye Bye [preauth]
Sep 29 15:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Disconnected from 185.50.38.169 port 10828 [preauth]
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session closed for user root
Sep 29 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: Successful su for rubyman by root
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: + ??? root:rubyman
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315501 of user rubyman.
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315501.
Sep 29 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Failed password for root from 162.144.236.216 port 58018 ssh2
Sep 29 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Connection closed by 162.144.236.216 port 58018 [preauth]
Sep 29 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session closed for user root
Sep 29 15:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15696]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: Failed password for root from 162.144.236.216 port 36408 ssh2
Sep 29 15:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: Connection closed by 162.144.236.216 port 36408 [preauth]
Sep 29 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15968]: Failed password for root from 162.144.236.216 port 43626 ssh2
Sep 29 15:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15968]: Connection closed by 162.144.236.216 port 43626 [preauth]
Sep 29 15:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Failed password for root from 162.144.236.216 port 49988 ssh2
Sep 29 15:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Connection closed by 162.144.236.216 port 49988 [preauth]
Sep 29 15:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Failed password for root from 162.144.236.216 port 54654 ssh2
Sep 29 15:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Connection closed by 162.144.236.216 port 54654 [preauth]
Sep 29 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session closed for user root
Sep 29 15:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Failed password for root from 162.144.236.216 port 60292 ssh2
Sep 29 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Connection closed by 162.144.236.216 port 60292 [preauth]
Sep 29 15:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: Failed password for root from 162.144.236.216 port 37842 ssh2
Sep 29 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: Connection closed by 162.144.236.216 port 37842 [preauth]
Sep 29 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Invalid user admin from 202.139.196.49
Sep 29 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49
Sep 29 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Failed password for invalid user admin from 202.139.196.49 port 33494 ssh2
Sep 29 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Received disconnect from 202.139.196.49 port 33494:11: Bye Bye [preauth]
Sep 29 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Disconnected from 202.139.196.49 port 33494 [preauth]
Sep 29 15:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for root from 162.144.236.216 port 44528 ssh2
Sep 29 15:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Connection closed by 162.144.236.216 port 44528 [preauth]
Sep 29 15:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16204]: Successful su for rubyman by root
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16204]: + ??? root:rubyman
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315507 of user rubyman.
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16204]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315507.
Sep 29 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Failed password for root from 162.144.236.216 port 50950 ssh2
Sep 29 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
Sep 29 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Connection closed by 162.144.236.216 port 50950 [preauth]
Sep 29 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Failed password for root from 185.50.38.169 port 16764 ssh2
Sep 29 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Received disconnect from 185.50.38.169 port 16764:11: Bye Bye [preauth]
Sep 29 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Disconnected from 185.50.38.169 port 16764 [preauth]
Sep 29 15:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Failed password for root from 162.144.236.216 port 56948 ssh2
Sep 29 15:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Connection closed by 162.144.236.216 port 56948 [preauth]
Sep 29 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Failed password for root from 162.144.236.216 port 35078 ssh2
Sep 29 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Connection closed by 162.144.236.216 port 35078 [preauth]
Sep 29 15:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Failed password for root from 162.144.236.216 port 42034 ssh2
Sep 29 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Connection closed by 162.144.236.216 port 42034 [preauth]
Sep 29 15:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15239]: pam_unix(cron:session): session closed for user root
Sep 29 15:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Failed password for root from 162.144.236.216 port 47440 ssh2
Sep 29 15:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Connection closed by 162.144.236.216 port 47440 [preauth]
Sep 29 15:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16529]: Failed password for root from 162.144.236.216 port 55538 ssh2
Sep 29 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16529]: Connection closed by 162.144.236.216 port 55538 [preauth]
Sep 29 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: Connection closed by 152.200.181.42 port 50966 [preauth]
Sep 29 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: Failed password for root from 162.144.236.216 port 34260 ssh2
Sep 29 15:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: Connection closed by 162.144.236.216 port 34260 [preauth]
Sep 29 15:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2  user=root
Sep 29 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16603]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: Successful su for rubyman by root
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: + ??? root:rubyman
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315509 of user rubyman.
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16667]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315509.
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Failed password for root from 103.206.72.2 port 42900 ssh2
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Received disconnect from 103.206.72.2 port 42900:11: Bye Bye [preauth]
Sep 29 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Disconnected from 103.206.72.2 port 42900 [preauth]
Sep 29 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Failed password for root from 162.144.236.216 port 41122 ssh2
Sep 29 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Connection closed by 162.144.236.216 port 41122 [preauth]
Sep 29 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13805]: pam_unix(cron:session): session closed for user root
Sep 29 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Failed password for root from 162.144.236.216 port 46952 ssh2
Sep 29 15:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Connection closed by 162.144.236.216 port 46952 [preauth]
Sep 29 15:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Invalid user traefik from 185.50.38.169
Sep 29 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: input_userauth_request: invalid user traefik [preauth]
Sep 29 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Failed password for invalid user traefik from 185.50.38.169 port 26604 ssh2
Sep 29 15:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Received disconnect from 185.50.38.169 port 26604:11: Bye Bye [preauth]
Sep 29 15:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Disconnected from 185.50.38.169 port 26604 [preauth]
Sep 29 15:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: Failed password for root from 162.144.236.216 port 53784 ssh2
Sep 29 15:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: Connection closed by 162.144.236.216 port 53784 [preauth]
Sep 29 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: Failed password for root from 162.144.236.216 port 33840 ssh2
Sep 29 15:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16924]: Connection closed by 162.144.236.216 port 33840 [preauth]
Sep 29 15:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user root
Sep 29 15:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Failed password for root from 162.144.236.216 port 40816 ssh2
Sep 29 15:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Connection closed by 162.144.236.216 port 40816 [preauth]
Sep 29 15:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Failed password for root from 162.144.236.216 port 48034 ssh2
Sep 29 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Connection closed by 162.144.236.216 port 48034 [preauth]
Sep 29 15:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 162.144.236.216 port 55670 ssh2
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Connection closed by 162.144.236.216 port 55670 [preauth]
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session closed for user root
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Invalid user maroof from 167.99.55.34
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: input_userauth_request: invalid user maroof [preauth]
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17143]: Successful su for rubyman by root
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17143]: + ??? root:rubyman
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315516 of user rubyman.
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17143]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315516.
Sep 29 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Failed password for invalid user maroof from 167.99.55.34 port 58110 ssh2
Sep 29 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Connection closed by 167.99.55.34 port 58110 [preauth]
Sep 29 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session closed for user root
Sep 29 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session closed for user root
Sep 29 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.139.196.49  user=root
Sep 29 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: Failed password for root from 162.144.236.216 port 34948 ssh2
Sep 29 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: Connection closed by 162.144.236.216 port 34948 [preauth]
Sep 29 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Failed password for root from 202.139.196.49 port 43630 ssh2
Sep 29 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Received disconnect from 202.139.196.49 port 43630:11: Bye Bye [preauth]
Sep 29 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Disconnected from 202.139.196.49 port 43630 [preauth]
Sep 29 15:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Invalid user foundry from 103.206.72.2
Sep 29 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: input_userauth_request: invalid user foundry [preauth]
Sep 29 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2
Sep 29 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Failed password for invalid user foundry from 103.206.72.2 port 35322 ssh2
Sep 29 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Received disconnect from 103.206.72.2 port 35322:11: Bye Bye [preauth]
Sep 29 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Disconnected from 103.206.72.2 port 35322 [preauth]
Sep 29 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Failed password for root from 162.144.236.216 port 42884 ssh2
Sep 29 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Connection closed by 162.144.236.216 port 42884 [preauth]
Sep 29 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Failed password for root from 162.144.236.216 port 49320 ssh2
Sep 29 15:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Connection closed by 162.144.236.216 port 49320 [preauth]
Sep 29 15:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Invalid user spring from 185.50.38.169
Sep 29 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: input_userauth_request: invalid user spring [preauth]
Sep 29 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Failed password for invalid user spring from 185.50.38.169 port 53498 ssh2
Sep 29 15:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Received disconnect from 185.50.38.169 port 53498:11: Bye Bye [preauth]
Sep 29 15:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Disconnected from 185.50.38.169 port 53498 [preauth]
Sep 29 15:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: Failed password for root from 162.144.236.216 port 54944 ssh2
Sep 29 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: Connection closed by 162.144.236.216 port 54944 [preauth]
Sep 29 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session closed for user root
Sep 29 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Failed password for root from 162.144.236.216 port 33548 ssh2
Sep 29 15:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Connection closed by 162.144.236.216 port 33548 [preauth]
Sep 29 15:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 162.144.236.216 port 42124 ssh2
Sep 29 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Connection closed by 162.144.236.216 port 42124 [preauth]
Sep 29 15:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: Successful su for rubyman by root
Sep 29 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: + ??? root:rubyman
Sep 29 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315521 of user rubyman.
Sep 29 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315521.
Sep 29 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14768]: pam_unix(cron:session): session closed for user root
Sep 29 15:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Failed password for root from 162.144.236.216 port 49272 ssh2
Sep 29 15:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17543]: Connection closed by 162.144.236.216 port 49272 [preauth]
Sep 29 15:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 152.200.181.42 port 35094 [preauth]
Sep 29 15:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Invalid user services from 103.206.72.2
Sep 29 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: input_userauth_request: invalid user services [preauth]
Sep 29 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2
Sep 29 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17969]: Failed password for root from 162.144.236.216 port 58020 ssh2
Sep 29 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Failed password for invalid user services from 103.206.72.2 port 55388 ssh2
Sep 29 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Received disconnect from 103.206.72.2 port 55388:11: Bye Bye [preauth]
Sep 29 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Disconnected from 103.206.72.2 port 55388 [preauth]
Sep 29 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17969]: Connection closed by 162.144.236.216 port 58020 [preauth]
Sep 29 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Invalid user odoo from 185.50.38.169
Sep 29 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: input_userauth_request: invalid user odoo [preauth]
Sep 29 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16608]: pam_unix(cron:session): session closed for user root
Sep 29 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Failed password for invalid user odoo from 185.50.38.169 port 55030 ssh2
Sep 29 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Received disconnect from 185.50.38.169 port 55030:11: Bye Bye [preauth]
Sep 29 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Disconnected from 185.50.38.169 port 55030 [preauth]
Sep 29 15:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18016]: Failed password for root from 162.144.236.216 port 36214 ssh2
Sep 29 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18016]: Connection closed by 162.144.236.216 port 36214 [preauth]
Sep 29 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18067]: Failed password for root from 162.144.236.216 port 43490 ssh2
Sep 29 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18067]: Connection closed by 162.144.236.216 port 43490 [preauth]
Sep 29 15:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Failed password for root from 162.144.236.216 port 49354 ssh2
Sep 29 15:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18093]: Connection closed by 162.144.236.216 port 49354 [preauth]
Sep 29 15:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: Successful su for rubyman by root
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: + ??? root:rubyman
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315523 of user rubyman.
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18394]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315523.
Sep 29 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Failed password for root from 162.144.236.216 port 57342 ssh2
Sep 29 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15238]: pam_unix(cron:session): session closed for user root
Sep 29 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Connection closed by 162.144.236.216 port 57342 [preauth]
Sep 29 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Failed password for root from 162.144.236.216 port 35932 ssh2
Sep 29 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18634]: Connection closed by 162.144.236.216 port 35932 [preauth]
Sep 29 15:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Failed password for root from 162.144.236.216 port 41636 ssh2
Sep 29 15:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Connection closed by 162.144.236.216 port 41636 [preauth]
Sep 29 15:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Failed password for root from 162.144.236.216 port 48624 ssh2
Sep 29 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18710]: Connection closed by 162.144.236.216 port 48624 [preauth]
Sep 29 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session closed for user root
Sep 29 15:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Invalid user test from 185.50.38.169
Sep 29 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: input_userauth_request: invalid user test [preauth]
Sep 29 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Failed password for invalid user test from 185.50.38.169 port 6184 ssh2
Sep 29 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Received disconnect from 185.50.38.169 port 6184:11: Bye Bye [preauth]
Sep 29 15:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Disconnected from 185.50.38.169 port 6184 [preauth]
Sep 29 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18762]: Did not receive identification string from 162.144.236.216
Sep 29 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18789]: Failed password for root from 162.144.236.216 port 59266 ssh2
Sep 29 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18789]: Connection closed by 162.144.236.216 port 59266 [preauth]
Sep 29 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18925]: Successful su for rubyman by root
Sep 29 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18925]: + ??? root:rubyman
Sep 29 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315527 of user rubyman.
Sep 29 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18925]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315527.
Sep 29 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user root
Sep 29 15:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: Failed password for root from 162.144.236.216 port 39146 ssh2
Sep 29 15:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: Connection closed by 162.144.236.216 port 39146 [preauth]
Sep 29 15:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Failed password for root from 162.144.236.216 port 46124 ssh2
Sep 29 15:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Connection closed by 162.144.236.216 port 46124 [preauth]
Sep 29 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: Invalid user git from 45.78.196.183
Sep 29 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: input_userauth_request: invalid user git [preauth]
Sep 29 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19187]: Failed password for root from 162.144.236.216 port 52952 ssh2
Sep 29 15:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19187]: Connection closed by 162.144.236.216 port 52952 [preauth]
Sep 29 15:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session closed for user root
Sep 29 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Invalid user ab from 152.200.181.42
Sep 29 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: input_userauth_request: invalid user ab [preauth]
Sep 29 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Failed password for invalid user ab from 152.200.181.42 port 47448 ssh2
Sep 29 15:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: Failed password for root from 162.144.236.216 port 59422 ssh2
Sep 29 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: Connection closed by 162.144.236.216 port 59422 [preauth]
Sep 29 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Invalid user user from 45.78.196.183
Sep 29 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: input_userauth_request: invalid user user [preauth]
Sep 29 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.196.183
Sep 29 15:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Received disconnect from 152.200.181.42 port 47448:11: Bye Bye [preauth]
Sep 29 15:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19244]: Disconnected from 152.200.181.42 port 47448 [preauth]
Sep 29 15:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for invalid user user from 45.78.196.183 port 39410 ssh2
Sep 29 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Connection closed by 45.78.196.183 port 39410 [preauth]
Sep 29 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: Failed password for root from 162.144.236.216 port 38980 ssh2
Sep 29 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Invalid user superadmin from 185.50.38.169
Sep 29 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19313]: Connection closed by 45.78.196.183 port 54736 [preauth]
Sep 29 15:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19311]: Connection closed by 162.144.236.216 port 38980 [preauth]
Sep 29 15:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user superadmin from 185.50.38.169 port 4762 ssh2
Sep 29 15:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Received disconnect from 185.50.38.169 port 4762:11: Bye Bye [preauth]
Sep 29 15:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Disconnected from 185.50.38.169 port 4762 [preauth]
Sep 29 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.196.183
Sep 29 15:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: Failed password for invalid user git from 45.78.196.183 port 55252 ssh2
Sep 29 15:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19184]: Connection closed by 45.78.196.183 port 55252 [preauth]
Sep 29 15:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Failed password for root from 162.144.236.216 port 45776 ssh2
Sep 29 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Connection closed by 162.144.236.216 port 45776 [preauth]
Sep 29 15:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Connection closed by 45.78.196.183 port 55258 [preauth]
Sep 29 15:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19554]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for root from 162.144.236.216 port 52662 ssh2
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: Successful su for rubyman by root
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: + ??? root:rubyman
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315532 of user rubyman.
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19634]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315532.
Sep 29 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Connection closed by 162.144.236.216 port 52662 [preauth]
Sep 29 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19227]: Connection closed by 45.78.196.183 port 39382 [preauth]
Sep 29 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
Sep 29 15:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19553]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: Failed password for root from 162.144.236.216 port 59264 ssh2
Sep 29 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19760]: Connection closed by 162.144.236.216 port 59264 [preauth]
Sep 29 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Failed password for root from 162.144.236.216 port 38554 ssh2
Sep 29 15:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19999]: Connection closed by 162.144.236.216 port 38554 [preauth]
Sep 29 15:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Failed password for root from 162.144.236.216 port 44016 ssh2
Sep 29 15:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Connection closed by 162.144.236.216 port 44016 [preauth]
Sep 29 15:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session closed for user root
Sep 29 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for root from 162.144.236.216 port 51622 ssh2
Sep 29 15:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Connection closed by 162.144.236.216 port 51622 [preauth]
Sep 29 15:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: Failed password for root from 162.144.236.216 port 58030 ssh2
Sep 29 15:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20107]: Connection closed by 162.144.236.216 port 58030 [preauth]
Sep 29 15:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Failed password for root from 162.144.236.216 port 35030 ssh2
Sep 29 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Connection closed by 162.144.236.216 port 35030 [preauth]
Sep 29 15:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: Invalid user mama from 185.50.38.169
Sep 29 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: input_userauth_request: invalid user mama [preauth]
Sep 29 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: Failed password for invalid user mama from 185.50.38.169 port 39470 ssh2
Sep 29 15:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: Received disconnect from 185.50.38.169 port 39470:11: Bye Bye [preauth]
Sep 29 15:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: Disconnected from 185.50.38.169 port 39470 [preauth]
Sep 29 15:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Failed password for root from 162.144.236.216 port 42346 ssh2
Sep 29 15:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Connection closed by 162.144.236.216 port 42346 [preauth]
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20191]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20190]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20192]: pam_unix(cron:session): session closed for user root
Sep 29 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: Successful su for rubyman by root
Sep 29 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: + ??? root:rubyman
Sep 29 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315536 of user rubyman.
Sep 29 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315536.
Sep 29 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session closed for user root
Sep 29 15:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20189]: pam_unix(cron:session): session closed for user root
Sep 29 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 15:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20188]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: Failed password for root from 162.144.236.216 port 50046 ssh2
Sep 29 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Failed password for root from 93.152.230.176 port 47406 ssh2
Sep 29 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Received disconnect from 93.152.230.176 port 47406:11: Client disconnecting normally [preauth]
Sep 29 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Disconnected from 93.152.230.176 port 47406 [preauth]
Sep 29 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: Connection closed by 162.144.236.216 port 50046 [preauth]
Sep 29 15:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Failed password for root from 162.144.236.216 port 33310 ssh2
Sep 29 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20545]: Connection closed by 162.144.236.216 port 33310 [preauth]
Sep 29 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for root from 162.144.236.216 port 39274 ssh2
Sep 29 15:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 162.144.236.216 port 39274 [preauth]
Sep 29 15:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session closed for user root
Sep 29 15:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Failed password for root from 162.144.236.216 port 45856 ssh2
Sep 29 15:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Connection closed by 162.144.236.216 port 45856 [preauth]
Sep 29 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Did not receive identification string from 91.196.152.21
Sep 29 15:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: Failed password for root from 162.144.236.216 port 53336 ssh2
Sep 29 15:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: Connection closed by 162.144.236.216 port 53336 [preauth]
Sep 29 15:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Invalid user gianni from 152.200.181.42
Sep 29 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: input_userauth_request: invalid user gianni [preauth]
Sep 29 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Failed password for root from 162.144.236.216 port 33002 ssh2
Sep 29 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Connection closed by 162.144.236.216 port 33002 [preauth]
Sep 29 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Failed password for invalid user gianni from 152.200.181.42 port 59810 ssh2
Sep 29 15:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Did not receive identification string from 91.196.152.106
Sep 29 15:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Received disconnect from 152.200.181.42 port 59810:11: Bye Bye [preauth]
Sep 29 15:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Disconnected from 152.200.181.42 port 59810 [preauth]
Sep 29 15:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20720]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20718]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: Successful su for rubyman by root
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: + ??? root:rubyman
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315541 of user rubyman.
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315541.
Sep 29 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Failed password for root from 162.144.236.216 port 37990 ssh2
Sep 29 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20693]: Connection closed by 162.144.236.216 port 37990 [preauth]
Sep 29 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Failed password for root from 185.50.38.169 port 21534 ssh2
Sep 29 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Received disconnect from 185.50.38.169 port 21534:11: Bye Bye [preauth]
Sep 29 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Disconnected from 185.50.38.169 port 21534 [preauth]
Sep 29 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17056]: pam_unix(cron:session): session closed for user root
Sep 29 15:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20719]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: Failed password for root from 162.144.236.216 port 44436 ssh2
Sep 29 15:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20898]: Connection closed by 162.144.236.216 port 44436 [preauth]
Sep 29 15:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Failed password for root from 162.144.236.216 port 52506 ssh2
Sep 29 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Connection closed by 162.144.236.216 port 52506 [preauth]
Sep 29 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Failed password for root from 162.144.236.216 port 56438 ssh2
Sep 29 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Connection closed by 162.144.236.216 port 56438 [preauth]
Sep 29 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session closed for user root
Sep 29 15:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Bad protocol version identification '\026\003\003\001\246\001' from 91.196.152.21 port 54977
Sep 29 15:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: Did not receive identification string from 91.196.152.20
Sep 29 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Failed password for root from 162.144.236.216 port 38054 ssh2
Sep 29 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Connection closed by 162.144.236.216 port 38054 [preauth]
Sep 29 15:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Failed password for root from 162.144.236.216 port 43534 ssh2
Sep 29 15:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Connection closed by 162.144.236.216 port 43534 [preauth]
Sep 29 15:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Failed password for root from 162.144.236.216 port 49758 ssh2
Sep 29 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Connection closed by 162.144.236.216 port 49758 [preauth]
Sep 29 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21182]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21245]: Successful su for rubyman by root
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21245]: + ??? root:rubyman
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315545 of user rubyman.
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21245]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315545.
Sep 29 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user root
Sep 29 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21183]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Failed password for root from 162.144.236.216 port 56146 ssh2
Sep 29 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: Invalid user sonarUser from 185.50.38.169
Sep 29 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: input_userauth_request: invalid user sonarUser [preauth]
Sep 29 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Connection closed by 162.144.236.216 port 56146 [preauth]
Sep 29 15:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: Failed password for invalid user sonarUser from 185.50.38.169 port 61910 ssh2
Sep 29 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: Received disconnect from 185.50.38.169 port 61910:11: Bye Bye [preauth]
Sep 29 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21444]: Disconnected from 185.50.38.169 port 61910 [preauth]
Sep 29 15:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Failed password for root from 162.144.236.216 port 33728 ssh2
Sep 29 15:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Connection closed by 162.144.236.216 port 33728 [preauth]
Sep 29 15:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Failed password for root from 162.144.236.216 port 40120 ssh2
Sep 29 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Connection closed by 162.144.236.216 port 40120 [preauth]
Sep 29 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Invalid user shoaib from 167.99.55.34
Sep 29 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: input_userauth_request: invalid user shoaib [preauth]
Sep 29 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20191]: pam_unix(cron:session): session closed for user root
Sep 29 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Failed password for invalid user shoaib from 167.99.55.34 port 58338 ssh2
Sep 29 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Connection closed by 167.99.55.34 port 58338 [preauth]
Sep 29 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: Failed password for root from 162.144.236.216 port 45762 ssh2
Sep 29 15:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21539]: Connection closed by 162.144.236.216 port 45762 [preauth]
Sep 29 15:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Failed password for root from 162.144.236.216 port 50940 ssh2
Sep 29 15:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Connection closed by 162.144.236.216 port 50940 [preauth]
Sep 29 15:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: Failed password for root from 162.144.236.216 port 58196 ssh2
Sep 29 15:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: Connection closed by 162.144.236.216 port 58196 [preauth]
Sep 29 15:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21630]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21627]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: Successful su for rubyman by root
Sep 29 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: + ??? root:rubyman
Sep 29 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315549 of user rubyman.
Sep 29 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21693]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315549.
Sep 29 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session closed for user root
Sep 29 15:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21628]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21621]: Failed password for root from 162.144.236.216 port 36360 ssh2
Sep 29 15:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21621]: Connection closed by 162.144.236.216 port 36360 [preauth]
Sep 29 15:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Invalid user test from 185.50.38.169
Sep 29 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: input_userauth_request: invalid user test [preauth]
Sep 29 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Failed password for root from 152.200.181.42 port 43931 ssh2
Sep 29 15:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Failed password for invalid user test from 185.50.38.169 port 28466 ssh2
Sep 29 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Received disconnect from 185.50.38.169 port 28466:11: Bye Bye [preauth]
Sep 29 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Disconnected from 185.50.38.169 port 28466 [preauth]
Sep 29 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Received disconnect from 152.200.181.42 port 43931:11: Bye Bye [preauth]
Sep 29 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Disconnected from 152.200.181.42 port 43931 [preauth]
Sep 29 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21916]: Failed password for root from 162.144.236.216 port 42126 ssh2
Sep 29 15:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21916]: Connection closed by 162.144.236.216 port 42126 [preauth]
Sep 29 15:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21968]: Failed password for root from 162.144.236.216 port 47294 ssh2
Sep 29 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session closed for user root
Sep 29 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21968]: Connection closed by 162.144.236.216 port 47294 [preauth]
Sep 29 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: Failed password for root from 162.144.236.216 port 52090 ssh2
Sep 29 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: Connection closed by 162.144.236.216 port 52090 [preauth]
Sep 29 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: Failed password for root from 162.144.236.216 port 58044 ssh2
Sep 29 15:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22032]: Connection closed by 162.144.236.216 port 58044 [preauth]
Sep 29 15:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: Failed password for root from 162.144.236.216 port 38088 ssh2
Sep 29 15:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: Connection closed by 162.144.236.216 port 38088 [preauth]
Sep 29 15:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: Successful su for rubyman by root
Sep 29 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: + ??? root:rubyman
Sep 29 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315553 of user rubyman.
Sep 29 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315553.
Sep 29 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session closed for user root
Sep 29 15:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Failed password for root from 162.144.236.216 port 44204 ssh2
Sep 29 15:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Connection closed by 162.144.236.216 port 44204 [preauth]
Sep 29 15:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: Invalid user admin from 194.0.234.19
Sep 29 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: Failed none for invalid user admin from 194.0.234.19 port 58128 ssh2
Sep 29 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: Connection closed by 194.0.234.19 port 58128 [preauth]
Sep 29 15:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22375]: Failed password for root from 162.144.236.216 port 54020 ssh2
Sep 29 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22375]: Connection closed by 162.144.236.216 port 54020 [preauth]
Sep 29 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: Failed password for root from 185.50.38.169 port 2794 ssh2
Sep 29 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: Received disconnect from 185.50.38.169 port 2794:11: Bye Bye [preauth]
Sep 29 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22402]: Disconnected from 185.50.38.169 port 2794 [preauth]
Sep 29 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: Failed password for root from 162.144.236.216 port 60132 ssh2
Sep 29 15:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22404]: Connection closed by 162.144.236.216 port 60132 [preauth]
Sep 29 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session closed for user root
Sep 29 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: Failed password for root from 162.144.236.216 port 38948 ssh2
Sep 29 15:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22448]: Connection closed by 162.144.236.216 port 38948 [preauth]
Sep 29 15:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Failed password for root from 162.144.236.216 port 46884 ssh2
Sep 29 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22490]: Connection closed by 162.144.236.216 port 46884 [preauth]
Sep 29 15:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for root from 162.144.236.216 port 54468 ssh2
Sep 29 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Connection closed by 162.144.236.216 port 54468 [preauth]
Sep 29 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22552]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22551]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22553]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22550]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22553]: pam_unix(cron:session): session closed for user root
Sep 29 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: Successful su for rubyman by root
Sep 29 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: + ??? root:rubyman
Sep 29 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315557 of user rubyman.
Sep 29 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315557.
Sep 29 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19554]: pam_unix(cron:session): session closed for user root
Sep 29 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22550]: pam_unix(cron:session): session closed for user root
Sep 29 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Failed password for root from 162.144.236.216 port 34572 ssh2
Sep 29 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22535]: Connection closed by 162.144.236.216 port 34572 [preauth]
Sep 29 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Failed password for root from 162.144.236.216 port 41246 ssh2
Sep 29 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Connection closed by 162.144.236.216 port 41246 [preauth]
Sep 29 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: Failed password for root from 162.144.236.216 port 51180 ssh2
Sep 29 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Invalid user minecraft from 185.50.38.169
Sep 29 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: Connection closed by 162.144.236.216 port 51180 [preauth]
Sep 29 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Failed password for invalid user minecraft from 185.50.38.169 port 58636 ssh2
Sep 29 15:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Received disconnect from 185.50.38.169 port 58636:11: Bye Bye [preauth]
Sep 29 15:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Disconnected from 185.50.38.169 port 58636 [preauth]
Sep 29 15:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21630]: pam_unix(cron:session): session closed for user root
Sep 29 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Failed password for root from 162.144.236.216 port 57776 ssh2
Sep 29 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Connection closed by 152.200.181.42 port 56296 [preauth]
Sep 29 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Connection closed by 162.144.236.216 port 57776 [preauth]
Sep 29 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Failed password for root from 162.144.236.216 port 38664 ssh2
Sep 29 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Connection closed by 162.144.236.216 port 38664 [preauth]
Sep 29 15:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Failed password for root from 162.144.236.216 port 45284 ssh2
Sep 29 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Connection closed by 162.144.236.216 port 45284 [preauth]
Sep 29 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23316]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: Successful su for rubyman by root
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: + ??? root:rubyman
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315563 of user rubyman.
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23403]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315563.
Sep 29 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: Failed password for root from 162.144.236.216 port 53306 ssh2
Sep 29 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: Connection closed by 162.144.236.216 port 53306 [preauth]
Sep 29 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23318]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20190]: pam_unix(cron:session): session closed for user root
Sep 29 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Failed password for root from 162.144.236.216 port 59650 ssh2
Sep 29 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Connection closed by 162.144.236.216 port 59650 [preauth]
Sep 29 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Failed password for root from 162.144.236.216 port 39004 ssh2
Sep 29 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Connection closed by 162.144.236.216 port 39004 [preauth]
Sep 29 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: Failed password for root from 162.144.236.216 port 44708 ssh2
Sep 29 15:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: Connection closed by 162.144.236.216 port 44708 [preauth]
Sep 29 15:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session closed for user root
Sep 29 15:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Failed password for root from 162.144.236.216 port 50964 ssh2
Sep 29 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Invalid user moni from 185.50.38.169
Sep 29 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: input_userauth_request: invalid user moni [preauth]
Sep 29 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Connection closed by 162.144.236.216 port 50964 [preauth]
Sep 29 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Failed password for invalid user moni from 185.50.38.169 port 24374 ssh2
Sep 29 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Received disconnect from 185.50.38.169 port 24374:11: Bye Bye [preauth]
Sep 29 15:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Disconnected from 185.50.38.169 port 24374 [preauth]
Sep 29 15:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23941]: Failed password for root from 162.144.236.216 port 57510 ssh2
Sep 29 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23941]: Connection closed by 162.144.236.216 port 57510 [preauth]
Sep 29 15:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Failed password for root from 162.144.236.216 port 34308 ssh2
Sep 29 15:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Connection closed by 162.144.236.216 port 34308 [preauth]
Sep 29 15:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24010]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24008]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24089]: Successful su for rubyman by root
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24089]: + ??? root:rubyman
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315567 of user rubyman.
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24089]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315567.
Sep 29 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Failed password for root from 162.144.236.216 port 42564 ssh2
Sep 29 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Connection closed by 162.144.236.216 port 42564 [preauth]
Sep 29 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20720]: pam_unix(cron:session): session closed for user root
Sep 29 15:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24009]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Failed password for root from 162.144.236.216 port 50336 ssh2
Sep 29 15:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Connection closed by 162.144.236.216 port 50336 [preauth]
Sep 29 15:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24328]: Failed password for root from 162.144.236.216 port 56526 ssh2
Sep 29 15:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24328]: Connection closed by 162.144.236.216 port 56526 [preauth]
Sep 29 15:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: Failed password for root from 162.144.236.216 port 34064 ssh2
Sep 29 15:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24362]: Connection closed by 162.144.236.216 port 34064 [preauth]
Sep 29 15:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: Failed password for root from 162.144.236.216 port 42070 ssh2
Sep 29 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22552]: pam_unix(cron:session): session closed for user root
Sep 29 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: Connection closed by 162.144.236.216 port 42070 [preauth]
Sep 29 15:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: Failed password for root from 162.144.236.216 port 48396 ssh2
Sep 29 15:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: Connection closed by 162.144.236.216 port 48396 [preauth]
Sep 29 15:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Invalid user mohit from 185.50.38.169
Sep 29 15:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: input_userauth_request: invalid user mohit [preauth]
Sep 29 15:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Failed password for invalid user mohit from 185.50.38.169 port 40176 ssh2
Sep 29 15:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Received disconnect from 185.50.38.169 port 40176:11: Bye Bye [preauth]
Sep 29 15:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Disconnected from 185.50.38.169 port 40176 [preauth]
Sep 29 15:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: Failed password for root from 162.144.236.216 port 53054 ssh2
Sep 29 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Invalid user tushar from 152.200.181.42
Sep 29 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: input_userauth_request: invalid user tushar [preauth]
Sep 29 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Failed password for invalid user tushar from 152.200.181.42 port 40420 ssh2
Sep 29 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Received disconnect from 152.200.181.42 port 40420:11: Bye Bye [preauth]
Sep 29 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Disconnected from 152.200.181.42 port 40420 [preauth]
Sep 29 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: Connection closed by 162.144.236.216 port 53054 [preauth]
Sep 29 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: Successful su for rubyman by root
Sep 29 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: + ??? root:rubyman
Sep 29 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315571 of user rubyman.
Sep 29 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315571.
Sep 29 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21184]: pam_unix(cron:session): session closed for user root
Sep 29 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24503]: Failed password for root from 162.144.236.216 port 60320 ssh2
Sep 29 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24503]: Connection closed by 162.144.236.216 port 60320 [preauth]
Sep 29 15:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Connection closed by 91.196.152.14 port 55271 [preauth]
Sep 29 15:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: Failed password for root from 162.144.236.216 port 39556 ssh2
Sep 29 15:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: Connection closed by 162.144.236.216 port 39556 [preauth]
Sep 29 15:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23320]: pam_unix(cron:session): session closed for user root
Sep 29 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.206.72.2  user=root
Sep 29 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Failed password for root from 103.206.72.2 port 32800 ssh2
Sep 29 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Received disconnect from 103.206.72.2 port 32800:11: Bye Bye [preauth]
Sep 29 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Disconnected from 103.206.72.2 port 32800 [preauth]
Sep 29 15:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Failed password for root from 162.144.236.216 port 48248 ssh2
Sep 29 15:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24869]: Connection closed by 162.144.236.216 port 48248 [preauth]
Sep 29 15:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Failed password for root from 162.144.236.216 port 55826 ssh2
Sep 29 15:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Connection closed by 162.144.236.216 port 55826 [preauth]
Sep 29 15:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Failed password for root from 185.50.38.169 port 38660 ssh2
Sep 29 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Received disconnect from 185.50.38.169 port 38660:11: Bye Bye [preauth]
Sep 29 15:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Disconnected from 185.50.38.169 port 38660 [preauth]
Sep 29 15:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for root from 162.144.236.216 port 34104 ssh2
Sep 29 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Connection closed by 162.144.236.216 port 34104 [preauth]
Sep 29 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Connection closed by 91.196.152.88 port 39049 [preauth]
Sep 29 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: Successful su for rubyman by root
Sep 29 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: + ??? root:rubyman
Sep 29 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315575 of user rubyman.
Sep 29 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25055]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315575.
Sep 29 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Invalid user scan from 93.152.230.176
Sep 29 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: input_userauth_request: invalid user scan [preauth]
Sep 29 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Failed password for root from 162.144.236.216 port 41454 ssh2
Sep 29 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session closed for user root
Sep 29 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Connection closed by 162.144.236.216 port 41454 [preauth]
Sep 29 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Failed password for invalid user scan from 93.152.230.176 port 13063 ssh2
Sep 29 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Received disconnect from 93.152.230.176 port 13063:11: Client disconnecting normally [preauth]
Sep 29 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Disconnected from 93.152.230.176 port 13063 [preauth]
Sep 29 15:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Invalid user  from 170.64.171.45
Sep 29 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: input_userauth_request: invalid user  [preauth]
Sep 29 15:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Failed password for root from 162.144.236.216 port 47332 ssh2
Sep 29 15:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Connection closed by 162.144.236.216 port 47332 [preauth]
Sep 29 15:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Connection closed by 170.64.171.45 port 48950 [preauth]
Sep 29 15:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Failed password for root from 162.144.236.216 port 55004 ssh2
Sep 29 15:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Connection closed by 162.144.236.216 port 55004 [preauth]
Sep 29 15:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Failed password for root from 162.144.236.216 port 33394 ssh2
Sep 29 15:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Connection closed by 162.144.236.216 port 33394 [preauth]
Sep 29 15:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session closed for user root
Sep 29 15:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Failed password for root from 162.144.236.216 port 40854 ssh2
Sep 29 15:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Connection closed by 162.144.236.216 port 40854 [preauth]
Sep 29 15:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Failed password for root from 162.144.236.216 port 45914 ssh2
Sep 29 15:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Connection closed by 162.144.236.216 port 45914 [preauth]
Sep 29 15:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Failed password for root from 162.144.236.216 port 52224 ssh2
Sep 29 15:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Connection closed by 162.144.236.216 port 52224 [preauth]
Sep 29 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Failed password for root from 185.50.38.169 port 40832 ssh2
Sep 29 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Received disconnect from 185.50.38.169 port 40832:11: Bye Bye [preauth]
Sep 29 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25672]: Disconnected from 185.50.38.169 port 40832 [preauth]
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25692]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session closed for user root
Sep 29 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25688]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: Successful su for rubyman by root
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: + ??? root:rubyman
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315583 of user rubyman.
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25768]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315583.
Sep 29 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: Failed password for root from 162.144.236.216 port 59088 ssh2
Sep 29 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: Connection closed by 162.144.236.216 port 59088 [preauth]
Sep 29 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user root
Sep 29 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session closed for user root
Sep 29 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25689]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: Failed password for root from 162.144.236.216 port 37578 ssh2
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: Connection closed by 162.144.236.216 port 37578 [preauth]
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Invalid user vr from 167.99.55.34
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: input_userauth_request: invalid user vr [preauth]
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Failed password for invalid user vr from 167.99.55.34 port 48634 ssh2
Sep 29 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Connection closed by 167.99.55.34 port 48634 [preauth]
Sep 29 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Invalid user khan from 152.200.181.42
Sep 29 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: input_userauth_request: invalid user khan [preauth]
Sep 29 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for invalid user khan from 152.200.181.42 port 52774 ssh2
Sep 29 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Received disconnect from 152.200.181.42 port 52774:11: Bye Bye [preauth]
Sep 29 15:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Disconnected from 152.200.181.42 port 52774 [preauth]
Sep 29 15:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for root from 162.144.236.216 port 44452 ssh2
Sep 29 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Connection closed by 162.144.236.216 port 44452 [preauth]
Sep 29 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Failed password for root from 162.144.236.216 port 51788 ssh2
Sep 29 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26167]: Connection closed by 162.144.236.216 port 51788 [preauth]
Sep 29 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session closed for user root
Sep 29 15:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Failed password for root from 162.144.236.216 port 56782 ssh2
Sep 29 15:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Connection closed by 162.144.236.216 port 56782 [preauth]
Sep 29 15:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Failed password for root from 162.144.236.216 port 36006 ssh2
Sep 29 15:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26236]: Connection closed by 162.144.236.216 port 36006 [preauth]
Sep 29 15:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: Failed password for root from 162.144.236.216 port 44540 ssh2
Sep 29 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: Connection closed by 162.144.236.216 port 44540 [preauth]
Sep 29 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Invalid user logviewer from 185.50.38.169
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: input_userauth_request: invalid user logviewer [preauth]
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: Successful su for rubyman by root
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: + ??? root:rubyman
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315587 of user rubyman.
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315587.
Sep 29 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Failed password for invalid user logviewer from 185.50.38.169 port 59996 ssh2
Sep 29 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Received disconnect from 185.50.38.169 port 59996:11: Bye Bye [preauth]
Sep 29 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Disconnected from 185.50.38.169 port 59996 [preauth]
Sep 29 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Failed password for root from 162.144.236.216 port 50514 ssh2
Sep 29 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Connection closed by 162.144.236.216 port 50514 [preauth]
Sep 29 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22551]: pam_unix(cron:session): session closed for user root
Sep 29 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Failed password for root from 162.144.236.216 port 59950 ssh2
Sep 29 15:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Connection closed by 162.144.236.216 port 59950 [preauth]
Sep 29 15:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Failed password for root from 162.144.236.216 port 40804 ssh2
Sep 29 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Connection closed by 162.144.236.216 port 40804 [preauth]
Sep 29 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: Failed password for root from 162.144.236.216 port 48248 ssh2
Sep 29 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26805]: Connection closed by 162.144.236.216 port 48248 [preauth]
Sep 29 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24992]: pam_unix(cron:session): session closed for user root
Sep 29 15:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Failed password for root from 162.144.236.216 port 54512 ssh2
Sep 29 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Connection closed by 162.144.236.216 port 54512 [preauth]
Sep 29 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Failed password for root from 162.144.236.216 port 60226 ssh2
Sep 29 15:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Connection closed by 162.144.236.216 port 60226 [preauth]
Sep 29 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Failed password for root from 162.144.236.216 port 40438 ssh2
Sep 29 15:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Connection closed by 162.144.236.216 port 40438 [preauth]
Sep 29 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: Successful su for rubyman by root
Sep 29 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: + ??? root:rubyman
Sep 29 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315590 of user rubyman.
Sep 29 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315590.
Sep 29 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23319]: pam_unix(cron:session): session closed for user root
Sep 29 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: Failed password for root from 162.144.236.216 port 48050 ssh2
Sep 29 15:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169  user=root
Sep 29 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: Connection closed by 162.144.236.216 port 48050 [preauth]
Sep 29 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: Failed password for root from 185.50.38.169 port 45484 ssh2
Sep 29 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: Received disconnect from 185.50.38.169 port 45484:11: Bye Bye [preauth]
Sep 29 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: Disconnected from 185.50.38.169 port 45484 [preauth]
Sep 29 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Failed password for root from 162.144.236.216 port 55888 ssh2
Sep 29 15:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Connection closed by 162.144.236.216 port 55888 [preauth]
Sep 29 15:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Failed password for root from 162.144.236.216 port 35606 ssh2
Sep 29 15:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Connection closed by 162.144.236.216 port 35606 [preauth]
Sep 29 15:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Invalid user test from 152.200.181.42
Sep 29 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: input_userauth_request: invalid user test [preauth]
Sep 29 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Failed password for invalid user test from 152.200.181.42 port 36902 ssh2
Sep 29 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Received disconnect from 152.200.181.42 port 36902:11: Bye Bye [preauth]
Sep 29 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Disconnected from 152.200.181.42 port 36902 [preauth]
Sep 29 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25692]: pam_unix(cron:session): session closed for user root
Sep 29 15:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: Failed password for root from 162.144.236.216 port 42160 ssh2
Sep 29 15:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: Connection closed by 162.144.236.216 port 42160 [preauth]
Sep 29 15:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Failed password for root from 162.144.236.216 port 49300 ssh2
Sep 29 15:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Did not receive identification string from 196.251.114.29
Sep 29 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Connection closed by 162.144.236.216 port 49300 [preauth]
Sep 29 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Failed password for root from 162.144.236.216 port 54436 ssh2
Sep 29 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Connection closed by 162.144.236.216 port 54436 [preauth]
Sep 29 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27726]: Successful su for rubyman by root
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27726]: + ??? root:rubyman
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315594 of user rubyman.
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27726]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315594.
Sep 29 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Failed password for root from 162.144.236.216 port 35018 ssh2
Sep 29 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27474]: Connection closed by 162.144.236.216 port 35018 [preauth]
Sep 29 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24010]: pam_unix(cron:session): session closed for user root
Sep 29 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27495]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93  user=root
Sep 29 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for root from 194.0.234.93 port 40650 ssh2
Sep 29 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Failed password for root from 162.144.236.216 port 41180 ssh2
Sep 29 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Connection closed by 194.0.234.93 port 40650 [preauth]
Sep 29 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Connection closed by 162.144.236.216 port 41180 [preauth]
Sep 29 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Invalid user hyodol from 185.50.38.169
Sep 29 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: input_userauth_request: invalid user hyodol [preauth]
Sep 29 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.169
Sep 29 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Failed password for root from 162.144.236.216 port 49696 ssh2
Sep 29 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Failed password for invalid user hyodol from 185.50.38.169 port 1214 ssh2
Sep 29 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Received disconnect from 185.50.38.169 port 1214:11: Bye Bye [preauth]
Sep 29 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Disconnected from 185.50.38.169 port 1214 [preauth]
Sep 29 15:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Connection closed by 162.144.236.216 port 49696 [preauth]
Sep 29 15:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Failed password for root from 162.144.236.216 port 56808 ssh2
Sep 29 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27987]: Connection closed by 162.144.236.216 port 56808 [preauth]
Sep 29 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session closed for user root
Sep 29 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Failed password for root from 162.144.236.216 port 36396 ssh2
Sep 29 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Connection closed by 162.144.236.216 port 36396 [preauth]
Sep 29 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Failed password for root from 162.144.236.216 port 42084 ssh2
Sep 29 15:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Connection closed by 162.144.236.216 port 42084 [preauth]
Sep 29 15:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for root from 162.144.236.216 port 46224 ssh2
Sep 29 15:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 162.144.236.216 port 46224 [preauth]
Sep 29 15:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Failed password for root from 162.144.236.216 port 52320 ssh2
Sep 29 15:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Connection closed by 162.144.236.216 port 52320 [preauth]
Sep 29 15:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28133]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: Successful su for rubyman by root
Sep 29 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: + ??? root:rubyman
Sep 29 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315597 of user rubyman.
Sep 29 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315597.
Sep 29 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28127]: pam_unix(cron:session): session closed for user root
Sep 29 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session closed for user root
Sep 29 15:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Failed password for root from 162.144.236.216 port 57408 ssh2
Sep 29 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Connection closed by 162.144.236.216 port 57408 [preauth]
Sep 29 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28130]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Failed password for root from 162.144.236.216 port 36292 ssh2
Sep 29 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Connection closed by 162.144.236.216 port 36292 [preauth]
Sep 29 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Invalid user amt from 164.68.105.9
Sep 29 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: input_userauth_request: invalid user amt [preauth]
Sep 29 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Failed password for invalid user amt from 164.68.105.9 port 50982 ssh2
Sep 29 15:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28655]: Connection closed by 164.68.105.9 port 50982 [preauth]
Sep 29 15:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Failed password for root from 162.144.236.216 port 43282 ssh2
Sep 29 15:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Connection closed by 162.144.236.216 port 43282 [preauth]
Sep 29 15:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: Failed password for root from 162.144.236.216 port 50994 ssh2
Sep 29 15:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: Connection closed by 162.144.236.216 port 50994 [preauth]
Sep 29 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session closed for user root
Sep 29 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28729]: Failed password for root from 162.144.236.216 port 57472 ssh2
Sep 29 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28729]: Connection closed by 162.144.236.216 port 57472 [preauth]
Sep 29 15:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Failed password for root from 162.144.236.216 port 34554 ssh2
Sep 29 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28761]: Connection closed by 162.144.236.216 port 34554 [preauth]
Sep 29 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Failed password for root from 162.144.236.216 port 41654 ssh2
Sep 29 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Connection closed by 162.144.236.216 port 41654 [preauth]
Sep 29 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Invalid user cod2server from 152.200.181.42
Sep 29 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: input_userauth_request: invalid user cod2server [preauth]
Sep 29 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user cod2server from 152.200.181.42 port 49249 ssh2
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28827]: pam_unix(cron:session): session closed for user root
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28822]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Received disconnect from 152.200.181.42 port 49249:11: Bye Bye [preauth]
Sep 29 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Disconnected from 152.200.181.42 port 49249 [preauth]
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: Successful su for rubyman by root
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: + ??? root:rubyman
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315605 of user rubyman.
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315605.
Sep 29 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session closed for user root
Sep 29 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Failed password for root from 162.144.236.216 port 48674 ssh2
Sep 29 15:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session closed for user root
Sep 29 15:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Connection closed by 162.144.236.216 port 48674 [preauth]
Sep 29 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for root from 162.144.236.216 port 54938 ssh2
Sep 29 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 162.144.236.216 port 54938 [preauth]
Sep 29 15:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Failed password for root from 162.144.236.216 port 34210 ssh2
Sep 29 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Connection closed by 162.144.236.216 port 34210 [preauth]
Sep 29 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: Failed password for root from 162.144.236.216 port 42780 ssh2
Sep 29 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session closed for user root
Sep 29 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29344]: Connection closed by 162.144.236.216 port 42780 [preauth]
Sep 29 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Failed password for root from 162.144.236.216 port 48748 ssh2
Sep 29 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Connection closed by 162.144.236.216 port 48748 [preauth]
Sep 29 15:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: Successful su for rubyman by root
Sep 29 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: + ??? root:rubyman
Sep 29 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315608 of user rubyman.
Sep 29 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315608.
Sep 29 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session closed for user root
Sep 29 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Failed password for root from 162.144.236.216 port 56618 ssh2
Sep 29 15:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Connection closed by 162.144.236.216 port 56618 [preauth]
Sep 29 15:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Failed password for root from 162.144.236.216 port 37014 ssh2
Sep 29 15:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Connection closed by 162.144.236.216 port 37014 [preauth]
Sep 29 15:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Failed password for root from 162.144.236.216 port 42108 ssh2
Sep 29 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Connection closed by 162.144.236.216 port 42108 [preauth]
Sep 29 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28133]: pam_unix(cron:session): session closed for user root
Sep 29 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Failed password for root from 162.144.236.216 port 48482 ssh2
Sep 29 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Connection closed by 162.144.236.216 port 48482 [preauth]
Sep 29 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Failed password for root from 162.144.236.216 port 56396 ssh2
Sep 29 15:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Connection closed by 162.144.236.216 port 56396 [preauth]
Sep 29 15:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: Failed password for root from 162.144.236.216 port 35912 ssh2
Sep 29 15:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29911]: Connection closed by 162.144.236.216 port 35912 [preauth]
Sep 29 15:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: Successful su for rubyman by root
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: + ??? root:rubyman
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315613 of user rubyman.
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315613.
Sep 29 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Failed password for root from 162.144.236.216 port 41128 ssh2
Sep 29 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Connection closed by 162.144.236.216 port 41128 [preauth]
Sep 29 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session closed for user root
Sep 29 15:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Failed password for root from 162.144.236.216 port 48398 ssh2
Sep 29 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Connection closed by 162.144.236.216 port 48398 [preauth]
Sep 29 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: Invalid user weblogic from 152.200.181.42
Sep 29 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: input_userauth_request: invalid user weblogic [preauth]
Sep 29 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Failed password for root from 162.144.236.216 port 55368 ssh2
Sep 29 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: Failed password for invalid user weblogic from 152.200.181.42 port 33391 ssh2
Sep 29 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: Received disconnect from 152.200.181.42 port 33391:11: Bye Bye [preauth]
Sep 29 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30296]: Disconnected from 152.200.181.42 port 33391 [preauth]
Sep 29 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Connection closed by 162.144.236.216 port 55368 [preauth]
Sep 29 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for root from 162.144.236.216 port 34806 ssh2
Sep 29 15:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Connection closed by 162.144.236.216 port 34806 [preauth]
Sep 29 15:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28826]: pam_unix(cron:session): session closed for user root
Sep 29 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Failed password for root from 162.144.236.216 port 42654 ssh2
Sep 29 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Connection closed by 162.144.236.216 port 42654 [preauth]
Sep 29 15:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: Failed password for root from 162.144.236.216 port 49912 ssh2
Sep 29 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30395]: Connection closed by 162.144.236.216 port 49912 [preauth]
Sep 29 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Invalid user vr from 167.99.55.34
Sep 29 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: input_userauth_request: invalid user vr [preauth]
Sep 29 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for root from 162.144.236.216 port 55804 ssh2
Sep 29 15:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Failed password for invalid user vr from 167.99.55.34 port 57202 ssh2
Sep 29 15:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Connection closed by 167.99.55.34 port 57202 [preauth]
Sep 29 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Connection closed by 162.144.236.216 port 55804 [preauth]
Sep 29 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30517]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30518]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30514]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: Successful su for rubyman by root
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: + ??? root:rubyman
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315618 of user rubyman.
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315618.
Sep 29 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for root from 162.144.236.216 port 33038 ssh2
Sep 29 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Connection closed by 162.144.236.216 port 33038 [preauth]
Sep 29 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session closed for user root
Sep 29 15:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Failed password for root from 162.144.236.216 port 40440 ssh2
Sep 29 15:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Connection closed by 162.144.236.216 port 40440 [preauth]
Sep 29 15:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Failed password for root from 162.144.236.216 port 46694 ssh2
Sep 29 15:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30848]: Connection closed by 162.144.236.216 port 46694 [preauth]
Sep 29 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Failed password for root from 162.144.236.216 port 51890 ssh2
Sep 29 15:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Connection closed by 162.144.236.216 port 51890 [preauth]
Sep 29 15:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29451]: pam_unix(cron:session): session closed for user root
Sep 29 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30910]: Failed password for root from 162.144.236.216 port 58716 ssh2
Sep 29 15:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30910]: Connection closed by 162.144.236.216 port 58716 [preauth]
Sep 29 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for root from 162.144.236.216 port 38902 ssh2
Sep 29 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Connection closed by 162.144.236.216 port 38902 [preauth]
Sep 29 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: Failed password for root from 162.144.236.216 port 44676 ssh2
Sep 29 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: Connection closed by 162.144.236.216 port 44676 [preauth]
Sep 29 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31026]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Failed password for root from 162.144.236.216 port 51758 ssh2
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31103]: Successful su for rubyman by root
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31103]: + ??? root:rubyman
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315621 of user rubyman.
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31103]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315621.
Sep 29 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Connection closed by 162.144.236.216 port 51758 [preauth]
Sep 29 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session closed for user root
Sep 29 15:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31027]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Sep 29 15:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: Failed password for root from 80.94.95.116 port 47422 ssh2
Sep 29 15:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: Connection closed by 80.94.95.116 port 47422 [preauth]
Sep 29 15:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Failed password for root from 162.144.236.216 port 59032 ssh2
Sep 29 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Connection closed by 162.144.236.216 port 59032 [preauth]
Sep 29 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session closed for user root
Sep 29 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: Failed password for root from 162.144.236.216 port 38380 ssh2
Sep 29 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31348]: Connection closed by 162.144.236.216 port 38380 [preauth]
Sep 29 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Invalid user ubuntu from 152.200.181.42
Sep 29 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Failed password for invalid user ubuntu from 152.200.181.42 port 45729 ssh2
Sep 29 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Received disconnect from 152.200.181.42 port 45729:11: Bye Bye [preauth]
Sep 29 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Disconnected from 152.200.181.42 port 45729 [preauth]
Sep 29 15:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Failed password for root from 162.144.236.216 port 46002 ssh2
Sep 29 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Connection closed by 162.144.236.216 port 46002 [preauth]
Sep 29 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Failed password for root from 162.144.236.216 port 53982 ssh2
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Connection closed by 162.144.236.216 port 53982 [preauth]
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session closed for user root
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31609]: Successful su for rubyman by root
Sep 29 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31609]: + ??? root:rubyman
Sep 29 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315626 of user rubyman.
Sep 29 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31609]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315626.
Sep 29 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
Sep 29 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session closed for user root
Sep 29 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Failed password for root from 162.144.236.216 port 58990 ssh2
Sep 29 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Connection closed by 162.144.236.216 port 58990 [preauth]
Sep 29 15:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Failed password for root from 162.144.236.216 port 36010 ssh2
Sep 29 15:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Connection closed by 162.144.236.216 port 36010 [preauth]
Sep 29 15:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Failed password for root from 162.144.236.216 port 41476 ssh2
Sep 29 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Connection closed by 162.144.236.216 port 41476 [preauth]
Sep 29 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30518]: pam_unix(cron:session): session closed for user root
Sep 29 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Failed password for root from 162.144.236.216 port 48214 ssh2
Sep 29 15:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31912]: Connection closed by 162.144.236.216 port 48214 [preauth]
Sep 29 15:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Failed password for root from 162.144.236.216 port 53814 ssh2
Sep 29 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Connection closed by 162.144.236.216 port 53814 [preauth]
Sep 29 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Failed password for root from 162.144.236.216 port 59356 ssh2
Sep 29 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Connection closed by 162.144.236.216 port 59356 [preauth]
Sep 29 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Failed password for root from 162.144.236.216 port 37426 ssh2
Sep 29 15:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Connection closed by 162.144.236.216 port 37426 [preauth]
Sep 29 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32012]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32090]: Successful su for rubyman by root
Sep 29 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32090]: + ??? root:rubyman
Sep 29 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315630 of user rubyman.
Sep 29 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32090]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315630.
Sep 29 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28825]: pam_unix(cron:session): session closed for user root
Sep 29 15:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: Failed password for root from 162.144.236.216 port 42740 ssh2
Sep 29 15:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32014]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: Connection closed by 162.144.236.216 port 42740 [preauth]
Sep 29 15:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Invalid user daniel from 46.101.170.54
Sep 29 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: input_userauth_request: invalid user daniel [preauth]
Sep 29 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 29 15:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Failed password for invalid user daniel from 46.101.170.54 port 33066 ssh2
Sep 29 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Connection closed by 46.101.170.54 port 33066 [preauth]
Sep 29 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Failed password for root from 162.144.236.216 port 49010 ssh2
Sep 29 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Connection closed by 162.144.236.216 port 49010 [preauth]
Sep 29 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Failed password for root from 162.144.236.216 port 55568 ssh2
Sep 29 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Connection closed by 162.144.236.216 port 55568 [preauth]
Sep 29 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Failed password for root from 162.144.236.216 port 59646 ssh2
Sep 29 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Connection closed by 162.144.236.216 port 59646 [preauth]
Sep 29 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31029]: pam_unix(cron:session): session closed for user root
Sep 29 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Failed password for root from 162.144.236.216 port 39650 ssh2
Sep 29 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Connection closed by 162.144.236.216 port 39650 [preauth]
Sep 29 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Failed password for root from 170.64.171.45 port 60128 ssh2
Sep 29 15:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Connection closed by 170.64.171.45 port 60128 [preauth]
Sep 29 15:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Failed password for root from 162.144.236.216 port 47380 ssh2
Sep 29 15:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Connection closed by 162.144.236.216 port 47380 [preauth]
Sep 29 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Invalid user pi from 170.64.171.45
Sep 29 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: input_userauth_request: invalid user pi [preauth]
Sep 29 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Failed password for invalid user pi from 170.64.171.45 port 37254 ssh2
Sep 29 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Connection closed by 170.64.171.45 port 37254 [preauth]
Sep 29 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Invalid user hive from 170.64.171.45
Sep 29 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: input_userauth_request: invalid user hive [preauth]
Sep 29 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Failed password for invalid user hive from 170.64.171.45 port 37270 ssh2
Sep 29 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Connection closed by 170.64.171.45 port 37270 [preauth]
Sep 29 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Invalid user git from 170.64.171.45
Sep 29 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: input_userauth_request: invalid user git [preauth]
Sep 29 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: Failed password for root from 162.144.236.216 port 54520 ssh2
Sep 29 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32454]: Connection closed by 162.144.236.216 port 54520 [preauth]
Sep 29 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Failed password for invalid user git from 170.64.171.45 port 37274 ssh2
Sep 29 15:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Connection closed by 170.64.171.45 port 37274 [preauth]
Sep 29 15:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Invalid user wang from 170.64.171.45
Sep 29 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: input_userauth_request: invalid user wang [preauth]
Sep 29 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32555]: Successful su for rubyman by root
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32555]: + ??? root:rubyman
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315636 of user rubyman.
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32555]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315636.
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Failed password for invalid user wang from 170.64.171.45 port 57130 ssh2
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Connection closed by 170.64.171.45 port 57130 [preauth]
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Connection closed by 152.200.181.42 port 58085 [preauth]
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: Invalid user nginx from 170.64.171.45
Sep 29 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: input_userauth_request: invalid user nginx [preauth]
Sep 29 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: Invalid user ocadmin from 190.103.202.7
Sep 29 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: input_userauth_request: invalid user ocadmin [preauth]
Sep 29 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Failed password for root from 162.144.236.216 port 60666 ssh2
Sep 29 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: Failed password for invalid user nginx from 170.64.171.45 port 57142 ssh2
Sep 29 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: Connection closed by 170.64.171.45 port 57142 [preauth]
Sep 29 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user root
Sep 29 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32471]: Connection closed by 162.144.236.216 port 60666 [preauth]
Sep 29 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: Failed password for invalid user ocadmin from 190.103.202.7 port 32844 ssh2
Sep 29 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: Invalid user mongo from 170.64.171.45
Sep 29 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: input_userauth_request: invalid user mongo [preauth]
Sep 29 15:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32656]: Connection closed by 190.103.202.7 port 32844 [preauth]
Sep 29 15:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: Failed password for invalid user mongo from 170.64.171.45 port 57150 ssh2
Sep 29 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32743]: Connection closed by 170.64.171.45 port 57150 [preauth]
Sep 29 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Invalid user user from 170.64.171.45
Sep 29 15:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: input_userauth_request: invalid user user [preauth]
Sep 29 15:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Failed password for root from 162.144.236.216 port 39142 ssh2
Sep 29 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Failed password for invalid user user from 170.64.171.45 port 55294 ssh2
Sep 29 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Connection closed by 170.64.171.45 port 55294 [preauth]
Sep 29 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Connection closed by 162.144.236.216 port 39142 [preauth]
Sep 29 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: Invalid user oracle from 170.64.171.45
Sep 29 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: Failed password for invalid user oracle from 170.64.171.45 port 55296 ssh2
Sep 29 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[318]: Connection closed by 170.64.171.45 port 55296 [preauth]
Sep 29 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Invalid user gpadmin from 170.64.171.45
Sep 29 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: input_userauth_request: invalid user gpadmin [preauth]
Sep 29 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Failed password for invalid user gpadmin from 170.64.171.45 port 55310 ssh2
Sep 29 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Connection closed by 170.64.171.45 port 55310 [preauth]
Sep 29 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: Failed password for root from 162.144.236.216 port 44892 ssh2
Sep 29 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[321]: Connection closed by 162.144.236.216 port 44892 [preauth]
Sep 29 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Failed password for root from 170.64.171.45 port 35824 ssh2
Sep 29 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[347]: Connection closed by 170.64.171.45 port 35824 [preauth]
Sep 29 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Invalid user esroot from 170.64.171.45
Sep 29 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: input_userauth_request: invalid user esroot [preauth]
Sep 29 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Failed password for invalid user esroot from 170.64.171.45 port 35840 ssh2
Sep 29 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Connection closed by 170.64.171.45 port 35840 [preauth]
Sep 29 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Invalid user gitlab from 170.64.171.45
Sep 29 15:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Failed password for invalid user gitlab from 170.64.171.45 port 35846 ssh2
Sep 29 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Failed password for root from 162.144.236.216 port 51712 ssh2
Sep 29 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Connection closed by 170.64.171.45 port 35846 [preauth]
Sep 29 15:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Connection closed by 162.144.236.216 port 51712 [preauth]
Sep 29 15:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: Invalid user apache from 170.64.171.45
Sep 29 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: input_userauth_request: invalid user apache [preauth]
Sep 29 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: Failed password for invalid user apache from 170.64.171.45 port 42208 ssh2
Sep 29 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[390]: Connection closed by 170.64.171.45 port 42208 [preauth]
Sep 29 15:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: Failed password for root from 170.64.171.45 port 42224 ssh2
Sep 29 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Failed password for root from 162.144.236.216 port 56792 ssh2
Sep 29 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: Connection closed by 170.64.171.45 port 42224 [preauth]
Sep 29 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Connection closed by 162.144.236.216 port 56792 [preauth]
Sep 29 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session closed for user root
Sep 29 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Failed password for root from 170.64.171.45 port 42236 ssh2
Sep 29 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Connection closed by 170.64.171.45 port 42236 [preauth]
Sep 29 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: Invalid user user from 170.64.171.45
Sep 29 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: input_userauth_request: invalid user user [preauth]
Sep 29 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: Failed password for invalid user user from 170.64.171.45 port 50498 ssh2
Sep 29 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Failed password for root from 162.144.236.216 port 34420 ssh2
Sep 29 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[456]: Connection closed by 170.64.171.45 port 50498 [preauth]
Sep 29 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Connection closed by 162.144.236.216 port 34420 [preauth]
Sep 29 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: Invalid user lighthouse from 170.64.171.45
Sep 29 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: input_userauth_request: invalid user lighthouse [preauth]
Sep 29 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: Failed password for invalid user lighthouse from 170.64.171.45 port 50506 ssh2
Sep 29 15:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[469]: Connection closed by 170.64.171.45 port 50506 [preauth]
Sep 29 15:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Invalid user flask from 170.64.171.45
Sep 29 15:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: input_userauth_request: invalid user flask [preauth]
Sep 29 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Failed password for invalid user flask from 170.64.171.45 port 50518 ssh2
Sep 29 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Connection closed by 170.64.171.45 port 50518 [preauth]
Sep 29 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Invalid user user1 from 170.64.171.45
Sep 29 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: input_userauth_request: invalid user user1 [preauth]
Sep 29 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Failed password for root from 162.144.236.216 port 40696 ssh2
Sep 29 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Connection closed by 162.144.236.216 port 40696 [preauth]
Sep 29 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Failed password for invalid user user1 from 170.64.171.45 port 36984 ssh2
Sep 29 15:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Connection closed by 170.64.171.45 port 36984 [preauth]
Sep 29 15:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Invalid user hadoop from 170.64.171.45
Sep 29 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Failed password for invalid user hadoop from 170.64.171.45 port 36986 ssh2
Sep 29 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Connection closed by 170.64.171.45 port 36986 [preauth]
Sep 29 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: Invalid user oracle from 170.64.171.45
Sep 29 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: Failed password for root from 162.144.236.216 port 46738 ssh2
Sep 29 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: Failed password for invalid user oracle from 170.64.171.45 port 36996 ssh2
Sep 29 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[519]: Connection closed by 170.64.171.45 port 36996 [preauth]
Sep 29 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: Connection closed by 162.144.236.216 port 46738 [preauth]
Sep 29 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: Invalid user test from 170.64.171.45
Sep 29 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: input_userauth_request: invalid user test [preauth]
Sep 29 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[539]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[536]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[600]: Successful su for rubyman by root
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[600]: + ??? root:rubyman
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315639 of user rubyman.
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[600]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315639.
Sep 29 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: Failed password for invalid user test from 170.64.171.45 port 33664 ssh2
Sep 29 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: Connection closed by 170.64.171.45 port 33664 [preauth]
Sep 29 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session closed for user root
Sep 29 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Failed password for root from 170.64.171.45 port 33678 ssh2
Sep 29 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Connection closed by 170.64.171.45 port 33678 [preauth]
Sep 29 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: Invalid user developer from 170.64.171.45
Sep 29 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: input_userauth_request: invalid user developer [preauth]
Sep 29 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Failed password for root from 162.144.236.216 port 53662 ssh2
Sep 29 15:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[537]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Connection closed by 162.144.236.216 port 53662 [preauth]
Sep 29 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: Failed password for invalid user developer from 170.64.171.45 port 33690 ssh2
Sep 29 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: Connection closed by 170.64.171.45 port 33690 [preauth]
Sep 29 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Failed password for root from 170.64.171.45 port 33936 ssh2
Sep 29 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[816]: Connection closed by 170.64.171.45 port 33936 [preauth]
Sep 29 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: User mysql from 170.64.171.45 not allowed because not listed in AllowUsers
Sep 29 15:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: input_userauth_request: invalid user mysql [preauth]
Sep 29 15:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=mysql
Sep 29 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for invalid user mysql from 170.64.171.45 port 33948 ssh2
Sep 29 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Connection closed by 170.64.171.45 port 33948 [preauth]
Sep 29 15:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Failed password for root from 162.144.236.216 port 60844 ssh2
Sep 29 15:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Connection closed by 162.144.236.216 port 60844 [preauth]
Sep 29 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: Failed password for root from 170.64.171.45 port 33956 ssh2
Sep 29 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[885]: Connection closed by 170.64.171.45 port 33956 [preauth]
Sep 29 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Invalid user tom from 170.64.171.45
Sep 29 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: input_userauth_request: invalid user tom [preauth]
Sep 29 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Failed password for invalid user tom from 170.64.171.45 port 42628 ssh2
Sep 29 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Connection closed by 170.64.171.45 port 42628 [preauth]
Sep 29 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Failed password for root from 170.64.171.45 port 42638 ssh2
Sep 29 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Connection closed by 170.64.171.45 port 42638 [preauth]
Sep 29 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Invalid user oscar from 170.64.171.45
Sep 29 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: input_userauth_request: invalid user oscar [preauth]
Sep 29 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Failed password for root from 162.144.236.216 port 39440 ssh2
Sep 29 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for invalid user oscar from 170.64.171.45 port 42640 ssh2
Sep 29 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Connection closed by 170.64.171.45 port 42640 [preauth]
Sep 29 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Connection closed by 162.144.236.216 port 39440 [preauth]
Sep 29 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: Failed password for root from 170.64.171.45 port 55468 ssh2
Sep 29 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: Connection closed by 170.64.171.45 port 55468 [preauth]
Sep 29 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32016]: pam_unix(cron:session): session closed for user root
Sep 29 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Failed password for root from 170.64.171.45 port 55482 ssh2
Sep 29 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Connection closed by 170.64.171.45 port 55482 [preauth]
Sep 29 15:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Invalid user user1 from 170.64.171.45
Sep 29 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: input_userauth_request: invalid user user1 [preauth]
Sep 29 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Failed password for invalid user user1 from 170.64.171.45 port 55492 ssh2
Sep 29 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Connection closed by 170.64.171.45 port 55492 [preauth]
Sep 29 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: Failed password for root from 170.64.171.45 port 47052 ssh2
Sep 29 15:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: Connection closed by 170.64.171.45 port 47052 [preauth]
Sep 29 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: Invalid user flink from 170.64.171.45
Sep 29 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: input_userauth_request: invalid user flink [preauth]
Sep 29 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: Failed password for root from 162.144.236.216 port 45898 ssh2
Sep 29 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: Failed password for invalid user flink from 170.64.171.45 port 47064 ssh2
Sep 29 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1056]: Connection closed by 170.64.171.45 port 47064 [preauth]
Sep 29 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Invalid user apache from 170.64.171.45
Sep 29 15:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: input_userauth_request: invalid user apache [preauth]
Sep 29 15:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Failed password for invalid user apache from 170.64.171.45 port 47074 ssh2
Sep 29 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1074]: Connection closed by 170.64.171.45 port 47074 [preauth]
Sep 29 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: Connection closed by 162.144.236.216 port 45898 [preauth]
Sep 29 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Failed password for root from 170.64.171.45 port 40442 ssh2
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1089]: Connection closed by 170.64.171.45 port 40442 [preauth]
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Invalid user nginx from 170.64.171.45
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: input_userauth_request: invalid user nginx [preauth]
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Failed password for invalid user nginx from 170.64.171.45 port 40446 ssh2
Sep 29 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Connection closed by 170.64.171.45 port 40446 [preauth]
Sep 29 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Invalid user esuser from 170.64.171.45
Sep 29 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: input_userauth_request: invalid user esuser [preauth]
Sep 29 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Failed password for invalid user esuser from 170.64.171.45 port 40450 ssh2
Sep 29 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Connection closed by 170.64.171.45 port 40450 [preauth]
Sep 29 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: Failed password for root from 162.144.236.216 port 54668 ssh2
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: Failed password for root from 170.64.171.45 port 34206 ssh2
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: Connection closed by 170.64.171.45 port 34206 [preauth]
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1183]: Successful su for rubyman by root
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1183]: + ??? root:rubyman
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315643 of user rubyman.
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1183]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315643.
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Invalid user git from 170.64.171.45
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: input_userauth_request: invalid user git [preauth]
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: Connection closed by 162.144.236.216 port 54668 [preauth]
Sep 29 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Failed password for invalid user git from 170.64.171.45 port 34220 ssh2
Sep 29 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Connection closed by 170.64.171.45 port 34220 [preauth]
Sep 29 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30517]: pam_unix(cron:session): session closed for user root
Sep 29 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Invalid user postgres from 170.64.171.45
Sep 29 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: input_userauth_request: invalid user postgres [preauth]
Sep 29 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Failed password for invalid user postgres from 170.64.171.45 port 34232 ssh2
Sep 29 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Connection closed by 170.64.171.45 port 34232 [preauth]
Sep 29 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: Invalid user svnuser from 170.64.171.45
Sep 29 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: input_userauth_request: invalid user svnuser [preauth]
Sep 29 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for root from 162.144.236.216 port 33594 ssh2
Sep 29 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: Failed password for invalid user svnuser from 170.64.171.45 port 38484 ssh2
Sep 29 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: Connection closed by 170.64.171.45 port 38484 [preauth]
Sep 29 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Invalid user dolphinscheduler from 170.64.171.45
Sep 29 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Connection closed by 162.144.236.216 port 33594 [preauth]
Sep 29 15:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Failed password for invalid user dolphinscheduler from 170.64.171.45 port 38496 ssh2
Sep 29 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Connection closed by 170.64.171.45 port 38496 [preauth]
Sep 29 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: Failed password for root from 170.64.171.45 port 38498 ssh2
Sep 29 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: Connection closed by 170.64.171.45 port 38498 [preauth]
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Invalid user plexserver from 170.64.171.45
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: input_userauth_request: invalid user plexserver [preauth]
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: Failed password for root from 162.144.236.216 port 41974 ssh2
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Invalid user me from 152.200.181.42
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: input_userauth_request: invalid user me [preauth]
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Failed password for invalid user plexserver from 170.64.171.45 port 59910 ssh2
Sep 29 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: Connection closed by 162.144.236.216 port 41974 [preauth]
Sep 29 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Connection closed by 170.64.171.45 port 59910 [preauth]
Sep 29 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Invalid user sonar from 170.64.171.45
Sep 29 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: input_userauth_request: invalid user sonar [preauth]
Sep 29 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Failed password for invalid user me from 152.200.181.42 port 42200 ssh2
Sep 29 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Received disconnect from 152.200.181.42 port 42200:11: Bye Bye [preauth]
Sep 29 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Disconnected from 152.200.181.42 port 42200 [preauth]
Sep 29 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Failed password for invalid user sonar from 170.64.171.45 port 59918 ssh2
Sep 29 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Connection closed by 170.64.171.45 port 59918 [preauth]
Sep 29 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: Invalid user app from 170.64.171.45
Sep 29 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: input_userauth_request: invalid user app [preauth]
Sep 29 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: Failed password for invalid user app from 170.64.171.45 port 59930 ssh2
Sep 29 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1500]: Connection closed by 170.64.171.45 port 59930 [preauth]
Sep 29 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Failed password for root from 162.144.236.216 port 47212 ssh2
Sep 29 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Invalid user tools from 170.64.171.45
Sep 29 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: input_userauth_request: invalid user tools [preauth]
Sep 29 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Connection closed by 162.144.236.216 port 47212 [preauth]
Sep 29 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Failed password for invalid user tools from 170.64.171.45 port 35210 ssh2
Sep 29 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Connection closed by 170.64.171.45 port 35210 [preauth]
Sep 29 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: Invalid user lighthouse from 170.64.171.45
Sep 29 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: input_userauth_request: invalid user lighthouse [preauth]
Sep 29 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user root
Sep 29 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: Failed password for invalid user lighthouse from 170.64.171.45 port 35222 ssh2
Sep 29 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1526]: Connection closed by 170.64.171.45 port 35222 [preauth]
Sep 29 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1557]: User mysql from 170.64.171.45 not allowed because not listed in AllowUsers
Sep 29 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1557]: input_userauth_request: invalid user mysql [preauth]
Sep 29 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=mysql
Sep 29 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco rhost=::ffff:79.124.49.146
Sep 29 15:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1557]: Failed password for invalid user mysql from 170.64.171.45 port 35234 ssh2
Sep 29 15:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1557]: Connection closed by 170.64.171.45 port 35234 [preauth]
Sep 29 15:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: Failed password for root from 170.64.171.45 port 35246 ssh2
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: Connection closed by 170.64.171.45 port 35246 [preauth]
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Invalid user gpadmin from 170.64.171.45
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: input_userauth_request: invalid user gpadmin [preauth]
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Failed password for root from 162.144.236.216 port 53100 ssh2
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Invalid user squid from 62.60.131.157
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: input_userauth_request: invalid user squid [preauth]
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Failed password for invalid user gpadmin from 170.64.171.45 port 39768 ssh2
Sep 29 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for invalid user squid from 62.60.131.157 port 62385 ssh2
Sep 29 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Connection closed by 170.64.171.45 port 39768 [preauth]
Sep 29 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1525]: Connection closed by 162.144.236.216 port 53100 [preauth]
Sep 29 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Invalid user oracle from 170.64.171.45
Sep 29 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for invalid user squid from 62.60.131.157 port 62385 ssh2
Sep 29 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Failed password for invalid user oracle from 170.64.171.45 port 39780 ssh2
Sep 29 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Connection closed by 170.64.171.45 port 39780 [preauth]
Sep 29 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for invalid user squid from 62.60.131.157 port 62385 ssh2
Sep 29 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: Failed password for root from 170.64.171.45 port 39790 ssh2
Sep 29 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for invalid user squid from 62.60.131.157 port 62385 ssh2
Sep 29 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: Connection closed by 170.64.171.45 port 39790 [preauth]
Sep 29 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Invalid user www from 170.64.171.45
Sep 29 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: input_userauth_request: invalid user www [preauth]
Sep 29 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for invalid user squid from 62.60.131.157 port 62385 ssh2
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Failed password for invalid user www from 170.64.171.45 port 57078 ssh2
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Connection closed by 170.64.171.45 port 57078 [preauth]
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Received disconnect from 62.60.131.157 port 62385:11: Bye [preauth]
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Disconnected from 62.60.131.157 port 62385 [preauth]
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Failed password for root from 170.64.171.45 port 57090 ssh2
Sep 29 15:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Connection closed by 170.64.171.45 port 57090 [preauth]
Sep 29 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Invalid user oscar from 170.64.171.45
Sep 29 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: input_userauth_request: invalid user oscar [preauth]
Sep 29 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for invalid user oscar from 170.64.171.45 port 57106 ssh2
Sep 29 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Failed password for root from 162.144.236.216 port 60722 ssh2
Sep 29 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Connection closed by 170.64.171.45 port 57106 [preauth]
Sep 29 15:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Invalid user test from 170.64.171.45
Sep 29 15:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: input_userauth_request: invalid user test [preauth]
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Connection closed by 162.144.236.216 port 60722 [preauth]
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1675]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1676]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1678]: pam_unix(cron:session): session closed for user root
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1673]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1757]: Successful su for rubyman by root
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1757]: + ??? root:rubyman
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315648 of user rubyman.
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1757]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315648.
Sep 29 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Failed password for invalid user test from 170.64.171.45 port 48526 ssh2
Sep 29 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1668]: Connection closed by 170.64.171.45 port 48526 [preauth]
Sep 29 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Invalid user admin from 170.64.171.45
Sep 29 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1675]: pam_unix(cron:session): session closed for user root
Sep 29 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31028]: pam_unix(cron:session): session closed for user root
Sep 29 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Failed password for invalid user admin from 170.64.171.45 port 48538 ssh2
Sep 29 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Connection closed by 170.64.171.45 port 48538 [preauth]
Sep 29 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1674]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Failed password for root from 170.64.171.45 port 48546 ssh2
Sep 29 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1970]: Connection closed by 170.64.171.45 port 48546 [preauth]
Sep 29 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: Invalid user app from 170.64.171.45
Sep 29 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: input_userauth_request: invalid user app [preauth]
Sep 29 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: Failed password for invalid user app from 170.64.171.45 port 52958 ssh2
Sep 29 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2003]: Connection closed by 170.64.171.45 port 52958 [preauth]
Sep 29 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Invalid user elastic from 170.64.171.45
Sep 29 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: input_userauth_request: invalid user elastic [preauth]
Sep 29 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Failed password for invalid user elastic from 170.64.171.45 port 52962 ssh2
Sep 29 15:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Connection closed by 170.64.171.45 port 52962 [preauth]
Sep 29 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Failed password for root from 162.144.236.216 port 39848 ssh2
Sep 29 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1745]: Connection closed by 162.144.236.216 port 39848 [preauth]
Sep 29 15:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: Failed password for root from 170.64.171.45 port 52972 ssh2
Sep 29 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: Connection closed by 170.64.171.45 port 52972 [preauth]
Sep 29 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Invalid user guest from 170.64.171.45
Sep 29 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: input_userauth_request: invalid user guest [preauth]
Sep 29 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for invalid user guest from 170.64.171.45 port 45412 ssh2
Sep 29 15:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Connection closed by 170.64.171.45 port 45412 [preauth]
Sep 29 15:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Failed password for root from 162.144.236.216 port 49704 ssh2
Sep 29 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Connection closed by 162.144.236.216 port 49704 [preauth]
Sep 29 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2048]: Failed password for root from 170.64.171.45 port 45420 ssh2
Sep 29 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2048]: Connection closed by 170.64.171.45 port 45420 [preauth]
Sep 29 15:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: Invalid user sonar from 170.64.171.45
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: input_userauth_request: invalid user sonar [preauth]
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Invalid user vr from 167.99.55.34
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: input_userauth_request: invalid user vr [preauth]
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: Failed password for invalid user sonar from 170.64.171.45 port 45432 ssh2
Sep 29 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2075]: Connection closed by 170.64.171.45 port 45432 [preauth]
Sep 29 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Failed password for invalid user vr from 167.99.55.34 port 49624 ssh2
Sep 29 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Connection closed by 167.99.55.34 port 49624 [preauth]
Sep 29 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: Invalid user jumpserver from 170.64.171.45
Sep 29 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: input_userauth_request: invalid user jumpserver [preauth]
Sep 29 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Failed password for root from 162.144.236.216 port 56596 ssh2
Sep 29 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Connection closed by 162.144.236.216 port 56596 [preauth]
Sep 29 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: Failed password for invalid user jumpserver from 170.64.171.45 port 54616 ssh2
Sep 29 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: Connection closed by 170.64.171.45 port 54616 [preauth]
Sep 29 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Invalid user tom from 170.64.171.45
Sep 29 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: input_userauth_request: invalid user tom [preauth]
Sep 29 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[539]: pam_unix(cron:session): session closed for user root
Sep 29 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Failed password for invalid user tom from 170.64.171.45 port 54632 ssh2
Sep 29 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Connection closed by 170.64.171.45 port 54632 [preauth]
Sep 29 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Failed password for root from 170.64.171.45 port 54634 ssh2
Sep 29 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2120]: Connection closed by 170.64.171.45 port 54634 [preauth]
Sep 29 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Invalid user git from 170.64.171.45
Sep 29 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: input_userauth_request: invalid user git [preauth]
Sep 29 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Failed password for invalid user git from 170.64.171.45 port 51512 ssh2
Sep 29 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2134]: Connection closed by 170.64.171.45 port 51512 [preauth]
Sep 29 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for root from 162.144.236.216 port 34118 ssh2
Sep 29 15:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Invalid user ranger from 170.64.171.45
Sep 29 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: input_userauth_request: invalid user ranger [preauth]
Sep 29 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 162.144.236.216 port 34118 [preauth]
Sep 29 15:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Failed password for invalid user ranger from 170.64.171.45 port 51524 ssh2
Sep 29 15:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2145]: Connection closed by 170.64.171.45 port 51524 [preauth]
Sep 29 15:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Failed password for root from 170.64.171.45 port 51538 ssh2
Sep 29 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Connection closed by 170.64.171.45 port 51538 [preauth]
Sep 29 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Invalid user appuser from 170.64.171.45
Sep 29 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: input_userauth_request: invalid user appuser [preauth]
Sep 29 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for invalid user appuser from 170.64.171.45 port 51470 ssh2
Sep 29 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 170.64.171.45 port 51470 [preauth]
Sep 29 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Invalid user tom from 170.64.171.45
Sep 29 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: input_userauth_request: invalid user tom [preauth]
Sep 29 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Failed password for root from 162.144.236.216 port 43652 ssh2
Sep 29 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Connection closed by 162.144.236.216 port 43652 [preauth]
Sep 29 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Failed password for invalid user tom from 170.64.171.45 port 51478 ssh2
Sep 29 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Connection closed by 170.64.171.45 port 51478 [preauth]
Sep 29 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: Failed password for root from 170.64.171.45 port 51490 ssh2
Sep 29 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: Connection closed by 170.64.171.45 port 51490 [preauth]
Sep 29 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: Invalid user ubuntu from 170.64.171.45
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: Successful su for rubyman by root
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: + ??? root:rubyman
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315654 of user rubyman.
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315654.
Sep 29 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: Failed password for invalid user ubuntu from 170.64.171.45 port 44734 ssh2
Sep 29 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2211]: Connection closed by 170.64.171.45 port 44734 [preauth]
Sep 29 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: Failed password for root from 162.144.236.216 port 52774 ssh2
Sep 29 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: Connection closed by 162.144.236.216 port 52774 [preauth]
Sep 29 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Invalid user elsearch from 170.64.171.45
Sep 29 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: input_userauth_request: invalid user elsearch [preauth]
Sep 29 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Failed password for invalid user elsearch from 170.64.171.45 port 44742 ssh2
Sep 29 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Connection closed by 170.64.171.45 port 44742 [preauth]
Sep 29 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31523]: pam_unix(cron:session): session closed for user root
Sep 29 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Invalid user nginx from 170.64.171.45
Sep 29 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: input_userauth_request: invalid user nginx [preauth]
Sep 29 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Failed password for invalid user nginx from 170.64.171.45 port 44746 ssh2
Sep 29 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Connection closed by 170.64.171.45 port 44746 [preauth]
Sep 29 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Invalid user rancher from 170.64.171.45
Sep 29 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: input_userauth_request: invalid user rancher [preauth]
Sep 29 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Failed password for invalid user rancher from 170.64.171.45 port 48318 ssh2
Sep 29 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Connection closed by 170.64.171.45 port 48318 [preauth]
Sep 29 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Failed password for root from 162.144.236.216 port 58840 ssh2
Sep 29 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Connection closed by 162.144.236.216 port 58840 [preauth]
Sep 29 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: Failed password for root from 170.64.171.45 port 48326 ssh2
Sep 29 15:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: Connection closed by 170.64.171.45 port 48326 [preauth]
Sep 29 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Invalid user rancher from 170.64.171.45
Sep 29 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: input_userauth_request: invalid user rancher [preauth]
Sep 29 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Failed password for invalid user rancher from 170.64.171.45 port 48338 ssh2
Sep 29 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2540]: Connection closed by 170.64.171.45 port 48338 [preauth]
Sep 29 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Invalid user es from 170.64.171.45
Sep 29 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: input_userauth_request: invalid user es [preauth]
Sep 29 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Failed password for root from 162.144.236.216 port 39526 ssh2
Sep 29 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Failed password for invalid user es from 170.64.171.45 port 34432 ssh2
Sep 29 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Connection closed by 170.64.171.45 port 34432 [preauth]
Sep 29 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Connection closed by 162.144.236.216 port 39526 [preauth]
Sep 29 15:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: Failed password for root from 170.64.171.45 port 34436 ssh2
Sep 29 15:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: Connection closed by 170.64.171.45 port 34436 [preauth]
Sep 29 15:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: Invalid user user from 170.64.171.45
Sep 29 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: input_userauth_request: invalid user user [preauth]
Sep 29 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: Failed password for invalid user user from 170.64.171.45 port 34448 ssh2
Sep 29 15:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2582]: Connection closed by 170.64.171.45 port 34448 [preauth]
Sep 29 15:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Failed password for root from 162.144.236.216 port 46982 ssh2
Sep 29 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2558]: Connection closed by 162.144.236.216 port 46982 [preauth]
Sep 29 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Failed password for root from 170.64.171.45 port 47068 ssh2
Sep 29 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2585]: Connection closed by 170.64.171.45 port 47068 [preauth]
Sep 29 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session closed for user root
Sep 29 15:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Invalid user uftp from 170.64.171.45
Sep 29 15:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: input_userauth_request: invalid user uftp [preauth]
Sep 29 15:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Failed password for invalid user uftp from 170.64.171.45 port 47074 ssh2
Sep 29 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Connection closed by 170.64.171.45 port 47074 [preauth]
Sep 29 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Invalid user data from 170.64.171.45
Sep 29 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: input_userauth_request: invalid user data [preauth]
Sep 29 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: Failed password for root from 162.144.236.216 port 53900 ssh2
Sep 29 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2595]: Connection closed by 162.144.236.216 port 53900 [preauth]
Sep 29 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user data from 170.64.171.45 port 47086 ssh2
Sep 29 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Connection closed by 170.64.171.45 port 47086 [preauth]
Sep 29 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Invalid user bigdata from 170.64.171.45
Sep 29 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: input_userauth_request: invalid user bigdata [preauth]
Sep 29 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Failed password for invalid user bigdata from 170.64.171.45 port 44708 ssh2
Sep 29 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Failed password for root from 152.200.181.42 port 54561 ssh2
Sep 29 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Connection closed by 170.64.171.45 port 44708 [preauth]
Sep 29 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user oracle from 170.64.171.45
Sep 29 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Received disconnect from 152.200.181.42 port 54561:11: Bye Bye [preauth]
Sep 29 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Disconnected from 152.200.181.42 port 54561 [preauth]
Sep 29 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: Failed password for root from 162.144.236.216 port 58810 ssh2
Sep 29 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user oracle from 170.64.171.45 port 44740 ssh2
Sep 29 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: Connection closed by 162.144.236.216 port 58810 [preauth]
Sep 29 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Connection closed by 170.64.171.45 port 44740 [preauth]
Sep 29 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: Invalid user plex from 170.64.171.45
Sep 29 15:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: input_userauth_request: invalid user plex [preauth]
Sep 29 15:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: Failed password for invalid user plex from 170.64.171.45 port 44760 ssh2
Sep 29 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2673]: Connection closed by 170.64.171.45 port 44760 [preauth]
Sep 29 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: Invalid user steam from 170.64.171.45
Sep 29 15:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: input_userauth_request: invalid user steam [preauth]
Sep 29 15:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Failed password for root from 162.144.236.216 port 36744 ssh2
Sep 29 15:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: Failed password for invalid user steam from 170.64.171.45 port 46678 ssh2
Sep 29 15:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2677]: Connection closed by 170.64.171.45 port 46678 [preauth]
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2669]: Connection closed by 162.144.236.216 port 36744 [preauth]
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: Invalid user esuser from 170.64.171.45
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: input_userauth_request: invalid user esuser [preauth]
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: Failed password for invalid user esuser from 170.64.171.45 port 46690 ssh2
Sep 29 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2688]: Connection closed by 170.64.171.45 port 46690 [preauth]
Sep 29 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Invalid user observer from 170.64.171.45
Sep 29 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: input_userauth_request: invalid user observer [preauth]
Sep 29 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Failed password for invalid user observer from 170.64.171.45 port 46696 ssh2
Sep 29 15:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2692]: Connection closed by 170.64.171.45 port 46696 [preauth]
Sep 29 15:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Failed password for root from 162.144.236.216 port 43630 ssh2
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Invalid user docker from 170.64.171.45
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: input_userauth_request: invalid user docker [preauth]
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Connection closed by 162.144.236.216 port 43630 [preauth]
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2775]: Successful su for rubyman by root
Sep 29 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2775]: + ??? root:rubyman
Sep 29 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315656 of user rubyman.
Sep 29 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2775]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315656.
Sep 29 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Failed password for invalid user docker from 170.64.171.45 port 60120 ssh2
Sep 29 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Connection closed by 170.64.171.45 port 60120 [preauth]
Sep 29 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Invalid user user from 170.64.171.45
Sep 29 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: input_userauth_request: invalid user user [preauth]
Sep 29 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32015]: pam_unix(cron:session): session closed for user root
Sep 29 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Failed password for invalid user user from 170.64.171.45 port 60132 ssh2
Sep 29 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Connection closed by 170.64.171.45 port 60132 [preauth]
Sep 29 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Invalid user elastic from 170.64.171.45
Sep 29 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: input_userauth_request: invalid user elastic [preauth]
Sep 29 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Failed password for invalid user elastic from 170.64.171.45 port 60148 ssh2
Sep 29 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Connection closed by 170.64.171.45 port 60148 [preauth]
Sep 29 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Invalid user oracle from 170.64.171.45
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Invalid user admin from 62.60.131.157
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Failed password for root from 162.144.236.216 port 48402 ssh2
Sep 29 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Failed password for invalid user oracle from 170.64.171.45 port 59372 ssh2
Sep 29 15:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Connection closed by 170.64.171.45 port 59372 [preauth]
Sep 29 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for invalid user admin from 62.60.131.157 port 62731 ssh2
Sep 29 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Connection closed by 162.144.236.216 port 48402 [preauth]
Sep 29 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Invalid user postgres from 170.64.171.45
Sep 29 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: input_userauth_request: invalid user postgres [preauth]
Sep 29 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for invalid user admin from 62.60.131.157 port 62731 ssh2
Sep 29 15:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Failed password for invalid user postgres from 170.64.171.45 port 59374 ssh2
Sep 29 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Connection closed by 170.64.171.45 port 59374 [preauth]
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for invalid user admin from 62.60.131.157 port 62731 ssh2
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Invalid user ts from 170.64.171.45
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: input_userauth_request: invalid user ts [preauth]
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for invalid user admin from 62.60.131.157 port 62731 ssh2
Sep 29 15:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Failed password for invalid user ts from 170.64.171.45 port 59390 ssh2
Sep 29 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Connection closed by 170.64.171.45 port 59390 [preauth]
Sep 29 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Failed password for invalid user admin from 62.60.131.157 port 62731 ssh2
Sep 29 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Received disconnect from 62.60.131.157 port 62731:11: Bye [preauth]
Sep 29 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: Disconnected from 62.60.131.157 port 62731 [preauth]
Sep 29 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2989]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Failed password for root from 170.64.171.45 port 46634 ssh2
Sep 29 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Connection closed by 170.64.171.45 port 46634 [preauth]
Sep 29 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: Failed password for root from 162.144.236.216 port 58408 ssh2
Sep 29 15:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: Connection closed by 162.144.236.216 port 58408 [preauth]
Sep 29 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Invalid user ftpuser from 170.64.171.45
Sep 29 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Failed password for invalid user ftpuser from 170.64.171.45 port 46646 ssh2
Sep 29 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Connection closed by 170.64.171.45 port 46646 [preauth]
Sep 29 15:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Invalid user test from 170.64.171.45
Sep 29 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: input_userauth_request: invalid user test [preauth]
Sep 29 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Failed password for invalid user test from 170.64.171.45 port 46650 ssh2
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3063]: Connection closed by 170.64.171.45 port 46650 [preauth]
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Failed password for root from 162.144.236.216 port 37488 ssh2
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: Connection closed by 162.144.236.216 port 37488 [preauth]
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Invalid user gitlab from 170.64.171.45
Sep 29 15:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user gitlab from 170.64.171.45 port 39246 ssh2
Sep 29 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Connection closed by 170.64.171.45 port 39246 [preauth]
Sep 29 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Invalid user guest from 170.64.171.45
Sep 29 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: input_userauth_request: invalid user guest [preauth]
Sep 29 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session closed for user root
Sep 29 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Failed password for root from 162.144.236.216 port 43374 ssh2
Sep 29 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for invalid user guest from 170.64.171.45 port 39256 ssh2
Sep 29 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 170.64.171.45 port 39256 [preauth]
Sep 29 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Connection closed by 162.144.236.216 port 43374 [preauth]
Sep 29 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Invalid user worker from 170.64.171.45
Sep 29 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: input_userauth_request: invalid user worker [preauth]
Sep 29 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Failed password for invalid user worker from 170.64.171.45 port 39270 ssh2
Sep 29 15:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Connection closed by 170.64.171.45 port 39270 [preauth]
Sep 29 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Invalid user flask from 170.64.171.45
Sep 29 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: input_userauth_request: invalid user flask [preauth]
Sep 29 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Failed password for invalid user flask from 170.64.171.45 port 47118 ssh2
Sep 29 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Connection closed by 170.64.171.45 port 47118 [preauth]
Sep 29 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Invalid user gpuadmin from 170.64.171.45
Sep 29 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: input_userauth_request: invalid user gpuadmin [preauth]
Sep 29 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Failed password for root from 162.144.236.216 port 48016 ssh2
Sep 29 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Failed password for invalid user gpuadmin from 170.64.171.45 port 47120 ssh2
Sep 29 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Connection closed by 170.64.171.45 port 47120 [preauth]
Sep 29 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3103]: Connection closed by 162.144.236.216 port 48016 [preauth]
Sep 29 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: Invalid user zabbix from 170.64.171.45
Sep 29 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: input_userauth_request: invalid user zabbix [preauth]
Sep 29 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: Failed password for invalid user zabbix from 170.64.171.45 port 47132 ssh2
Sep 29 15:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3142]: Connection closed by 170.64.171.45 port 47132 [preauth]
Sep 29 15:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: Failed password for root from 170.64.171.45 port 57252 ssh2
Sep 29 15:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3155]: Connection closed by 170.64.171.45 port 57252 [preauth]
Sep 29 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Invalid user flask from 170.64.171.45
Sep 29 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: input_userauth_request: invalid user flask [preauth]
Sep 29 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: Failed password for root from 162.144.236.216 port 56194 ssh2
Sep 29 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3144]: Connection closed by 162.144.236.216 port 56194 [preauth]
Sep 29 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Failed password for invalid user flask from 170.64.171.45 port 57256 ssh2
Sep 29 15:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Connection closed by 170.64.171.45 port 57256 [preauth]
Sep 29 15:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Invalid user gitlab from 170.64.171.45
Sep 29 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Failed password for invalid user gitlab from 170.64.171.45 port 57262 ssh2
Sep 29 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3170]: Connection closed by 170.64.171.45 port 57262 [preauth]
Sep 29 15:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Invalid user testuser from 170.64.171.45
Sep 29 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: input_userauth_request: invalid user testuser [preauth]
Sep 29 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3185]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Failed password for root from 162.144.236.216 port 35024 ssh2
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Failed password for invalid user testuser from 170.64.171.45 port 33786 ssh2
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3251]: Successful su for rubyman by root
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3251]: + ??? root:rubyman
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315662 of user rubyman.
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3251]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315662.
Sep 29 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Connection closed by 170.64.171.45 port 33786 [preauth]
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Connection closed by 162.144.236.216 port 35024 [preauth]
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Invalid user postgres from 170.64.171.45
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: input_userauth_request: invalid user postgres [preauth]
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user root
Sep 29 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Failed password for invalid user postgres from 170.64.171.45 port 33788 ssh2
Sep 29 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Connection closed by 170.64.171.45 port 33788 [preauth]
Sep 29 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Invalid user jenkins from 170.64.171.45
Sep 29 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: input_userauth_request: invalid user jenkins [preauth]
Sep 29 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3186]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Failed password for invalid user jenkins from 170.64.171.45 port 33804 ssh2
Sep 29 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Connection closed by 170.64.171.45 port 33804 [preauth]
Sep 29 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Failed password for root from 162.144.236.216 port 41952 ssh2
Sep 29 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Connection closed by 162.144.236.216 port 41952 [preauth]
Sep 29 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Failed password for root from 170.64.171.45 port 54180 ssh2
Sep 29 15:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Connection closed by 170.64.171.45 port 54180 [preauth]
Sep 29 15:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Invalid user admin from 170.64.171.45
Sep 29 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Failed password for invalid user admin from 170.64.171.45 port 54208 ssh2
Sep 29 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Connection closed by 170.64.171.45 port 54208 [preauth]
Sep 29 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Invalid user weblogic from 170.64.171.45
Sep 29 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: input_userauth_request: invalid user weblogic [preauth]
Sep 29 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: Failed password for root from 162.144.236.216 port 46870 ssh2
Sep 29 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Failed password for invalid user weblogic from 170.64.171.45 port 54226 ssh2
Sep 29 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Connection closed by 170.64.171.45 port 54226 [preauth]
Sep 29 15:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: Connection closed by 162.144.236.216 port 46870 [preauth]
Sep 29 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Invalid user centos from 170.64.171.45
Sep 29 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: input_userauth_request: invalid user centos [preauth]
Sep 29 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Failed password for invalid user centos from 170.64.171.45 port 57036 ssh2
Sep 29 15:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3506]: Connection closed by 170.64.171.45 port 57036 [preauth]
Sep 29 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Invalid user steam from 170.64.171.45
Sep 29 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: input_userauth_request: invalid user steam [preauth]
Sep 29 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: Failed password for root from 162.144.236.216 port 54544 ssh2
Sep 29 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Failed password for invalid user steam from 170.64.171.45 port 57038 ssh2
Sep 29 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Connection closed by 170.64.171.45 port 57038 [preauth]
Sep 29 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: Connection closed by 162.144.236.216 port 54544 [preauth]
Sep 29 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Invalid user test from 170.64.171.45
Sep 29 15:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: input_userauth_request: invalid user test [preauth]
Sep 29 15:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Failed password for invalid user test from 170.64.171.45 port 57046 ssh2
Sep 29 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Connection closed by 170.64.171.45 port 57046 [preauth]
Sep 29 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: Invalid user test from 170.64.171.45
Sep 29 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: input_userauth_request: invalid user test [preauth]
Sep 29 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: Failed password for invalid user test from 170.64.171.45 port 47080 ssh2
Sep 29 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3550]: Connection closed by 170.64.171.45 port 47080 [preauth]
Sep 29 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Failed password for root from 162.144.236.216 port 59728 ssh2
Sep 29 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Connection closed by 162.144.236.216 port 59728 [preauth]
Sep 29 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2217]: pam_unix(cron:session): session closed for user root
Sep 29 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Failed password for root from 170.64.171.45 port 47082 ssh2
Sep 29 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Connection closed by 170.64.171.45 port 47082 [preauth]
Sep 29 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Invalid user centos from 170.64.171.45
Sep 29 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: input_userauth_request: invalid user centos [preauth]
Sep 29 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for invalid user centos from 170.64.171.45 port 47084 ssh2
Sep 29 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Connection closed by 170.64.171.45 port 47084 [preauth]
Sep 29 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: Invalid user tomcat from 170.64.171.45
Sep 29 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: input_userauth_request: invalid user tomcat [preauth]
Sep 29 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: Failed password for root from 162.144.236.216 port 37780 ssh2
Sep 29 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3570]: Connection closed by 162.144.236.216 port 37780 [preauth]
Sep 29 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: Failed password for invalid user tomcat from 170.64.171.45 port 34898 ssh2
Sep 29 15:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3597]: Connection closed by 170.64.171.45 port 34898 [preauth]
Sep 29 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: User mysql from 170.64.171.45 not allowed because not listed in AllowUsers
Sep 29 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: input_userauth_request: invalid user mysql [preauth]
Sep 29 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=mysql
Sep 29 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: Failed password for invalid user mysql from 170.64.171.45 port 34906 ssh2
Sep 29 15:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3608]: Connection closed by 170.64.171.45 port 34906 [preauth]
Sep 29 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Failed password for root from 170.64.171.45 port 34908 ssh2
Sep 29 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Connection closed by 170.64.171.45 port 34908 [preauth]
Sep 29 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Failed password for root from 162.144.236.216 port 45712 ssh2
Sep 29 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Connection closed by 162.144.236.216 port 45712 [preauth]
Sep 29 15:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: Failed password for root from 170.64.171.45 port 57676 ssh2
Sep 29 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: Connection closed by 170.64.171.45 port 57676 [preauth]
Sep 29 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Invalid user zabbix from 170.64.171.45
Sep 29 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: input_userauth_request: invalid user zabbix [preauth]
Sep 29 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Failed password for invalid user zabbix from 170.64.171.45 port 57686 ssh2
Sep 29 15:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Connection closed by 170.64.171.45 port 57686 [preauth]
Sep 29 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Invalid user kubernetes from 170.64.171.45
Sep 29 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: input_userauth_request: invalid user kubernetes [preauth]
Sep 29 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Failed password for invalid user kubernetes from 170.64.171.45 port 57702 ssh2
Sep 29 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Connection closed by 170.64.171.45 port 57702 [preauth]
Sep 29 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 162.144.236.216 port 52198 ssh2
Sep 29 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Invalid user observer from 170.64.171.45
Sep 29 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: input_userauth_request: invalid user observer [preauth]
Sep 29 15:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Connection closed by 162.144.236.216 port 52198 [preauth]
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Failed password for root from 152.200.181.42 port 38683 ssh2
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3669]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3667]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Failed password for invalid user observer from 170.64.171.45 port 39776 ssh2
Sep 29 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Connection closed by 170.64.171.45 port 39776 [preauth]
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3739]: Successful su for rubyman by root
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3739]: + ??? root:rubyman
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315664 of user rubyman.
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3739]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315664.
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Received disconnect from 152.200.181.42 port 38683:11: Bye Bye [preauth]
Sep 29 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3653]: Disconnected from 152.200.181.42 port 38683 [preauth]
Sep 29 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Invalid user hadoop from 170.64.171.45
Sep 29 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Failed password for invalid user hadoop from 170.64.171.45 port 39788 ssh2
Sep 29 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[538]: pam_unix(cron:session): session closed for user root
Sep 29 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Connection closed by 170.64.171.45 port 39788 [preauth]
Sep 29 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Invalid user bot from 170.64.171.45
Sep 29 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: input_userauth_request: invalid user bot [preauth]
Sep 29 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Failed password for root from 162.144.236.216 port 59728 ssh2
Sep 29 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3668]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Connection closed by 162.144.236.216 port 59728 [preauth]
Sep 29 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Failed password for invalid user bot from 170.64.171.45 port 39804 ssh2
Sep 29 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Connection closed by 170.64.171.45 port 39804 [preauth]
Sep 29 15:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: Invalid user debianuser from 170.64.171.45
Sep 29 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: input_userauth_request: invalid user debianuser [preauth]
Sep 29 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: Failed password for invalid user debianuser from 170.64.171.45 port 41960 ssh2
Sep 29 15:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3954]: Connection closed by 170.64.171.45 port 41960 [preauth]
Sep 29 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Invalid user ranger from 170.64.171.45
Sep 29 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: input_userauth_request: invalid user ranger [preauth]
Sep 29 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Failed password for invalid user ranger from 170.64.171.45 port 41968 ssh2
Sep 29 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Connection closed by 170.64.171.45 port 41968 [preauth]
Sep 29 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Invalid user oracle from 170.64.171.45
Sep 29 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: Failed password for root from 162.144.236.216 port 37782 ssh2
Sep 29 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: Connection closed by 162.144.236.216 port 37782 [preauth]
Sep 29 15:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Failed password for invalid user oracle from 170.64.171.45 port 41980 ssh2
Sep 29 15:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Connection closed by 170.64.171.45 port 41980 [preauth]
Sep 29 15:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: User ftp from 170.64.171.45 not allowed because not listed in AllowUsers
Sep 29 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: input_userauth_request: invalid user ftp [preauth]
Sep 29 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=ftp
Sep 29 15:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: Failed password for invalid user ftp from 170.64.171.45 port 57322 ssh2
Sep 29 15:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: Connection closed by 170.64.171.45 port 57322 [preauth]
Sep 29 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Invalid user elastic from 170.64.171.45
Sep 29 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: input_userauth_request: invalid user elastic [preauth]
Sep 29 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Failed password for root from 162.144.236.216 port 44732 ssh2
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Failed password for invalid user elastic from 170.64.171.45 port 57334 ssh2
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Connection closed by 170.64.171.45 port 57334 [preauth]
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Invalid user user from 62.60.131.157
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: input_userauth_request: invalid user user [preauth]
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Connection closed by 162.144.236.216 port 44732 [preauth]
Sep 29 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user user from 62.60.131.157 port 26897 ssh2
Sep 29 15:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Failed password for root from 170.64.171.45 port 57350 ssh2
Sep 29 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4029]: Connection closed by 170.64.171.45 port 57350 [preauth]
Sep 29 15:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: Invalid user admin from 170.64.171.45
Sep 29 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user user from 62.60.131.157 port 26897 ssh2
Sep 29 15:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: Failed password for invalid user admin from 170.64.171.45 port 55264 ssh2
Sep 29 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: Connection closed by 170.64.171.45 port 55264 [preauth]
Sep 29 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user user from 62.60.131.157 port 26897 ssh2
Sep 29 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Invalid user default from 170.64.171.45
Sep 29 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: input_userauth_request: invalid user default [preauth]
Sep 29 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user user from 62.60.131.157 port 26897 ssh2
Sep 29 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Failed password for root from 162.144.236.216 port 52536 ssh2
Sep 29 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Connection closed by 162.144.236.216 port 52536 [preauth]
Sep 29 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Failed password for invalid user default from 170.64.171.45 port 55270 ssh2
Sep 29 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session closed for user root
Sep 29 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Connection closed by 170.64.171.45 port 55270 [preauth]
Sep 29 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Invalid user tomcat from 170.64.171.45
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: input_userauth_request: invalid user tomcat [preauth]
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user user from 62.60.131.157 port 26897 ssh2
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Received disconnect from 62.60.131.157 port 26897:11: Bye [preauth]
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Disconnected from 62.60.131.157 port 26897 [preauth]
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Failed password for invalid user tomcat from 170.64.171.45 port 55286 ssh2
Sep 29 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Connection closed by 170.64.171.45 port 55286 [preauth]
Sep 29 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Invalid user gitlab from 170.64.171.45
Sep 29 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 15:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Failed password for invalid user gitlab from 170.64.171.45 port 42800 ssh2
Sep 29 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Connection closed by 170.64.171.45 port 42800 [preauth]
Sep 29 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Failed password for root from 162.144.236.216 port 59462 ssh2
Sep 29 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Connection closed by 162.144.236.216 port 59462 [preauth]
Sep 29 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Failed password for root from 170.64.171.45 port 42804 ssh2
Sep 29 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Connection closed by 170.64.171.45 port 42804 [preauth]
Sep 29 15:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Invalid user hadoop from 170.64.171.45
Sep 29 15:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 15:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Failed password for invalid user hadoop from 170.64.171.45 port 42808 ssh2
Sep 29 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4115]: Connection closed by 170.64.171.45 port 42808 [preauth]
Sep 29 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Invalid user tools from 170.64.171.45
Sep 29 15:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: input_userauth_request: invalid user tools [preauth]
Sep 29 15:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Failed password for invalid user tools from 170.64.171.45 port 42812 ssh2
Sep 29 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Connection closed by 170.64.171.45 port 42812 [preauth]
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for root from 162.144.236.216 port 36798 ssh2
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Invalid user admin from 170.64.171.45
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 162.144.236.216 port 36798 [preauth]
Sep 29 15:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for invalid user admin from 170.64.171.45 port 37848 ssh2
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Connection closed by 170.64.171.45 port 37848 [preauth]
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Invalid user www from 170.64.171.45
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: input_userauth_request: invalid user www [preauth]
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Failed password for invalid user www from 170.64.171.45 port 37856 ssh2
Sep 29 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4164]: Connection closed by 170.64.171.45 port 37856 [preauth]
Sep 29 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Failed password for root from 162.144.236.216 port 44080 ssh2
Sep 29 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Failed password for root from 170.64.171.45 port 37872 ssh2
Sep 29 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Connection closed by 162.144.236.216 port 44080 [preauth]
Sep 29 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4166]: Connection closed by 170.64.171.45 port 37872 [preauth]
Sep 29 15:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user root
Sep 29 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4261]: Successful su for rubyman by root
Sep 29 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4261]: + ??? root:rubyman
Sep 29 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315669 of user rubyman.
Sep 29 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4261]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315669.
Sep 29 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for root from 170.64.171.45 port 39596 ssh2
Sep 29 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Connection closed by 170.64.171.45 port 39596 [preauth]
Sep 29 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: Invalid user es from 170.64.171.45
Sep 29 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: input_userauth_request: invalid user es [preauth]
Sep 29 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Failed password for root from 162.144.236.216 port 51192 ssh2
Sep 29 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user root
Sep 29 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4185]: pam_unix(cron:session): session closed for user root
Sep 29 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: Failed password for invalid user es from 170.64.171.45 port 39600 ssh2
Sep 29 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4339]: Connection closed by 170.64.171.45 port 39600 [preauth]
Sep 29 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4178]: Connection closed by 162.144.236.216 port 51192 [preauth]
Sep 29 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: Failed password for root from 170.64.171.45 port 39614 ssh2
Sep 29 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: Connection closed by 170.64.171.45 port 39614 [preauth]
Sep 29 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Invalid user oracle from 170.64.171.45
Sep 29 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for invalid user oracle from 170.64.171.45 port 51122 ssh2
Sep 29 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 170.64.171.45 port 51122 [preauth]
Sep 29 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Invalid user uftp from 170.64.171.45
Sep 29 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: input_userauth_request: invalid user uftp [preauth]
Sep 29 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: Failed password for root from 162.144.236.216 port 56166 ssh2
Sep 29 15:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4467]: Connection closed by 162.144.236.216 port 56166 [preauth]
Sep 29 15:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Failed password for invalid user uftp from 170.64.171.45 port 51132 ssh2
Sep 29 15:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4508]: Connection closed by 170.64.171.45 port 51132 [preauth]
Sep 29 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Invalid user flink from 170.64.171.45
Sep 29 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: input_userauth_request: invalid user flink [preauth]
Sep 29 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Failed password for invalid user flink from 170.64.171.45 port 51140 ssh2
Sep 29 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Connection closed by 170.64.171.45 port 51140 [preauth]
Sep 29 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: Invalid user gitlab-runner from 170.64.171.45
Sep 29 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 29 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: Failed password for invalid user gitlab-runner from 170.64.171.45 port 37632 ssh2
Sep 29 15:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: Connection closed by 170.64.171.45 port 37632 [preauth]
Sep 29 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Invalid user es from 170.64.171.45
Sep 29 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: input_userauth_request: invalid user es [preauth]
Sep 29 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Failed password for invalid user es from 170.64.171.45 port 37642 ssh2
Sep 29 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Connection closed by 170.64.171.45 port 37642 [preauth]
Sep 29 15:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Failed password for root from 162.144.236.216 port 36072 ssh2
Sep 29 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Invalid user oracle from 170.64.171.45
Sep 29 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Connection closed by 162.144.236.216 port 36072 [preauth]
Sep 29 15:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Failed password for invalid user oracle from 170.64.171.45 port 37654 ssh2
Sep 29 15:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Connection closed by 170.64.171.45 port 37654 [preauth]
Sep 29 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Invalid user ubnt from 170.64.171.45
Sep 29 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Failed password for invalid user ubnt from 170.64.171.45 port 38684 ssh2
Sep 29 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Connection closed by 170.64.171.45 port 38684 [preauth]
Sep 29 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Invalid user nvidia from 170.64.171.45
Sep 29 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: input_userauth_request: invalid user nvidia [preauth]
Sep 29 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for root from 162.144.236.216 port 45640 ssh2
Sep 29 15:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3188]: pam_unix(cron:session): session closed for user root
Sep 29 15:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Failed password for invalid user nvidia from 170.64.171.45 port 38692 ssh2
Sep 29 15:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Connection closed by 170.64.171.45 port 38692 [preauth]
Sep 29 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Connection closed by 162.144.236.216 port 45640 [preauth]
Sep 29 15:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for root from 170.64.171.45 port 38706 ssh2
Sep 29 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 170.64.171.45 port 38706 [preauth]
Sep 29 15:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Failed password for root from 170.64.171.45 port 42780 ssh2
Sep 29 15:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Failed password for root from 162.144.236.216 port 52598 ssh2
Sep 29 15:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Connection closed by 170.64.171.45 port 42780 [preauth]
Sep 29 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: Invalid user developer from 170.64.171.45
Sep 29 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: input_userauth_request: invalid user developer [preauth]
Sep 29 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Connection closed by 162.144.236.216 port 52598 [preauth]
Sep 29 15:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: Failed password for invalid user developer from 170.64.171.45 port 42786 ssh2
Sep 29 15:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4635]: Connection closed by 170.64.171.45 port 42786 [preauth]
Sep 29 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Failed password for root from 170.64.171.45 port 42798 ssh2
Sep 29 15:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4668]: Connection closed by 170.64.171.45 port 42798 [preauth]
Sep 29 15:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: User ftp from 170.64.171.45 not allowed because not listed in AllowUsers
Sep 29 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: input_userauth_request: invalid user ftp [preauth]
Sep 29 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=ftp
Sep 29 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Failed password for root from 162.144.236.216 port 58542 ssh2
Sep 29 15:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: Failed password for invalid user ftp from 170.64.171.45 port 52402 ssh2
Sep 29 15:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4679]: Connection closed by 170.64.171.45 port 52402 [preauth]
Sep 29 15:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Connection closed by 162.144.236.216 port 58542 [preauth]
Sep 29 15:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Invalid user mongodb from 170.64.171.45
Sep 29 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: input_userauth_request: invalid user mongodb [preauth]
Sep 29 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Failed password for invalid user mongodb from 170.64.171.45 port 52414 ssh2
Sep 29 15:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Connection closed by 170.64.171.45 port 52414 [preauth]
Sep 29 15:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Invalid user mongodb from 170.64.171.45
Sep 29 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: input_userauth_request: invalid user mongodb [preauth]
Sep 29 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Failed password for invalid user mongodb from 170.64.171.45 port 52416 ssh2
Sep 29 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Connection closed by 170.64.171.45 port 52416 [preauth]
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Failed password for root from 162.144.236.216 port 37082 ssh2
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: Invalid user app from 170.64.171.45
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: input_userauth_request: invalid user app [preauth]
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Connection closed by 162.144.236.216 port 37082 [preauth]
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4715]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4713]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: Successful su for rubyman by root
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: + ??? root:rubyman
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315675 of user rubyman.
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4788]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315675.
Sep 29 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: Failed password for invalid user app from 170.64.171.45 port 52078 ssh2
Sep 29 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4709]: Connection closed by 170.64.171.45 port 52078 [preauth]
Sep 29 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1676]: pam_unix(cron:session): session closed for user root
Sep 29 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4857]: Failed password for root from 170.64.171.45 port 52092 ssh2
Sep 29 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4857]: Connection closed by 170.64.171.45 port 52092 [preauth]
Sep 29 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4714]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Invalid user www from 170.64.171.45
Sep 29 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: input_userauth_request: invalid user www [preauth]
Sep 29 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Failed password for root from 162.144.236.216 port 43448 ssh2
Sep 29 15:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Connection closed by 162.144.236.216 port 43448 [preauth]
Sep 29 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Failed password for invalid user www from 170.64.171.45 port 52102 ssh2
Sep 29 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Connection closed by 170.64.171.45 port 52102 [preauth]
Sep 29 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Invalid user sonar from 170.64.171.45
Sep 29 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: input_userauth_request: invalid user sonar [preauth]
Sep 29 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Failed password for invalid user sonar from 170.64.171.45 port 52788 ssh2
Sep 29 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Connection closed by 170.64.171.45 port 52788 [preauth]
Sep 29 15:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Invalid user elasticsearch from 170.64.171.45
Sep 29 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 29 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Failed password for invalid user elasticsearch from 170.64.171.45 port 52802 ssh2
Sep 29 15:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5025]: Connection closed by 170.64.171.45 port 52802 [preauth]
Sep 29 15:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Invalid user docker from 170.64.171.45
Sep 29 15:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: input_userauth_request: invalid user docker [preauth]
Sep 29 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Failed password for root from 162.144.236.216 port 50650 ssh2
Sep 29 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4998]: Connection closed by 162.144.236.216 port 50650 [preauth]
Sep 29 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Failed password for invalid user docker from 170.64.171.45 port 52808 ssh2
Sep 29 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5042]: Connection closed by 170.64.171.45 port 52808 [preauth]
Sep 29 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Failed password for root from 170.64.171.45 port 44048 ssh2
Sep 29 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5050]: Connection closed by 170.64.171.45 port 44048 [preauth]
Sep 29 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: Invalid user postgres from 170.64.171.45
Sep 29 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: input_userauth_request: invalid user postgres [preauth]
Sep 29 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: Failed password for root from 162.144.236.216 port 58856 ssh2
Sep 29 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: Failed password for invalid user postgres from 170.64.171.45 port 44050 ssh2
Sep 29 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: Connection closed by 152.200.181.42 port 51038 [preauth]
Sep 29 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5044]: Connection closed by 162.144.236.216 port 58856 [preauth]
Sep 29 15:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5066]: Connection closed by 170.64.171.45 port 44050 [preauth]
Sep 29 15:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Invalid user dev from 170.64.171.45
Sep 29 15:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: input_userauth_request: invalid user dev [preauth]
Sep 29 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Failed password for invalid user dev from 170.64.171.45 port 44056 ssh2
Sep 29 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Connection closed by 170.64.171.45 port 44056 [preauth]
Sep 29 15:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: Invalid user guest from 170.64.171.45
Sep 29 15:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: input_userauth_request: invalid user guest [preauth]
Sep 29 15:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: Failed password for invalid user guest from 170.64.171.45 port 35572 ssh2
Sep 29 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: Failed password for root from 162.144.236.216 port 37062 ssh2
Sep 29 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5100]: Connection closed by 170.64.171.45 port 35572 [preauth]
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session closed for user root
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5098]: Connection closed by 162.144.236.216 port 37062 [preauth]
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Invalid user tomcat from 170.64.171.45
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: input_userauth_request: invalid user tomcat [preauth]
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Failed password for invalid user tomcat from 170.64.171.45 port 35584 ssh2
Sep 29 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Connection closed by 170.64.171.45 port 35584 [preauth]
Sep 29 15:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Invalid user elsearch from 170.64.171.45
Sep 29 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: input_userauth_request: invalid user elsearch [preauth]
Sep 29 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Failed password for invalid user elsearch from 170.64.171.45 port 35590 ssh2
Sep 29 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5147]: Connection closed by 170.64.171.45 port 35590 [preauth]
Sep 29 15:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Invalid user git from 170.64.171.45
Sep 29 15:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: input_userauth_request: invalid user git [preauth]
Sep 29 15:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Failed password for root from 162.144.236.216 port 42712 ssh2
Sep 29 15:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5138]: Connection closed by 162.144.236.216 port 42712 [preauth]
Sep 29 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Failed password for invalid user git from 170.64.171.45 port 42832 ssh2
Sep 29 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Connection closed by 170.64.171.45 port 42832 [preauth]
Sep 29 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Invalid user vagrant from 170.64.171.45
Sep 29 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: input_userauth_request: invalid user vagrant [preauth]
Sep 29 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Failed password for invalid user vagrant from 170.64.171.45 port 42842 ssh2
Sep 29 15:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5168]: Connection closed by 170.64.171.45 port 42842 [preauth]
Sep 29 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: Invalid user esuser from 170.64.171.45
Sep 29 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: input_userauth_request: invalid user esuser [preauth]
Sep 29 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5161]: Failed password for root from 162.144.236.216 port 49340 ssh2
Sep 29 15:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5161]: Connection closed by 162.144.236.216 port 49340 [preauth]
Sep 29 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: Failed password for invalid user esuser from 170.64.171.45 port 42858 ssh2
Sep 29 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5179]: Connection closed by 170.64.171.45 port 42858 [preauth]
Sep 29 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Invalid user ftpuser from 170.64.171.45
Sep 29 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5190]: Connection reset by 198.235.24.39 port 63926 [preauth]
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Failed password for invalid user ftpuser from 170.64.171.45 port 36298 ssh2
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5193]: Connection closed by 170.64.171.45 port 36298 [preauth]
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: Invalid user esuser from 170.64.171.45
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: input_userauth_request: invalid user esuser [preauth]
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: Failed password for invalid user esuser from 170.64.171.45 port 36310 ssh2
Sep 29 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5206]: Connection closed by 170.64.171.45 port 36310 [preauth]
Sep 29 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: Failed password for root from 162.144.236.216 port 55346 ssh2
Sep 29 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5192]: Connection closed by 162.144.236.216 port 55346 [preauth]
Sep 29 15:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Failed password for root from 170.64.171.45 port 36312 ssh2
Sep 29 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Connection closed by 170.64.171.45 port 36312 [preauth]
Sep 29 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5234]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5227]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Invalid user worker from 170.64.171.45
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: input_userauth_request: invalid user worker [preauth]
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: Successful su for rubyman by root
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: + ??? root:rubyman
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315678 of user rubyman.
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315678.
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Failed password for invalid user worker from 170.64.171.45 port 34594 ssh2
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Connection closed by 170.64.171.45 port 34594 [preauth]
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session closed for user root
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Invalid user ftpuser from 170.64.171.45
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Failed password for root from 162.144.236.216 port 34234 ssh2
Sep 29 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Failed password for invalid user ftpuser from 170.64.171.45 port 34602 ssh2
Sep 29 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 170.64.171.45 port 34602 [preauth]
Sep 29 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5222]: Connection closed by 162.144.236.216 port 34234 [preauth]
Sep 29 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5231]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Invalid user admin from 170.64.171.45
Sep 29 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: input_userauth_request: invalid user admin [preauth]
Sep 29 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for invalid user admin from 170.64.171.45 port 34606 ssh2
Sep 29 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Connection closed by 170.64.171.45 port 34606 [preauth]
Sep 29 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Invalid user steam from 170.64.171.45
Sep 29 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: input_userauth_request: invalid user steam [preauth]
Sep 29 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Sep 29 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Failed password for invalid user steam from 170.64.171.45 port 59162 ssh2
Sep 29 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Connection closed by 170.64.171.45 port 59162 [preauth]
Sep 29 15:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Failed password for root from 162.144.236.216 port 40892 ssh2
Sep 29 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Connection closed by 162.144.236.216 port 40892 [preauth]
Sep 29 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Invalid user es from 170.64.171.45
Sep 29 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: input_userauth_request: invalid user es [preauth]
Sep 29 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5605]: Failed password for root from 194.0.234.19 port 63534 ssh2
Sep 29 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5605]: Connection closed by 194.0.234.19 port 63534 [preauth]
Sep 29 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Failed password for invalid user es from 170.64.171.45 port 59174 ssh2
Sep 29 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Connection closed by 170.64.171.45 port 59174 [preauth]
Sep 29 15:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Failed password for root from 170.64.171.45 port 59190 ssh2
Sep 29 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5642]: Connection closed by 170.64.171.45 port 59190 [preauth]
Sep 29 15:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: Invalid user deploy from 170.64.171.45
Sep 29 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: input_userauth_request: invalid user deploy [preauth]
Sep 29 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Failed password for root from 162.144.236.216 port 46532 ssh2
Sep 29 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Connection closed by 162.144.236.216 port 46532 [preauth]
Sep 29 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: Failed password for invalid user deploy from 170.64.171.45 port 58878 ssh2
Sep 29 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5645]: Connection closed by 170.64.171.45 port 58878 [preauth]
Sep 29 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Invalid user demo from 170.64.171.45
Sep 29 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: input_userauth_request: invalid user demo [preauth]
Sep 29 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for invalid user demo from 170.64.171.45 port 58882 ssh2
Sep 29 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Connection closed by 170.64.171.45 port 58882 [preauth]
Sep 29 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Invalid user deploy from 170.64.171.45
Sep 29 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: input_userauth_request: invalid user deploy [preauth]
Sep 29 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for invalid user deploy from 170.64.171.45 port 58890 ssh2
Sep 29 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Connection closed by 170.64.171.45 port 58890 [preauth]
Sep 29 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Invalid user dev from 170.64.171.45
Sep 29 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: input_userauth_request: invalid user dev [preauth]
Sep 29 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Failed password for invalid user dev from 170.64.171.45 port 39190 ssh2
Sep 29 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5684]: Connection closed by 170.64.171.45 port 39190 [preauth]
Sep 29 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Invalid user oscar from 170.64.171.45
Sep 29 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: input_userauth_request: invalid user oscar [preauth]
Sep 29 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Failed password for invalid user oscar from 170.64.171.45 port 39206 ssh2
Sep 29 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user root
Sep 29 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Connection closed by 170.64.171.45 port 39206 [preauth]
Sep 29 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5655]: Failed password for root from 162.144.236.216 port 53482 ssh2
Sep 29 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Invalid user dolphinscheduler from 170.64.171.45
Sep 29 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5655]: Connection closed by 162.144.236.216 port 53482 [preauth]
Sep 29 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for invalid user dolphinscheduler from 170.64.171.45 port 39208 ssh2
Sep 29 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Connection closed by 170.64.171.45 port 39208 [preauth]
Sep 29 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Invalid user pi from 170.64.171.45
Sep 29 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: input_userauth_request: invalid user pi [preauth]
Sep 29 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Failed password for invalid user pi from 170.64.171.45 port 58538 ssh2
Sep 29 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Connection closed by 170.64.171.45 port 58538 [preauth]
Sep 29 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Invalid user dev from 170.64.171.45
Sep 29 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: input_userauth_request: invalid user dev [preauth]
Sep 29 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Invalid user sylvan from 80.94.95.112
Sep 29 15:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: input_userauth_request: invalid user sylvan [preauth]
Sep 29 15:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Failed password for invalid user dev from 170.64.171.45 port 58554 ssh2
Sep 29 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5750]: Connection closed by 170.64.171.45 port 58554 [preauth]
Sep 29 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Invalid user oceanbase from 170.64.171.45
Sep 29 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: input_userauth_request: invalid user oceanbase [preauth]
Sep 29 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user sylvan from 80.94.95.112 port 64448 ssh2
Sep 29 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Failed password for invalid user oceanbase from 170.64.171.45 port 58556 ssh2
Sep 29 15:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Connection closed by 170.64.171.45 port 58556 [preauth]
Sep 29 15:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user sylvan from 80.94.95.112 port 64448 ssh2
Sep 29 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Invalid user lighthouse from 170.64.171.45
Sep 29 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: input_userauth_request: invalid user lighthouse [preauth]
Sep 29 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user sylvan from 80.94.95.112 port 64448 ssh2
Sep 29 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Failed password for invalid user lighthouse from 170.64.171.45 port 59012 ssh2
Sep 29 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Connection closed by 170.64.171.45 port 59012 [preauth]
Sep 29 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Failed password for root from 162.144.236.216 port 33830 ssh2
Sep 29 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user sylvan from 80.94.95.112 port 64448 ssh2
Sep 29 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Connection closed by 162.144.236.216 port 33830 [preauth]
Sep 29 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Failed password for root from 170.64.171.45 port 59022 ssh2
Sep 29 15:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Connection closed by 170.64.171.45 port 59022 [preauth]
Sep 29 15:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user sylvan from 80.94.95.112 port 64448 ssh2
Sep 29 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Received disconnect from 80.94.95.112 port 64448:11: Bye [preauth]
Sep 29 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Disconnected from 80.94.95.112 port 64448 [preauth]
Sep 29 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 15:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Failed password for root from 170.64.171.45 port 59034 ssh2
Sep 29 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5802]: Connection closed by 170.64.171.45 port 59034 [preauth]
Sep 29 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5822]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: Successful su for rubyman by root
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: + ??? root:rubyman
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315683 of user rubyman.
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315683.
Sep 29 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5817]: Failed password for root from 170.64.171.45 port 59028 ssh2
Sep 29 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5817]: Connection closed by 170.64.171.45 port 59028 [preauth]
Sep 29 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Invalid user vr from 167.99.55.34
Sep 29 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: input_userauth_request: invalid user vr [preauth]
Sep 29 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Failed password for invalid user vr from 167.99.55.34 port 51486 ssh2
Sep 29 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Connection closed by 167.99.55.34 port 51486 [preauth]
Sep 29 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session closed for user root
Sep 29 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Failed password for root from 170.64.171.45 port 59036 ssh2
Sep 29 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Connection closed by 170.64.171.45 port 59036 [preauth]
Sep 29 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Invalid user user from 170.64.171.45
Sep 29 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: input_userauth_request: invalid user user [preauth]
Sep 29 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5823]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for invalid user user from 170.64.171.45 port 59046 ssh2
Sep 29 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 170.64.171.45 port 59046 [preauth]
Sep 29 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Failed password for root from 162.144.236.216 port 40364 ssh2
Sep 29 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Connection closed by 162.144.236.216 port 40364 [preauth]
Sep 29 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Failed password for root from 170.64.171.45 port 34214 ssh2
Sep 29 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Connection closed by 170.64.171.45 port 34214 [preauth]
Sep 29 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Invalid user svnuser from 170.64.171.45
Sep 29 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: input_userauth_request: invalid user svnuser [preauth]
Sep 29 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Failed password for invalid user svnuser from 170.64.171.45 port 34224 ssh2
Sep 29 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6113]: Connection closed by 170.64.171.45 port 34224 [preauth]
Sep 29 15:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Invalid user ftpuser from 170.64.171.45
Sep 29 15:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 15:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: Failed password for root from 162.144.236.216 port 49266 ssh2
Sep 29 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Failed password for invalid user ftpuser from 170.64.171.45 port 34238 ssh2
Sep 29 15:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Connection closed by 170.64.171.45 port 34238 [preauth]
Sep 29 15:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6109]: Connection closed by 162.144.236.216 port 49266 [preauth]
Sep 29 15:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Invalid user ubuntu from 170.64.171.45
Sep 29 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Failed password for invalid user ubuntu from 170.64.171.45 port 59904 ssh2
Sep 29 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Connection closed by 170.64.171.45 port 59904 [preauth]
Sep 29 15:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Failed password for root from 170.64.171.45 port 59906 ssh2
Sep 29 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Connection closed by 170.64.171.45 port 59906 [preauth]
Sep 29 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Failed password for root from 162.144.236.216 port 56488 ssh2
Sep 29 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Invalid user esadmin from 170.64.171.45
Sep 29 15:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: input_userauth_request: invalid user esadmin [preauth]
Sep 29 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Connection closed by 162.144.236.216 port 56488 [preauth]
Sep 29 15:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Failed password for invalid user esadmin from 170.64.171.45 port 59920 ssh2
Sep 29 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Connection closed by 170.64.171.45 port 59920 [preauth]
Sep 29 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Failed password for root from 170.64.171.45 port 60924 ssh2
Sep 29 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6188]: Connection closed by 170.64.171.45 port 60924 [preauth]
Sep 29 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Invalid user flask from 170.64.171.45
Sep 29 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: input_userauth_request: invalid user flask [preauth]
Sep 29 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4716]: pam_unix(cron:session): session closed for user root
Sep 29 15:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for root from 162.144.236.216 port 34338 ssh2
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Failed password for invalid user flask from 170.64.171.45 port 60928 ssh2
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6201]: Connection closed by 170.64.171.45 port 60928 [preauth]
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: Invalid user deploy from 170.64.171.45
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: input_userauth_request: invalid user deploy [preauth]
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Connection closed by 162.144.236.216 port 34338 [preauth]
Sep 29 15:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: Failed password for invalid user deploy from 170.64.171.45 port 60930 ssh2
Sep 29 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: Connection closed by 170.64.171.45 port 60930 [preauth]
Sep 29 15:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Failed password for root from 170.64.171.45 port 58126 ssh2
Sep 29 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Connection closed by 170.64.171.45 port 58126 [preauth]
Sep 29 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: Failed password for root from 162.144.236.216 port 41000 ssh2
Sep 29 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6237]: Connection closed by 162.144.236.216 port 41000 [preauth]
Sep 29 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Failed password for root from 170.64.171.45 port 58136 ssh2
Sep 29 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Connection closed by 170.64.171.45 port 58136 [preauth]
Sep 29 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Invalid user oracle from 170.64.171.45
Sep 29 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42  user=root
Sep 29 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Failed password for invalid user oracle from 170.64.171.45 port 58142 ssh2
Sep 29 15:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6270]: Connection closed by 170.64.171.45 port 58142 [preauth]
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for root from 152.200.181.42 port 35162 ssh2
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: Invalid user rabbitmq from 170.64.171.45
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Received disconnect from 152.200.181.42 port 35162:11: Bye Bye [preauth]
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Disconnected from 152.200.181.42 port 35162 [preauth]
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: Failed password for invalid user rabbitmq from 170.64.171.45 port 39678 ssh2
Sep 29 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6284]: Connection closed by 170.64.171.45 port 39678 [preauth]
Sep 29 15:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Failed password for root from 162.144.236.216 port 48464 ssh2
Sep 29 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Failed password for root from 170.64.171.45 port 39680 ssh2
Sep 29 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Connection closed by 170.64.171.45 port 39680 [preauth]
Sep 29 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Connection closed by 162.144.236.216 port 48464 [preauth]
Sep 29 15:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Failed password for root from 170.64.171.45 port 39694 ssh2
Sep 29 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Connection closed by 170.64.171.45 port 39694 [preauth]
Sep 29 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Failed password for root from 170.64.171.45 port 35440 ssh2
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Connection closed by 170.64.171.45 port 35440 [preauth]
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6313]: pam_unix(cron:session): session closed for user p13x
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6381]: Successful su for rubyman by root
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6381]: + ??? root:rubyman
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315687 of user rubyman.
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6381]: pam_unix(su:session): session closed for user rubyman
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315687.
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Failed password for root from 162.144.236.216 port 56398 ssh2
Sep 29 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: Failed password for root from 170.64.171.45 port 35442 ssh2
Sep 29 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: Connection closed by 170.64.171.45 port 35442 [preauth]
Sep 29 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3187]: pam_unix(cron:session): session closed for user root
Sep 29 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6296]: Connection closed by 162.144.236.216 port 56398 [preauth]
Sep 29 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Invalid user wang from 170.64.171.45
Sep 29 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: input_userauth_request: invalid user wang [preauth]
Sep 29 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session closed for user samftp
Sep 29 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Failed password for invalid user wang from 170.64.171.45 port 35458 ssh2
Sep 29 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6563]: Connection closed by 170.64.171.45 port 35458 [preauth]
Sep 29 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Invalid user hadoop from 170.64.171.45
Sep 29 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Failed password for invalid user hadoop from 170.64.171.45 port 34924 ssh2
Sep 29 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Connection closed by 170.64.171.45 port 34924 [preauth]
Sep 29 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Failed password for root from 162.144.236.216 port 36470 ssh2
Sep 29 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Connection closed by 162.144.236.216 port 36470 [preauth]
Sep 29 15:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6706]: Failed password for root from 170.64.171.45 port 34932 ssh2
Sep 29 15:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6706]: Connection closed by 170.64.171.45 port 34932 [preauth]
Sep 29 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Invalid user elasticsearch from 170.64.171.45
Sep 29 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 29 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Failed password for invalid user elasticsearch from 170.64.171.45 port 34946 ssh2
Sep 29 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Connection closed by 170.64.171.45 port 34946 [preauth]
Sep 29 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: User ftp from 170.64.171.45 not allowed because not listed in AllowUsers
Sep 29 15:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: input_userauth_request: invalid user ftp [preauth]
Sep 29 15:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=ftp
Sep 29 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Failed password for invalid user ftp from 170.64.171.45 port 33504 ssh2
Sep 29 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Connection closed by 170.64.171.45 port 33504 [preauth]
Sep 29 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Invalid user uftp from 170.64.171.45
Sep 29 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: input_userauth_request: invalid user uftp [preauth]
Sep 29 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Failed password for root from 162.144.236.216 port 42756 ssh2
Sep 29 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Connection closed by 162.144.236.216 port 42756 [preauth]
Sep 29 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Failed password for invalid user uftp from 170.64.171.45 port 33518 ssh2
Sep 29 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Connection closed by 170.64.171.45 port 33518 [preauth]
Sep 29 15:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Invalid user awsgui from 170.64.171.45
Sep 29 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: input_userauth_request: invalid user awsgui [preauth]
Sep 29 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Failed password for invalid user awsgui from 170.64.171.45 port 33520 ssh2
Sep 29 15:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Connection closed by 170.64.171.45 port 33520 [preauth]
Sep 29 15:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: Invalid user dolphinscheduler from 170.64.171.45
Sep 29 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for root from 162.144.236.216 port 50142 ssh2
Sep 29 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Connection closed by 162.144.236.216 port 50142 [preauth]
Sep 29 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: Failed password for invalid user dolphinscheduler from 170.64.171.45 port 44654 ssh2
Sep 29 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6781]: Connection closed by 170.64.171.45 port 44654 [preauth]
Sep 29 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5234]: pam_unix(cron:session): session closed for user root
Sep 29 15:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for root from 170.64.171.45 port 44662 ssh2
Sep 29 15:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Connection closed by 170.64.171.45 port 44662 [preauth]
Sep 29 15:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Invalid user yarn from 170.64.171.45
Sep 29 15:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: input_userauth_request: invalid user yarn [preauth]
Sep 29 15:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for invalid user yarn from 170.64.171.45 port 44672 ssh2
Sep 29 15:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Connection closed by 170.64.171.45 port 44672 [preauth]
Sep 29 15:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6787]: Failed password for root from 162.144.236.216 port 56522 ssh2
Sep 29 15:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Invalid user test2 from 170.64.171.45
Sep 29 15:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: input_userauth_request: invalid user test2 [preauth]
Sep 29 15:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6787]: Connection closed by 162.144.236.216 port 56522 [preauth]
Sep 29 15:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for invalid user test2 from 170.64.171.45 port 34230 ssh2
Sep 29 15:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Connection closed by 170.64.171.45 port 34230 [preauth]
Sep 29 15:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Invalid user oracle from 170.64.171.45
Sep 29 15:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: input_userauth_request: invalid user oracle [preauth]
Sep 29 15:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Failed password for invalid user oracle from 170.64.171.45 port 34244 ssh2
Sep 29 15:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Connection closed by 170.64.171.45 port 34244 [preauth]
Sep 29 15:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Invalid user guest from 170.64.171.45
Sep 29 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: input_userauth_request: invalid user guest [preauth]
Sep 29 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 162.144.236.216 port 35566 ssh2
Sep 29 15:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Connection closed by 162.144.236.216 port 35566 [preauth]
Sep 29 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Failed password for invalid user guest from 170.64.171.45 port 34254 ssh2
Sep 29 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Connection closed by 170.64.171.45 port 34254 [preauth]
Sep 29 15:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Invalid user wang from 170.64.171.45
Sep 29 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: input_userauth_request: invalid user wang [preauth]
Sep 29 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for invalid user wang from 170.64.171.45 port 59132 ssh2
Sep 29 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Connection closed by 170.64.171.45 port 59132 [preauth]
Sep 29 15:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Invalid user www from 170.64.171.45
Sep 29 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: input_userauth_request: invalid user www [preauth]
Sep 29 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 15:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Failed password for invalid user www from 170.64.171.45 port 59136 ssh2
Sep 29 15:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Connection closed by 170.64.171.45 port 59136 [preauth]
Sep 29 15:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 15:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 15:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for root from 162.144.236.216 port 41506 ssh2
Sep 29 15:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Connection closed by 162.144.236.216 port 41506 [preauth]
Sep 29 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for root from 170.64.171.45 port 59144 ssh2
Sep 29 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Connection closed by 170.64.171.45 port 59144 [preauth]
Sep 29 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 15:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Invalid user nexus from 170.64.171.45
Sep 29 15:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: input_userauth_request: invalid user nexus [preauth]
Sep 29 15:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 15:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Failed password for invalid user nexus from 170.64.171.45 port 54692 ssh2
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Connection closed by 170.64.171.45 port 54692 [preauth]
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6915]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6918]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6919]: pam_unix(cron:session): session closed for user root
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6914]: pam_unix(cron:session): session closed for user root
Sep 29 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6912]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Invalid user app from 170.64.171.45
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: input_userauth_request: invalid user app [preauth]
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: Successful su for rubyman by root
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: + ??? root:rubyman
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315694 of user rubyman.
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7027]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315694.
Sep 29 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Failed password for root from 162.144.236.216 port 49696 ssh2
Sep 29 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Failed password for invalid user app from 170.64.171.45 port 54700 ssh2
Sep 29 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Connection closed by 170.64.171.45 port 54700 [preauth]
Sep 29 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Connection closed by 162.144.236.216 port 49696 [preauth]
Sep 29 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Invalid user nvidia from 170.64.171.45
Sep 29 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: input_userauth_request: invalid user nvidia [preauth]
Sep 29 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6915]: pam_unix(cron:session): session closed for user root
Sep 29 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3669]: pam_unix(cron:session): session closed for user root
Sep 29 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed password for invalid user nvidia from 170.64.171.45 port 54710 ssh2
Sep 29 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Connection closed by 170.64.171.45 port 54710 [preauth]
Sep 29 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 16:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6913]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Failed password for root from 170.64.171.45 port 47860 ssh2
Sep 29 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Connection closed by 170.64.171.45 port 47860 [preauth]
Sep 29 16:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45  user=root
Sep 29 16:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Failed password for root from 162.144.236.216 port 57360 ssh2
Sep 29 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Failed password for root from 170.64.171.45 port 47862 ssh2
Sep 29 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Connection closed by 170.64.171.45 port 47862 [preauth]
Sep 29 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Connection closed by 162.144.236.216 port 57360 [preauth]
Sep 29 16:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Invalid user es from 170.64.171.45
Sep 29 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: input_userauth_request: invalid user es [preauth]
Sep 29 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 16:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for invalid user es from 170.64.171.45 port 47872 ssh2
Sep 29 16:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Connection closed by 170.64.171.45 port 47872 [preauth]
Sep 29 16:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Invalid user sugi from 170.64.171.45
Sep 29 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: input_userauth_request: invalid user sugi [preauth]
Sep 29 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.171.45
Sep 29 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Failed password for invalid user sugi from 170.64.171.45 port 40316 ssh2
Sep 29 16:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for root from 162.144.236.216 port 34878 ssh2
Sep 29 16:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7410]: Connection closed by 170.64.171.45 port 40316 [preauth]
Sep 29 16:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 162.144.236.216 port 34878 [preauth]
Sep 29 16:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 162.144.236.216 port 40738 ssh2
Sep 29 16:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Connection closed by 162.144.236.216 port 40738 [preauth]
Sep 29 16:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5825]: pam_unix(cron:session): session closed for user root
Sep 29 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for root from 162.144.236.216 port 47754 ssh2
Sep 29 16:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 162.144.236.216 port 47754 [preauth]
Sep 29 16:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Invalid user Ubuntu from 164.68.105.9
Sep 29 16:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: input_userauth_request: invalid user Ubuntu [preauth]
Sep 29 16:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 16:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: Failed password for root from 162.144.236.216 port 53752 ssh2
Sep 29 16:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: Connection closed by 162.144.236.216 port 53752 [preauth]
Sep 29 16:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Failed password for invalid user Ubuntu from 164.68.105.9 port 33690 ssh2
Sep 29 16:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7531]: Connection closed by 164.68.105.9 port 33690 [preauth]
Sep 29 16:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: Failed password for root from 162.144.236.216 port 32788 ssh2
Sep 29 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7552]: Connection closed by 162.144.236.216 port 32788 [preauth]
Sep 29 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7591]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7588]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7662]: Successful su for rubyman by root
Sep 29 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7662]: + ??? root:rubyman
Sep 29 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315698 of user rubyman.
Sep 29 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7662]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315698.
Sep 29 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Failed password for root from 162.144.236.216 port 38786 ssh2
Sep 29 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user root
Sep 29 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Connection closed by 162.144.236.216 port 38786 [preauth]
Sep 29 16:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7589]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Invalid user ymoreno from 152.200.181.42
Sep 29 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: input_userauth_request: invalid user ymoreno [preauth]
Sep 29 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 16:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Failed password for invalid user ymoreno from 152.200.181.42 port 47511 ssh2
Sep 29 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Received disconnect from 152.200.181.42 port 47511:11: Bye Bye [preauth]
Sep 29 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7869]: Disconnected from 152.200.181.42 port 47511 [preauth]
Sep 29 16:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Failed password for root from 162.144.236.216 port 47210 ssh2
Sep 29 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7885]: Connection closed by 162.144.236.216 port 47210 [preauth]
Sep 29 16:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session closed for user root
Sep 29 16:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Failed password for root from 162.144.236.216 port 54688 ssh2
Sep 29 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Connection closed by 162.144.236.216 port 54688 [preauth]
Sep 29 16:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: Failed password for root from 162.144.236.216 port 34846 ssh2
Sep 29 16:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: Connection closed by 162.144.236.216 port 34846 [preauth]
Sep 29 16:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Failed password for root from 162.144.236.216 port 41198 ssh2
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Connection closed by 162.144.236.216 port 41198 [preauth]
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8089]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: Successful su for rubyman by root
Sep 29 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: + ??? root:rubyman
Sep 29 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315701 of user rubyman.
Sep 29 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8174]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315701.
Sep 29 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4715]: pam_unix(cron:session): session closed for user root
Sep 29 16:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8091]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 162.144.236.216 port 49162 ssh2
Sep 29 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 162.144.236.216 port 49162 [preauth]
Sep 29 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Failed password for root from 162.144.236.216 port 56844 ssh2
Sep 29 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Connection closed by 162.144.236.216 port 56844 [preauth]
Sep 29 16:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for root from 162.144.236.216 port 35376 ssh2
Sep 29 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Connection closed by 162.144.236.216 port 35376 [preauth]
Sep 29 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Failed password for root from 162.144.236.216 port 41806 ssh2
Sep 29 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Connection closed by 162.144.236.216 port 41806 [preauth]
Sep 29 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6918]: pam_unix(cron:session): session closed for user root
Sep 29 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Failed password for root from 162.144.236.216 port 49164 ssh2
Sep 29 16:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Connection closed by 162.144.236.216 port 49164 [preauth]
Sep 29 16:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Failed password for root from 162.144.236.216 port 55026 ssh2
Sep 29 16:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Connection closed by 162.144.236.216 port 55026 [preauth]
Sep 29 16:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8553]: Failed password for root from 162.144.236.216 port 59282 ssh2
Sep 29 16:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8553]: Connection closed by 162.144.236.216 port 59282 [preauth]
Sep 29 16:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8579]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8655]: Successful su for rubyman by root
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8655]: + ??? root:rubyman
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315706 of user rubyman.
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8655]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315706.
Sep 29 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Failed password for root from 162.144.236.216 port 38248 ssh2
Sep 29 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8565]: Connection closed by 162.144.236.216 port 38248 [preauth]
Sep 29 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session closed for user root
Sep 29 16:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for root from 162.144.236.216 port 44018 ssh2
Sep 29 16:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Connection closed by 162.144.236.216 port 44018 [preauth]
Sep 29 16:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Failed password for root from 162.144.236.216 port 52258 ssh2
Sep 29 16:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Connection closed by 162.144.236.216 port 52258 [preauth]
Sep 29 16:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Invalid user superadmin from 152.200.181.42
Sep 29 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Failed password for invalid user superadmin from 152.200.181.42 port 59870 ssh2
Sep 29 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Failed password for root from 162.144.236.216 port 59704 ssh2
Sep 29 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Received disconnect from 152.200.181.42 port 59870:11: Bye Bye [preauth]
Sep 29 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Disconnected from 152.200.181.42 port 59870 [preauth]
Sep 29 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Connection closed by 162.144.236.216 port 59704 [preauth]
Sep 29 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7591]: pam_unix(cron:session): session closed for user root
Sep 29 16:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Failed password for root from 162.144.236.216 port 38242 ssh2
Sep 29 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Connection closed by 162.144.236.216 port 38242 [preauth]
Sep 29 16:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Failed password for root from 162.144.236.216 port 46222 ssh2
Sep 29 16:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Connection closed by 162.144.236.216 port 46222 [preauth]
Sep 29 16:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Failed password for root from 162.144.236.216 port 53640 ssh2
Sep 29 16:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9126]: Connection closed by 162.144.236.216 port 53640 [preauth]
Sep 29 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9247]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: Successful su for rubyman by root
Sep 29 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: + ??? root:rubyman
Sep 29 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315709 of user rubyman.
Sep 29 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9330]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315709.
Sep 29 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5824]: pam_unix(cron:session): session closed for user root
Sep 29 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for root from 162.144.236.216 port 60562 ssh2
Sep 29 16:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9248]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Connection closed by 162.144.236.216 port 60562 [preauth]
Sep 29 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Failed password for root from 162.144.236.216 port 39088 ssh2
Sep 29 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9538]: Connection closed by 162.144.236.216 port 39088 [preauth]
Sep 29 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Failed password for root from 162.144.236.216 port 46444 ssh2
Sep 29 16:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Connection closed by 162.144.236.216 port 46444 [preauth]
Sep 29 16:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Failed password for root from 162.144.236.216 port 52496 ssh2
Sep 29 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session closed for user root
Sep 29 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Connection closed by 162.144.236.216 port 52496 [preauth]
Sep 29 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Failed password for root from 162.144.236.216 port 59158 ssh2
Sep 29 16:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9648]: Connection closed by 162.144.236.216 port 59158 [preauth]
Sep 29 16:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Failed password for root from 162.144.236.216 port 38770 ssh2
Sep 29 16:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9755]: Connection closed by 162.144.236.216 port 38770 [preauth]
Sep 29 16:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9832]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session closed for user root
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for root from 162.144.236.216 port 45146 ssh2
Sep 29 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: Successful su for rubyman by root
Sep 29 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: + ??? root:rubyman
Sep 29 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315714 of user rubyman.
Sep 29 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315714.
Sep 29 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Connection closed by 162.144.236.216 port 45146 [preauth]
Sep 29 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9832]: pam_unix(cron:session): session closed for user root
Sep 29 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session closed for user root
Sep 29 16:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: Failed password for root from 162.144.236.216 port 52968 ssh2
Sep 29 16:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: Connection closed by 162.144.236.216 port 52968 [preauth]
Sep 29 16:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Failed password for root from 162.144.236.216 port 58614 ssh2
Sep 29 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Connection closed by 162.144.236.216 port 58614 [preauth]
Sep 29 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session closed for user root
Sep 29 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: Invalid user vr from 167.99.55.34
Sep 29 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: input_userauth_request: invalid user vr [preauth]
Sep 29 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: Failed password for invalid user vr from 167.99.55.34 port 32826 ssh2
Sep 29 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10266]: Connection closed by 167.99.55.34 port 32826 [preauth]
Sep 29 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Failed password for root from 162.144.236.216 port 37840 ssh2
Sep 29 16:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Connection closed by 162.144.236.216 port 37840 [preauth]
Sep 29 16:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Invalid user demo from 152.200.181.42
Sep 29 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: input_userauth_request: invalid user demo [preauth]
Sep 29 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.200.181.42
Sep 29 16:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Failed password for invalid user demo from 152.200.181.42 port 44010 ssh2
Sep 29 16:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Received disconnect from 152.200.181.42 port 44010:11: Bye Bye [preauth]
Sep 29 16:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10303]: Disconnected from 152.200.181.42 port 44010 [preauth]
Sep 29 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Failed password for root from 162.144.236.216 port 44630 ssh2
Sep 29 16:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Connection closed by 162.144.236.216 port 44630 [preauth]
Sep 29 16:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10344]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10346]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10342]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: Successful su for rubyman by root
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: + ??? root:rubyman
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315720 of user rubyman.
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315720.
Sep 29 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Failed password for root from 162.144.236.216 port 52726 ssh2
Sep 29 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Connection closed by 162.144.236.216 port 52726 [preauth]
Sep 29 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session closed for user root
Sep 29 16:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10343]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Failed password for root from 162.144.236.216 port 59410 ssh2
Sep 29 16:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Connection closed by 162.144.236.216 port 59410 [preauth]
Sep 29 16:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: Failed password for root from 162.144.236.216 port 38400 ssh2
Sep 29 16:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10647]: Connection closed by 162.144.236.216 port 38400 [preauth]
Sep 29 16:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Failed password for root from 162.144.236.216 port 46288 ssh2
Sep 29 16:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10681]: Connection closed by 162.144.236.216 port 46288 [preauth]
Sep 29 16:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session closed for user root
Sep 29 16:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Failed password for root from 162.144.236.216 port 53496 ssh2
Sep 29 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Connection closed by 162.144.236.216 port 53496 [preauth]
Sep 29 16:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: Failed password for root from 162.144.236.216 port 33440 ssh2
Sep 29 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: Connection closed by 162.144.236.216 port 33440 [preauth]
Sep 29 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Failed password for root from 162.144.236.216 port 40708 ssh2
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10810]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Connection closed by 162.144.236.216 port 40708 [preauth]
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: Successful su for rubyman by root
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: + ??? root:rubyman
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315723 of user rubyman.
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315723.
Sep 29 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session closed for user root
Sep 29 16:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for root from 162.144.236.216 port 48694 ssh2
Sep 29 16:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Connection closed by 162.144.236.216 port 48694 [preauth]
Sep 29 16:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: Failed password for root from 162.144.236.216 port 56202 ssh2
Sep 29 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: Connection closed by 162.144.236.216 port 56202 [preauth]
Sep 29 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for root from 162.144.236.216 port 34836 ssh2
Sep 29 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Connection closed by 162.144.236.216 port 34836 [preauth]
Sep 29 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Failed password for root from 162.144.236.216 port 42562 ssh2
Sep 29 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session closed for user root
Sep 29 16:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: Connection closed by 162.144.236.216 port 42562 [preauth]
Sep 29 16:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Failed password for root from 162.144.236.216 port 48660 ssh2
Sep 29 16:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Connection closed by 162.144.236.216 port 48660 [preauth]
Sep 29 16:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Failed password for root from 162.144.236.216 port 54754 ssh2
Sep 29 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11207]: Connection closed by 162.144.236.216 port 54754 [preauth]
Sep 29 16:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Failed password for root from 162.144.236.216 port 33504 ssh2
Sep 29 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11250]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11324]: Successful su for rubyman by root
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11324]: + ??? root:rubyman
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315728 of user rubyman.
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11324]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315728.
Sep 29 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Connection closed by 162.144.236.216 port 33504 [preauth]
Sep 29 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8092]: pam_unix(cron:session): session closed for user root
Sep 29 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Invalid user admin from 80.94.95.112
Sep 29 16:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: input_userauth_request: invalid user admin [preauth]
Sep 29 16:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Failed password for invalid user admin from 80.94.95.112 port 62725 ssh2
Sep 29 16:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Failed password for invalid user admin from 80.94.95.112 port 62725 ssh2
Sep 29 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Failed password for invalid user admin from 80.94.95.112 port 62725 ssh2
Sep 29 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Failed password for root from 162.144.236.216 port 39706 ssh2
Sep 29 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Failed password for invalid user admin from 80.94.95.112 port 62725 ssh2
Sep 29 16:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Connection closed by 162.144.236.216 port 39706 [preauth]
Sep 29 16:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Failed password for invalid user admin from 80.94.95.112 port 62725 ssh2
Sep 29 16:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Received disconnect from 80.94.95.112 port 62725:11: Bye [preauth]
Sep 29 16:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Disconnected from 80.94.95.112 port 62725 [preauth]
Sep 29 16:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 16:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10346]: pam_unix(cron:session): session closed for user root
Sep 29 16:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Failed password for root from 162.144.236.216 port 47930 ssh2
Sep 29 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Connection closed by 162.144.236.216 port 47930 [preauth]
Sep 29 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for root from 162.144.236.216 port 56058 ssh2
Sep 29 16:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Connection closed by 162.144.236.216 port 56058 [preauth]
Sep 29 16:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: Failed password for root from 162.144.236.216 port 60416 ssh2
Sep 29 16:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11744]: Connection closed by 162.144.236.216 port 60416 [preauth]
Sep 29 16:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: Failed password for root from 162.144.236.216 port 39192 ssh2
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11786]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: Connection closed by 162.144.236.216 port 39192 [preauth]
Sep 29 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: Successful su for rubyman by root
Sep 29 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: + ??? root:rubyman
Sep 29 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315731 of user rubyman.
Sep 29 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11941]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315731.
Sep 29 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session closed for user root
Sep 29 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8581]: pam_unix(cron:session): session closed for user root
Sep 29 16:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11987]: Failed password for root from 162.144.236.216 port 45312 ssh2
Sep 29 16:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11987]: Connection closed by 162.144.236.216 port 45312 [preauth]
Sep 29 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Failed password for root from 162.144.236.216 port 53912 ssh2
Sep 29 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Connection closed by 162.144.236.216 port 53912 [preauth]
Sep 29 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Failed password for root from 162.144.236.216 port 60302 ssh2
Sep 29 16:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Connection closed by 162.144.236.216 port 60302 [preauth]
Sep 29 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session closed for user root
Sep 29 16:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Failed password for root from 162.144.236.216 port 40230 ssh2
Sep 29 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Connection closed by 162.144.236.216 port 40230 [preauth]
Sep 29 16:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: Invalid user ftpuser from 80.94.95.116
Sep 29 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 16:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: Failed password for invalid user ftpuser from 80.94.95.116 port 20844 ssh2
Sep 29 16:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: Connection closed by 80.94.95.116 port 20844 [preauth]
Sep 29 16:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Failed password for root from 162.144.236.216 port 46062 ssh2
Sep 29 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Connection closed by 162.144.236.216 port 46062 [preauth]
Sep 29 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Failed password for root from 162.144.236.216 port 53510 ssh2
Sep 29 16:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Connection closed by 162.144.236.216 port 53510 [preauth]
Sep 29 16:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12339]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12339]: pam_unix(cron:session): session closed for user root
Sep 29 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: Successful su for rubyman by root
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: + ??? root:rubyman
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315736 of user rubyman.
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315736.
Sep 29 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: Failed password for root from 162.144.236.216 port 59716 ssh2
Sep 29 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: Connection closed by 162.144.236.216 port 59716 [preauth]
Sep 29 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session closed for user root
Sep 29 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9249]: pam_unix(cron:session): session closed for user root
Sep 29 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Failed password for root from 162.144.236.216 port 37960 ssh2
Sep 29 16:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Connection closed by 162.144.236.216 port 37960 [preauth]
Sep 29 16:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: Failed password for root from 162.144.236.216 port 46248 ssh2
Sep 29 16:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: Connection closed by 162.144.236.216 port 46248 [preauth]
Sep 29 16:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Failed password for root from 162.144.236.216 port 53530 ssh2
Sep 29 16:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Connection closed by 162.144.236.216 port 53530 [preauth]
Sep 29 16:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user root
Sep 29 16:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Failed password for root from 162.144.236.216 port 59508 ssh2
Sep 29 16:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Connection closed by 162.144.236.216 port 59508 [preauth]
Sep 29 16:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Failed password for root from 162.144.236.216 port 38004 ssh2
Sep 29 16:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Connection closed by 162.144.236.216 port 38004 [preauth]
Sep 29 16:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Failed password for root from 162.144.236.216 port 44048 ssh2
Sep 29 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Connection closed by 162.144.236.216 port 44048 [preauth]
Sep 29 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for root from 162.144.236.216 port 50282 ssh2
Sep 29 16:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Connection closed by 162.144.236.216 port 50282 [preauth]
Sep 29 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: Successful su for rubyman by root
Sep 29 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: + ??? root:rubyman
Sep 29 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315742 of user rubyman.
Sep 29 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12912]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315742.
Sep 29 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9833]: pam_unix(cron:session): session closed for user root
Sep 29 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Failed password for root from 162.144.236.216 port 56896 ssh2
Sep 29 16:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Connection closed by 162.144.236.216 port 56896 [preauth]
Sep 29 16:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for root from 162.144.236.216 port 35330 ssh2
Sep 29 16:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Connection closed by 162.144.236.216 port 35330 [preauth]
Sep 29 16:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Failed password for root from 162.144.236.216 port 43140 ssh2
Sep 29 16:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Connection closed by 162.144.236.216 port 43140 [preauth]
Sep 29 16:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session closed for user root
Sep 29 16:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Failed password for root from 162.144.236.216 port 52144 ssh2
Sep 29 16:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Connection closed by 162.144.236.216 port 52144 [preauth]
Sep 29 16:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13231]: Failed password for root from 162.144.236.216 port 60002 ssh2
Sep 29 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13231]: Connection closed by 162.144.236.216 port 60002 [preauth]
Sep 29 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Failed password for root from 190.103.202.7 port 33698 ssh2
Sep 29 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Connection closed by 190.103.202.7 port 33698 [preauth]
Sep 29 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: Failed password for root from 162.144.236.216 port 38950 ssh2
Sep 29 16:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13270]: Connection closed by 162.144.236.216 port 38950 [preauth]
Sep 29 16:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13313]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13308]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13378]: Successful su for rubyman by root
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13378]: + ??? root:rubyman
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315747 of user rubyman.
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13378]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315747.
Sep 29 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10344]: pam_unix(cron:session): session closed for user root
Sep 29 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13294]: Failed password for root from 162.144.236.216 port 47420 ssh2
Sep 29 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13294]: Connection closed by 162.144.236.216 port 47420 [preauth]
Sep 29 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13309]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Failed password for root from 162.144.236.216 port 53574 ssh2
Sep 29 16:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13556]: Connection closed by 162.144.236.216 port 53574 [preauth]
Sep 29 16:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Invalid user Admin from 93.152.230.176
Sep 29 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: input_userauth_request: invalid user Admin [preauth]
Sep 29 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 16:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Failed password for invalid user Admin from 93.152.230.176 port 26305 ssh2
Sep 29 16:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Received disconnect from 93.152.230.176 port 26305:11: Client disconnecting normally [preauth]
Sep 29 16:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13604]: Disconnected from 93.152.230.176 port 26305 [preauth]
Sep 29 16:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Failed password for root from 162.144.236.216 port 33062 ssh2
Sep 29 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Connection closed by 162.144.236.216 port 33062 [preauth]
Sep 29 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Failed password for root from 162.144.236.216 port 40618 ssh2
Sep 29 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13636]: Connection closed by 162.144.236.216 port 40618 [preauth]
Sep 29 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12338]: pam_unix(cron:session): session closed for user root
Sep 29 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Failed password for root from 162.144.236.216 port 48096 ssh2
Sep 29 16:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Connection closed by 162.144.236.216 port 48096 [preauth]
Sep 29 16:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Failed password for root from 162.144.236.216 port 55128 ssh2
Sep 29 16:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13692]: Connection closed by 162.144.236.216 port 55128 [preauth]
Sep 29 16:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13730]: Failed password for root from 162.144.236.216 port 36176 ssh2
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13820]: Successful su for rubyman by root
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13820]: + ??? root:rubyman
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315751 of user rubyman.
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13820]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315751.
Sep 29 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13730]: Connection closed by 162.144.236.216 port 36176 [preauth]
Sep 29 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session closed for user root
Sep 29 16:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for root from 162.144.236.216 port 41932 ssh2
Sep 29 16:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: Invalid user vor from 167.99.55.34
Sep 29 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: input_userauth_request: invalid user vor [preauth]
Sep 29 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Connection closed by 162.144.236.216 port 41932 [preauth]
Sep 29 16:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: Failed password for invalid user vor from 167.99.55.34 port 46204 ssh2
Sep 29 16:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: Connection closed by 167.99.55.34 port 46204 [preauth]
Sep 29 16:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Failed password for root from 162.144.236.216 port 49030 ssh2
Sep 29 16:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Connection closed by 162.144.236.216 port 49030 [preauth]
Sep 29 16:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Failed password for root from 162.144.236.216 port 54880 ssh2
Sep 29 16:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14138]: Connection closed by 162.144.236.216 port 54880 [preauth]
Sep 29 16:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session closed for user root
Sep 29 16:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: Failed password for root from 162.144.236.216 port 35816 ssh2
Sep 29 16:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14176]: Connection closed by 162.144.236.216 port 35816 [preauth]
Sep 29 16:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Failed password for root from 162.144.236.216 port 42476 ssh2
Sep 29 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Connection closed by 162.144.236.216 port 42476 [preauth]
Sep 29 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Failed password for root from 162.144.236.216 port 49512 ssh2
Sep 29 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Connection closed by 162.144.236.216 port 49512 [preauth]
Sep 29 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Failed password for root from 162.144.236.216 port 54874 ssh2
Sep 29 16:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Connection closed by 162.144.236.216 port 54874 [preauth]
Sep 29 16:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14344]: Successful su for rubyman by root
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14344]: + ??? root:rubyman
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315756 of user rubyman.
Sep 29 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14344]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315756.
Sep 29 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user root
Sep 29 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for root from 162.144.236.216 port 60416 ssh2
Sep 29 16:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Connection closed by 162.144.236.216 port 60416 [preauth]
Sep 29 16:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Failed password for root from 162.144.236.216 port 37364 ssh2
Sep 29 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14518]: Connection closed by 162.144.236.216 port 37364 [preauth]
Sep 29 16:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 162.144.236.216 port 43022 ssh2
Sep 29 16:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Connection closed by 162.144.236.216 port 43022 [preauth]
Sep 29 16:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14579]: Failed password for root from 162.144.236.216 port 50226 ssh2
Sep 29 16:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13313]: pam_unix(cron:session): session closed for user root
Sep 29 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14579]: Connection closed by 162.144.236.216 port 50226 [preauth]
Sep 29 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 16:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=brentdwi@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 29 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 16:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=brentdwi rhost=::ffff:79.124.49.146
Sep 29 16:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: Failed password for root from 162.144.236.216 port 58652 ssh2
Sep 29 16:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14636]: Connection closed by 162.144.236.216 port 58652 [preauth]
Sep 29 16:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14712]: pam_unix(cron:session): session closed for user root
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14707]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: Successful su for rubyman by root
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: + ??? root:rubyman
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315759 of user rubyman.
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315759.
Sep 29 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14709]: pam_unix(cron:session): session closed for user root
Sep 29 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session closed for user root
Sep 29 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14688]: Failed password for root from 162.144.236.216 port 36962 ssh2
Sep 29 16:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14708]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14688]: Connection closed by 162.144.236.216 port 36962 [preauth]
Sep 29 16:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for root from 162.144.236.216 port 45516 ssh2
Sep 29 16:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Connection closed by 162.144.236.216 port 45516 [preauth]
Sep 29 16:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Failed password for root from 162.144.236.216 port 53402 ssh2
Sep 29 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Connection closed by 162.144.236.216 port 53402 [preauth]
Sep 29 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session closed for user root
Sep 29 16:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: Failed password for root from 162.144.236.216 port 60188 ssh2
Sep 29 16:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15084]: Connection closed by 162.144.236.216 port 60188 [preauth]
Sep 29 16:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: Successful su for rubyman by root
Sep 29 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: + ??? root:rubyman
Sep 29 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315765 of user rubyman.
Sep 29 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315765.
Sep 29 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for root from 162.144.236.216 port 39928 ssh2
Sep 29 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session closed for user root
Sep 29 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Connection closed by 162.144.236.216 port 39928 [preauth]
Sep 29 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15184]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Failed password for root from 162.144.236.216 port 46870 ssh2
Sep 29 16:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Connection closed by 162.144.236.216 port 46870 [preauth]
Sep 29 16:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Failed password for root from 162.144.236.216 port 53188 ssh2
Sep 29 16:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Connection closed by 162.144.236.216 port 53188 [preauth]
Sep 29 16:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user root
Sep 29 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15552]: Failed password for root from 162.144.236.216 port 33194 ssh2
Sep 29 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15552]: Connection closed by 162.144.236.216 port 33194 [preauth]
Sep 29 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Failed password for root from 162.144.236.216 port 41512 ssh2
Sep 29 16:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Connection closed by 162.144.236.216 port 41512 [preauth]
Sep 29 16:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Failed password for root from 162.144.236.216 port 48052 ssh2
Sep 29 16:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Connection closed by 162.144.236.216 port 48052 [preauth]
Sep 29 16:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Failed password for root from 162.144.236.216 port 54794 ssh2
Sep 29 16:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Connection closed by 162.144.236.216 port 54794 [preauth]
Sep 29 16:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session closed for user root
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15811]: Successful su for rubyman by root
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15811]: + ??? root:rubyman
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315768 of user rubyman.
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15811]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315768.
Sep 29 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session closed for user root
Sep 29 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Failed password for root from 162.144.236.216 port 60908 ssh2
Sep 29 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15744]: Connection closed by 162.144.236.216 port 60908 [preauth]
Sep 29 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Failed password for root from 162.144.236.216 port 39850 ssh2
Sep 29 16:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Connection closed by 162.144.236.216 port 39850 [preauth]
Sep 29 16:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Failed password for root from 162.144.236.216 port 48984 ssh2
Sep 29 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Connection closed by 162.144.236.216 port 48984 [preauth]
Sep 29 16:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14711]: pam_unix(cron:session): session closed for user root
Sep 29 16:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Failed password for root from 162.144.236.216 port 57212 ssh2
Sep 29 16:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Connection closed by 162.144.236.216 port 57212 [preauth]
Sep 29 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: Failed password for root from 162.144.236.216 port 36346 ssh2
Sep 29 16:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: Connection closed by 162.144.236.216 port 36346 [preauth]
Sep 29 16:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Failed password for root from 162.144.236.216 port 42480 ssh2
Sep 29 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Connection closed by 162.144.236.216 port 42480 [preauth]
Sep 29 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16281]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: Successful su for rubyman by root
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: + ??? root:rubyman
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315773 of user rubyman.
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315773.
Sep 29 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Failed password for root from 162.144.236.216 port 49036 ssh2
Sep 29 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16269]: Connection closed by 162.144.236.216 port 49036 [preauth]
Sep 29 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13310]: pam_unix(cron:session): session closed for user root
Sep 29 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: Failed password for root from 162.144.236.216 port 56296 ssh2
Sep 29 16:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: Connection closed by 162.144.236.216 port 56296 [preauth]
Sep 29 16:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: Failed password for root from 162.144.236.216 port 34178 ssh2
Sep 29 16:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16586]: Connection closed by 162.144.236.216 port 34178 [preauth]
Sep 29 16:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Failed password for root from 162.144.236.216 port 39796 ssh2
Sep 29 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Connection closed by 162.144.236.216 port 39796 [preauth]
Sep 29 16:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session closed for user root
Sep 29 16:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Failed password for root from 162.144.236.216 port 48190 ssh2
Sep 29 16:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Connection closed by 162.144.236.216 port 48190 [preauth]
Sep 29 16:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16686]: Failed password for root from 162.144.236.216 port 55870 ssh2
Sep 29 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16686]: Connection closed by 162.144.236.216 port 55870 [preauth]
Sep 29 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: Failed password for root from 162.144.236.216 port 33256 ssh2
Sep 29 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: Connection closed by 162.144.236.216 port 33256 [preauth]
Sep 29 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: Successful su for rubyman by root
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: + ??? root:rubyman
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315778 of user rubyman.
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16826]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315778.
Sep 29 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Failed password for root from 162.144.236.216 port 40446 ssh2
Sep 29 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Connection closed by 162.144.236.216 port 40446 [preauth]
Sep 29 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session closed for user root
Sep 29 16:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16757]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Failed password for root from 162.144.236.216 port 47490 ssh2
Sep 29 16:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Connection closed by 162.144.236.216 port 47490 [preauth]
Sep 29 16:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: Failed password for root from 162.144.236.216 port 54638 ssh2
Sep 29 16:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: Connection closed by 162.144.236.216 port 54638 [preauth]
Sep 29 16:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17070]: Connection closed by 18.206.120.43 port 41298 [preauth]
Sep 29 16:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: Failed password for root from 162.144.236.216 port 34690 ssh2
Sep 29 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: Connection closed by 162.144.236.216 port 34690 [preauth]
Sep 29 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session closed for user root
Sep 29 16:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Failed password for root from 162.144.236.216 port 41154 ssh2
Sep 29 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Connection closed by 162.144.236.216 port 41154 [preauth]
Sep 29 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for root from 162.144.236.216 port 47362 ssh2
Sep 29 16:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Connection closed by 162.144.236.216 port 47362 [preauth]
Sep 29 16:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for root from 162.144.236.216 port 54334 ssh2
Sep 29 16:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 162.144.236.216 port 54334 [preauth]
Sep 29 16:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17226]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17227]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17225]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session closed for user root
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: Failed password for root from 162.144.236.216 port 60950 ssh2
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17304]: Successful su for rubyman by root
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17304]: + ??? root:rubyman
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315782 of user rubyman.
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17304]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315782.
Sep 29 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17210]: Connection closed by 162.144.236.216 port 60950 [preauth]
Sep 29 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user root
Sep 29 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17225]: pam_unix(cron:session): session closed for user root
Sep 29 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Invalid user steam from 185.156.73.233
Sep 29 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: input_userauth_request: invalid user steam [preauth]
Sep 29 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Failed password for root from 162.144.236.216 port 40060 ssh2
Sep 29 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Connection closed by 162.144.236.216 port 40060 [preauth]
Sep 29 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Failed password for invalid user steam from 185.156.73.233 port 15522 ssh2
Sep 29 16:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Connection closed by 185.156.73.233 port 15522 [preauth]
Sep 29 16:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Failed password for root from 162.144.236.216 port 46640 ssh2
Sep 29 16:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17541]: Connection closed by 162.144.236.216 port 46640 [preauth]
Sep 29 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: Failed password for root from 162.144.236.216 port 55802 ssh2
Sep 29 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
Sep 29 16:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: Connection closed by 162.144.236.216 port 55802 [preauth]
Sep 29 16:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Failed password for root from 162.144.236.216 port 36046 ssh2
Sep 29 16:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Connection closed by 162.144.236.216 port 36046 [preauth]
Sep 29 16:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Invalid user var from 167.99.55.34
Sep 29 16:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: input_userauth_request: invalid user var [preauth]
Sep 29 16:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Failed password for invalid user var from 167.99.55.34 port 57852 ssh2
Sep 29 16:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Connection closed by 167.99.55.34 port 57852 [preauth]
Sep 29 16:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Failed password for root from 162.144.236.216 port 42036 ssh2
Sep 29 16:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Connection closed by 162.144.236.216 port 42036 [preauth]
Sep 29 16:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: Failed password for root from 162.144.236.216 port 49322 ssh2
Sep 29 16:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: Connection closed by 162.144.236.216 port 49322 [preauth]
Sep 29 16:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17744]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17878]: Successful su for rubyman by root
Sep 29 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17878]: + ??? root:rubyman
Sep 29 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315788 of user rubyman.
Sep 29 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17878]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315788.
Sep 29 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session closed for user root
Sep 29 16:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Failed password for root from 162.144.236.216 port 56786 ssh2
Sep 29 16:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Connection closed by 162.144.236.216 port 56786 [preauth]
Sep 29 16:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17742]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Failed password for root from 162.144.236.216 port 34904 ssh2
Sep 29 16:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Connection closed by 162.144.236.216 port 34904 [preauth]
Sep 29 16:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for root from 162.144.236.216 port 41188 ssh2
Sep 29 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Connection closed by 162.144.236.216 port 41188 [preauth]
Sep 29 16:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18269]: Failed password for root from 162.144.236.216 port 47818 ssh2
Sep 29 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18269]: Connection closed by 162.144.236.216 port 47818 [preauth]
Sep 29 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16759]: pam_unix(cron:session): session closed for user root
Sep 29 16:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Failed password for root from 162.144.236.216 port 56018 ssh2
Sep 29 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Connection closed by 162.144.236.216 port 56018 [preauth]
Sep 29 16:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Failed password for root from 162.144.236.216 port 33906 ssh2
Sep 29 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Connection closed by 162.144.236.216 port 33906 [preauth]
Sep 29 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for root from 162.144.236.216 port 41640 ssh2
Sep 29 16:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Connection closed by 162.144.236.216 port 41640 [preauth]
Sep 29 16:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18513]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: Successful su for rubyman by root
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: + ??? root:rubyman
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315793 of user rubyman.
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18598]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315793.
Sep 29 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session closed for user root
Sep 29 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Failed password for root from 162.144.236.216 port 49736 ssh2
Sep 29 16:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18515]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Connection closed by 162.144.236.216 port 49736 [preauth]
Sep 29 16:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Failed password for root from 162.144.236.216 port 55190 ssh2
Sep 29 16:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Connection closed by 162.144.236.216 port 55190 [preauth]
Sep 29 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: Failed password for root from 162.144.236.216 port 33770 ssh2
Sep 29 16:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18857]: Connection closed by 162.144.236.216 port 33770 [preauth]
Sep 29 16:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Failed password for root from 162.144.236.216 port 40092 ssh2
Sep 29 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Connection closed by 162.144.236.216 port 40092 [preauth]
Sep 29 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17227]: pam_unix(cron:session): session closed for user root
Sep 29 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Failed password for root from 162.144.236.216 port 46174 ssh2
Sep 29 16:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18904]: Connection closed by 162.144.236.216 port 46174 [preauth]
Sep 29 16:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for root from 162.144.236.216 port 53594 ssh2
Sep 29 16:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Connection closed by 162.144.236.216 port 53594 [preauth]
Sep 29 16:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Failed password for root from 162.144.236.216 port 34674 ssh2
Sep 29 16:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18989]: Connection closed by 162.144.236.216 port 34674 [preauth]
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19023]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: Successful su for rubyman by root
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: + ??? root:rubyman
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315796 of user rubyman.
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315796.
Sep 29 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session closed for user root
Sep 29 16:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19024]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19063]: Failed password for root from 162.144.236.216 port 42034 ssh2
Sep 29 16:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19063]: Connection closed by 162.144.236.216 port 42034 [preauth]
Sep 29 16:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: Failed password for root from 162.144.236.216 port 49642 ssh2
Sep 29 16:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: Connection closed by 162.144.236.216 port 49642 [preauth]
Sep 29 16:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Failed password for root from 162.144.236.216 port 56706 ssh2
Sep 29 16:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Connection closed by 162.144.236.216 port 56706 [preauth]
Sep 29 16:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17744]: pam_unix(cron:session): session closed for user root
Sep 29 16:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for root from 162.144.236.216 port 32814 ssh2
Sep 29 16:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Connection closed by 162.144.236.216 port 32814 [preauth]
Sep 29 16:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Failed password for root from 162.144.236.216 port 41176 ssh2
Sep 29 16:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Connection closed by 162.144.236.216 port 41176 [preauth]
Sep 29 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Failed password for root from 162.144.236.216 port 48654 ssh2
Sep 29 16:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Connection closed by 162.144.236.216 port 48654 [preauth]
Sep 29 16:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Failed password for root from 162.144.236.216 port 54646 ssh2
Sep 29 16:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Connection closed by 162.144.236.216 port 54646 [preauth]
Sep 29 16:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19808]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19914]: Successful su for rubyman by root
Sep 29 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19914]: + ??? root:rubyman
Sep 29 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315799 of user rubyman.
Sep 29 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19914]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315799.
Sep 29 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user root
Sep 29 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Failed password for root from 162.144.236.216 port 60494 ssh2
Sep 29 16:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19809]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Connection closed by 162.144.236.216 port 60494 [preauth]
Sep 29 16:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Failed password for root from 162.144.236.216 port 40272 ssh2
Sep 29 16:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Connection closed by 162.144.236.216 port 40272 [preauth]
Sep 29 16:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Failed password for root from 162.144.236.216 port 48308 ssh2
Sep 29 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Connection closed by 162.144.236.216 port 48308 [preauth]
Sep 29 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session closed for user root
Sep 29 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20229]: Failed password for root from 162.144.236.216 port 55326 ssh2
Sep 29 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20229]: Connection closed by 162.144.236.216 port 55326 [preauth]
Sep 29 16:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Failed password for root from 162.144.236.216 port 32948 ssh2
Sep 29 16:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20270]: Connection closed by 162.144.236.216 port 32948 [preauth]
Sep 29 16:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Failed password for root from 162.144.236.216 port 39056 ssh2
Sep 29 16:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Connection closed by 162.144.236.216 port 39056 [preauth]
Sep 29 16:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Failed password for root from 162.144.236.216 port 44892 ssh2
Sep 29 16:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Connection closed by 162.144.236.216 port 44892 [preauth]
Sep 29 16:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20350]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20349]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20350]: pam_unix(cron:session): session closed for user root
Sep 29 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20430]: Successful su for rubyman by root
Sep 29 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20430]: + ??? root:rubyman
Sep 29 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315806 of user rubyman.
Sep 29 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20430]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315806.
Sep 29 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Failed password for root from 162.144.236.216 port 52358 ssh2
Sep 29 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20338]: Connection closed by 162.144.236.216 port 52358 [preauth]
Sep 29 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16758]: pam_unix(cron:session): session closed for user root
Sep 29 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user root
Sep 29 16:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for root from 162.144.236.216 port 58460 ssh2
Sep 29 16:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 162.144.236.216 port 58460 [preauth]
Sep 29 16:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Failed password for root from 162.144.236.216 port 38784 ssh2
Sep 29 16:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Connection closed by 162.144.236.216 port 38784 [preauth]
Sep 29 16:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Failed password for root from 162.144.236.216 port 43784 ssh2
Sep 29 16:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Connection closed by 162.144.236.216 port 43784 [preauth]
Sep 29 16:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19026]: pam_unix(cron:session): session closed for user root
Sep 29 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Failed password for root from 162.144.236.216 port 49758 ssh2
Sep 29 16:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Connection closed by 162.144.236.216 port 49758 [preauth]
Sep 29 16:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: Failed password for root from 162.144.236.216 port 55230 ssh2
Sep 29 16:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20765]: Connection closed by 162.144.236.216 port 55230 [preauth]
Sep 29 16:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Failed password for root from 162.144.236.216 port 34440 ssh2
Sep 29 16:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Connection closed by 162.144.236.216 port 34440 [preauth]
Sep 29 16:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20850]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20851]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20848]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: Successful su for rubyman by root
Sep 29 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: + ??? root:rubyman
Sep 29 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315809 of user rubyman.
Sep 29 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20924]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315809.
Sep 29 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: Failed password for root from 162.144.236.216 port 42922 ssh2
Sep 29 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: Connection closed by 162.144.236.216 port 42922 [preauth]
Sep 29 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20849]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17226]: pam_unix(cron:session): session closed for user root
Sep 29 16:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Failed password for root from 162.144.236.216 port 52276 ssh2
Sep 29 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Connection closed by 162.144.236.216 port 52276 [preauth]
Sep 29 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Failed password for root from 162.144.236.216 port 58524 ssh2
Sep 29 16:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Connection closed by 162.144.236.216 port 58524 [preauth]
Sep 29 16:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: Failed password for root from 162.144.236.216 port 38072 ssh2
Sep 29 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21189]: Connection closed by 162.144.236.216 port 38072 [preauth]
Sep 29 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session closed for user root
Sep 29 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: Failed password for root from 162.144.236.216 port 44744 ssh2
Sep 29 16:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21211]: Connection closed by 162.144.236.216 port 44744 [preauth]
Sep 29 16:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: Failed password for root from 162.144.236.216 port 53890 ssh2
Sep 29 16:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21253]: Connection closed by 162.144.236.216 port 53890 [preauth]
Sep 29 16:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Failed password for root from 162.144.236.216 port 58996 ssh2
Sep 29 16:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Connection closed by 162.144.236.216 port 58996 [preauth]
Sep 29 16:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21298]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21363]: Successful su for rubyman by root
Sep 29 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21363]: + ??? root:rubyman
Sep 29 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315813 of user rubyman.
Sep 29 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21363]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315813.
Sep 29 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17743]: pam_unix(cron:session): session closed for user root
Sep 29 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Failed password for root from 162.144.236.216 port 37682 ssh2
Sep 29 16:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21299]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Connection closed by 162.144.236.216 port 37682 [preauth]
Sep 29 16:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Failed password for root from 162.144.236.216 port 45064 ssh2
Sep 29 16:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Connection closed by 162.144.236.216 port 45064 [preauth]
Sep 29 16:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Failed password for root from 162.144.236.216 port 50666 ssh2
Sep 29 16:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21595]: Connection closed by 162.144.236.216 port 50666 [preauth]
Sep 29 16:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Failed password for root from 162.144.236.216 port 57968 ssh2
Sep 29 16:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Connection closed by 162.144.236.216 port 57968 [preauth]
Sep 29 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20349]: pam_unix(cron:session): session closed for user root
Sep 29 16:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: Failed password for root from 162.144.236.216 port 37560 ssh2
Sep 29 16:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21653]: Connection closed by 162.144.236.216 port 37560 [preauth]
Sep 29 16:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Failed password for root from 162.144.236.216 port 44422 ssh2
Sep 29 16:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Connection closed by 162.144.236.216 port 44422 [preauth]
Sep 29 16:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: Failed password for root from 162.144.236.216 port 51334 ssh2
Sep 29 16:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21722]: Connection closed by 162.144.236.216 port 51334 [preauth]
Sep 29 16:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21817]: Successful su for rubyman by root
Sep 29 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21817]: + ??? root:rubyman
Sep 29 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315817 of user rubyman.
Sep 29 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21817]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315817.
Sep 29 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session closed for user root
Sep 29 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: Failed password for root from 162.144.236.216 port 58040 ssh2
Sep 29 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: Connection closed by 162.144.236.216 port 58040 [preauth]
Sep 29 16:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22029]: Failed password for root from 162.144.236.216 port 37748 ssh2
Sep 29 16:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: Invalid user www from 167.99.55.34
Sep 29 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: input_userauth_request: invalid user www [preauth]
Sep 29 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22029]: Connection closed by 162.144.236.216 port 37748 [preauth]
Sep 29 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: Failed password for invalid user www from 167.99.55.34 port 55090 ssh2
Sep 29 16:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22063]: Connection closed by 167.99.55.34 port 55090 [preauth]
Sep 29 16:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: Failed password for root from 162.144.236.216 port 44792 ssh2
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Invalid user user from 80.94.95.112
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: input_userauth_request: invalid user user [preauth]
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22065]: Connection closed by 162.144.236.216 port 44792 [preauth]
Sep 29 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for invalid user user from 80.94.95.112 port 64071 ssh2
Sep 29 16:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for invalid user user from 80.94.95.112 port 64071 ssh2
Sep 29 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for invalid user user from 80.94.95.112 port 64071 ssh2
Sep 29 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Failed password for root from 162.144.236.216 port 50656 ssh2
Sep 29 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Connection closed by 162.144.236.216 port 50656 [preauth]
Sep 29 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20851]: pam_unix(cron:session): session closed for user root
Sep 29 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for invalid user user from 80.94.95.112 port 64071 ssh2
Sep 29 16:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Failed password for invalid user user from 80.94.95.112 port 64071 ssh2
Sep 29 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Received disconnect from 80.94.95.112 port 64071:11: Bye [preauth]
Sep 29 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: Disconnected from 80.94.95.112 port 64071 [preauth]
Sep 29 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22079]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 16:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: Failed password for root from 162.144.236.216 port 57394 ssh2
Sep 29 16:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: Connection closed by 162.144.236.216 port 57394 [preauth]
Sep 29 16:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Failed password for root from 162.144.236.216 port 35946 ssh2
Sep 29 16:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Connection closed by 162.144.236.216 port 35946 [preauth]
Sep 29 16:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for root from 162.144.236.216 port 43262 ssh2
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Connection closed by 162.144.236.216 port 43262 [preauth]
Sep 29 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22286]: Successful su for rubyman by root
Sep 29 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22286]: + ??? root:rubyman
Sep 29 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315823 of user rubyman.
Sep 29 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22286]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315823.
Sep 29 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19025]: pam_unix(cron:session): session closed for user root
Sep 29 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Failed password for root from 162.144.236.216 port 51138 ssh2
Sep 29 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Connection closed by 162.144.236.216 port 51138 [preauth]
Sep 29 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22213]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: Failed password for root from 162.144.236.216 port 55538 ssh2
Sep 29 16:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: Connection closed by 162.144.236.216 port 55538 [preauth]
Sep 29 16:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Failed password for root from 162.144.236.216 port 32986 ssh2
Sep 29 16:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22511]: Connection closed by 162.144.236.216 port 32986 [preauth]
Sep 29 16:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Failed password for root from 162.144.236.216 port 39696 ssh2
Sep 29 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Connection closed by 162.144.236.216 port 39696 [preauth]
Sep 29 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session closed for user root
Sep 29 16:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Failed password for root from 162.144.236.216 port 45668 ssh2
Sep 29 16:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Connection closed by 162.144.236.216 port 45668 [preauth]
Sep 29 16:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Failed password for root from 162.144.236.216 port 52002 ssh2
Sep 29 16:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Connection closed by 162.144.236.216 port 52002 [preauth]
Sep 29 16:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: Failed password for root from 162.144.236.216 port 58928 ssh2
Sep 29 16:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: Connection closed by 162.144.236.216 port 58928 [preauth]
Sep 29 16:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22696]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22695]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22697]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session closed for user root
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22688]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22948]: Successful su for rubyman by root
Sep 29 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22948]: + ??? root:rubyman
Sep 29 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315829 of user rubyman.
Sep 29 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22948]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315829.
Sep 29 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Failed password for root from 162.144.236.216 port 38896 ssh2
Sep 29 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Connection closed by 162.144.236.216 port 38896 [preauth]
Sep 29 16:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22695]: pam_unix(cron:session): session closed for user root
Sep 29 16:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session closed for user root
Sep 29 16:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22689]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Failed password for root from 162.144.236.216 port 44616 ssh2
Sep 29 16:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Connection closed by 162.144.236.216 port 44616 [preauth]
Sep 29 16:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Invalid user admin123 from 185.156.73.233
Sep 29 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: input_userauth_request: invalid user admin123 [preauth]
Sep 29 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 16:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user admin123 from 185.156.73.233 port 15986 ssh2
Sep 29 16:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Connection closed by 185.156.73.233 port 15986 [preauth]
Sep 29 16:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21752]: pam_unix(cron:session): session closed for user root
Sep 29 16:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for root from 162.144.236.216 port 50456 ssh2
Sep 29 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Connection closed by 162.144.236.216 port 50456 [preauth]
Sep 29 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23364]: Failed password for root from 162.144.236.216 port 58518 ssh2
Sep 29 16:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23364]: Connection closed by 162.144.236.216 port 58518 [preauth]
Sep 29 16:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Failed password for root from 162.144.236.216 port 36098 ssh2
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: Successful su for rubyman by root
Sep 29 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: + ??? root:rubyman
Sep 29 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315831 of user rubyman.
Sep 29 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23545]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315831.
Sep 29 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Connection closed by 162.144.236.216 port 36098 [preauth]
Sep 29 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session closed for user root
Sep 29 16:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23860]: Did not receive identification string from 162.144.236.216
Sep 29 16:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: Failed password for root from 162.144.236.216 port 45756 ssh2
Sep 29 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23943]: Connection closed by 162.144.236.216 port 45756 [preauth]
Sep 29 16:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Failed password for root from 162.144.236.216 port 50994 ssh2
Sep 29 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Connection closed by 162.144.236.216 port 50994 [preauth]
Sep 29 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session closed for user root
Sep 29 16:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for root from 162.144.236.216 port 56564 ssh2
Sep 29 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Connection closed by 148.113.193.79 port 34538 [preauth]
Sep 29 16:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 162.144.236.216 port 56564 [preauth]
Sep 29 16:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: Failed password for root from 162.144.236.216 port 36676 ssh2
Sep 29 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24072]: Connection closed by 162.144.236.216 port 36676 [preauth]
Sep 29 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Failed password for root from 162.144.236.216 port 43506 ssh2
Sep 29 16:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Connection closed by 162.144.236.216 port 43506 [preauth]
Sep 29 16:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: Successful su for rubyman by root
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: + ??? root:rubyman
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315835 of user rubyman.
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315835.
Sep 29 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Failed password for root from 162.144.236.216 port 49566 ssh2
Sep 29 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Connection closed by 162.144.236.216 port 49566 [preauth]
Sep 29 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20850]: pam_unix(cron:session): session closed for user root
Sep 29 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Failed password for root from 162.144.236.216 port 54680 ssh2
Sep 29 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Connection closed by 162.144.236.216 port 54680 [preauth]
Sep 29 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: Invalid user  from 45.78.196.59
Sep 29 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: input_userauth_request: invalid user  [preauth]
Sep 29 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: Failed password for root from 162.144.236.216 port 60978 ssh2
Sep 29 16:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24447]: Connection closed by 45.78.196.59 port 51668 [preauth]
Sep 29 16:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: Connection closed by 162.144.236.216 port 60978 [preauth]
Sep 29 16:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Failed password for root from 162.144.236.216 port 39102 ssh2
Sep 29 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Connection closed by 162.144.236.216 port 39102 [preauth]
Sep 29 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Failed password for root from 162.144.236.216 port 46344 ssh2
Sep 29 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22697]: pam_unix(cron:session): session closed for user root
Sep 29 16:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Connection closed by 162.144.236.216 port 46344 [preauth]
Sep 29 16:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Failed password for root from 162.144.236.216 port 53172 ssh2
Sep 29 16:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Connection closed by 162.144.236.216 port 53172 [preauth]
Sep 29 16:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Failed password for root from 162.144.236.216 port 59300 ssh2
Sep 29 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Connection closed by 162.144.236.216 port 59300 [preauth]
Sep 29 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Invalid user focus from 213.209.157.9
Sep 29 16:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: input_userauth_request: invalid user focus [preauth]
Sep 29 16:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Failed password for root from 162.144.236.216 port 37296 ssh2
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Connection closed by 162.144.236.216 port 37296 [preauth]
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: Successful su for rubyman by root
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: + ??? root:rubyman
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315840 of user rubyman.
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24710]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315840.
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Failed password for invalid user focus from 213.209.157.9 port 14714 ssh2
Sep 29 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21300]: pam_unix(cron:session): session closed for user root
Sep 29 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Connection closed by 213.209.157.9 port 14714 [preauth]
Sep 29 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: Failed password for root from 162.144.236.216 port 45604 ssh2
Sep 29 16:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24635]: Connection closed by 162.144.236.216 port 45604 [preauth]
Sep 29 16:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: Failed password for root from 162.144.236.216 port 50670 ssh2
Sep 29 16:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: Connection closed by 162.144.236.216 port 50670 [preauth]
Sep 29 16:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Failed password for root from 162.144.236.216 port 57022 ssh2
Sep 29 16:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24939]: Connection closed by 162.144.236.216 port 57022 [preauth]
Sep 29 16:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Failed password for root from 162.144.236.216 port 36524 ssh2
Sep 29 16:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Connection closed by 162.144.236.216 port 36524 [preauth]
Sep 29 16:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user root
Sep 29 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Failed password for root from 162.144.236.216 port 41526 ssh2
Sep 29 16:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Connection closed by 162.144.236.216 port 41526 [preauth]
Sep 29 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Failed password for root from 162.144.236.216 port 47568 ssh2
Sep 29 16:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Connection closed by 162.144.236.216 port 47568 [preauth]
Sep 29 16:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Failed password for root from 162.144.236.216 port 54222 ssh2
Sep 29 16:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Connection closed by 162.144.236.216 port 54222 [preauth]
Sep 29 16:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Failed password for root from 162.144.236.216 port 60914 ssh2
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: Successful su for rubyman by root
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: + ??? root:rubyman
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315844 of user rubyman.
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315844.
Sep 29 16:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25082]: Connection closed by 162.144.236.216 port 60914 [preauth]
Sep 29 16:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21751]: pam_unix(cron:session): session closed for user root
Sep 29 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25277]: Failed password for root from 162.144.236.216 port 39408 ssh2
Sep 29 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25277]: Connection closed by 162.144.236.216 port 39408 [preauth]
Sep 29 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: Failed password for root from 162.144.236.216 port 46010 ssh2
Sep 29 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: Connection closed by 162.144.236.216 port 46010 [preauth]
Sep 29 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Failed password for root from 162.144.236.216 port 52744 ssh2
Sep 29 16:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Connection closed by 162.144.236.216 port 52744 [preauth]
Sep 29 16:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
Sep 29 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: Failed password for root from 162.144.236.216 port 58818 ssh2
Sep 29 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: Connection closed by 162.144.236.216 port 58818 [preauth]
Sep 29 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: Failed password for root from 162.144.236.216 port 37318 ssh2
Sep 29 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: Connection closed by 162.144.236.216 port 37318 [preauth]
Sep 29 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Failed password for root from 162.144.236.216 port 42592 ssh2
Sep 29 16:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25733]: Connection closed by 162.144.236.216 port 42592 [preauth]
Sep 29 16:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Failed password for root from 162.144.236.216 port 47340 ssh2
Sep 29 16:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Connection closed by 162.144.236.216 port 47340 [preauth]
Sep 29 16:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25902]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25903]: pam_unix(cron:session): session closed for user root
Sep 29 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25897]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25992]: Successful su for rubyman by root
Sep 29 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25992]: + ??? root:rubyman
Sep 29 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315847 of user rubyman.
Sep 29 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25992]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315847.
Sep 29 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25899]: pam_unix(cron:session): session closed for user root
Sep 29 16:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session closed for user root
Sep 29 16:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25898]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Failed password for root from 162.144.236.216 port 53960 ssh2
Sep 29 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Connection closed by 162.144.236.216 port 53960 [preauth]
Sep 29 16:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: Invalid user admin from 139.19.117.131
Sep 29 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: input_userauth_request: invalid user admin [preauth]
Sep 29 16:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session closed for user root
Sep 29 16:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26276]: Connection closed by 139.19.117.131 port 49724 [preauth]
Sep 29 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Failed password for root from 162.144.236.216 port 36842 ssh2
Sep 29 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Connection closed by 162.144.236.216 port 36842 [preauth]
Sep 29 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Invalid user tmp from 167.99.55.34
Sep 29 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: input_userauth_request: invalid user tmp [preauth]
Sep 29 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Failed password for root from 162.144.236.216 port 45334 ssh2
Sep 29 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Failed password for invalid user tmp from 167.99.55.34 port 37490 ssh2
Sep 29 16:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Connection closed by 167.99.55.34 port 37490 [preauth]
Sep 29 16:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Connection closed by 162.144.236.216 port 45334 [preauth]
Sep 29 16:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26514]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26584]: Successful su for rubyman by root
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26584]: + ??? root:rubyman
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315853 of user rubyman.
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26584]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315853.
Sep 29 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22696]: pam_unix(cron:session): session closed for user root
Sep 29 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: Failed password for root from 162.144.236.216 port 52032 ssh2
Sep 29 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26494]: Connection closed by 162.144.236.216 port 52032 [preauth]
Sep 29 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Failed password for root from 162.144.236.216 port 57036 ssh2
Sep 29 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Connection closed by 162.144.236.216 port 57036 [preauth]
Sep 29 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Failed password for root from 162.144.236.216 port 36910 ssh2
Sep 29 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26916]: Connection closed by 162.144.236.216 port 36910 [preauth]
Sep 29 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session closed for user root
Sep 29 16:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Failed password for root from 162.144.236.216 port 44578 ssh2
Sep 29 16:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Connection closed by 162.144.236.216 port 44578 [preauth]
Sep 29 16:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27082]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27050]: Failed password for root from 162.144.236.216 port 49508 ssh2
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: Successful su for rubyman by root
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: + ??? root:rubyman
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315857 of user rubyman.
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315857.
Sep 29 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
Sep 29 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27050]: Connection closed by 162.144.236.216 port 49508 [preauth]
Sep 29 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27083]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: Failed password for root from 162.144.236.216 port 59156 ssh2
Sep 29 16:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: Connection closed by 162.144.236.216 port 59156 [preauth]
Sep 29 16:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Failed password for root from 162.144.236.216 port 38474 ssh2
Sep 29 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27417]: Connection closed by 162.144.236.216 port 38474 [preauth]
Sep 29 16:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25902]: pam_unix(cron:session): session closed for user root
Sep 29 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: Failed password for root from 162.144.236.216 port 48982 ssh2
Sep 29 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27458]: Connection closed by 162.144.236.216 port 48982 [preauth]
Sep 29 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Failed password for root from 162.144.236.216 port 54220 ssh2
Sep 29 16:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Connection closed by 162.144.236.216 port 54220 [preauth]
Sep 29 16:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.196.59  user=root
Sep 29 16:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Failed password for root from 45.78.196.59 port 51010 ssh2
Sep 29 16:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27682]: Connection reset by 45.78.196.59 port 51010 [preauth]
Sep 29 16:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Failed password for root from 162.144.236.216 port 33266 ssh2
Sep 29 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Connection closed by 162.144.236.216 port 33266 [preauth]
Sep 29 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Failed password for root from 162.144.236.216 port 40538 ssh2
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Connection closed by 162.144.236.216 port 40538 [preauth]
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27811]: Successful su for rubyman by root
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27811]: + ??? root:rubyman
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315862 of user rubyman.
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27811]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315862.
Sep 29 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user root
Sep 29 16:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27827]: Failed password for root from 162.144.236.216 port 45924 ssh2
Sep 29 16:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27827]: Connection closed by 162.144.236.216 port 45924 [preauth]
Sep 29 16:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: Failed password for root from 162.144.236.216 port 52964 ssh2
Sep 29 16:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: Connection closed by 162.144.236.216 port 52964 [preauth]
Sep 29 16:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Failed password for root from 162.144.236.216 port 59272 ssh2
Sep 29 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Connection closed by 162.144.236.216 port 59272 [preauth]
Sep 29 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for root from 162.144.236.216 port 36966 ssh2
Sep 29 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 162.144.236.216 port 36966 [preauth]
Sep 29 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26514]: pam_unix(cron:session): session closed for user root
Sep 29 16:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: Failed password for root from 162.144.236.216 port 43130 ssh2
Sep 29 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28111]: Connection closed by 162.144.236.216 port 43130 [preauth]
Sep 29 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: Failed password for root from 162.144.236.216 port 50242 ssh2
Sep 29 16:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: Connection closed by 162.144.236.216 port 50242 [preauth]
Sep 29 16:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Failed password for root from 162.144.236.216 port 56802 ssh2
Sep 29 16:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Connection closed by 162.144.236.216 port 56802 [preauth]
Sep 29 16:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28215]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: Successful su for rubyman by root
Sep 29 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: + ??? root:rubyman
Sep 29 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315866 of user rubyman.
Sep 29 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28366]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315866.
Sep 29 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session closed for user root
Sep 29 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session closed for user root
Sep 29 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Failed password for root from 162.144.236.216 port 35688 ssh2
Sep 29 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28200]: Connection closed by 162.144.236.216 port 35688 [preauth]
Sep 29 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: Failed password for root from 162.144.236.216 port 42702 ssh2
Sep 29 16:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: Connection closed by 162.144.236.216 port 42702 [preauth]
Sep 29 16:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Failed password for root from 162.144.236.216 port 50312 ssh2
Sep 29 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Connection closed by 162.144.236.216 port 50312 [preauth]
Sep 29 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Failed password for root from 162.144.236.216 port 55830 ssh2
Sep 29 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Invalid user ubnt from 80.94.95.115
Sep 29 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Connection closed by 162.144.236.216 port 55830 [preauth]
Sep 29 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Failed password for invalid user ubnt from 80.94.95.115 port 33236 ssh2
Sep 29 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Connection closed by 80.94.95.115 port 33236 [preauth]
Sep 29 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session closed for user root
Sep 29 16:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: Failed password for root from 162.144.236.216 port 34658 ssh2
Sep 29 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: Connection closed by 162.144.236.216 port 34658 [preauth]
Sep 29 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: Failed password for root from 162.144.236.216 port 41858 ssh2
Sep 29 16:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: Connection closed by 162.144.236.216 port 41858 [preauth]
Sep 29 16:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Failed password for root from 162.144.236.216 port 48180 ssh2
Sep 29 16:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Connection closed by 162.144.236.216 port 48180 [preauth]
Sep 29 16:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session closed for user root
Sep 29 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29092]: Successful su for rubyman by root
Sep 29 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29092]: + ??? root:rubyman
Sep 29 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315873 of user rubyman.
Sep 29 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29092]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315873.
Sep 29 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Failed password for root from 162.144.236.216 port 54270 ssh2
Sep 29 16:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Connection closed by 162.144.236.216 port 54270 [preauth]
Sep 29 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25098]: pam_unix(cron:session): session closed for user root
Sep 29 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session closed for user root
Sep 29 16:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: Failed password for root from 162.144.236.216 port 33386 ssh2
Sep 29 16:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: Connection closed by 162.144.236.216 port 33386 [preauth]
Sep 29 16:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for root from 162.144.236.216 port 39366 ssh2
Sep 29 16:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Connection closed by 162.144.236.216 port 39366 [preauth]
Sep 29 16:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Failed password for root from 162.144.236.216 port 46652 ssh2
Sep 29 16:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Connection closed by 162.144.236.216 port 46652 [preauth]
Sep 29 16:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session closed for user root
Sep 29 16:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Failed password for root from 162.144.236.216 port 53504 ssh2
Sep 29 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Connection closed by 162.144.236.216 port 53504 [preauth]
Sep 29 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Failed password for root from 162.144.236.216 port 60382 ssh2
Sep 29 16:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Connection closed by 162.144.236.216 port 60382 [preauth]
Sep 29 16:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Invalid user admin from 78.128.112.74
Sep 29 16:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: input_userauth_request: invalid user admin [preauth]
Sep 29 16:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 16:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Failed password for invalid user admin from 78.128.112.74 port 45034 ssh2
Sep 29 16:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 78.128.112.74 port 45034 [preauth]
Sep 29 16:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Failed password for root from 162.144.236.216 port 38676 ssh2
Sep 29 16:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Connection closed by 162.144.236.216 port 38676 [preauth]
Sep 29 16:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29539]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: Successful su for rubyman by root
Sep 29 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: + ??? root:rubyman
Sep 29 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315876 of user rubyman.
Sep 29 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29618]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315876.
Sep 29 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Failed password for root from 162.144.236.216 port 46238 ssh2
Sep 29 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Connection closed by 162.144.236.216 port 46238 [preauth]
Sep 29 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25901]: pam_unix(cron:session): session closed for user root
Sep 29 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29542]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: Failed password for root from 162.144.236.216 port 53232 ssh2
Sep 29 16:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: Connection closed by 162.144.236.216 port 53232 [preauth]
Sep 29 16:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Failed password for root from 162.144.236.216 port 59388 ssh2
Sep 29 16:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Connection closed by 162.144.236.216 port 59388 [preauth]
Sep 29 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Failed password for root from 162.144.236.216 port 38252 ssh2
Sep 29 16:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Connection closed by 162.144.236.216 port 38252 [preauth]
Sep 29 16:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28216]: pam_unix(cron:session): session closed for user root
Sep 29 16:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Failed password for root from 162.144.236.216 port 45752 ssh2
Sep 29 16:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Connection closed by 162.144.236.216 port 45752 [preauth]
Sep 29 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Failed password for root from 162.144.236.216 port 52184 ssh2
Sep 29 16:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Connection closed by 162.144.236.216 port 52184 [preauth]
Sep 29 16:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Failed password for root from 162.144.236.216 port 59942 ssh2
Sep 29 16:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Connection closed by 162.144.236.216 port 59942 [preauth]
Sep 29 16:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: Successful su for rubyman by root
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: + ??? root:rubyman
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315881 of user rubyman.
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315881.
Sep 29 16:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Failed password for root from 162.144.236.216 port 37782 ssh2
Sep 29 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Connection closed by 162.144.236.216 port 37782 [preauth]
Sep 29 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session closed for user root
Sep 29 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30054]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Failed password for root from 162.144.236.216 port 44072 ssh2
Sep 29 16:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Connection closed by 162.144.236.216 port 44072 [preauth]
Sep 29 16:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Failed password for root from 162.144.236.216 port 49706 ssh2
Sep 29 16:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Connection closed by 162.144.236.216 port 49706 [preauth]
Sep 29 16:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Failed password for root from 162.144.236.216 port 56180 ssh2
Sep 29 16:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Connection closed by 162.144.236.216 port 56180 [preauth]
Sep 29 16:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: Failed password for root from 162.144.236.216 port 35198 ssh2
Sep 29 16:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session closed for user root
Sep 29 16:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30474]: Connection closed by 162.144.236.216 port 35198 [preauth]
Sep 29 16:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Failed password for root from 162.144.236.216 port 42846 ssh2
Sep 29 16:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Connection closed by 162.144.236.216 port 42846 [preauth]
Sep 29 16:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Failed password for root from 162.144.236.216 port 48764 ssh2
Sep 29 16:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30618]: Connection closed by 162.144.236.216 port 48764 [preauth]
Sep 29 16:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30730]: Successful su for rubyman by root
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30730]: + ??? root:rubyman
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315885 of user rubyman.
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30730]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315885.
Sep 29 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Failed password for root from 162.144.236.216 port 57982 ssh2
Sep 29 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Connection closed by 162.144.236.216 port 57982 [preauth]
Sep 29 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session closed for user root
Sep 29 16:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Failed password for root from 162.144.236.216 port 35560 ssh2
Sep 29 16:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30889]: Connection closed by 162.144.236.216 port 35560 [preauth]
Sep 29 16:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: Failed password for root from 162.144.236.216 port 42014 ssh2
Sep 29 16:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30947]: Connection closed by 162.144.236.216 port 42014 [preauth]
Sep 29 16:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30976]: Failed password for root from 162.144.236.216 port 47220 ssh2
Sep 29 16:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30976]: Connection closed by 162.144.236.216 port 47220 [preauth]
Sep 29 16:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Failed password for root from 162.144.236.216 port 53898 ssh2
Sep 29 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Invalid user sysadmin from 167.99.55.34
Sep 29 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: input_userauth_request: invalid user sysadmin [preauth]
Sep 29 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Connection closed by 162.144.236.216 port 53898 [preauth]
Sep 29 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session closed for user root
Sep 29 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Failed password for invalid user sysadmin from 167.99.55.34 port 45242 ssh2
Sep 29 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Connection closed by 167.99.55.34 port 45242 [preauth]
Sep 29 16:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: Failed password for root from 162.144.236.216 port 59486 ssh2
Sep 29 16:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31038]: Connection closed by 162.144.236.216 port 59486 [preauth]
Sep 29 16:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Failed password for root from 162.144.236.216 port 37450 ssh2
Sep 29 16:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31073]: Connection closed by 162.144.236.216 port 37450 [preauth]
Sep 29 16:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Failed password for root from 162.144.236.216 port 44602 ssh2
Sep 29 16:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Connection closed by 162.144.236.216 port 44602 [preauth]
Sep 29 16:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: Successful su for rubyman by root
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: + ??? root:rubyman
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315889 of user rubyman.
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31210]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315889.
Sep 29 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Failed password for root from 46.101.170.54 port 59144 ssh2
Sep 29 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Connection closed by 46.101.170.54 port 59144 [preauth]
Sep 29 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session closed for user root
Sep 29 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Failed password for root from 162.144.236.216 port 51582 ssh2
Sep 29 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Connection closed by 162.144.236.216 port 51582 [preauth]
Sep 29 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Failed password for root from 162.144.236.216 port 58560 ssh2
Sep 29 16:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31405]: Connection closed by 162.144.236.216 port 58560 [preauth]
Sep 29 16:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: Failed password for root from 162.144.236.216 port 37546 ssh2
Sep 29 16:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 16:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: Connection closed by 162.144.236.216 port 37546 [preauth]
Sep 29 16:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Failed password for root from 93.152.230.176 port 27170 ssh2
Sep 29 16:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Received disconnect from 93.152.230.176 port 27170:11: Client disconnecting normally [preauth]
Sep 29 16:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31498]: Disconnected from 93.152.230.176 port 27170 [preauth]
Sep 29 16:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Failed password for root from 162.144.236.216 port 44174 ssh2
Sep 29 16:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Connection closed by 162.144.236.216 port 44174 [preauth]
Sep 29 16:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session closed for user root
Sep 29 16:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: Failed password for root from 162.144.236.216 port 49732 ssh2
Sep 29 16:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31537]: Connection closed by 162.144.236.216 port 49732 [preauth]
Sep 29 16:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Failed password for root from 162.144.236.216 port 56698 ssh2
Sep 29 16:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Connection closed by 162.144.236.216 port 56698 [preauth]
Sep 29 16:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31619]: Failed password for root from 162.144.236.216 port 35160 ssh2
Sep 29 16:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31619]: Connection closed by 162.144.236.216 port 35160 [preauth]
Sep 29 16:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31646]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31646]: pam_unix(cron:session): session closed for user root
Sep 29 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: Successful su for rubyman by root
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: + ??? root:rubyman
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315894 of user rubyman.
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31712]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315894.
Sep 29 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Failed password for root from 162.144.236.216 port 42420 ssh2
Sep 29 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Connection closed by 162.144.236.216 port 42420 [preauth]
Sep 29 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31643]: pam_unix(cron:session): session closed for user root
Sep 29 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28215]: pam_unix(cron:session): session closed for user root
Sep 29 16:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Failed password for root from 162.144.236.216 port 49488 ssh2
Sep 29 16:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Connection closed by 162.144.236.216 port 49488 [preauth]
Sep 29 16:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31963]: Failed password for root from 162.144.236.216 port 56294 ssh2
Sep 29 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31963]: Connection closed by 162.144.236.216 port 56294 [preauth]
Sep 29 16:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: Failed password for root from 162.144.236.216 port 34420 ssh2
Sep 29 16:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: Connection closed by 162.144.236.216 port 34420 [preauth]
Sep 29 16:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session closed for user root
Sep 29 16:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32018]: Failed password for root from 162.144.236.216 port 41194 ssh2
Sep 29 16:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32018]: Connection closed by 162.144.236.216 port 41194 [preauth]
Sep 29 16:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for root from 162.144.236.216 port 51264 ssh2
Sep 29 16:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Connection closed by 162.144.236.216 port 51264 [preauth]
Sep 29 16:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Failed password for root from 162.144.236.216 port 57406 ssh2
Sep 29 16:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Connection closed by 162.144.236.216 port 57406 [preauth]
Sep 29 16:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32125]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32209]: Successful su for rubyman by root
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32209]: + ??? root:rubyman
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315899 of user rubyman.
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32209]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315899.
Sep 29 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Failed password for root from 162.144.236.216 port 34866 ssh2
Sep 29 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28995]: pam_unix(cron:session): session closed for user root
Sep 29 16:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Connection closed by 162.144.236.216 port 34866 [preauth]
Sep 29 16:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32126]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Failed password for root from 162.144.236.216 port 43062 ssh2
Sep 29 16:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Connection closed by 162.144.236.216 port 43062 [preauth]
Sep 29 16:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Failed password for root from 162.144.236.216 port 50954 ssh2
Sep 29 16:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Connection closed by 162.144.236.216 port 50954 [preauth]
Sep 29 16:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Failed password for root from 162.144.236.216 port 58752 ssh2
Sep 29 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Connection closed by 162.144.236.216 port 58752 [preauth]
Sep 29 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session closed for user root
Sep 29 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for root from 162.144.236.216 port 36910 ssh2
Sep 29 16:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 162.144.236.216 port 36910 [preauth]
Sep 29 16:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: Failed password for root from 162.144.236.216 port 44344 ssh2
Sep 29 16:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32536]: Connection closed by 162.144.236.216 port 44344 [preauth]
Sep 29 16:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: Failed password for root from 162.144.236.216 port 51524 ssh2
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: Connection closed by 162.144.236.216 port 51524 [preauth]
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32576]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32650]: Successful su for rubyman by root
Sep 29 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32650]: + ??? root:rubyman
Sep 29 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315902 of user rubyman.
Sep 29 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32650]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315902.
Sep 29 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session closed for user root
Sep 29 16:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Failed password for root from 162.144.236.216 port 57008 ssh2
Sep 29 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Connection closed by 162.144.236.216 port 57008 [preauth]
Sep 29 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[386]: Failed password for root from 162.144.236.216 port 35284 ssh2
Sep 29 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[386]: Connection closed by 162.144.236.216 port 35284 [preauth]
Sep 29 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: Failed password for root from 162.144.236.216 port 41788 ssh2
Sep 29 16:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[430]: Connection closed by 162.144.236.216 port 41788 [preauth]
Sep 29 16:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Failed password for root from 162.144.236.216 port 49140 ssh2
Sep 29 16:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Connection closed by 162.144.236.216 port 49140 [preauth]
Sep 29 16:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session closed for user root
Sep 29 16:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Failed password for root from 162.144.236.216 port 54504 ssh2
Sep 29 16:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Connection closed by 162.144.236.216 port 54504 [preauth]
Sep 29 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: Failed password for root from 162.144.236.216 port 33934 ssh2
Sep 29 16:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[530]: Connection closed by 162.144.236.216 port 33934 [preauth]
Sep 29 16:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Failed password for root from 162.144.236.216 port 41776 ssh2
Sep 29 16:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Connection closed by 162.144.236.216 port 41776 [preauth]
Sep 29 16:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: Successful su for rubyman by root
Sep 29 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: + ??? root:rubyman
Sep 29 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315907 of user rubyman.
Sep 29 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315907.
Sep 29 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Invalid user nuc from 164.68.105.9
Sep 29 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: input_userauth_request: invalid user nuc [preauth]
Sep 29 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 16:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session closed for user root
Sep 29 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Failed password for root from 162.144.236.216 port 47772 ssh2
Sep 29 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Failed password for invalid user nuc from 164.68.105.9 port 48266 ssh2
Sep 29 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[707]: Connection closed by 164.68.105.9 port 48266 [preauth]
Sep 29 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[577]: Connection closed by 162.144.236.216 port 47772 [preauth]
Sep 29 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Failed password for root from 162.144.236.216 port 52924 ssh2
Sep 29 16:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Connection closed by 162.144.236.216 port 52924 [preauth]
Sep 29 16:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for root from 162.144.236.216 port 59166 ssh2
Sep 29 16:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Connection closed by 162.144.236.216 port 59166 [preauth]
Sep 29 16:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Failed password for root from 162.144.236.216 port 37880 ssh2
Sep 29 16:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[966]: Connection closed by 162.144.236.216 port 37880 [preauth]
Sep 29 16:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32129]: pam_unix(cron:session): session closed for user root
Sep 29 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Failed password for root from 162.144.236.216 port 45126 ssh2
Sep 29 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Connection closed by 162.144.236.216 port 45126 [preauth]
Sep 29 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Failed password for root from 162.144.236.216 port 52020 ssh2
Sep 29 16:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Connection closed by 162.144.236.216 port 52020 [preauth]
Sep 29 16:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: Failed password for root from 162.144.236.216 port 58866 ssh2
Sep 29 16:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1106]: Connection closed by 162.144.236.216 port 58866 [preauth]
Sep 29 16:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1190]: Successful su for rubyman by root
Sep 29 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1190]: + ??? root:rubyman
Sep 29 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315911 of user rubyman.
Sep 29 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1190]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315911.
Sep 29 16:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30666]: pam_unix(cron:session): session closed for user root
Sep 29 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Failed password for root from 162.144.236.216 port 37454 ssh2
Sep 29 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Connection closed by 162.144.236.216 port 37454 [preauth]
Sep 29 16:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1128]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: Failed password for root from 162.144.236.216 port 45024 ssh2
Sep 29 16:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1399]: Connection closed by 162.144.236.216 port 45024 [preauth]
Sep 29 16:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: Failed password for root from 162.144.236.216 port 50514 ssh2
Sep 29 16:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: Connection closed by 162.144.236.216 port 50514 [preauth]
Sep 29 16:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Failed password for root from 162.144.236.216 port 56764 ssh2
Sep 29 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: Invalid user admin from 185.156.73.233
Sep 29 16:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: input_userauth_request: invalid user admin [preauth]
Sep 29 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Connection closed by 162.144.236.216 port 56764 [preauth]
Sep 29 16:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: Failed password for invalid user admin from 185.156.73.233 port 24198 ssh2
Sep 29 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: Connection closed by 185.156.73.233 port 24198 [preauth]
Sep 29 16:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session closed for user root
Sep 29 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Failed password for root from 162.144.236.216 port 35376 ssh2
Sep 29 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Connection closed by 162.144.236.216 port 35376 [preauth]
Sep 29 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: Failed password for root from 162.144.236.216 port 42628 ssh2
Sep 29 16:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: Connection closed by 162.144.236.216 port 42628 [preauth]
Sep 29 16:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Failed password for root from 162.144.236.216 port 49338 ssh2
Sep 29 16:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Connection closed by 162.144.236.216 port 49338 [preauth]
Sep 29 16:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1623]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1625]: pam_unix(cron:session): session closed for user root
Sep 29 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: Successful su for rubyman by root
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: + ??? root:rubyman
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315915 of user rubyman.
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315915.
Sep 29 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Failed password for root from 162.144.236.216 port 54782 ssh2
Sep 29 16:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Connection closed by 162.144.236.216 port 54782 [preauth]
Sep 29 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session closed for user root
Sep 29 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session closed for user root
Sep 29 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1621]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Failed password for root from 162.144.236.216 port 34562 ssh2
Sep 29 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1817]: Connection closed by 162.144.236.216 port 34562 [preauth]
Sep 29 16:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: Failed password for root from 162.144.236.216 port 40776 ssh2
Sep 29 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1945]: Connection closed by 162.144.236.216 port 40776 [preauth]
Sep 29 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1976]: Failed password for root from 162.144.236.216 port 46620 ssh2
Sep 29 16:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1976]: Connection closed by 162.144.236.216 port 46620 [preauth]
Sep 29 16:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for root from 162.144.236.216 port 53218 ssh2
Sep 29 16:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Connection closed by 162.144.236.216 port 53218 [preauth]
Sep 29 16:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[583]: pam_unix(cron:session): session closed for user root
Sep 29 16:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Failed password for root from 162.144.236.216 port 60002 ssh2
Sep 29 16:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Connection closed by 162.144.236.216 port 60002 [preauth]
Sep 29 16:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Failed password for root from 162.144.236.216 port 38866 ssh2
Sep 29 16:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Connection closed by 162.144.236.216 port 38866 [preauth]
Sep 29 16:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Failed password for root from 162.144.236.216 port 45420 ssh2
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2117]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Connection closed by 162.144.236.216 port 45420 [preauth]
Sep 29 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: Successful su for rubyman by root
Sep 29 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: + ??? root:rubyman
Sep 29 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315920 of user rubyman.
Sep 29 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315920.
Sep 29 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session closed for user root
Sep 29 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2118]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Invalid user system from 167.99.55.34
Sep 29 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: input_userauth_request: invalid user system [preauth]
Sep 29 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Failed password for root from 162.144.236.216 port 52716 ssh2
Sep 29 16:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Connection closed by 162.144.236.216 port 52716 [preauth]
Sep 29 16:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user system from 167.99.55.34 port 41190 ssh2
Sep 29 16:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Connection closed by 167.99.55.34 port 41190 [preauth]
Sep 29 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Failed password for root from 162.144.236.216 port 58900 ssh2
Sep 29 16:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Connection closed by 162.144.236.216 port 58900 [preauth]
Sep 29 16:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Failed password for root from 162.144.236.216 port 36670 ssh2
Sep 29 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Connection closed by 162.144.236.216 port 36670 [preauth]
Sep 29 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for root from 162.144.236.216 port 43340 ssh2
Sep 29 16:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Connection closed by 162.144.236.216 port 43340 [preauth]
Sep 29 16:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1130]: pam_unix(cron:session): session closed for user root
Sep 29 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: Failed password for root from 162.144.236.216 port 48086 ssh2
Sep 29 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: Connection closed by 162.144.236.216 port 48086 [preauth]
Sep 29 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Failed password for root from 162.144.236.216 port 54858 ssh2
Sep 29 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Connection closed by 162.144.236.216 port 54858 [preauth]
Sep 29 16:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2582]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Failed password for root from 162.144.236.216 port 34978 ssh2
Sep 29 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2647]: Successful su for rubyman by root
Sep 29 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2647]: + ??? root:rubyman
Sep 29 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315924 of user rubyman.
Sep 29 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2647]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315924.
Sep 29 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Connection closed by 162.144.236.216 port 34978 [preauth]
Sep 29 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32128]: pam_unix(cron:session): session closed for user root
Sep 29 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2583]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Did not receive identification string from 162.144.236.216
Sep 29 16:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Failed password for root from 162.144.236.216 port 45062 ssh2
Sep 29 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Connection closed by 162.144.236.216 port 45062 [preauth]
Sep 29 16:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session closed for user root
Sep 29 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for root from 162.144.236.216 port 52030 ssh2
Sep 29 16:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection closed by 162.144.236.216 port 52030 [preauth]
Sep 29 16:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Failed password for root from 162.144.236.216 port 58708 ssh2
Sep 29 16:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Connection closed by 162.144.236.216 port 58708 [preauth]
Sep 29 16:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for root from 162.144.236.216 port 38744 ssh2
Sep 29 16:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Connection closed by 162.144.236.216 port 38744 [preauth]
Sep 29 16:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3009]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3078]: Successful su for rubyman by root
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3078]: + ??? root:rubyman
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315929 of user rubyman.
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3078]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315929.
Sep 29 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for root from 162.144.236.216 port 45870 ssh2
Sep 29 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Connection closed by 162.144.236.216 port 45870 [preauth]
Sep 29 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session closed for user root
Sep 29 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3011]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Failed password for root from 162.144.236.216 port 52520 ssh2
Sep 29 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Connection closed by 162.144.236.216 port 52520 [preauth]
Sep 29 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: Failed password for root from 162.144.236.216 port 59054 ssh2
Sep 29 16:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: Connection closed by 162.144.236.216 port 59054 [preauth]
Sep 29 16:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: Failed password for root from 162.144.236.216 port 35934 ssh2
Sep 29 16:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: Connection closed by 162.144.236.216 port 35934 [preauth]
Sep 29 16:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Failed password for root from 162.144.236.216 port 41420 ssh2
Sep 29 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3350]: Connection closed by 162.144.236.216 port 41420 [preauth]
Sep 29 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session closed for user root
Sep 29 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for root from 162.144.236.216 port 46270 ssh2
Sep 29 16:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Connection closed by 162.144.236.216 port 46270 [preauth]
Sep 29 16:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for root from 162.144.236.216 port 52910 ssh2
Sep 29 16:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Connection closed by 162.144.236.216 port 52910 [preauth]
Sep 29 16:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Failed password for root from 162.144.236.216 port 60424 ssh2
Sep 29 16:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Invalid user 12345 from 93.152.230.176
Sep 29 16:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: input_userauth_request: invalid user 12345 [preauth]
Sep 29 16:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 16:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Connection closed by 162.144.236.216 port 60424 [preauth]
Sep 29 16:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Failed password for invalid user 12345 from 93.152.230.176 port 12532 ssh2
Sep 29 16:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Received disconnect from 93.152.230.176 port 12532:11: Client disconnecting normally [preauth]
Sep 29 16:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Disconnected from 93.152.230.176 port 12532 [preauth]
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: Successful su for rubyman by root
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: + ??? root:rubyman
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315933 of user rubyman.
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315933.
Sep 29 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[582]: pam_unix(cron:session): session closed for user root
Sep 29 16:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for root from 162.144.236.216 port 39670 ssh2
Sep 29 16:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Connection closed by 162.144.236.216 port 39670 [preauth]
Sep 29 16:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: Failed password for root from 162.144.236.216 port 46190 ssh2
Sep 29 16:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: Connection closed by 162.144.236.216 port 46190 [preauth]
Sep 29 16:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Failed password for root from 162.144.236.216 port 52766 ssh2
Sep 29 16:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Connection closed by 162.144.236.216 port 52766 [preauth]
Sep 29 16:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Failed password for root from 162.144.236.216 port 59488 ssh2
Sep 29 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Connection closed by 162.144.236.216 port 59488 [preauth]
Sep 29 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session closed for user root
Sep 29 16:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Failed password for root from 162.144.236.216 port 38904 ssh2
Sep 29 16:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Connection closed by 162.144.236.216 port 38904 [preauth]
Sep 29 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Failed password for root from 162.144.236.216 port 46706 ssh2
Sep 29 16:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Connection closed by 162.144.236.216 port 46706 [preauth]
Sep 29 16:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: Failed password for root from 162.144.236.216 port 52268 ssh2
Sep 29 16:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: Connection closed by 162.144.236.216 port 52268 [preauth]
Sep 29 16:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user root
Sep 29 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4004]: Successful su for rubyman by root
Sep 29 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4004]: + ??? root:rubyman
Sep 29 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315938 of user rubyman.
Sep 29 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4004]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315938.
Sep 29 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3929]: pam_unix(cron:session): session closed for user root
Sep 29 16:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session closed for user root
Sep 29 16:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for root from 162.144.236.216 port 59406 ssh2
Sep 29 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Connection closed by 162.144.236.216 port 59406 [preauth]
Sep 29 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Failed password for root from 162.144.236.216 port 39244 ssh2
Sep 29 16:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4257]: Connection closed by 162.144.236.216 port 39244 [preauth]
Sep 29 16:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: Failed password for root from 162.144.236.216 port 44410 ssh2
Sep 29 16:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4278]: Connection closed by 162.144.236.216 port 44410 [preauth]
Sep 29 16:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Failed password for root from 162.144.236.216 port 50502 ssh2
Sep 29 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Connection closed by 162.144.236.216 port 50502 [preauth]
Sep 29 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user root
Sep 29 16:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Failed password for root from 162.144.236.216 port 55712 ssh2
Sep 29 16:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Connection closed by 162.144.236.216 port 55712 [preauth]
Sep 29 16:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: Failed password for root from 162.144.236.216 port 34022 ssh2
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4433]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4430]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: Successful su for rubyman by root
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: + ??? root:rubyman
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315942 of user rubyman.
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315942.
Sep 29 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: Connection closed by 162.144.236.216 port 34022 [preauth]
Sep 29 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1623]: pam_unix(cron:session): session closed for user root
Sep 29 16:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4431]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for root from 162.144.236.216 port 39934 ssh2
Sep 29 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Invalid user admin from 80.94.95.25
Sep 29 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: input_userauth_request: invalid user admin [preauth]
Sep 29 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 16:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Connection closed by 162.144.236.216 port 39934 [preauth]
Sep 29 16:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for invalid user admin from 80.94.95.25 port 55342 ssh2
Sep 29 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for invalid user admin from 80.94.95.25 port 55342 ssh2
Sep 29 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for invalid user admin from 80.94.95.25 port 55342 ssh2
Sep 29 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 162.144.236.216 port 48698 ssh2
Sep 29 16:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for invalid user admin from 80.94.95.25 port 55342 ssh2
Sep 29 16:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Connection closed by 162.144.236.216 port 48698 [preauth]
Sep 29 16:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for invalid user admin from 80.94.95.25 port 55342 ssh2
Sep 29 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Received disconnect from 80.94.95.25 port 55342:11: Bye [preauth]
Sep 29 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Disconnected from 80.94.95.25 port 55342 [preauth]
Sep 29 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Failed password for root from 162.144.236.216 port 54912 ssh2
Sep 29 16:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Connection closed by 162.144.236.216 port 54912 [preauth]
Sep 29 16:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session closed for user root
Sep 29 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Failed password for root from 162.144.236.216 port 32944 ssh2
Sep 29 16:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Connection closed by 162.144.236.216 port 32944 [preauth]
Sep 29 16:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Failed password for root from 162.144.236.216 port 39146 ssh2
Sep 29 16:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4830]: Connection closed by 162.144.236.216 port 39146 [preauth]
Sep 29 16:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for root from 162.144.236.216 port 45588 ssh2
Sep 29 16:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Connection closed by 162.144.236.216 port 45588 [preauth]
Sep 29 16:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Failed password for root from 162.144.236.216 port 52124 ssh2
Sep 29 16:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Connection closed by 162.144.236.216 port 52124 [preauth]
Sep 29 16:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4895]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4893]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4961]: Successful su for rubyman by root
Sep 29 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4961]: + ??? root:rubyman
Sep 29 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315948 of user rubyman.
Sep 29 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4961]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315948.
Sep 29 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2119]: pam_unix(cron:session): session closed for user root
Sep 29 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Failed password for root from 162.144.236.216 port 56964 ssh2
Sep 29 16:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4894]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Connection closed by 162.144.236.216 port 56964 [preauth]
Sep 29 16:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Failed password for root from 162.144.236.216 port 36812 ssh2
Sep 29 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5184]: Connection closed by 162.144.236.216 port 36812 [preauth]
Sep 29 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Failed password for root from 162.144.236.216 port 43862 ssh2
Sep 29 16:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5209]: Connection closed by 162.144.236.216 port 43862 [preauth]
Sep 29 16:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session closed for user root
Sep 29 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Failed password for root from 162.144.236.216 port 51590 ssh2
Sep 29 16:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Connection closed by 162.144.236.216 port 51590 [preauth]
Sep 29 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Failed password for root from 162.144.236.216 port 59232 ssh2
Sep 29 16:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Connection closed by 162.144.236.216 port 59232 [preauth]
Sep 29 16:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Failed password for root from 162.144.236.216 port 37430 ssh2
Sep 29 16:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5405]: Connection closed by 162.144.236.216 port 37430 [preauth]
Sep 29 16:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5444]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: Successful su for rubyman by root
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: + ??? root:rubyman
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315950 of user rubyman.
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5508]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315950.
Sep 29 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5431]: Failed password for root from 162.144.236.216 port 45234 ssh2
Sep 29 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5431]: Connection closed by 162.144.236.216 port 45234 [preauth]
Sep 29 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2585]: pam_unix(cron:session): session closed for user root
Sep 29 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: Failed password for root from 162.144.236.216 port 52002 ssh2
Sep 29 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5647]: Connection closed by 162.144.236.216 port 52002 [preauth]
Sep 29 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Failed password for root from 162.144.236.216 port 59032 ssh2
Sep 29 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5721]: Connection closed by 162.144.236.216 port 59032 [preauth]
Sep 29 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Failed password for root from 162.144.236.216 port 37764 ssh2
Sep 29 16:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Connection closed by 162.144.236.216 port 37764 [preauth]
Sep 29 16:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4434]: pam_unix(cron:session): session closed for user root
Sep 29 16:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Failed password for root from 162.144.236.216 port 43892 ssh2
Sep 29 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Connection closed by 162.144.236.216 port 43892 [preauth]
Sep 29 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: Invalid user server from 167.99.55.34
Sep 29 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: input_userauth_request: invalid user server [preauth]
Sep 29 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: Failed password for root from 162.144.236.216 port 50936 ssh2
Sep 29 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: Failed password for invalid user server from 167.99.55.34 port 43026 ssh2
Sep 29 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5855]: Connection closed by 167.99.55.34 port 43026 [preauth]
Sep 29 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5842]: Connection closed by 162.144.236.216 port 50936 [preauth]
Sep 29 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Invalid user carlos from 80.94.95.116
Sep 29 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: input_userauth_request: invalid user carlos [preauth]
Sep 29 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Failed password for root from 162.144.236.216 port 58996 ssh2
Sep 29 16:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for invalid user carlos from 80.94.95.116 port 46350 ssh2
Sep 29 16:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Connection closed by 80.94.95.116 port 46350 [preauth]
Sep 29 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Connection closed by 162.144.236.216 port 58996 [preauth]
Sep 29 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session closed for user p13x
Sep 29 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: Successful su for rubyman by root
Sep 29 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: + ??? root:rubyman
Sep 29 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315955 of user rubyman.
Sep 29 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5975]: pam_unix(su:session): session closed for user rubyman
Sep 29 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315955.
Sep 29 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session closed for user root
Sep 29 16:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session closed for user samftp
Sep 29 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Failed password for root from 162.144.236.216 port 37966 ssh2
Sep 29 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Connection closed by 162.144.236.216 port 37966 [preauth]
Sep 29 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: Failed password for root from 162.144.236.216 port 44592 ssh2
Sep 29 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6213]: Connection closed by 162.144.236.216 port 44592 [preauth]
Sep 29 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4896]: pam_unix(cron:session): session closed for user root
Sep 29 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Failed password for root from 162.144.236.216 port 51626 ssh2
Sep 29 16:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Connection closed by 162.144.236.216 port 51626 [preauth]
Sep 29 16:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Failed password for root from 162.144.236.216 port 57592 ssh2
Sep 29 16:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection closed by 162.144.236.216 port 57592 [preauth]
Sep 29 16:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 16:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 16:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Failed password for root from 162.144.236.216 port 35976 ssh2
Sep 29 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Connection closed by 162.144.236.216 port 35976 [preauth]
Sep 29 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session closed for user root
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session closed for user root
Sep 29 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6351]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: Successful su for rubyman by root
Sep 29 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: + ??? root:rubyman
Sep 29 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315963 of user rubyman.
Sep 29 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6457]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315963.
Sep 29 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session closed for user root
Sep 29 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: Failed password for root from 162.144.236.216 port 42882 ssh2
Sep 29 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6334]: Connection closed by 162.144.236.216 port 42882 [preauth]
Sep 29 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session closed for user root
Sep 29 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6352]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Failed password for root from 162.144.236.216 port 49842 ssh2
Sep 29 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Connection closed by 162.144.236.216 port 49842 [preauth]
Sep 29 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for root from 162.144.236.216 port 56120 ssh2
Sep 29 17:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection closed by 162.144.236.216 port 56120 [preauth]
Sep 29 17:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Failed password for root from 162.144.236.216 port 34920 ssh2
Sep 29 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6840]: Connection closed by 162.144.236.216 port 34920 [preauth]
Sep 29 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session closed for user root
Sep 29 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Failed password for root from 162.144.236.216 port 41240 ssh2
Sep 29 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6870]: Connection closed by 162.144.236.216 port 41240 [preauth]
Sep 29 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Failed password for root from 162.144.236.216 port 49820 ssh2
Sep 29 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Connection closed by 162.144.236.216 port 49820 [preauth]
Sep 29 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: Failed password for root from 162.144.236.216 port 55012 ssh2
Sep 29 17:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6976]: Connection closed by 162.144.236.216 port 55012 [preauth]
Sep 29 17:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: Successful su for rubyman by root
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: + ??? root:rubyman
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315966 of user rubyman.
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315966.
Sep 29 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Failed password for root from 162.144.236.216 port 33432 ssh2
Sep 29 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Connection closed by 162.144.236.216 port 33432 [preauth]
Sep 29 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session closed for user root
Sep 29 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for root from 162.144.236.216 port 39106 ssh2
Sep 29 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Connection closed by 162.144.236.216 port 39106 [preauth]
Sep 29 17:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 162.144.236.216 port 46218 ssh2
Sep 29 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Connection closed by 162.144.236.216 port 46218 [preauth]
Sep 29 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5914]: pam_unix(cron:session): session closed for user root
Sep 29 17:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Failed password for root from 162.144.236.216 port 54450 ssh2
Sep 29 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Connection closed by 162.144.236.216 port 54450 [preauth]
Sep 29 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7563]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: Successful su for rubyman by root
Sep 29 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: + ??? root:rubyman
Sep 29 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315970 of user rubyman.
Sep 29 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315970.
Sep 29 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4433]: pam_unix(cron:session): session closed for user root
Sep 29 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7564]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Failed password for root from 162.144.236.216 port 33750 ssh2
Sep 29 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Connection closed by 162.144.236.216 port 33750 [preauth]
Sep 29 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Failed password for root from 162.144.236.216 port 42990 ssh2
Sep 29 17:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Connection closed by 162.144.236.216 port 42990 [preauth]
Sep 29 17:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for root from 162.144.236.216 port 49198 ssh2
Sep 29 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 162.144.236.216 port 49198 [preauth]
Sep 29 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session closed for user root
Sep 29 17:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for root from 162.144.236.216 port 54440 ssh2
Sep 29 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Connection closed by 162.144.236.216 port 54440 [preauth]
Sep 29 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7978]: Failed password for root from 162.144.236.216 port 33352 ssh2
Sep 29 17:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7978]: Connection closed by 162.144.236.216 port 33352 [preauth]
Sep 29 17:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: Successful su for rubyman by root
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: + ??? root:rubyman
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315975 of user rubyman.
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315975.
Sep 29 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4895]: pam_unix(cron:session): session closed for user root
Sep 29 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8039]: Failed password for root from 162.144.236.216 port 41170 ssh2
Sep 29 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8039]: Connection closed by 162.144.236.216 port 41170 [preauth]
Sep 29 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Invalid user victor from 93.152.230.176
Sep 29 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: input_userauth_request: invalid user victor [preauth]
Sep 29 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 17:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Failed password for invalid user victor from 93.152.230.176 port 51025 ssh2
Sep 29 17:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Received disconnect from 93.152.230.176 port 51025:11: Client disconnecting normally [preauth]
Sep 29 17:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Disconnected from 93.152.230.176 port 51025 [preauth]
Sep 29 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for root from 162.144.236.216 port 48140 ssh2
Sep 29 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Connection closed by 162.144.236.216 port 48140 [preauth]
Sep 29 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7017]: pam_unix(cron:session): session closed for user root
Sep 29 17:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: Failed password for root from 162.144.236.216 port 57598 ssh2
Sep 29 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: Connection closed by 162.144.236.216 port 57598 [preauth]
Sep 29 17:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Failed password for root from 162.144.236.216 port 35550 ssh2
Sep 29 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Connection closed by 162.144.236.216 port 35550 [preauth]
Sep 29 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Failed password for root from 162.144.236.216 port 41566 ssh2
Sep 29 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Connection closed by 162.144.236.216 port 41566 [preauth]
Sep 29 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: Successful su for rubyman by root
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: + ??? root:rubyman
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315978 of user rubyman.
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315978.
Sep 29 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Failed password for root from 162.144.236.216 port 48868 ssh2
Sep 29 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Connection closed by 162.144.236.216 port 48868 [preauth]
Sep 29 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session closed for user root
Sep 29 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Failed password for root from 162.144.236.216 port 55174 ssh2
Sep 29 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: Connection closed by 162.144.236.216 port 55174 [preauth]
Sep 29 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Failed password for root from 162.144.236.216 port 33760 ssh2
Sep 29 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session closed for user root
Sep 29 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Connection closed by 162.144.236.216 port 33760 [preauth]
Sep 29 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for root from 162.144.236.216 port 40490 ssh2
Sep 29 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Connection closed by 162.144.236.216 port 40490 [preauth]
Sep 29 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for root from 162.144.236.216 port 45826 ssh2
Sep 29 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Connection closed by 162.144.236.216 port 45826 [preauth]
Sep 29 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Failed password for root from 162.144.236.216 port 52518 ssh2
Sep 29 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Connection closed by 162.144.236.216 port 52518 [preauth]
Sep 29 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9116]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session closed for user root
Sep 29 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: Successful su for rubyman by root
Sep 29 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: + ??? root:rubyman
Sep 29 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315983 of user rubyman.
Sep 29 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9289]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315983.
Sep 29 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Failed password for root from 162.144.236.216 port 58240 ssh2
Sep 29 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9114]: pam_unix(cron:session): session closed for user root
Sep 29 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session closed for user root
Sep 29 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Connection closed by 162.144.236.216 port 58240 [preauth]
Sep 29 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Failed password for root from 162.144.236.216 port 36890 ssh2
Sep 29 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Connection closed by 162.144.236.216 port 36890 [preauth]
Sep 29 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Failed password for root from 162.144.236.216 port 44356 ssh2
Sep 29 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Failed password for root from 185.156.73.233 port 49974 ssh2
Sep 29 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session closed for user root
Sep 29 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Connection closed by 185.156.73.233 port 49974 [preauth]
Sep 29 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Connection closed by 162.144.236.216 port 44356 [preauth]
Sep 29 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9637]: Did not receive identification string from 162.144.236.216
Sep 29 17:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Failed password for root from 162.144.236.216 port 55074 ssh2
Sep 29 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9820]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: Successful su for rubyman by root
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: + ??? root:rubyman
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315988 of user rubyman.
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315988.
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Connection closed by 162.144.236.216 port 55074 [preauth]
Sep 29 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session closed for user root
Sep 29 17:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Invalid user server from 167.99.55.34
Sep 29 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: input_userauth_request: invalid user server [preauth]
Sep 29 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9925]: Failed password for root from 162.144.236.216 port 36592 ssh2
Sep 29 17:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9925]: Connection closed by 162.144.236.216 port 36592 [preauth]
Sep 29 17:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Failed password for invalid user server from 167.99.55.34 port 37968 ssh2
Sep 29 17:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10149]: Connection closed by 167.99.55.34 port 37968 [preauth]
Sep 29 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: Failed password for root from 162.144.236.216 port 43448 ssh2
Sep 29 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8545]: pam_unix(cron:session): session closed for user root
Sep 29 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: Connection closed by 162.144.236.216 port 43448 [preauth]
Sep 29 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Failed password for root from 162.144.236.216 port 50174 ssh2
Sep 29 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Connection closed by 162.144.236.216 port 50174 [preauth]
Sep 29 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10238]: Failed password for root from 162.144.236.216 port 56896 ssh2
Sep 29 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10238]: Connection closed by 162.144.236.216 port 56896 [preauth]
Sep 29 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Failed password for root from 162.144.236.216 port 35242 ssh2
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: Successful su for rubyman by root
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: + ??? root:rubyman
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315992 of user rubyman.
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315992.
Sep 29 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Connection closed by 162.144.236.216 port 35242 [preauth]
Sep 29 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session closed for user root
Sep 29 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Failed password for root from 162.144.236.216 port 43858 ssh2
Sep 29 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Connection closed by 162.144.236.216 port 43858 [preauth]
Sep 29 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: Failed password for root from 162.144.236.216 port 50848 ssh2
Sep 29 17:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9116]: pam_unix(cron:session): session closed for user root
Sep 29 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: Connection closed by 162.144.236.216 port 50848 [preauth]
Sep 29 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Failed password for root from 162.144.236.216 port 57746 ssh2
Sep 29 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Connection closed by 162.144.236.216 port 57746 [preauth]
Sep 29 17:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Failed password for root from 162.144.236.216 port 34770 ssh2
Sep 29 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Connection closed by 162.144.236.216 port 34770 [preauth]
Sep 29 17:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10768]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: Successful su for rubyman by root
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: + ??? root:rubyman
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 315997 of user rubyman.
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10828]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 315997.
Sep 29 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: Failed password for root from 162.144.236.216 port 43374 ssh2
Sep 29 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10753]: Connection closed by 162.144.236.216 port 43374 [preauth]
Sep 29 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7566]: pam_unix(cron:session): session closed for user root
Sep 29 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Failed password for root from 162.144.236.216 port 50484 ssh2
Sep 29 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Connection closed by 162.144.236.216 port 50484 [preauth]
Sep 29 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Failed password for root from 162.144.236.216 port 57600 ssh2
Sep 29 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Connection closed by 162.144.236.216 port 57600 [preauth]
Sep 29 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Failed password for root from 162.144.236.216 port 34816 ssh2
Sep 29 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Connection closed by 162.144.236.216 port 34816 [preauth]
Sep 29 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
Sep 29 17:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: Failed password for root from 162.144.236.216 port 42642 ssh2
Sep 29 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11101]: Connection closed by 162.144.236.216 port 42642 [preauth]
Sep 29 17:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11142]: Failed password for root from 162.144.236.216 port 47590 ssh2
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: Successful su for rubyman by root
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: + ??? root:rubyman
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316001 of user rubyman.
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11348]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316001.
Sep 29 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11192]: pam_unix(cron:session): session closed for user root
Sep 29 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11142]: Connection closed by 162.144.236.216 port 47590 [preauth]
Sep 29 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session closed for user root
Sep 29 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Failed password for root from 162.144.236.216 port 57718 ssh2
Sep 29 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Connection closed by 162.144.236.216 port 57718 [preauth]
Sep 29 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Failed password for root from 162.144.236.216 port 35984 ssh2
Sep 29 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Connection closed by 162.144.236.216 port 35984 [preauth]
Sep 29 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Failed password for root from 162.144.236.216 port 41448 ssh2
Sep 29 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11603]: Connection closed by 162.144.236.216 port 41448 [preauth]
Sep 29 17:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session closed for user root
Sep 29 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Failed password for root from 162.144.236.216 port 48778 ssh2
Sep 29 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 162.144.236.216 port 48778 [preauth]
Sep 29 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: Failed password for root from 162.144.236.216 port 54970 ssh2
Sep 29 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11765]: Connection closed by 162.144.236.216 port 54970 [preauth]
Sep 29 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Failed password for root from 162.144.236.216 port 33016 ssh2
Sep 29 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Connection closed by 162.144.236.216 port 33016 [preauth]
Sep 29 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11843]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session closed for user root
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: Failed password for root from 162.144.236.216 port 40858 ssh2
Sep 29 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: Successful su for rubyman by root
Sep 29 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: + ??? root:rubyman
Sep 29 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316004 of user rubyman.
Sep 29 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11914]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316004.
Sep 29 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11823]: Connection closed by 162.144.236.216 port 40858 [preauth]
Sep 29 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11841]: pam_unix(cron:session): session closed for user root
Sep 29 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session closed for user root
Sep 29 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11840]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: Failed password for root from 162.144.236.216 port 46474 ssh2
Sep 29 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: Connection closed by 162.144.236.216 port 46474 [preauth]
Sep 29 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Failed password for root from 162.144.236.216 port 54706 ssh2
Sep 29 17:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Connection closed by 162.144.236.216 port 54706 [preauth]
Sep 29 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Failed password for root from 162.144.236.216 port 35590 ssh2
Sep 29 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Connection closed by 162.144.236.216 port 35590 [preauth]
Sep 29 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10768]: pam_unix(cron:session): session closed for user root
Sep 29 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Failed password for root from 162.144.236.216 port 42452 ssh2
Sep 29 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Connection closed by 162.144.236.216 port 42452 [preauth]
Sep 29 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Connection closed by 45.79.181.223 port 10554 [preauth]
Sep 29 17:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Connection closed by 45.79.181.223 port 10568 [preauth]
Sep 29 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: fatal: Unable to negotiate with 45.79.181.223 port 10572: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Sep 29 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: Failed password for root from 162.144.236.216 port 48080 ssh2
Sep 29 17:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12262]: Connection closed by 162.144.236.216 port 48080 [preauth]
Sep 29 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12291]: Failed password for root from 162.144.236.216 port 54012 ssh2
Sep 29 17:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12291]: Connection closed by 162.144.236.216 port 54012 [preauth]
Sep 29 17:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12324]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12400]: Successful su for rubyman by root
Sep 29 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12400]: + ??? root:rubyman
Sep 29 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316010 of user rubyman.
Sep 29 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12400]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316010.
Sep 29 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Failed password for root from 162.144.236.216 port 32786 ssh2
Sep 29 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Connection closed by 162.144.236.216 port 32786 [preauth]
Sep 29 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9115]: pam_unix(cron:session): session closed for user root
Sep 29 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Failed password for root from 162.144.236.216 port 39896 ssh2
Sep 29 17:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Connection closed by 162.144.236.216 port 39896 [preauth]
Sep 29 17:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Failed password for root from 162.144.236.216 port 45860 ssh2
Sep 29 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Connection closed by 162.144.236.216 port 45860 [preauth]
Sep 29 17:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12655]: Failed password for root from 162.144.236.216 port 53210 ssh2
Sep 29 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12655]: Connection closed by 162.144.236.216 port 53210 [preauth]
Sep 29 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session closed for user root
Sep 29 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Invalid user uno50 from 20.163.71.109
Sep 29 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: input_userauth_request: invalid user uno50 [preauth]
Sep 29 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Failed password for root from 162.144.236.216 port 59924 ssh2
Sep 29 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Failed password for invalid user uno50 from 20.163.71.109 port 49716 ssh2
Sep 29 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Connection closed by 20.163.71.109 port 49716 [preauth]
Sep 29 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection closed by 162.144.236.216 port 59924 [preauth]
Sep 29 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Failed password for root from 162.144.236.216 port 39496 ssh2
Sep 29 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Connection closed by 162.144.236.216 port 39496 [preauth]
Sep 29 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Failed password for root from 162.144.236.216 port 47988 ssh2
Sep 29 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Connection closed by 162.144.236.216 port 47988 [preauth]
Sep 29 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: Successful su for rubyman by root
Sep 29 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: + ??? root:rubyman
Sep 29 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316014 of user rubyman.
Sep 29 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12863]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316014.
Sep 29 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user root
Sep 29 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Failed password for root from 162.144.236.216 port 54308 ssh2
Sep 29 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Connection closed by 162.144.236.216 port 54308 [preauth]
Sep 29 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Failed password for root from 162.144.236.216 port 33642 ssh2
Sep 29 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Connection closed by 162.144.236.216 port 33642 [preauth]
Sep 29 17:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Failed password for root from 162.144.236.216 port 41408 ssh2
Sep 29 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11843]: pam_unix(cron:session): session closed for user root
Sep 29 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Connection closed by 162.144.236.216 port 41408 [preauth]
Sep 29 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Failed password for root from 93.152.230.176 port 54372 ssh2
Sep 29 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Received disconnect from 93.152.230.176 port 54372:11: Client disconnecting normally [preauth]
Sep 29 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Disconnected from 93.152.230.176 port 54372 [preauth]
Sep 29 17:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Failed password for root from 162.144.236.216 port 50062 ssh2
Sep 29 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Connection closed by 162.144.236.216 port 50062 [preauth]
Sep 29 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13244]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: Successful su for rubyman by root
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: + ??? root:rubyman
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316019 of user rubyman.
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316019.
Sep 29 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13222]: Failed password for root from 162.144.236.216 port 56966 ssh2
Sep 29 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session closed for user root
Sep 29 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13222]: Connection closed by 162.144.236.216 port 56966 [preauth]
Sep 29 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13245]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: Failed password for root from 162.144.236.216 port 36764 ssh2
Sep 29 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: Connection closed by 162.144.236.216 port 36764 [preauth]
Sep 29 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Failed password for root from 162.144.236.216 port 45022 ssh2
Sep 29 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13559]: Connection closed by 162.144.236.216 port 45022 [preauth]
Sep 29 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Failed password for root from 162.144.236.216 port 51964 ssh2
Sep 29 17:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session closed for user root
Sep 29 17:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Connection closed by 162.144.236.216 port 51964 [preauth]
Sep 29 17:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: Failed password for root from 162.144.236.216 port 60228 ssh2
Sep 29 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13622]: Connection closed by 162.144.236.216 port 60228 [preauth]
Sep 29 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Invalid user picorv from 167.99.55.34
Sep 29 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: input_userauth_request: invalid user picorv [preauth]
Sep 29 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Failed password for invalid user picorv from 167.99.55.34 port 36876 ssh2
Sep 29 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13665]: Connection closed by 167.99.55.34 port 36876 [preauth]
Sep 29 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Failed password for root from 162.144.236.216 port 42566 ssh2
Sep 29 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Connection closed by 162.144.236.216 port 42566 [preauth]
Sep 29 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13691]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13692]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13688]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13761]: Successful su for rubyman by root
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13761]: + ??? root:rubyman
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316023 of user rubyman.
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13761]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316023.
Sep 29 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Failed password for root from 162.144.236.216 port 48464 ssh2
Sep 29 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13675]: Connection closed by 162.144.236.216 port 48464 [preauth]
Sep 29 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10767]: pam_unix(cron:session): session closed for user root
Sep 29 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13690]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for root from 162.144.236.216 port 55500 ssh2
Sep 29 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Connection closed by 162.144.236.216 port 55500 [preauth]
Sep 29 17:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Failed password for root from 162.144.236.216 port 34902 ssh2
Sep 29 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Connection closed by 162.144.236.216 port 34902 [preauth]
Sep 29 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for root from 162.144.236.216 port 39080 ssh2
Sep 29 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Connection closed by 162.144.236.216 port 39080 [preauth]
Sep 29 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Sep 29 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: Failed password for root from 162.144.236.216 port 45500 ssh2
Sep 29 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: Connection closed by 162.144.236.216 port 45500 [preauth]
Sep 29 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Failed password for root from 162.144.236.216 port 53502 ssh2
Sep 29 17:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Connection closed by 162.144.236.216 port 53502 [preauth]
Sep 29 17:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Failed password for root from 162.144.236.216 port 60368 ssh2
Sep 29 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14194]: Connection closed by 162.144.236.216 port 60368 [preauth]
Sep 29 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14233]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14236]: pam_unix(cron:session): session closed for user root
Sep 29 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14302]: Successful su for rubyman by root
Sep 29 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14302]: + ??? root:rubyman
Sep 29 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316029 of user rubyman.
Sep 29 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14302]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316029.
Sep 29 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Failed password for root from 162.144.236.216 port 37770 ssh2
Sep 29 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Connection closed by 162.144.236.216 port 37770 [preauth]
Sep 29 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user root
Sep 29 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session closed for user root
Sep 29 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Failed password for root from 162.144.236.216 port 45378 ssh2
Sep 29 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Connection closed by 162.144.236.216 port 45378 [preauth]
Sep 29 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Failed password for root from 162.144.236.216 port 52416 ssh2
Sep 29 17:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Connection closed by 162.144.236.216 port 52416 [preauth]
Sep 29 17:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Failed password for root from 162.144.236.216 port 58184 ssh2
Sep 29 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14548]: Connection closed by 162.144.236.216 port 58184 [preauth]
Sep 29 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Invalid user user from 62.60.131.157
Sep 29 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: input_userauth_request: invalid user user [preauth]
Sep 29 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for invalid user user from 62.60.131.157 port 48155 ssh2
Sep 29 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13247]: pam_unix(cron:session): session closed for user root
Sep 29 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Failed password for root from 162.144.236.216 port 37460 ssh2
Sep 29 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Connection closed by 162.144.236.216 port 37460 [preauth]
Sep 29 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: Invalid user default from 185.156.73.233
Sep 29 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: input_userauth_request: invalid user default [preauth]
Sep 29 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 17:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for invalid user user from 62.60.131.157 port 48155 ssh2
Sep 29 17:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: Failed password for invalid user default from 185.156.73.233 port 42436 ssh2
Sep 29 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: Connection closed by 185.156.73.233 port 42436 [preauth]
Sep 29 17:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for invalid user user from 62.60.131.157 port 48155 ssh2
Sep 29 17:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Failed password for root from 162.144.236.216 port 43776 ssh2
Sep 29 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for invalid user user from 62.60.131.157 port 48155 ssh2
Sep 29 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14617]: Connection closed by 162.144.236.216 port 43776 [preauth]
Sep 29 17:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Failed password for invalid user user from 62.60.131.157 port 48155 ssh2
Sep 29 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Received disconnect from 62.60.131.157 port 48155:11: Bye [preauth]
Sep 29 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: Disconnected from 62.60.131.157 port 48155 [preauth]
Sep 29 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 17:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Failed password for root from 162.144.236.216 port 49888 ssh2
Sep 29 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Connection closed by 162.144.236.216 port 49888 [preauth]
Sep 29 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Failed password for root from 162.144.236.216 port 57362 ssh2
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14757]: Successful su for rubyman by root
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14757]: + ??? root:rubyman
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316033 of user rubyman.
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14757]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316033.
Sep 29 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Connection closed by 162.144.236.216 port 57362 [preauth]
Sep 29 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session closed for user root
Sep 29 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: Failed password for root from 162.144.236.216 port 36900 ssh2
Sep 29 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: Connection closed by 162.144.236.216 port 36900 [preauth]
Sep 29 17:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for root from 162.144.236.216 port 43778 ssh2
Sep 29 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 162.144.236.216 port 43778 [preauth]
Sep 29 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: Failed password for root from 162.144.236.216 port 50050 ssh2
Sep 29 17:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14992]: Connection closed by 162.144.236.216 port 50050 [preauth]
Sep 29 17:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Failed password for root from 162.144.236.216 port 57328 ssh2
Sep 29 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13692]: pam_unix(cron:session): session closed for user root
Sep 29 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Connection closed by 162.144.236.216 port 57328 [preauth]
Sep 29 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for root from 162.144.236.216 port 35872 ssh2
Sep 29 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Connection closed by 162.144.236.216 port 35872 [preauth]
Sep 29 17:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: Failed password for root from 162.144.236.216 port 43970 ssh2
Sep 29 17:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15085]: Connection closed by 162.144.236.216 port 43970 [preauth]
Sep 29 17:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: Failed password for root from 162.144.236.216 port 51498 ssh2
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15116]: Connection closed by 162.144.236.216 port 51498 [preauth]
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user root
Sep 29 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: Successful su for rubyman by root
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: + ??? root:rubyman
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316036 of user rubyman.
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316036.
Sep 29 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session closed for user root
Sep 29 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Failed password for root from 162.144.236.216 port 57764 ssh2
Sep 29 17:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Connection closed by 162.144.236.216 port 57764 [preauth]
Sep 29 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: Failed password for root from 162.144.236.216 port 38076 ssh2
Sep 29 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15411]: Connection closed by 162.144.236.216 port 38076 [preauth]
Sep 29 17:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for root from 162.144.236.216 port 43656 ssh2
Sep 29 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Connection closed by 162.144.236.216 port 43656 [preauth]
Sep 29 17:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Failed password for root from 162.144.236.216 port 51330 ssh2
Sep 29 17:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Connection closed by 162.144.236.216 port 51330 [preauth]
Sep 29 17:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session closed for user root
Sep 29 17:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Failed password for root from 162.144.236.216 port 57400 ssh2
Sep 29 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Connection closed by 162.144.236.216 port 57400 [preauth]
Sep 29 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: Failed password for root from 162.144.236.216 port 35932 ssh2
Sep 29 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: Connection closed by 162.144.236.216 port 35932 [preauth]
Sep 29 17:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Failed password for root from 162.144.236.216 port 43112 ssh2
Sep 29 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Connection closed by 162.144.236.216 port 43112 [preauth]
Sep 29 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15566]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15635]: Successful su for rubyman by root
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15635]: + ??? root:rubyman
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316042 of user rubyman.
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15635]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316042.
Sep 29 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
Sep 29 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Failed password for root from 162.144.236.216 port 49450 ssh2
Sep 29 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15567]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Connection closed by 162.144.236.216 port 49450 [preauth]
Sep 29 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for root from 162.144.236.216 port 56380 ssh2
Sep 29 17:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Connection closed by 162.144.236.216 port 56380 [preauth]
Sep 29 17:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Failed password for root from 162.144.236.216 port 33290 ssh2
Sep 29 17:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15869]: Connection closed by 162.144.236.216 port 33290 [preauth]
Sep 29 17:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session closed for user root
Sep 29 17:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Failed password for root from 162.144.236.216 port 41226 ssh2
Sep 29 17:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Connection closed by 162.144.236.216 port 41226 [preauth]
Sep 29 17:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: Failed password for root from 162.144.236.216 port 48520 ssh2
Sep 29 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15958]: Connection closed by 162.144.236.216 port 48520 [preauth]
Sep 29 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: Successful su for rubyman by root
Sep 29 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: + ??? root:rubyman
Sep 29 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316045 of user rubyman.
Sep 29 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316045.
Sep 29 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13246]: pam_unix(cron:session): session closed for user root
Sep 29 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Failed password for root from 162.144.236.216 port 54346 ssh2
Sep 29 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Connection closed by 162.144.236.216 port 54346 [preauth]
Sep 29 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: Failed password for root from 162.144.236.216 port 59788 ssh2
Sep 29 17:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16254]: Connection closed by 162.144.236.216 port 59788 [preauth]
Sep 29 17:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Failed password for root from 162.144.236.216 port 37332 ssh2
Sep 29 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Connection closed by 162.144.236.216 port 37332 [preauth]
Sep 29 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Failed password for root from 162.144.236.216 port 43626 ssh2
Sep 29 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Connection closed by 162.144.236.216 port 43626 [preauth]
Sep 29 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15132]: pam_unix(cron:session): session closed for user root
Sep 29 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Failed password for root from 162.144.236.216 port 49184 ssh2
Sep 29 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Connection closed by 162.144.236.216 port 49184 [preauth]
Sep 29 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Failed password for root from 162.144.236.216 port 54670 ssh2
Sep 29 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Connection closed by 162.144.236.216 port 54670 [preauth]
Sep 29 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for root from 162.144.236.216 port 60668 ssh2
Sep 29 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Connection closed by 162.144.236.216 port 60668 [preauth]
Sep 29 17:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Failed password for root from 162.144.236.216 port 39234 ssh2
Sep 29 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16425]: Connection closed by 162.144.236.216 port 39234 [preauth]
Sep 29 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16454]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16455]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16455]: pam_unix(cron:session): session closed for user root
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16449]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16524]: Successful su for rubyman by root
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16524]: + ??? root:rubyman
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316050 of user rubyman.
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16524]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316050.
Sep 29 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16452]: pam_unix(cron:session): session closed for user root
Sep 29 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13691]: pam_unix(cron:session): session closed for user root
Sep 29 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16447]: Failed password for root from 162.144.236.216 port 46742 ssh2
Sep 29 17:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16451]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16447]: Connection closed by 162.144.236.216 port 46742 [preauth]
Sep 29 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Failed password for root from 162.144.236.216 port 53722 ssh2
Sep 29 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Connection closed by 162.144.236.216 port 53722 [preauth]
Sep 29 17:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Failed password for root from 162.144.236.216 port 59226 ssh2
Sep 29 17:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Connection closed by 162.144.236.216 port 59226 [preauth]
Sep 29 17:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session closed for user root
Sep 29 17:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Failed password for root from 162.144.236.216 port 38232 ssh2
Sep 29 17:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Connection closed by 162.144.236.216 port 38232 [preauth]
Sep 29 17:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Failed password for root from 162.144.236.216 port 45410 ssh2
Sep 29 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Connection closed by 162.144.236.216 port 45410 [preauth]
Sep 29 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Failed password for root from 162.144.236.216 port 52406 ssh2
Sep 29 17:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Connection closed by 162.144.236.216 port 52406 [preauth]
Sep 29 17:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Failed password for root from 162.144.236.216 port 56686 ssh2
Sep 29 17:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Connection closed by 162.144.236.216 port 56686 [preauth]
Sep 29 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16944]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: Successful su for rubyman by root
Sep 29 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: + ??? root:rubyman
Sep 29 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316057 of user rubyman.
Sep 29 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316057.
Sep 29 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14233]: pam_unix(cron:session): session closed for user root
Sep 29 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: Failed password for root from 162.144.236.216 port 37796 ssh2
Sep 29 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: Connection closed by 162.144.236.216 port 37796 [preauth]
Sep 29 17:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Failed password for root from 162.144.236.216 port 42978 ssh2
Sep 29 17:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Connection closed by 162.144.236.216 port 42978 [preauth]
Sep 29 17:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Invalid user asim from 167.99.55.34
Sep 29 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: input_userauth_request: invalid user asim [preauth]
Sep 29 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Failed password for invalid user asim from 167.99.55.34 port 60148 ssh2
Sep 29 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17306]: Connection closed by 167.99.55.34 port 60148 [preauth]
Sep 29 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Invalid user vyos from 93.152.230.176
Sep 29 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: input_userauth_request: invalid user vyos [preauth]
Sep 29 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 17:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session closed for user root
Sep 29 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Failed password for invalid user vyos from 93.152.230.176 port 51934 ssh2
Sep 29 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Received disconnect from 93.152.230.176 port 51934:11: Client disconnecting normally [preauth]
Sep 29 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17318]: Disconnected from 93.152.230.176 port 51934 [preauth]
Sep 29 17:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Failed password for root from 162.144.236.216 port 49766 ssh2
Sep 29 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Connection closed by 162.144.236.216 port 49766 [preauth]
Sep 29 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: Failed password for root from 162.144.236.216 port 57066 ssh2
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: Connection closed by 162.144.236.216 port 57066 [preauth]
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17414]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: Successful su for rubyman by root
Sep 29 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: + ??? root:rubyman
Sep 29 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316060 of user rubyman.
Sep 29 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316060.
Sep 29 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session closed for user root
Sep 29 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Failed password for root from 162.144.236.216 port 36412 ssh2
Sep 29 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Connection closed by 162.144.236.216 port 36412 [preauth]
Sep 29 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: Failed password for root from 162.144.236.216 port 41042 ssh2
Sep 29 17:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17697]: Connection closed by 162.144.236.216 port 41042 [preauth]
Sep 29 17:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: Failed password for root from 162.144.236.216 port 48080 ssh2
Sep 29 17:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17744]: Connection closed by 162.144.236.216 port 48080 [preauth]
Sep 29 17:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Failed password for root from 162.144.236.216 port 54592 ssh2
Sep 29 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16454]: pam_unix(cron:session): session closed for user root
Sep 29 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Connection closed by 162.144.236.216 port 54592 [preauth]
Sep 29 17:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Failed password for root from 162.144.236.216 port 33036 ssh2
Sep 29 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Connection closed by 162.144.236.216 port 33036 [preauth]
Sep 29 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Failed password for root from 162.144.236.216 port 39986 ssh2
Sep 29 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Connection closed by 162.144.236.216 port 39986 [preauth]
Sep 29 17:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Failed password for root from 162.144.236.216 port 46410 ssh2
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Connection closed by 162.144.236.216 port 46410 [preauth]
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: Successful su for rubyman by root
Sep 29 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: + ??? root:rubyman
Sep 29 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316065 of user rubyman.
Sep 29 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18031]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316065.
Sep 29 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user root
Sep 29 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Failed password for root from 162.144.236.216 port 54244 ssh2
Sep 29 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Connection closed by 162.144.236.216 port 54244 [preauth]
Sep 29 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Failed password for root from 162.144.236.216 port 60718 ssh2
Sep 29 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Connection closed by 162.144.236.216 port 60718 [preauth]
Sep 29 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Failed password for root from 162.144.236.216 port 40322 ssh2
Sep 29 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Connection closed by 162.144.236.216 port 40322 [preauth]
Sep 29 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Failed password for root from 162.144.236.216 port 46336 ssh2
Sep 29 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16944]: pam_unix(cron:session): session closed for user root
Sep 29 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Connection closed by 162.144.236.216 port 46336 [preauth]
Sep 29 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Failed password for root from 162.144.236.216 port 53110 ssh2
Sep 29 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Connection closed by 162.144.236.216 port 53110 [preauth]
Sep 29 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: Failed password for root from 162.144.236.216 port 59992 ssh2
Sep 29 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18635]: Connection closed by 162.144.236.216 port 59992 [preauth]
Sep 29 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Failed password for root from 162.144.236.216 port 37124 ssh2
Sep 29 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Connection closed by 162.144.236.216 port 37124 [preauth]
Sep 29 17:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: Successful su for rubyman by root
Sep 29 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: + ??? root:rubyman
Sep 29 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316069 of user rubyman.
Sep 29 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18751]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316069.
Sep 29 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15568]: pam_unix(cron:session): session closed for user root
Sep 29 17:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: Failed password for root from 162.144.236.216 port 44346 ssh2
Sep 29 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18676]: Connection closed by 162.144.236.216 port 44346 [preauth]
Sep 29 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Failed password for root from 162.144.236.216 port 50942 ssh2
Sep 29 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Connection closed by 162.144.236.216 port 50942 [preauth]
Sep 29 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Invalid user admin from 62.60.131.157
Sep 29 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 17:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 62.60.131.157 port 63296 ssh2
Sep 29 17:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 62.60.131.157 port 63296 ssh2
Sep 29 17:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Failed password for root from 162.144.236.216 port 56702 ssh2
Sep 29 17:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Connection closed by 162.144.236.216 port 56702 [preauth]
Sep 29 17:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 62.60.131.157 port 63296 ssh2
Sep 29 17:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 62.60.131.157 port 63296 ssh2
Sep 29 17:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Failed password for invalid user admin from 62.60.131.157 port 63296 ssh2
Sep 29 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Received disconnect from 62.60.131.157 port 63296:11: Bye [preauth]
Sep 29 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: Disconnected from 62.60.131.157 port 63296 [preauth]
Sep 29 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19000]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Failed password for root from 162.144.236.216 port 33668 ssh2
Sep 29 17:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19035]: Connection closed by 162.144.236.216 port 33668 [preauth]
Sep 29 17:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session closed for user root
Sep 29 17:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Failed password for root from 162.144.236.216 port 40114 ssh2
Sep 29 17:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Connection closed by 162.144.236.216 port 40114 [preauth]
Sep 29 17:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Invalid user 1111 from 80.94.95.115
Sep 29 17:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: input_userauth_request: invalid user 1111 [preauth]
Sep 29 17:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Failed password for invalid user 1111 from 80.94.95.115 port 62250 ssh2
Sep 29 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Connection closed by 80.94.95.115 port 62250 [preauth]
Sep 29 17:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Failed password for root from 162.144.236.216 port 46392 ssh2
Sep 29 17:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Connection closed by 162.144.236.216 port 46392 [preauth]
Sep 29 17:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: Failed password for root from 162.144.236.216 port 54034 ssh2
Sep 29 17:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: Connection closed by 162.144.236.216 port 54034 [preauth]
Sep 29 17:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session closed for user root
Sep 29 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19269]: Successful su for rubyman by root
Sep 29 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19269]: + ??? root:rubyman
Sep 29 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316073 of user rubyman.
Sep 29 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19269]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316073.
Sep 29 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Failed password for root from 162.144.236.216 port 33458 ssh2
Sep 29 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Connection closed by 162.144.236.216 port 33458 [preauth]
Sep 29 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session closed for user root
Sep 29 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19176]: pam_unix(cron:session): session closed for user root
Sep 29 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Failed password for root from 162.144.236.216 port 39698 ssh2
Sep 29 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Connection closed by 162.144.236.216 port 39698 [preauth]
Sep 29 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for root from 162.144.236.216 port 45688 ssh2
Sep 29 17:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Connection closed by 162.144.236.216 port 45688 [preauth]
Sep 29 17:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Failed password for root from 162.144.236.216 port 52166 ssh2
Sep 29 17:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Connection closed by 162.144.236.216 port 52166 [preauth]
Sep 29 17:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session closed for user root
Sep 29 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Failed password for root from 162.144.236.216 port 59760 ssh2
Sep 29 17:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Connection closed by 162.144.236.216 port 59760 [preauth]
Sep 29 17:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: Failed password for root from 162.144.236.216 port 40904 ssh2
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: Connection closed by 162.144.236.216 port 40904 [preauth]
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20027]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20024]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: Successful su for rubyman by root
Sep 29 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: + ??? root:rubyman
Sep 29 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316077 of user rubyman.
Sep 29 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316077.
Sep 29 17:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16453]: pam_unix(cron:session): session closed for user root
Sep 29 17:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20025]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Failed password for root from 162.144.236.216 port 48666 ssh2
Sep 29 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20022]: Connection closed by 162.144.236.216 port 48666 [preauth]
Sep 29 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Failed password for root from 162.144.236.216 port 55410 ssh2
Sep 29 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20379]: Connection closed by 162.144.236.216 port 55410 [preauth]
Sep 29 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Failed password for root from 162.144.236.216 port 34114 ssh2
Sep 29 17:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user root
Sep 29 17:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Connection closed by 162.144.236.216 port 34114 [preauth]
Sep 29 17:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20584]: Successful su for rubyman by root
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20584]: + ??? root:rubyman
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316082 of user rubyman.
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20584]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316082.
Sep 29 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Failed password for root from 162.144.236.216 port 44820 ssh2
Sep 29 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Connection closed by 162.144.236.216 port 44820 [preauth]
Sep 29 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session closed for user root
Sep 29 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: Failed password for root from 162.144.236.216 port 49716 ssh2
Sep 29 17:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20779]: Connection closed by 162.144.236.216 port 49716 [preauth]
Sep 29 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: Failed password for root from 162.144.236.216 port 58744 ssh2
Sep 29 17:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20836]: Connection closed by 162.144.236.216 port 58744 [preauth]
Sep 29 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Failed password for root from 162.144.236.216 port 37724 ssh2
Sep 29 17:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20874]: Connection closed by 162.144.236.216 port 37724 [preauth]
Sep 29 17:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session closed for user root
Sep 29 17:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: Failed password for root from 162.144.236.216 port 42562 ssh2
Sep 29 17:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: Connection closed by 162.144.236.216 port 42562 [preauth]
Sep 29 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Failed password for root from 162.144.236.216 port 48420 ssh2
Sep 29 17:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20918]: Connection closed by 162.144.236.216 port 48420 [preauth]
Sep 29 17:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Failed password for root from 162.144.236.216 port 53698 ssh2
Sep 29 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Connection closed by 162.144.236.216 port 53698 [preauth]
Sep 29 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21054]: Successful su for rubyman by root
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21054]: + ??? root:rubyman
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316085 of user rubyman.
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21054]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316085.
Sep 29 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Failed password for root from 162.144.236.216 port 60520 ssh2
Sep 29 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Connection closed by 162.144.236.216 port 60520 [preauth]
Sep 29 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session closed for user root
Sep 29 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Failed password for root from 162.144.236.216 port 39498 ssh2
Sep 29 17:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Connection closed by 162.144.236.216 port 39498 [preauth]
Sep 29 17:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Failed password for root from 162.144.236.216 port 45244 ssh2
Sep 29 17:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Connection closed by 162.144.236.216 port 45244 [preauth]
Sep 29 17:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Failed password for root from 162.144.236.216 port 52050 ssh2
Sep 29 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Connection closed by 162.144.236.216 port 52050 [preauth]
Sep 29 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Invalid user tannor from 80.94.95.112
Sep 29 17:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: input_userauth_request: invalid user tannor [preauth]
Sep 29 17:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for invalid user tannor from 80.94.95.112 port 64110 ssh2
Sep 29 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for invalid user tannor from 80.94.95.112 port 64110 ssh2
Sep 29 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20027]: pam_unix(cron:session): session closed for user root
Sep 29 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for invalid user tannor from 80.94.95.112 port 64110 ssh2
Sep 29 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for invalid user tannor from 80.94.95.112 port 64110 ssh2
Sep 29 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: Failed password for root from 162.144.236.216 port 58716 ssh2
Sep 29 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: Connection closed by 162.144.236.216 port 58716 [preauth]
Sep 29 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for invalid user tannor from 80.94.95.112 port 64110 ssh2
Sep 29 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Received disconnect from 80.94.95.112 port 64110:11: Bye [preauth]
Sep 29 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Disconnected from 80.94.95.112 port 64110 [preauth]
Sep 29 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 17:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Failed password for root from 162.144.236.216 port 38832 ssh2
Sep 29 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Connection closed by 162.144.236.216 port 38832 [preauth]
Sep 29 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Failed password for root from 162.144.236.216 port 47046 ssh2
Sep 29 17:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Connection closed by 162.144.236.216 port 47046 [preauth]
Sep 29 17:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21421]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21492]: Successful su for rubyman by root
Sep 29 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21492]: + ??? root:rubyman
Sep 29 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316089 of user rubyman.
Sep 29 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21492]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316089.
Sep 29 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Invalid user asim from 167.99.55.34
Sep 29 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: input_userauth_request: invalid user asim [preauth]
Sep 29 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session closed for user root
Sep 29 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Failed password for root from 162.144.236.216 port 53972 ssh2
Sep 29 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Failed password for invalid user asim from 167.99.55.34 port 37152 ssh2
Sep 29 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Connection closed by 167.99.55.34 port 37152 [preauth]
Sep 29 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Connection closed by 162.144.236.216 port 53972 [preauth]
Sep 29 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Failed password for root from 162.144.236.216 port 33130 ssh2
Sep 29 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21684]: Connection closed by 162.144.236.216 port 33130 [preauth]
Sep 29 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Failed password for root from 162.144.236.216 port 42408 ssh2
Sep 29 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Connection closed by 162.144.236.216 port 42408 [preauth]
Sep 29 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20523]: pam_unix(cron:session): session closed for user root
Sep 29 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: Failed password for root from 162.144.236.216 port 50190 ssh2
Sep 29 17:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21767]: Connection closed by 162.144.236.216 port 50190 [preauth]
Sep 29 17:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: Failed password for root from 162.144.236.216 port 57608 ssh2
Sep 29 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: Connection closed by 162.144.236.216 port 57608 [preauth]
Sep 29 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Failed password for root from 162.144.236.216 port 36492 ssh2
Sep 29 17:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21843]: Connection closed by 162.144.236.216 port 36492 [preauth]
Sep 29 17:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for root from 162.144.236.216 port 41204 ssh2
Sep 29 17:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Connection closed by 162.144.236.216 port 41204 [preauth]
Sep 29 17:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21890]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21891]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21892]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21892]: pam_unix(cron:session): session closed for user root
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21886]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21957]: Successful su for rubyman by root
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21957]: + ??? root:rubyman
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316094 of user rubyman.
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21957]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316094.
Sep 29 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21889]: pam_unix(cron:session): session closed for user root
Sep 29 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session closed for user root
Sep 29 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Failed password for root from 162.144.236.216 port 48230 ssh2
Sep 29 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Connection closed by 162.144.236.216 port 48230 [preauth]
Sep 29 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21888]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Failed password for root from 162.144.236.216 port 55022 ssh2
Sep 29 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Connection closed by 162.144.236.216 port 55022 [preauth]
Sep 29 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: User ftp from 93.152.230.176 not allowed because not listed in AllowUsers
Sep 29 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: input_userauth_request: invalid user ftp [preauth]
Sep 29 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=ftp
Sep 29 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for invalid user ftp from 93.152.230.176 port 37238 ssh2
Sep 29 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Received disconnect from 93.152.230.176 port 37238:11: Client disconnecting normally [preauth]
Sep 29 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Disconnected from 93.152.230.176 port 37238 [preauth]
Sep 29 17:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Failed password for root from 162.144.236.216 port 60932 ssh2
Sep 29 17:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Connection closed by 162.144.236.216 port 60932 [preauth]
Sep 29 17:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Failed password for root from 162.144.236.216 port 39928 ssh2
Sep 29 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Connection closed by 162.144.236.216 port 39928 [preauth]
Sep 29 17:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session closed for user root
Sep 29 17:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Failed password for root from 162.144.236.216 port 47142 ssh2
Sep 29 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22300]: Connection closed by 162.144.236.216 port 47142 [preauth]
Sep 29 17:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Failed password for root from 162.144.236.216 port 55068 ssh2
Sep 29 17:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Connection closed by 162.144.236.216 port 55068 [preauth]
Sep 29 17:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Failed password for root from 162.144.236.216 port 32992 ssh2
Sep 29 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Connection closed by 162.144.236.216 port 32992 [preauth]
Sep 29 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22460]: Successful su for rubyman by root
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22460]: + ??? root:rubyman
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316099 of user rubyman.
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22460]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316099.
Sep 29 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for root from 162.144.236.216 port 37970 ssh2
Sep 29 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Connection closed by 162.144.236.216 port 37970 [preauth]
Sep 29 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session closed for user root
Sep 29 17:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for root from 162.144.236.216 port 45042 ssh2
Sep 29 17:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Connection closed by 162.144.236.216 port 45042 [preauth]
Sep 29 17:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: Failed password for root from 162.144.236.216 port 51404 ssh2
Sep 29 17:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22716]: Connection closed by 162.144.236.216 port 51404 [preauth]
Sep 29 17:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Failed password for root from 162.144.236.216 port 59880 ssh2
Sep 29 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Connection closed by 162.144.236.216 port 59880 [preauth]
Sep 29 17:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Invalid user  from 213.212.36.174
Sep 29 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: input_userauth_request: invalid user  [preauth]
Sep 29 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21421]: pam_unix(cron:session): session closed for user root
Sep 29 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Failed password for root from 162.144.236.216 port 35996 ssh2
Sep 29 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Connection closed by 162.144.236.216 port 35996 [preauth]
Sep 29 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Connection closed by 213.212.36.174 port 43156 [preauth]
Sep 29 17:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 17:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Failed password for root from 164.68.105.9 port 41860 ssh2
Sep 29 17:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Connection closed by 164.68.105.9 port 41860 [preauth]
Sep 29 17:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Invalid user testing from 138.68.58.124
Sep 29 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: input_userauth_request: invalid user testing [preauth]
Sep 29 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 17:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Failed password for root from 162.144.236.216 port 44426 ssh2
Sep 29 17:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Failed password for invalid user testing from 138.68.58.124 port 49826 ssh2
Sep 29 17:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Connection closed by 138.68.58.124 port 49826 [preauth]
Sep 29 17:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23002]: Connection closed by 162.144.236.216 port 44426 [preauth]
Sep 29 17:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23161]: Successful su for rubyman by root
Sep 29 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23161]: + ??? root:rubyman
Sep 29 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316103 of user rubyman.
Sep 29 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23161]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316103.
Sep 29 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session closed for user root
Sep 29 17:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Failed password for root from 162.144.236.216 port 51724 ssh2
Sep 29 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23056]: Connection closed by 162.144.236.216 port 51724 [preauth]
Sep 29 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Failed password for root from 162.144.236.216 port 59912 ssh2
Sep 29 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21891]: pam_unix(cron:session): session closed for user root
Sep 29 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23441]: Connection closed by 162.144.236.216 port 59912 [preauth]
Sep 29 17:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23546]: Invalid user admin from 139.19.117.131
Sep 29 17:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23546]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23546]: Connection closed by 139.19.117.131 port 43426 [preauth]
Sep 29 17:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23795]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23793]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23855]: Successful su for rubyman by root
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23855]: + ??? root:rubyman
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316107 of user rubyman.
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23855]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316107.
Sep 29 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Failed password for root from 162.144.236.216 port 38314 ssh2
Sep 29 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Connection closed by 162.144.236.216 port 38314 [preauth]
Sep 29 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session closed for user root
Sep 29 17:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23794]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Failed password for root from 162.144.236.216 port 50328 ssh2
Sep 29 17:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Connection closed by 162.144.236.216 port 50328 [preauth]
Sep 29 17:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Failed password for root from 162.144.236.216 port 57580 ssh2
Sep 29 17:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Connection closed by 162.144.236.216 port 57580 [preauth]
Sep 29 17:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22383]: pam_unix(cron:session): session closed for user root
Sep 29 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: Failed password for root from 162.144.236.216 port 35838 ssh2
Sep 29 17:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24166]: Connection closed by 162.144.236.216 port 35838 [preauth]
Sep 29 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 17:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Failed password for root from 185.156.73.233 port 39804 ssh2
Sep 29 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Failed password for root from 162.144.236.216 port 43594 ssh2
Sep 29 17:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Connection closed by 185.156.73.233 port 39804 [preauth]
Sep 29 17:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Connection closed by 162.144.236.216 port 43594 [preauth]
Sep 29 17:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24283]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24348]: Successful su for rubyman by root
Sep 29 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24348]: + ??? root:rubyman
Sep 29 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316111 of user rubyman.
Sep 29 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24348]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316111.
Sep 29 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Failed password for root from 162.144.236.216 port 50718 ssh2
Sep 29 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20979]: pam_unix(cron:session): session closed for user root
Sep 29 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Connection closed by 162.144.236.216 port 50718 [preauth]
Sep 29 17:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Failed password for root from 162.144.236.216 port 57370 ssh2
Sep 29 17:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Connection closed by 162.144.236.216 port 57370 [preauth]
Sep 29 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Failed password for root from 162.144.236.216 port 36078 ssh2
Sep 29 17:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session closed for user root
Sep 29 17:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Connection closed by 162.144.236.216 port 36078 [preauth]
Sep 29 17:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Failed password for root from 162.144.236.216 port 44188 ssh2
Sep 29 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24680]: Connection closed by 162.144.236.216 port 44188 [preauth]
Sep 29 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24755]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session closed for user root
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24753]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24830]: Successful su for rubyman by root
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24830]: + ??? root:rubyman
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316117 of user rubyman.
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24830]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316117.
Sep 29 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Failed password for root from 162.144.236.216 port 51778 ssh2
Sep 29 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24755]: pam_unix(cron:session): session closed for user root
Sep 29 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24737]: Connection closed by 162.144.236.216 port 51778 [preauth]
Sep 29 17:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session closed for user root
Sep 29 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24754]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Failed password for root from 162.144.236.216 port 58156 ssh2
Sep 29 17:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Connection closed by 162.144.236.216 port 58156 [preauth]
Sep 29 17:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for root from 162.144.236.216 port 36862 ssh2
Sep 29 17:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Connection closed by 162.144.236.216 port 36862 [preauth]
Sep 29 17:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session closed for user root
Sep 29 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: Failed password for root from 162.144.236.216 port 46240 ssh2
Sep 29 17:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25142]: Connection closed by 162.144.236.216 port 46240 [preauth]
Sep 29 17:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Invalid user squid from 62.60.131.157
Sep 29 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: input_userauth_request: invalid user squid [preauth]
Sep 29 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 17:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for invalid user squid from 62.60.131.157 port 63190 ssh2
Sep 29 17:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for invalid user squid from 62.60.131.157 port 63190 ssh2
Sep 29 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: Failed password for root from 162.144.236.216 port 53730 ssh2
Sep 29 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for invalid user squid from 62.60.131.157 port 63190 ssh2
Sep 29 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25236]: Connection closed by 162.144.236.216 port 53730 [preauth]
Sep 29 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for invalid user squid from 62.60.131.157 port 63190 ssh2
Sep 29 17:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25562]: Successful su for rubyman by root
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25562]: + ??? root:rubyman
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316122 of user rubyman.
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25562]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316122.
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for invalid user squid from 62.60.131.157 port 63190 ssh2
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Received disconnect from 62.60.131.157 port 63190:11: Bye [preauth]
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Disconnected from 62.60.131.157 port 63190 [preauth]
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21890]: pam_unix(cron:session): session closed for user root
Sep 29 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Failed password for root from 162.144.236.216 port 59854 ssh2
Sep 29 17:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Connection closed by 162.144.236.216 port 59854 [preauth]
Sep 29 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Failed password for root from 162.144.236.216 port 38080 ssh2
Sep 29 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25775]: Connection closed by 162.144.236.216 port 38080 [preauth]
Sep 29 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Failed password for root from 162.144.236.216 port 45780 ssh2
Sep 29 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Connection closed by 162.144.236.216 port 45780 [preauth]
Sep 29 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24283]: pam_unix(cron:session): session closed for user root
Sep 29 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Invalid user asim from 167.99.55.34
Sep 29 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: input_userauth_request: invalid user asim [preauth]
Sep 29 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Failed password for root from 162.144.236.216 port 53600 ssh2
Sep 29 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Connection closed by 162.144.236.216 port 53600 [preauth]
Sep 29 17:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Failed password for invalid user asim from 167.99.55.34 port 36206 ssh2
Sep 29 17:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Connection closed by 167.99.55.34 port 36206 [preauth]
Sep 29 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: Failed password for root from 162.144.236.216 port 60526 ssh2
Sep 29 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: Connection closed by 162.144.236.216 port 60526 [preauth]
Sep 29 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Failed password for root from 213.212.36.174 port 44486 ssh2
Sep 29 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Connection closed by 213.212.36.174 port 44486 [preauth]
Sep 29 17:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Invalid user pi from 213.212.36.174
Sep 29 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: input_userauth_request: invalid user pi [preauth]
Sep 29 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Failed password for invalid user pi from 213.212.36.174 port 44500 ssh2
Sep 29 17:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Connection closed by 213.212.36.174 port 44500 [preauth]
Sep 29 17:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: Failed password for root from 162.144.236.216 port 38636 ssh2
Sep 29 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Invalid user hive from 213.212.36.174
Sep 29 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: input_userauth_request: invalid user hive [preauth]
Sep 29 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26045]: Connection closed by 162.144.236.216 port 38636 [preauth]
Sep 29 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Failed password for invalid user hive from 213.212.36.174 port 57078 ssh2
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26075]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Connection closed by 213.212.36.174 port 57078 [preauth]
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: Successful su for rubyman by root
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: + ??? root:rubyman
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316126 of user rubyman.
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316126.
Sep 29 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Invalid user git from 213.212.36.174
Sep 29 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: input_userauth_request: invalid user git [preauth]
Sep 29 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Failed password for root from 162.144.236.216 port 45046 ssh2
Sep 29 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22382]: pam_unix(cron:session): session closed for user root
Sep 29 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Connection closed by 162.144.236.216 port 45046 [preauth]
Sep 29 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Failed password for invalid user git from 213.212.36.174 port 57082 ssh2
Sep 29 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26203]: Connection closed by 213.212.36.174 port 57082 [preauth]
Sep 29 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: Invalid user wang from 213.212.36.174
Sep 29 17:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: input_userauth_request: invalid user wang [preauth]
Sep 29 17:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: Failed password for invalid user wang from 213.212.36.174 port 57616 ssh2
Sep 29 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26367]: Connection closed by 213.212.36.174 port 57616 [preauth]
Sep 29 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Invalid user nginx from 213.212.36.174
Sep 29 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: input_userauth_request: invalid user nginx [preauth]
Sep 29 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26336]: Failed password for root from 162.144.236.216 port 50360 ssh2
Sep 29 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for invalid user nginx from 213.212.36.174 port 57620 ssh2
Sep 29 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26336]: Connection closed by 162.144.236.216 port 50360 [preauth]
Sep 29 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Connection closed by 213.212.36.174 port 57620 [preauth]
Sep 29 17:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Invalid user mongo from 213.212.36.174
Sep 29 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: input_userauth_request: invalid user mongo [preauth]
Sep 29 17:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Failed password for invalid user mongo from 213.212.36.174 port 56630 ssh2
Sep 29 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Connection closed by 213.212.36.174 port 56630 [preauth]
Sep 29 17:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Invalid user user from 213.212.36.174
Sep 29 17:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: input_userauth_request: invalid user user [preauth]
Sep 29 17:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Failed password for invalid user user from 213.212.36.174 port 56634 ssh2
Sep 29 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Connection closed by 213.212.36.174 port 56634 [preauth]
Sep 29 17:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Failed password for root from 162.144.236.216 port 56536 ssh2
Sep 29 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Invalid user oracle from 213.212.36.174
Sep 29 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Connection closed by 162.144.236.216 port 56536 [preauth]
Sep 29 17:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Failed password for invalid user oracle from 213.212.36.174 port 56016 ssh2
Sep 29 17:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Connection closed by 213.212.36.174 port 56016 [preauth]
Sep 29 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: Invalid user gpadmin from 213.212.36.174
Sep 29 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: input_userauth_request: invalid user gpadmin [preauth]
Sep 29 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session closed for user root
Sep 29 17:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: Failed password for invalid user gpadmin from 213.212.36.174 port 56024 ssh2
Sep 29 17:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26555]: Connection closed by 213.212.36.174 port 56024 [preauth]
Sep 29 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Failed password for root from 213.212.36.174 port 49534 ssh2
Sep 29 17:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Connection closed by 213.212.36.174 port 49534 [preauth]
Sep 29 17:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Invalid user esroot from 213.212.36.174
Sep 29 17:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: input_userauth_request: invalid user esroot [preauth]
Sep 29 17:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26544]: Failed password for root from 162.144.236.216 port 33810 ssh2
Sep 29 17:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user esroot from 213.212.36.174 port 49550 ssh2
Sep 29 17:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Connection closed by 213.212.36.174 port 49550 [preauth]
Sep 29 17:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Did not receive identification string from 182.227.224.35
Sep 29 17:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Invalid user a from 182.227.224.35
Sep 29 17:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: input_userauth_request: invalid user a [preauth]
Sep 29 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26544]: Connection closed by 162.144.236.216 port 33810 [preauth]
Sep 29 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Invalid user gitlab from 213.212.36.174
Sep 29 17:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 17:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Failed password for invalid user a from 182.227.224.35 port 47128 ssh2
Sep 29 17:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Connection closed by 182.227.224.35 port 47128 [preauth]
Sep 29 17:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Invalid user nil from 182.227.224.35
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: input_userauth_request: invalid user nil [preauth]
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed none for invalid user nil from 182.227.224.35 port 47144 ssh2
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Connection closed by 182.227.224.35 port 47144 [preauth]
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user gitlab from 213.212.36.174 port 47164 ssh2
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Connection closed by 213.212.36.174 port 47164 [preauth]
Sep 29 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Invalid user admin from 182.227.224.35
Sep 29 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Invalid user apache from 213.212.36.174
Sep 29 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: input_userauth_request: invalid user apache [preauth]
Sep 29 17:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Failed password for invalid user admin from 182.227.224.35 port 47152 ssh2
Sep 29 17:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26639]: Connection closed by 182.227.224.35 port 47152 [preauth]
Sep 29 17:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Failed password for invalid user apache from 213.212.36.174 port 47176 ssh2
Sep 29 17:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26651]: Connection closed by 213.212.36.174 port 47176 [preauth]
Sep 29 17:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35  user=root
Sep 29 17:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Failed password for root from 182.227.224.35 port 45802 ssh2
Sep 29 17:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Connection closed by 182.227.224.35 port 45802 [preauth]
Sep 29 17:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Invalid user orangepi from 182.227.224.35
Sep 29 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: input_userauth_request: invalid user orangepi [preauth]
Sep 29 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: Failed password for root from 213.212.36.174 port 59642 ssh2
Sep 29 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: Connection closed by 213.212.36.174 port 59642 [preauth]
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: Successful su for rubyman by root
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: + ??? root:rubyman
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316130 of user rubyman.
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316130.
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Failed password for invalid user orangepi from 182.227.224.35 port 45810 ssh2
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26672]: Connection closed by 182.227.224.35 port 45810 [preauth]
Sep 29 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Invalid user support from 182.227.224.35
Sep 29 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: input_userauth_request: invalid user support [preauth]
Sep 29 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user root
Sep 29 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Failed password for invalid user support from 182.227.224.35 port 45828 ssh2
Sep 29 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Connection closed by 182.227.224.35 port 45828 [preauth]
Sep 29 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26876]: Failed password for root from 213.212.36.174 port 59650 ssh2
Sep 29 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26876]: Connection closed by 213.212.36.174 port 59650 [preauth]
Sep 29 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: Invalid user ubnt from 182.227.224.35
Sep 29 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Invalid user user from 213.212.36.174
Sep 29 17:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: input_userauth_request: invalid user user [preauth]
Sep 29 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: Failed password for invalid user ubnt from 182.227.224.35 port 40066 ssh2
Sep 29 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: Connection closed by 182.227.224.35 port 40066 [preauth]
Sep 29 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Invalid user user from 182.227.224.35
Sep 29 17:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: input_userauth_request: invalid user user [preauth]
Sep 29 17:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user user from 213.212.36.174 port 35998 ssh2
Sep 29 17:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Connection closed by 213.212.36.174 port 35998 [preauth]
Sep 29 17:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Failed password for invalid user user from 182.227.224.35 port 40068 ssh2
Sep 29 17:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Connection closed by 182.227.224.35 port 40068 [preauth]
Sep 29 17:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Invalid user lighthouse from 213.212.36.174
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: input_userauth_request: invalid user lighthouse [preauth]
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Failed password for root from 162.144.236.216 port 40096 ssh2
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Connection closed by 182.227.224.35 port 40082 [preauth]
Sep 29 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35  user=root
Sep 29 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Connection closed by 162.144.236.216 port 40096 [preauth]
Sep 29 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Failed password for invalid user lighthouse from 213.212.36.174 port 36004 ssh2
Sep 29 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Connection closed by 213.212.36.174 port 36004 [preauth]
Sep 29 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: Failed password for root from 182.227.224.35 port 40090 ssh2
Sep 29 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27090]: Connection closed by 182.227.224.35 port 40090 [preauth]
Sep 29 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Invalid user admin from 182.227.224.35
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Invalid user flask from 213.212.36.174
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: input_userauth_request: invalid user flask [preauth]
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Failed password for invalid user admin from 182.227.224.35 port 54740 ssh2
Sep 29 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Failed password for invalid user flask from 213.212.36.174 port 53768 ssh2
Sep 29 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Connection closed by 182.227.224.35 port 54740 [preauth]
Sep 29 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Connection closed by 213.212.36.174 port 53768 [preauth]
Sep 29 17:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Invalid user admin from 182.227.224.35
Sep 29 17:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Invalid user user1 from 213.212.36.174
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: input_userauth_request: invalid user user1 [preauth]
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Failed password for invalid user admin from 182.227.224.35 port 54748 ssh2
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Connection closed by 182.227.224.35 port 54748 [preauth]
Sep 29 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Invalid user pi from 182.227.224.35
Sep 29 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: input_userauth_request: invalid user pi [preauth]
Sep 29 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Failed password for invalid user user1 from 213.212.36.174 port 53792 ssh2
Sep 29 17:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Connection closed by 213.212.36.174 port 53792 [preauth]
Sep 29 17:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Failed password for invalid user pi from 182.227.224.35 port 56040 ssh2
Sep 29 17:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27150]: Connection closed by 182.227.224.35 port 56040 [preauth]
Sep 29 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Invalid user debian from 182.227.224.35
Sep 29 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: input_userauth_request: invalid user debian [preauth]
Sep 29 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: Invalid user hadoop from 213.212.36.174
Sep 29 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for invalid user debian from 182.227.224.35 port 56048 ssh2
Sep 29 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Connection closed by 182.227.224.35 port 56048 [preauth]
Sep 29 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Invalid user pi from 182.227.224.35
Sep 29 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: input_userauth_request: invalid user pi [preauth]
Sep 29 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: Failed password for invalid user hadoop from 213.212.36.174 port 57594 ssh2
Sep 29 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27166]: Connection closed by 213.212.36.174 port 57594 [preauth]
Sep 29 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for invalid user pi from 182.227.224.35 port 56052 ssh2
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Connection closed by 182.227.224.35 port 56052 [preauth]
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Failed password for root from 162.144.236.216 port 50816 ssh2
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Invalid user oracle from 213.212.36.174
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Invalid user localadmin from 182.227.224.35
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: input_userauth_request: invalid user localadmin [preauth]
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session closed for user root
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Failed password for invalid user oracle from 213.212.36.174 port 57614 ssh2
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27113]: Connection closed by 162.144.236.216 port 50816 [preauth]
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Connection closed by 213.212.36.174 port 57614 [preauth]
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Failed password for invalid user localadmin from 182.227.224.35 port 56064 ssh2
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Connection closed by 182.227.224.35 port 56064 [preauth]
Sep 29 17:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35  user=root
Sep 29 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Invalid user test from 213.212.36.174
Sep 29 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: input_userauth_request: invalid user test [preauth]
Sep 29 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: Failed password for root from 182.227.224.35 port 59900 ssh2
Sep 29 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: Connection closed by 182.227.224.35 port 59900 [preauth]
Sep 29 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Failed password for invalid user test from 213.212.36.174 port 44404 ssh2
Sep 29 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Connection closed by 213.212.36.174 port 44404 [preauth]
Sep 29 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Invalid user ubuntu from 182.227.224.35
Sep 29 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Failed password for invalid user ubuntu from 182.227.224.35 port 59902 ssh2
Sep 29 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Connection closed by 182.227.224.35 port 59902 [preauth]
Sep 29 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Invalid user pi from 182.227.224.35
Sep 29 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: input_userauth_request: invalid user pi [preauth]
Sep 29 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Failed password for root from 213.212.36.174 port 44410 ssh2
Sep 29 17:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Connection closed by 213.212.36.174 port 44410 [preauth]
Sep 29 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Failed password for invalid user pi from 182.227.224.35 port 59908 ssh2
Sep 29 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27250]: Connection closed by 182.227.224.35 port 59908 [preauth]
Sep 29 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Invalid user test from 182.227.224.35
Sep 29 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: input_userauth_request: invalid user test [preauth]
Sep 29 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Invalid user developer from 213.212.36.174
Sep 29 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: input_userauth_request: invalid user developer [preauth]
Sep 29 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: Failed password for root from 162.144.236.216 port 58360 ssh2
Sep 29 17:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Failed password for invalid user test from 182.227.224.35 port 52322 ssh2
Sep 29 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Connection closed by 182.227.224.35 port 52322 [preauth]
Sep 29 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Failed password for invalid user developer from 213.212.36.174 port 34130 ssh2
Sep 29 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Connection closed by 213.212.36.174 port 34130 [preauth]
Sep 29 17:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27228]: Connection closed by 162.144.236.216 port 58360 [preauth]
Sep 29 17:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35  user=root
Sep 29 17:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Failed password for root from 182.227.224.35 port 52328 ssh2
Sep 29 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Connection closed by 182.227.224.35 port 52328 [preauth]
Sep 29 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35  user=root
Sep 29 17:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27293]: Failed password for root from 213.212.36.174 port 34140 ssh2
Sep 29 17:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27293]: Connection closed by 213.212.36.174 port 34140 [preauth]
Sep 29 17:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for root from 182.227.224.35 port 46028 ssh2
Sep 29 17:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Connection closed by 182.227.224.35 port 46028 [preauth]
Sep 29 17:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Invalid user admin from 182.227.224.35
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: User mysql from 213.212.36.174 not allowed because not listed in AllowUsers
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: input_userauth_request: invalid user mysql [preauth]
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=mysql
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27317]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Failed password for invalid user admin from 182.227.224.35 port 46032 ssh2
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: Successful su for rubyman by root
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: + ??? root:rubyman
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Failed password for invalid user mysql from 213.212.36.174 port 45032 ssh2
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316135 of user rubyman.
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27497]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316135.
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Connection closed by 182.227.224.35 port 46032 [preauth]
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27301]: Connection closed by 213.212.36.174 port 45032 [preauth]
Sep 29 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27314]: pam_unix(cron:session): session closed for user root
Sep 29 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Invalid user guest from 182.227.224.35
Sep 29 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: input_userauth_request: invalid user guest [preauth]
Sep 29 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.227.224.35
Sep 29 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: Failed password for root from 162.144.236.216 port 35622 ssh2
Sep 29 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Invalid user testuser from 93.152.230.176
Sep 29 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: input_userauth_request: invalid user testuser [preauth]
Sep 29 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Failed password for invalid user guest from 182.227.224.35 port 46062 ssh2
Sep 29 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27681]: Connection closed by 182.227.224.35 port 46062 [preauth]
Sep 29 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23795]: pam_unix(cron:session): session closed for user root
Sep 29 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27284]: Connection closed by 162.144.236.216 port 35622 [preauth]
Sep 29 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Failed password for root from 213.212.36.174 port 45044 ssh2
Sep 29 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Failed password for invalid user testuser from 93.152.230.176 port 10406 ssh2
Sep 29 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Received disconnect from 93.152.230.176 port 10406:11: Client disconnecting normally [preauth]
Sep 29 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27757]: Disconnected from 93.152.230.176 port 10406 [preauth]
Sep 29 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27755]: Connection closed by 213.212.36.174 port 45044 [preauth]
Sep 29 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27319]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Invalid user tom from 213.212.36.174
Sep 29 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: input_userauth_request: invalid user tom [preauth]
Sep 29 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for invalid user tom from 213.212.36.174 port 36338 ssh2
Sep 29 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Connection closed by 213.212.36.174 port 36338 [preauth]
Sep 29 17:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Failed password for root from 213.212.36.174 port 36342 ssh2
Sep 29 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Connection closed by 213.212.36.174 port 36342 [preauth]
Sep 29 17:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Failed password for root from 162.144.236.216 port 42138 ssh2
Sep 29 17:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Connection closed by 162.144.236.216 port 42138 [preauth]
Sep 29 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Invalid user oscar from 213.212.36.174
Sep 29 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: input_userauth_request: invalid user oscar [preauth]
Sep 29 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Failed password for invalid user oscar from 213.212.36.174 port 54316 ssh2
Sep 29 17:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Connection closed by 213.212.36.174 port 54316 [preauth]
Sep 29 17:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: Failed password for root from 213.212.36.174 port 54318 ssh2
Sep 29 17:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: Connection closed by 213.212.36.174 port 54318 [preauth]
Sep 29 17:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Failed password for root from 162.144.236.216 port 49454 ssh2
Sep 29 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Failed password for root from 213.212.36.174 port 56160 ssh2
Sep 29 17:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Connection closed by 213.212.36.174 port 56160 [preauth]
Sep 29 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Connection closed by 162.144.236.216 port 49454 [preauth]
Sep 29 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: Invalid user user1 from 213.212.36.174
Sep 29 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: input_userauth_request: invalid user user1 [preauth]
Sep 29 17:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26076]: pam_unix(cron:session): session closed for user root
Sep 29 17:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: Failed password for invalid user user1 from 213.212.36.174 port 56166 ssh2
Sep 29 17:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27993]: Connection closed by 213.212.36.174 port 56166 [preauth]
Sep 29 17:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Failed password for root from 213.212.36.174 port 38278 ssh2
Sep 29 17:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Connection closed by 213.212.36.174 port 38278 [preauth]
Sep 29 17:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Invalid user flink from 213.212.36.174
Sep 29 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: input_userauth_request: invalid user flink [preauth]
Sep 29 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Failed password for invalid user flink from 213.212.36.174 port 38284 ssh2
Sep 29 17:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28048]: Connection closed by 213.212.36.174 port 38284 [preauth]
Sep 29 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Invalid user apache from 213.212.36.174
Sep 29 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: input_userauth_request: invalid user apache [preauth]
Sep 29 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: Failed password for root from 162.144.236.216 port 56358 ssh2
Sep 29 17:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Failed password for invalid user apache from 213.212.36.174 port 56706 ssh2
Sep 29 17:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Connection closed by 213.212.36.174 port 56706 [preauth]
Sep 29 17:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27996]: Connection closed by 162.144.236.216 port 56358 [preauth]
Sep 29 17:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Failed password for root from 213.212.36.174 port 56722 ssh2
Sep 29 17:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Connection closed by 213.212.36.174 port 56722 [preauth]
Sep 29 17:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: Invalid user nginx from 213.212.36.174
Sep 29 17:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: input_userauth_request: invalid user nginx [preauth]
Sep 29 17:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user root
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28106]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: Failed password for invalid user nginx from 213.212.36.174 port 52438 ssh2
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: Connection closed by 213.212.36.174 port 52438 [preauth]
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28190]: Successful su for rubyman by root
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28190]: + ??? root:rubyman
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316141 of user rubyman.
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28190]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316141.
Sep 29 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: Invalid user esuser from 213.212.36.174
Sep 29 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: input_userauth_request: invalid user esuser [preauth]
Sep 29 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for root from 162.144.236.216 port 35972 ssh2
Sep 29 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28108]: pam_unix(cron:session): session closed for user root
Sep 29 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: Failed password for invalid user esuser from 213.212.36.174 port 52458 ssh2
Sep 29 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session closed for user root
Sep 29 17:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28243]: Connection closed by 213.212.36.174 port 52458 [preauth]
Sep 29 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 162.144.236.216 port 35972 [preauth]
Sep 29 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28107]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Failed password for root from 213.212.36.174 port 51924 ssh2
Sep 29 17:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Connection closed by 213.212.36.174 port 51924 [preauth]
Sep 29 17:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Invalid user git from 213.212.36.174
Sep 29 17:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: input_userauth_request: invalid user git [preauth]
Sep 29 17:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Failed password for root from 162.144.236.216 port 43004 ssh2
Sep 29 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Connection closed by 162.144.236.216 port 43004 [preauth]
Sep 29 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Failed password for invalid user git from 213.212.36.174 port 51926 ssh2
Sep 29 17:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28455]: Connection closed by 213.212.36.174 port 51926 [preauth]
Sep 29 17:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: Invalid user postgres from 213.212.36.174
Sep 29 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: input_userauth_request: invalid user postgres [preauth]
Sep 29 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: Failed password for invalid user postgres from 213.212.36.174 port 45524 ssh2
Sep 29 17:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: Connection closed by 213.212.36.174 port 45524 [preauth]
Sep 29 17:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Failed password for root from 162.144.236.216 port 49250 ssh2
Sep 29 17:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Invalid user svnuser from 213.212.36.174
Sep 29 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: input_userauth_request: invalid user svnuser [preauth]
Sep 29 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Connection closed by 162.144.236.216 port 49250 [preauth]
Sep 29 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Failed password for invalid user svnuser from 213.212.36.174 port 45534 ssh2
Sep 29 17:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28496]: Connection closed by 213.212.36.174 port 45534 [preauth]
Sep 29 17:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Invalid user dolphinscheduler from 213.212.36.174
Sep 29 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Failed password for root from 162.144.236.216 port 56060 ssh2
Sep 29 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Failed password for invalid user dolphinscheduler from 213.212.36.174 port 37286 ssh2
Sep 29 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28498]: Connection closed by 162.144.236.216 port 56060 [preauth]
Sep 29 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28626]: Connection closed by 213.212.36.174 port 37286 [preauth]
Sep 29 17:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user root
Sep 29 17:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: Failed password for root from 213.212.36.174 port 37298 ssh2
Sep 29 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: Connection closed by 213.212.36.174 port 37298 [preauth]
Sep 29 17:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Failed password for root from 162.144.236.216 port 60976 ssh2
Sep 29 17:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Invalid user plexserver from 213.212.36.174
Sep 29 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: input_userauth_request: invalid user plexserver [preauth]
Sep 29 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Connection closed by 162.144.236.216 port 60976 [preauth]
Sep 29 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Failed password for invalid user plexserver from 213.212.36.174 port 58078 ssh2
Sep 29 17:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28682]: Connection closed by 213.212.36.174 port 58078 [preauth]
Sep 29 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Invalid user sonar from 213.212.36.174
Sep 29 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: input_userauth_request: invalid user sonar [preauth]
Sep 29 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: Failed password for root from 162.144.236.216 port 38066 ssh2
Sep 29 17:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Failed password for invalid user sonar from 213.212.36.174 port 58090 ssh2
Sep 29 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28693]: Connection closed by 213.212.36.174 port 58090 [preauth]
Sep 29 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28684]: Connection closed by 162.144.236.216 port 38066 [preauth]
Sep 29 17:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: Invalid user app from 213.212.36.174
Sep 29 17:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: input_userauth_request: invalid user app [preauth]
Sep 29 17:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: Failed password for invalid user app from 213.212.36.174 port 46246 ssh2
Sep 29 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28724]: Connection closed by 213.212.36.174 port 46246 [preauth]
Sep 29 17:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: Failed password for root from 162.144.236.216 port 44436 ssh2
Sep 29 17:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Invalid user tools from 213.212.36.174
Sep 29 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: input_userauth_request: invalid user tools [preauth]
Sep 29 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28723]: Connection closed by 162.144.236.216 port 44436 [preauth]
Sep 29 17:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Failed password for invalid user tools from 213.212.36.174 port 46256 ssh2
Sep 29 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28738]: Connection closed by 213.212.36.174 port 46256 [preauth]
Sep 29 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: Invalid user lighthouse from 213.212.36.174
Sep 29 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: input_userauth_request: invalid user lighthouse [preauth]
Sep 29 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: Failed password for invalid user lighthouse from 213.212.36.174 port 50054 ssh2
Sep 29 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28751]: Connection closed by 213.212.36.174 port 50054 [preauth]
Sep 29 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28766]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28839]: Successful su for rubyman by root
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28839]: + ??? root:rubyman
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316144 of user rubyman.
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28839]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316144.
Sep 29 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: User mysql from 213.212.36.174 not allowed because not listed in AllowUsers
Sep 29 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: input_userauth_request: invalid user mysql [preauth]
Sep 29 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: Failed password for root from 162.144.236.216 port 50266 ssh2
Sep 29 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=mysql
Sep 29 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: Failed password for invalid user mysql from 213.212.36.174 port 50056 ssh2
Sep 29 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28872]: Connection closed by 213.212.36.174 port 50056 [preauth]
Sep 29 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session closed for user root
Sep 29 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28748]: Connection closed by 162.144.236.216 port 50266 [preauth]
Sep 29 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28764]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29148]: Failed password for root from 213.212.36.174 port 59918 ssh2
Sep 29 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29148]: Connection closed by 213.212.36.174 port 59918 [preauth]
Sep 29 17:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: Invalid user gpadmin from 213.212.36.174
Sep 29 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: input_userauth_request: invalid user gpadmin [preauth]
Sep 29 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: Failed password for invalid user gpadmin from 213.212.36.174 port 59932 ssh2
Sep 29 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29178]: Connection closed by 213.212.36.174 port 59932 [preauth]
Sep 29 17:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: Invalid user oracle from 213.212.36.174
Sep 29 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Failed password for root from 162.144.236.216 port 57204 ssh2
Sep 29 17:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: Failed password for invalid user oracle from 213.212.36.174 port 51202 ssh2
Sep 29 17:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: Connection closed by 213.212.36.174 port 51202 [preauth]
Sep 29 17:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Connection closed by 162.144.236.216 port 57204 [preauth]
Sep 29 17:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Failed password for root from 213.212.36.174 port 51216 ssh2
Sep 29 17:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Connection closed by 213.212.36.174 port 51216 [preauth]
Sep 29 17:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: Invalid user www from 213.212.36.174
Sep 29 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: input_userauth_request: invalid user www [preauth]
Sep 29 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: Failed password for invalid user www from 213.212.36.174 port 55940 ssh2
Sep 29 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29250]: Connection closed by 213.212.36.174 port 55940 [preauth]
Sep 29 17:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session closed for user root
Sep 29 17:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Failed password for root from 213.212.36.174 port 55952 ssh2
Sep 29 17:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29262]: Connection closed by 213.212.36.174 port 55952 [preauth]
Sep 29 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Invalid user oscar from 213.212.36.174
Sep 29 17:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: input_userauth_request: invalid user oscar [preauth]
Sep 29 17:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Failed password for root from 162.144.236.216 port 34992 ssh2
Sep 29 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Failed password for invalid user oscar from 213.212.36.174 port 59044 ssh2
Sep 29 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Connection closed by 213.212.36.174 port 59044 [preauth]
Sep 29 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Invalid user test from 213.212.36.174
Sep 29 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: input_userauth_request: invalid user test [preauth]
Sep 29 17:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Connection closed by 162.144.236.216 port 34992 [preauth]
Sep 29 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Failed password for invalid user test from 213.212.36.174 port 59050 ssh2
Sep 29 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Connection closed by 213.212.36.174 port 59050 [preauth]
Sep 29 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Invalid user admin from 213.212.36.174
Sep 29 17:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Failed password for invalid user admin from 213.212.36.174 port 33602 ssh2
Sep 29 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Connection closed by 213.212.36.174 port 33602 [preauth]
Sep 29 17:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Failed password for root from 213.212.36.174 port 33616 ssh2
Sep 29 17:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Connection closed by 213.212.36.174 port 33616 [preauth]
Sep 29 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Invalid user app from 213.212.36.174
Sep 29 17:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: input_userauth_request: invalid user app [preauth]
Sep 29 17:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for invalid user app from 213.212.36.174 port 58156 ssh2
Sep 29 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Connection closed by 213.212.36.174 port 58156 [preauth]
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29382]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29451]: Successful su for rubyman by root
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29451]: + ??? root:rubyman
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316148 of user rubyman.
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29451]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Failed password for root from 59.12.160.91 port 55272 ssh2
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316148.
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Received disconnect from 59.12.160.91 port 55272:11: Bye Bye [preauth]
Sep 29 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Disconnected from 59.12.160.91 port 55272 [preauth]
Sep 29 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Invalid user elastic from 213.212.36.174
Sep 29 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: input_userauth_request: invalid user elastic [preauth]
Sep 29 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Failed password for root from 162.144.236.216 port 42130 ssh2
Sep 29 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Failed password for invalid user elastic from 213.212.36.174 port 58162 ssh2
Sep 29 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Connection closed by 213.212.36.174 port 58162 [preauth]
Sep 29 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session closed for user root
Sep 29 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29383]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Connection closed by 162.144.236.216 port 42130 [preauth]
Sep 29 17:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Failed password for root from 213.212.36.174 port 60328 ssh2
Sep 29 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Connection closed by 213.212.36.174 port 60328 [preauth]
Sep 29 17:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Invalid user guest from 213.212.36.174
Sep 29 17:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: input_userauth_request: invalid user guest [preauth]
Sep 29 17:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Failed password for invalid user guest from 213.212.36.174 port 60356 ssh2
Sep 29 17:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Connection closed by 213.212.36.174 port 60356 [preauth]
Sep 29 17:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: Invalid user ai from 49.247.35.31
Sep 29 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: input_userauth_request: invalid user ai [preauth]
Sep 29 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Failed password for root from 213.212.36.174 port 34400 ssh2
Sep 29 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: Failed password for invalid user ai from 49.247.35.31 port 55401 ssh2
Sep 29 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Connection closed by 213.212.36.174 port 34400 [preauth]
Sep 29 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: Received disconnect from 49.247.35.31 port 55401:11: Bye Bye [preauth]
Sep 29 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29712]: Disconnected from 49.247.35.31 port 55401 [preauth]
Sep 29 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: Failed password for root from 162.144.236.216 port 51490 ssh2
Sep 29 17:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29672]: Connection closed by 162.144.236.216 port 51490 [preauth]
Sep 29 17:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: Invalid user sonar from 213.212.36.174
Sep 29 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: input_userauth_request: invalid user sonar [preauth]
Sep 29 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: Failed password for invalid user sonar from 213.212.36.174 port 34402 ssh2
Sep 29 17:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: Connection closed by 213.212.36.174 port 34402 [preauth]
Sep 29 17:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: Invalid user jumpserver from 213.212.36.174
Sep 29 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: input_userauth_request: invalid user jumpserver [preauth]
Sep 29 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: Failed password for invalid user jumpserver from 213.212.36.174 port 42180 ssh2
Sep 29 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: Connection closed by 213.212.36.174 port 42180 [preauth]
Sep 29 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Invalid user tom from 213.212.36.174
Sep 29 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: input_userauth_request: invalid user tom [preauth]
Sep 29 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user tom from 213.212.36.174 port 42182 ssh2
Sep 29 17:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Connection closed by 213.212.36.174 port 42182 [preauth]
Sep 29 17:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session closed for user root
Sep 29 17:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Failed password for root from 162.144.236.216 port 57938 ssh2
Sep 29 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Connection closed by 162.144.236.216 port 57938 [preauth]
Sep 29 17:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Failed password for root from 213.212.36.174 port 38904 ssh2
Sep 29 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Connection closed by 213.212.36.174 port 38904 [preauth]
Sep 29 17:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Invalid user git from 213.212.36.174
Sep 29 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: input_userauth_request: invalid user git [preauth]
Sep 29 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Failed password for invalid user git from 213.212.36.174 port 38916 ssh2
Sep 29 17:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Connection closed by 213.212.36.174 port 38916 [preauth]
Sep 29 17:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Invalid user ranger from 213.212.36.174
Sep 29 17:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: input_userauth_request: invalid user ranger [preauth]
Sep 29 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Failed password for invalid user ranger from 213.212.36.174 port 41094 ssh2
Sep 29 17:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Connection closed by 213.212.36.174 port 41094 [preauth]
Sep 29 17:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: Failed password for root from 213.212.36.174 port 41098 ssh2
Sep 29 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: Connection closed by 213.212.36.174 port 41098 [preauth]
Sep 29 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Invalid user appuser from 213.212.36.174
Sep 29 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: input_userauth_request: invalid user appuser [preauth]
Sep 29 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: Failed password for root from 162.144.236.216 port 37184 ssh2
Sep 29 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Failed password for invalid user appuser from 213.212.36.174 port 57828 ssh2
Sep 29 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Connection closed by 213.212.36.174 port 57828 [preauth]
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29807]: Connection closed by 162.144.236.216 port 37184 [preauth]
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29964]: Successful su for rubyman by root
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29964]: + ??? root:rubyman
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316152 of user rubyman.
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29964]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316152.
Sep 29 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Invalid user tom from 213.212.36.174
Sep 29 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: input_userauth_request: invalid user tom [preauth]
Sep 29 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26075]: pam_unix(cron:session): session closed for user root
Sep 29 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Failed password for invalid user tom from 213.212.36.174 port 57840 ssh2
Sep 29 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Connection closed by 213.212.36.174 port 57840 [preauth]
Sep 29 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30189]: Failed password for root from 213.212.36.174 port 50874 ssh2
Sep 29 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30189]: Connection closed by 213.212.36.174 port 50874 [preauth]
Sep 29 17:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29986]: Failed password for root from 162.144.236.216 port 46814 ssh2
Sep 29 17:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Invalid user ubuntu from 213.212.36.174
Sep 29 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29986]: Connection closed by 162.144.236.216 port 46814 [preauth]
Sep 29 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Failed password for invalid user ubuntu from 213.212.36.174 port 50888 ssh2
Sep 29 17:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Connection closed by 213.212.36.174 port 50888 [preauth]
Sep 29 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Invalid user elsearch from 213.212.36.174
Sep 29 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: input_userauth_request: invalid user elsearch [preauth]
Sep 29 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Failed password for invalid user elsearch from 213.212.36.174 port 43170 ssh2
Sep 29 17:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Connection closed by 213.212.36.174 port 43170 [preauth]
Sep 29 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Failed password for root from 162.144.236.216 port 54382 ssh2
Sep 29 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Invalid user nginx from 213.212.36.174
Sep 29 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: input_userauth_request: invalid user nginx [preauth]
Sep 29 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Connection closed by 162.144.236.216 port 54382 [preauth]
Sep 29 17:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Failed password for invalid user nginx from 213.212.36.174 port 43182 ssh2
Sep 29 17:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Connection closed by 213.212.36.174 port 43182 [preauth]
Sep 29 17:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: Invalid user rancher from 213.212.36.174
Sep 29 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: input_userauth_request: invalid user rancher [preauth]
Sep 29 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: Failed password for invalid user rancher from 213.212.36.174 port 46866 ssh2
Sep 29 17:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30297]: Connection closed by 213.212.36.174 port 46866 [preauth]
Sep 29 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28766]: pam_unix(cron:session): session closed for user root
Sep 29 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for root from 213.212.36.174 port 46882 ssh2
Sep 29 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Connection closed by 213.212.36.174 port 46882 [preauth]
Sep 29 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Invalid user rancher from 213.212.36.174
Sep 29 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: input_userauth_request: invalid user rancher [preauth]
Sep 29 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Invalid user ash from 103.162.31.192
Sep 29 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: input_userauth_request: invalid user ash [preauth]
Sep 29 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Failed password for invalid user rancher from 213.212.36.174 port 58676 ssh2
Sep 29 17:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30360]: Connection closed by 213.212.36.174 port 58676 [preauth]
Sep 29 17:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Failed password for invalid user ash from 103.162.31.192 port 54354 ssh2
Sep 29 17:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Failed password for root from 162.144.236.216 port 33024 ssh2
Sep 29 17:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Received disconnect from 103.162.31.192 port 54354:11: Bye Bye [preauth]
Sep 29 17:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Disconnected from 103.162.31.192 port 54354 [preauth]
Sep 29 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Connection closed by 162.144.236.216 port 33024 [preauth]
Sep 29 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: Invalid user es from 213.212.36.174
Sep 29 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: input_userauth_request: invalid user es [preauth]
Sep 29 17:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: Failed password for invalid user es from 213.212.36.174 port 58688 ssh2
Sep 29 17:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: Connection closed by 213.212.36.174 port 58688 [preauth]
Sep 29 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Failed password for root from 213.212.36.174 port 50394 ssh2
Sep 29 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Connection closed by 213.212.36.174 port 50394 [preauth]
Sep 29 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: Invalid user user from 213.212.36.174
Sep 29 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: input_userauth_request: invalid user user [preauth]
Sep 29 17:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Failed password for root from 162.144.236.216 port 39996 ssh2
Sep 29 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: Failed password for invalid user user from 213.212.36.174 port 50404 ssh2
Sep 29 17:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30405]: Connection closed by 213.212.36.174 port 50404 [preauth]
Sep 29 17:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Connection closed by 162.144.236.216 port 39996 [preauth]
Sep 29 17:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: User sshd from 80.94.95.115 not allowed because not listed in AllowUsers
Sep 29 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: input_userauth_request: invalid user sshd [preauth]
Sep 29 17:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=sshd
Sep 29 17:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Failed password for root from 213.212.36.174 port 51940 ssh2
Sep 29 17:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30419]: Connection closed by 213.212.36.174 port 51940 [preauth]
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Failed password for invalid user sshd from 80.94.95.115 port 35832 ssh2
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Connection closed by 80.94.95.115 port 35832 [preauth]
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30597]: Successful su for rubyman by root
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30597]: + ??? root:rubyman
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316156 of user rubyman.
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30597]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316156.
Sep 29 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: Invalid user uftp from 213.212.36.174
Sep 29 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: input_userauth_request: invalid user uftp [preauth]
Sep 29 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: Failed password for invalid user uftp from 213.212.36.174 port 51954 ssh2
Sep 29 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30617]: Connection closed by 213.212.36.174 port 51954 [preauth]
Sep 29 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session closed for user root
Sep 29 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Invalid user data from 213.212.36.174
Sep 29 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: input_userauth_request: invalid user data [preauth]
Sep 29 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: Failed password for root from 162.144.236.216 port 46476 ssh2
Sep 29 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: Connection closed by 162.144.236.216 port 46476 [preauth]
Sep 29 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Failed password for invalid user data from 213.212.36.174 port 33330 ssh2
Sep 29 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Connection closed by 213.212.36.174 port 33330 [preauth]
Sep 29 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Invalid user bigdata from 213.212.36.174
Sep 29 17:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: input_userauth_request: invalid user bigdata [preauth]
Sep 29 17:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Failed password for invalid user bigdata from 213.212.36.174 port 33338 ssh2
Sep 29 17:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30829]: Connection closed by 213.212.36.174 port 33338 [preauth]
Sep 29 17:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Invalid user oracle from 213.212.36.174
Sep 29 17:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Failed password for root from 162.144.236.216 port 53052 ssh2
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Invalid user media from 167.99.55.34
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: input_userauth_request: invalid user media [preauth]
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Failed password for invalid user oracle from 213.212.36.174 port 39000 ssh2
Sep 29 17:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Connection closed by 213.212.36.174 port 39000 [preauth]
Sep 29 17:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Connection closed by 162.144.236.216 port 53052 [preauth]
Sep 29 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Failed password for invalid user media from 167.99.55.34 port 50934 ssh2
Sep 29 17:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Connection closed by 167.99.55.34 port 50934 [preauth]
Sep 29 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: Invalid user plex from 213.212.36.174
Sep 29 17:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: input_userauth_request: invalid user plex [preauth]
Sep 29 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: Failed password for invalid user plex from 213.212.36.174 port 39006 ssh2
Sep 29 17:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30875]: Connection closed by 213.212.36.174 port 39006 [preauth]
Sep 29 17:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Invalid user steam from 213.212.36.174
Sep 29 17:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: input_userauth_request: invalid user steam [preauth]
Sep 29 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Failed password for invalid user steam from 213.212.36.174 port 56776 ssh2
Sep 29 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30902]: Connection closed by 213.212.36.174 port 56776 [preauth]
Sep 29 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: Invalid user esuser from 213.212.36.174
Sep 29 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: input_userauth_request: invalid user esuser [preauth]
Sep 29 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session closed for user root
Sep 29 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: Failed password for invalid user esuser from 213.212.36.174 port 56790 ssh2
Sep 29 17:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: Connection closed by 213.212.36.174 port 56790 [preauth]
Sep 29 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: Failed password for root from 162.144.236.216 port 60270 ssh2
Sep 29 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: Invalid user observer from 213.212.36.174
Sep 29 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: input_userauth_request: invalid user observer [preauth]
Sep 29 17:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: Failed password for invalid user observer from 213.212.36.174 port 45832 ssh2
Sep 29 17:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30948]: Connection closed by 213.212.36.174 port 45832 [preauth]
Sep 29 17:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30873]: Connection closed by 162.144.236.216 port 60270 [preauth]
Sep 29 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: Invalid user docker from 213.212.36.174
Sep 29 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: input_userauth_request: invalid user docker [preauth]
Sep 29 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Invalid user user4 from 89.126.208.24
Sep 29 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: input_userauth_request: invalid user user4 [preauth]
Sep 29 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: Failed password for invalid user docker from 213.212.36.174 port 45836 ssh2
Sep 29 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30961]: Connection closed by 213.212.36.174 port 45836 [preauth]
Sep 29 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Failed password for invalid user user4 from 89.126.208.24 port 39438 ssh2
Sep 29 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Received disconnect from 89.126.208.24 port 39438:11: Bye Bye [preauth]
Sep 29 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Disconnected from 89.126.208.24 port 39438 [preauth]
Sep 29 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: Invalid user user from 213.212.36.174
Sep 29 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: input_userauth_request: invalid user user [preauth]
Sep 29 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: Failed password for invalid user user from 213.212.36.174 port 50628 ssh2
Sep 29 17:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30987]: Connection closed by 213.212.36.174 port 50628 [preauth]
Sep 29 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Invalid user elastic from 213.212.36.174
Sep 29 17:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: input_userauth_request: invalid user elastic [preauth]
Sep 29 17:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Failed password for invalid user elastic from 213.212.36.174 port 50636 ssh2
Sep 29 17:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Connection closed by 213.212.36.174 port 50636 [preauth]
Sep 29 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Invalid user oracle from 213.212.36.174
Sep 29 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Failed password for invalid user oracle from 213.212.36.174 port 42216 ssh2
Sep 29 17:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Connection closed by 213.212.36.174 port 42216 [preauth]
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31032]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31030]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31034]: pam_unix(cron:session): session closed for user root
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31028]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for root from 162.144.236.216 port 40834 ssh2
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: Successful su for rubyman by root
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: + ??? root:rubyman
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316162 of user rubyman.
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31115]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316162.
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Invalid user postgres from 213.212.36.174
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: input_userauth_request: invalid user postgres [preauth]
Sep 29 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Connection closed by 162.144.236.216 port 40834 [preauth]
Sep 29 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31030]: pam_unix(cron:session): session closed for user root
Sep 29 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Failed password for invalid user postgres from 213.212.36.174 port 42230 ssh2
Sep 29 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Connection closed by 213.212.36.174 port 42230 [preauth]
Sep 29 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session closed for user root
Sep 29 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: Invalid user ts from 213.212.36.174
Sep 29 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: input_userauth_request: invalid user ts [preauth]
Sep 29 17:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31029]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: Failed password for invalid user ts from 213.212.36.174 port 36432 ssh2
Sep 29 17:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: Connection closed by 213.212.36.174 port 36432 [preauth]
Sep 29 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Failed password for root from 162.144.236.216 port 50418 ssh2
Sep 29 17:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Connection closed by 162.144.236.216 port 50418 [preauth]
Sep 29 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31353]: Failed password for root from 213.212.36.174 port 36448 ssh2
Sep 29 17:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31353]: Connection closed by 213.212.36.174 port 36448 [preauth]
Sep 29 17:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Invalid user ftpuser from 213.212.36.174
Sep 29 17:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 17:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Failed password for invalid user ftpuser from 213.212.36.174 port 35954 ssh2
Sep 29 17:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Connection closed by 213.212.36.174 port 35954 [preauth]
Sep 29 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Invalid user test from 213.212.36.174
Sep 29 17:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: input_userauth_request: invalid user test [preauth]
Sep 29 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for root from 162.144.236.216 port 57810 ssh2
Sep 29 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for invalid user test from 213.212.36.174 port 35962 ssh2
Sep 29 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Connection closed by 162.144.236.216 port 57810 [preauth]
Sep 29 17:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Connection closed by 213.212.36.174 port 35962 [preauth]
Sep 29 17:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: Invalid user gitlab from 213.212.36.174
Sep 29 17:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: Failed password for invalid user gitlab from 213.212.36.174 port 41860 ssh2
Sep 29 17:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31423]: Connection closed by 213.212.36.174 port 41860 [preauth]
Sep 29 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Invalid user guest from 213.212.36.174
Sep 29 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: input_userauth_request: invalid user guest [preauth]
Sep 29 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session closed for user root
Sep 29 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Failed password for invalid user guest from 213.212.36.174 port 41862 ssh2
Sep 29 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Connection closed by 213.212.36.174 port 41862 [preauth]
Sep 29 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Invalid user worker from 213.212.36.174
Sep 29 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: input_userauth_request: invalid user worker [preauth]
Sep 29 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Failed password for invalid user worker from 213.212.36.174 port 57710 ssh2
Sep 29 17:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Connection closed by 213.212.36.174 port 57710 [preauth]
Sep 29 17:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Invalid user flask from 213.212.36.174
Sep 29 17:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: input_userauth_request: invalid user flask [preauth]
Sep 29 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for invalid user flask from 213.212.36.174 port 57730 ssh2
Sep 29 17:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Connection closed by 213.212.36.174 port 57730 [preauth]
Sep 29 17:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Invalid user gpuadmin from 213.212.36.174
Sep 29 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: input_userauth_request: invalid user gpuadmin [preauth]
Sep 29 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31409]: Failed password for root from 162.144.236.216 port 37060 ssh2
Sep 29 17:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for invalid user gpuadmin from 213.212.36.174 port 52674 ssh2
Sep 29 17:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 213.212.36.174 port 52674 [preauth]
Sep 29 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31409]: Connection closed by 162.144.236.216 port 37060 [preauth]
Sep 29 17:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: Invalid user zabbix from 213.212.36.174
Sep 29 17:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: input_userauth_request: invalid user zabbix [preauth]
Sep 29 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: Failed password for invalid user zabbix from 213.212.36.174 port 52682 ssh2
Sep 29 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31566]: Connection closed by 213.212.36.174 port 52682 [preauth]
Sep 29 17:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Failed password for root from 213.212.36.174 port 59606 ssh2
Sep 29 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Connection closed by 213.212.36.174 port 59606 [preauth]
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31662]: Successful su for rubyman by root
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31662]: + ??? root:rubyman
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316168 of user rubyman.
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31662]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316168.
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: Invalid user flask from 213.212.36.174
Sep 29 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: input_userauth_request: invalid user flask [preauth]
Sep 29 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: Failed password for root from 162.144.236.216 port 47070 ssh2
Sep 29 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: Failed password for invalid user flask from 213.212.36.174 port 59612 ssh2
Sep 29 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: Connection closed by 213.212.36.174 port 59612 [preauth]
Sep 29 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session closed for user root
Sep 29 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: Connection closed by 162.144.236.216 port 47070 [preauth]
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Invalid user gitlab from 213.212.36.174
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Failed password for invalid user gitlab from 213.212.36.174 port 34198 ssh2
Sep 29 17:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Connection closed by 213.212.36.174 port 34198 [preauth]
Sep 29 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Invalid user testuser from 213.212.36.174
Sep 29 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: input_userauth_request: invalid user testuser [preauth]
Sep 29 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Invalid user chris from 49.247.35.31
Sep 29 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: input_userauth_request: invalid user chris [preauth]
Sep 29 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Failed password for invalid user testuser from 213.212.36.174 port 34210 ssh2
Sep 29 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Connection closed by 213.212.36.174 port 34210 [preauth]
Sep 29 17:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Failed password for root from 162.144.236.216 port 55036 ssh2
Sep 29 17:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Failed password for invalid user chris from 49.247.35.31 port 10831 ssh2
Sep 29 17:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Received disconnect from 49.247.35.31 port 10831:11: Bye Bye [preauth]
Sep 29 17:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31885]: Disconnected from 49.247.35.31 port 10831 [preauth]
Sep 29 17:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Invalid user postgres from 213.212.36.174
Sep 29 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: input_userauth_request: invalid user postgres [preauth]
Sep 29 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Connection closed by 162.144.236.216 port 55036 [preauth]
Sep 29 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Failed password for invalid user postgres from 213.212.36.174 port 39138 ssh2
Sep 29 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Connection closed by 213.212.36.174 port 39138 [preauth]
Sep 29 17:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: Invalid user jenkins from 213.212.36.174
Sep 29 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: input_userauth_request: invalid user jenkins [preauth]
Sep 29 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: Failed password for invalid user jenkins from 213.212.36.174 port 39140 ssh2
Sep 29 17:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31931]: Connection closed by 213.212.36.174 port 39140 [preauth]
Sep 29 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: Failed password for root from 213.212.36.174 port 43218 ssh2
Sep 29 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31959]: Connection closed by 213.212.36.174 port 43218 [preauth]
Sep 29 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: Invalid user admin from 213.212.36.174
Sep 29 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Failed password for root from 162.144.236.216 port 34550 ssh2
Sep 29 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: Failed password for invalid user admin from 213.212.36.174 port 43228 ssh2
Sep 29 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session closed for user root
Sep 29 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31971]: Connection closed by 213.212.36.174 port 43228 [preauth]
Sep 29 17:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Connection closed by 162.144.236.216 port 34550 [preauth]
Sep 29 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Invalid user weblogic from 213.212.36.174
Sep 29 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: input_userauth_request: invalid user weblogic [preauth]
Sep 29 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Failed password for invalid user weblogic from 213.212.36.174 port 47760 ssh2
Sep 29 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Connection closed by 213.212.36.174 port 47760 [preauth]
Sep 29 17:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: Invalid user centos from 213.212.36.174
Sep 29 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: input_userauth_request: invalid user centos [preauth]
Sep 29 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: Failed password for invalid user centos from 213.212.36.174 port 47774 ssh2
Sep 29 17:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32010]: Connection closed by 213.212.36.174 port 47774 [preauth]
Sep 29 17:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 17:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Failed password for root from 89.126.208.24 port 44648 ssh2
Sep 29 17:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Received disconnect from 89.126.208.24 port 44648:11: Bye Bye [preauth]
Sep 29 17:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Disconnected from 89.126.208.24 port 44648 [preauth]
Sep 29 17:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user steam from 213.212.36.174
Sep 29 17:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user steam [preauth]
Sep 29 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user steam from 213.212.36.174 port 60300 ssh2
Sep 29 17:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 213.212.36.174 port 60300 [preauth]
Sep 29 17:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32008]: Failed password for root from 162.144.236.216 port 43556 ssh2
Sep 29 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: Invalid user test from 213.212.36.174
Sep 29 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: input_userauth_request: invalid user test [preauth]
Sep 29 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32008]: Connection closed by 162.144.236.216 port 43556 [preauth]
Sep 29 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: Failed password for invalid user test from 213.212.36.174 port 60314 ssh2
Sep 29 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32053]: Connection closed by 213.212.36.174 port 60314 [preauth]
Sep 29 17:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: Invalid user test from 213.212.36.174
Sep 29 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: input_userauth_request: invalid user test [preauth]
Sep 29 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: Failed password for invalid user test from 213.212.36.174 port 58722 ssh2
Sep 29 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32068]: Connection closed by 213.212.36.174 port 58722 [preauth]
Sep 29 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: Failed password for root from 103.162.31.192 port 33262 ssh2
Sep 29 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: Received disconnect from 103.162.31.192 port 33262:11: Bye Bye [preauth]
Sep 29 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32070]: Disconnected from 103.162.31.192 port 33262 [preauth]
Sep 29 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Invalid user minecraft from 59.12.160.91
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32157]: Successful su for rubyman by root
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32157]: + ??? root:rubyman
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316170 of user rubyman.
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32157]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316170.
Sep 29 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Failed password for invalid user minecraft from 59.12.160.91 port 35960 ssh2
Sep 29 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Received disconnect from 59.12.160.91 port 35960:11: Bye Bye [preauth]
Sep 29 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32080]: Disconnected from 59.12.160.91 port 35960 [preauth]
Sep 29 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: Failed password for root from 213.212.36.174 port 58724 ssh2
Sep 29 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32196]: Connection closed by 213.212.36.174 port 58724 [preauth]
Sep 29 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28765]: pam_unix(cron:session): session closed for user root
Sep 29 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32084]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Failed password for root from 162.144.236.216 port 50242 ssh2
Sep 29 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: Invalid user centos from 213.212.36.174
Sep 29 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: input_userauth_request: invalid user centos [preauth]
Sep 29 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Connection closed by 162.144.236.216 port 50242 [preauth]
Sep 29 17:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: Failed password for invalid user centos from 213.212.36.174 port 57010 ssh2
Sep 29 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: Connection closed by 213.212.36.174 port 57010 [preauth]
Sep 29 17:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Invalid user tomcat from 213.212.36.174
Sep 29 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: input_userauth_request: invalid user tomcat [preauth]
Sep 29 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Failed password for invalid user tomcat from 213.212.36.174 port 57014 ssh2
Sep 29 17:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Connection closed by 213.212.36.174 port 57014 [preauth]
Sep 29 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Failed password for root from 162.144.236.216 port 59062 ssh2
Sep 29 17:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: User mysql from 213.212.36.174 not allowed because not listed in AllowUsers
Sep 29 17:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: input_userauth_request: invalid user mysql [preauth]
Sep 29 17:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=mysql
Sep 29 17:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32365]: Connection closed by 162.144.236.216 port 59062 [preauth]
Sep 29 17:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Failed password for invalid user mysql from 213.212.36.174 port 53024 ssh2
Sep 29 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Connection closed by 213.212.36.174 port 53024 [preauth]
Sep 29 17:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Failed password for root from 213.212.36.174 port 53030 ssh2
Sep 29 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Connection closed by 213.212.36.174 port 53030 [preauth]
Sep 29 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Invalid user bots from 49.247.35.31
Sep 29 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: input_userauth_request: invalid user bots [preauth]
Sep 29 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Failed password for invalid user bots from 49.247.35.31 port 59378 ssh2
Sep 29 17:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Received disconnect from 49.247.35.31 port 59378:11: Bye Bye [preauth]
Sep 29 17:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Disconnected from 49.247.35.31 port 59378 [preauth]
Sep 29 17:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: Failed password for root from 213.212.36.174 port 47966 ssh2
Sep 29 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: Connection closed by 213.212.36.174 port 47966 [preauth]
Sep 29 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Failed password for root from 162.144.236.216 port 38174 ssh2
Sep 29 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Invalid user zabbix from 213.212.36.174
Sep 29 17:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: input_userauth_request: invalid user zabbix [preauth]
Sep 29 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Connection closed by 162.144.236.216 port 38174 [preauth]
Sep 29 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31033]: pam_unix(cron:session): session closed for user root
Sep 29 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Failed password for invalid user zabbix from 213.212.36.174 port 47972 ssh2
Sep 29 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Connection closed by 213.212.36.174 port 47972 [preauth]
Sep 29 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Invalid user kubernetes from 213.212.36.174
Sep 29 17:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: input_userauth_request: invalid user kubernetes [preauth]
Sep 29 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Failed password for invalid user kubernetes from 213.212.36.174 port 53258 ssh2
Sep 29 17:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Connection closed by 213.212.36.174 port 53258 [preauth]
Sep 29 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Invalid user observer from 213.212.36.174
Sep 29 17:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: input_userauth_request: invalid user observer [preauth]
Sep 29 17:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Failed password for invalid user observer from 213.212.36.174 port 53272 ssh2
Sep 29 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Invalid user a from 93.152.230.176
Sep 29 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: input_userauth_request: invalid user a [preauth]
Sep 29 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 17:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Connection closed by 213.212.36.174 port 53272 [preauth]
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Failed password for invalid user a from 93.152.230.176 port 21381 ssh2
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Received disconnect from 93.152.230.176 port 21381:11: Client disconnecting normally [preauth]
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Disconnected from 93.152.230.176 port 21381 [preauth]
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Invalid user hadoop from 213.212.36.174
Sep 29 17:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 17:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: Invalid user jenkins from 89.126.208.24
Sep 29 17:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: input_userauth_request: invalid user jenkins [preauth]
Sep 29 17:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Failed password for invalid user hadoop from 213.212.36.174 port 40376 ssh2
Sep 29 17:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Connection closed by 213.212.36.174 port 40376 [preauth]
Sep 29 17:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: Failed password for invalid user jenkins from 89.126.208.24 port 40066 ssh2
Sep 29 17:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: Received disconnect from 89.126.208.24 port 40066:11: Bye Bye [preauth]
Sep 29 17:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32535]: Disconnected from 89.126.208.24 port 40066 [preauth]
Sep 29 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Failed password for root from 162.144.236.216 port 45002 ssh2
Sep 29 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Connection closed by 162.144.236.216 port 45002 [preauth]
Sep 29 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Invalid user bot from 213.212.36.174
Sep 29 17:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: input_userauth_request: invalid user bot [preauth]
Sep 29 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Failed password for invalid user bot from 213.212.36.174 port 40386 ssh2
Sep 29 17:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Connection closed by 213.212.36.174 port 40386 [preauth]
Sep 29 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Invalid user debianuser from 213.212.36.174
Sep 29 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: input_userauth_request: invalid user debianuser [preauth]
Sep 29 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for invalid user debianuser from 213.212.36.174 port 34798 ssh2
Sep 29 17:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Connection closed by 213.212.36.174 port 34798 [preauth]
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32547]: Failed password for root from 162.144.236.216 port 52364 ssh2
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32562]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32636]: Successful su for rubyman by root
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32636]: + ??? root:rubyman
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316176 of user rubyman.
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32636]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316176.
Sep 29 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Invalid user ranger from 213.212.36.174
Sep 29 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: input_userauth_request: invalid user ranger [preauth]
Sep 29 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32547]: Connection closed by 162.144.236.216 port 52364 [preauth]
Sep 29 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Failed password for invalid user ranger from 213.212.36.174 port 34812 ssh2
Sep 29 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Connection closed by 213.212.36.174 port 34812 [preauth]
Sep 29 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session closed for user root
Sep 29 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Invalid user oracle from 213.212.36.174
Sep 29 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32563]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Invalid user developer from 103.162.31.192
Sep 29 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: input_userauth_request: invalid user developer [preauth]
Sep 29 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 17:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Failed password for invalid user oracle from 213.212.36.174 port 54462 ssh2
Sep 29 17:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Connection closed by 213.212.36.174 port 54462 [preauth]
Sep 29 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for invalid user developer from 103.162.31.192 port 34310 ssh2
Sep 29 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Received disconnect from 103.162.31.192 port 34310:11: Bye Bye [preauth]
Sep 29 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Disconnected from 103.162.31.192 port 34310 [preauth]
Sep 29 17:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: User ftp from 213.212.36.174 not allowed because not listed in AllowUsers
Sep 29 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: input_userauth_request: invalid user ftp [preauth]
Sep 29 17:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=ftp
Sep 29 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Failed password for invalid user ftp from 213.212.36.174 port 54476 ssh2
Sep 29 17:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Connection closed by 213.212.36.174 port 54476 [preauth]
Sep 29 17:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32732]: Failed password for root from 162.144.236.216 port 57648 ssh2
Sep 29 17:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32732]: Connection closed by 162.144.236.216 port 57648 [preauth]
Sep 29 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: Invalid user elastic from 213.212.36.174
Sep 29 17:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: input_userauth_request: invalid user elastic [preauth]
Sep 29 17:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Failed password for root from 59.12.160.91 port 33494 ssh2
Sep 29 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Received disconnect from 59.12.160.91 port 33494:11: Bye Bye [preauth]
Sep 29 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Disconnected from 59.12.160.91 port 33494 [preauth]
Sep 29 17:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: Failed password for invalid user elastic from 213.212.36.174 port 51462 ssh2
Sep 29 17:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: Connection closed by 213.212.36.174 port 51462 [preauth]
Sep 29 17:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Failed password for root from 213.212.36.174 port 51474 ssh2
Sep 29 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Connection closed by 213.212.36.174 port 51474 [preauth]
Sep 29 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Invalid user admin from 213.212.36.174
Sep 29 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Failed password for invalid user admin from 213.212.36.174 port 42326 ssh2
Sep 29 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[471]: Connection closed by 213.212.36.174 port 42326 [preauth]
Sep 29 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Invalid user default from 213.212.36.174
Sep 29 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: input_userauth_request: invalid user default [preauth]
Sep 29 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: Failed password for root from 162.144.236.216 port 38056 ssh2
Sep 29 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session closed for user root
Sep 29 17:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Failed password for invalid user default from 213.212.36.174 port 42332 ssh2
Sep 29 17:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Connection closed by 213.212.36.174 port 42332 [preauth]
Sep 29 17:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[485]: Failed password for root from 49.247.35.31 port 9882 ssh2
Sep 29 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[485]: Received disconnect from 49.247.35.31 port 9882:11: Bye Bye [preauth]
Sep 29 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[485]: Disconnected from 49.247.35.31 port 9882 [preauth]
Sep 29 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[425]: Connection closed by 162.144.236.216 port 38056 [preauth]
Sep 29 17:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: Invalid user tomcat from 213.212.36.174
Sep 29 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: input_userauth_request: invalid user tomcat [preauth]
Sep 29 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: Failed password for invalid user tomcat from 213.212.36.174 port 43288 ssh2
Sep 29 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[518]: Connection closed by 213.212.36.174 port 43288 [preauth]
Sep 29 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Invalid user gitlab from 213.212.36.174
Sep 29 17:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: input_userauth_request: invalid user gitlab [preauth]
Sep 29 17:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Failed password for invalid user gitlab from 213.212.36.174 port 43296 ssh2
Sep 29 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Connection closed by 213.212.36.174 port 43296 [preauth]
Sep 29 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: Invalid user xy from 89.126.208.24
Sep 29 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: input_userauth_request: invalid user xy [preauth]
Sep 29 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Failed password for root from 213.212.36.174 port 38608 ssh2
Sep 29 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Connection closed by 213.212.36.174 port 38608 [preauth]
Sep 29 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: Failed password for invalid user xy from 89.126.208.24 port 35488 ssh2
Sep 29 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: Received disconnect from 89.126.208.24 port 35488:11: Bye Bye [preauth]
Sep 29 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[565]: Disconnected from 89.126.208.24 port 35488 [preauth]
Sep 29 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Invalid user hadoop from 213.212.36.174
Sep 29 17:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 17:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Failed password for root from 162.144.236.216 port 46632 ssh2
Sep 29 17:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Connection closed by 162.144.236.216 port 46632 [preauth]
Sep 29 17:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Failed password for invalid user hadoop from 213.212.36.174 port 38624 ssh2
Sep 29 17:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Connection closed by 213.212.36.174 port 38624 [preauth]
Sep 29 17:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Invalid user tools from 213.212.36.174
Sep 29 17:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: input_userauth_request: invalid user tools [preauth]
Sep 29 17:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Failed password for invalid user tools from 213.212.36.174 port 57100 ssh2
Sep 29 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Connection closed by 213.212.36.174 port 57100 [preauth]
Sep 29 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[594]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: Successful su for rubyman by root
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: + ??? root:rubyman
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316178 of user rubyman.
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316178.
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Invalid user admin from 213.212.36.174
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Failed password for root from 162.144.236.216 port 54630 ssh2
Sep 29 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Failed password for invalid user admin from 213.212.36.174 port 57102 ssh2
Sep 29 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Connection closed by 213.212.36.174 port 57102 [preauth]
Sep 29 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session closed for user root
Sep 29 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Connection closed by 162.144.236.216 port 54630 [preauth]
Sep 29 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: Invalid user www from 213.212.36.174
Sep 29 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: input_userauth_request: invalid user www [preauth]
Sep 29 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: Failed password for invalid user www from 213.212.36.174 port 48668 ssh2
Sep 29 17:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[884]: Connection closed by 213.212.36.174 port 48668 [preauth]
Sep 29 17:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[926]: Failed password for root from 213.212.36.174 port 48684 ssh2
Sep 29 17:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[926]: Connection closed by 213.212.36.174 port 48684 [preauth]
Sep 29 17:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Failed password for root from 162.144.236.216 port 33332 ssh2
Sep 29 17:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Connection closed by 162.144.236.216 port 33332 [preauth]
Sep 29 17:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Failed password for root from 213.212.36.174 port 38416 ssh2
Sep 29 17:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Connection closed by 213.212.36.174 port 38416 [preauth]
Sep 29 17:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: Invalid user profe from 103.162.31.192
Sep 29 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: input_userauth_request: invalid user profe [preauth]
Sep 29 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Invalid user es from 213.212.36.174
Sep 29 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: input_userauth_request: invalid user es [preauth]
Sep 29 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: Failed password for invalid user profe from 103.162.31.192 port 44762 ssh2
Sep 29 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: Received disconnect from 103.162.31.192 port 44762:11: Bye Bye [preauth]
Sep 29 17:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1005]: Disconnected from 103.162.31.192 port 44762 [preauth]
Sep 29 17:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Failed password for invalid user es from 213.212.36.174 port 38430 ssh2
Sep 29 17:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Connection closed by 213.212.36.174 port 38430 [preauth]
Sep 29 17:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for root from 213.212.36.174 port 36730 ssh2
Sep 29 17:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Connection closed by 213.212.36.174 port 36730 [preauth]
Sep 29 17:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Failed password for root from 162.144.236.216 port 41900 ssh2
Sep 29 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Invalid user oracle from 213.212.36.174
Sep 29 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Connection closed by 162.144.236.216 port 41900 [preauth]
Sep 29 17:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Failed password for root from 59.12.160.91 port 59426 ssh2
Sep 29 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Received disconnect from 59.12.160.91 port 59426:11: Bye Bye [preauth]
Sep 29 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Disconnected from 59.12.160.91 port 59426 [preauth]
Sep 29 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session closed for user root
Sep 29 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Failed password for invalid user oracle from 213.212.36.174 port 36734 ssh2
Sep 29 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Connection closed by 213.212.36.174 port 36734 [preauth]
Sep 29 17:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Invalid user uftp from 213.212.36.174
Sep 29 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: input_userauth_request: invalid user uftp [preauth]
Sep 29 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Invalid user apolo from 49.247.35.31
Sep 29 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: input_userauth_request: invalid user apolo [preauth]
Sep 29 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Failed password for invalid user uftp from 213.212.36.174 port 46038 ssh2
Sep 29 17:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Connection closed by 213.212.36.174 port 46038 [preauth]
Sep 29 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Failed password for invalid user apolo from 49.247.35.31 port 36689 ssh2
Sep 29 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Received disconnect from 49.247.35.31 port 36689:11: Bye Bye [preauth]
Sep 29 17:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Disconnected from 49.247.35.31 port 36689 [preauth]
Sep 29 17:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Invalid user flink from 213.212.36.174
Sep 29 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: input_userauth_request: invalid user flink [preauth]
Sep 29 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Failed password for invalid user flink from 213.212.36.174 port 46046 ssh2
Sep 29 17:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Connection closed by 213.212.36.174 port 46046 [preauth]
Sep 29 17:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 162.144.236.216 port 49610 ssh2
Sep 29 17:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Invalid user gitlab-runner from 213.212.36.174
Sep 29 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 29 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Connection closed by 162.144.236.216 port 49610 [preauth]
Sep 29 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Failed password for invalid user gitlab-runner from 213.212.36.174 port 50264 ssh2
Sep 29 17:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Connection closed by 213.212.36.174 port 50264 [preauth]
Sep 29 17:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 17:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Invalid user es from 213.212.36.174
Sep 29 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: input_userauth_request: invalid user es [preauth]
Sep 29 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for root from 89.126.208.24 port 59140 ssh2
Sep 29 17:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Received disconnect from 89.126.208.24 port 59140:11: Bye Bye [preauth]
Sep 29 17:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Disconnected from 89.126.208.24 port 59140 [preauth]
Sep 29 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Failed password for invalid user es from 213.212.36.174 port 50278 ssh2
Sep 29 17:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Connection closed by 213.212.36.174 port 50278 [preauth]
Sep 29 17:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Invalid user oracle from 213.212.36.174
Sep 29 17:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Failed password for invalid user oracle from 213.212.36.174 port 45976 ssh2
Sep 29 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Connection closed by 213.212.36.174 port 45976 [preauth]
Sep 29 17:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for root from 162.144.236.216 port 56024 ssh2
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1169]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session closed for user root
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1252]: Successful su for rubyman by root
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1252]: + ??? root:rubyman
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316185 of user rubyman.
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1252]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316185.
Sep 29 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Connection closed by 162.144.236.216 port 56024 [preauth]
Sep 29 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: Invalid user ubnt from 213.212.36.174
Sep 29 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: Failed password for invalid user ubnt from 213.212.36.174 port 45982 ssh2
Sep 29 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1169]: pam_unix(cron:session): session closed for user root
Sep 29 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1232]: Connection closed by 213.212.36.174 port 45982 [preauth]
Sep 29 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session closed for user root
Sep 29 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Invalid user nvidia from 213.212.36.174
Sep 29 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: input_userauth_request: invalid user nvidia [preauth]
Sep 29 17:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Failed password for invalid user nvidia from 213.212.36.174 port 60056 ssh2
Sep 29 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Connection closed by 213.212.36.174 port 60056 [preauth]
Sep 29 17:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Failed password for root from 162.144.236.216 port 33738 ssh2
Sep 29 17:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Connection closed by 162.144.236.216 port 33738 [preauth]
Sep 29 17:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Failed password for root from 213.212.36.174 port 60060 ssh2
Sep 29 17:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Connection closed by 213.212.36.174 port 60060 [preauth]
Sep 29 17:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: Failed password for root from 213.212.36.174 port 59484 ssh2
Sep 29 17:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1561]: Connection closed by 213.212.36.174 port 59484 [preauth]
Sep 29 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Invalid user developer from 213.212.36.174
Sep 29 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: input_userauth_request: invalid user developer [preauth]
Sep 29 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Failed password for root from 162.144.236.216 port 41116 ssh2
Sep 29 17:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Connection closed by 162.144.236.216 port 41116 [preauth]
Sep 29 17:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Failed password for invalid user developer from 213.212.36.174 port 59498 ssh2
Sep 29 17:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Connection closed by 213.212.36.174 port 59498 [preauth]
Sep 29 17:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for root from 213.212.36.174 port 36700 ssh2
Sep 29 17:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Connection closed by 213.212.36.174 port 36700 [preauth]
Sep 29 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: User ftp from 213.212.36.174 not allowed because not listed in AllowUsers
Sep 29 17:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: input_userauth_request: invalid user ftp [preauth]
Sep 29 17:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 17:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=ftp
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Failed password for root from 103.162.31.192 port 54904 ssh2
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Failed password for invalid user ftp from 213.212.36.174 port 36702 ssh2
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32566]: pam_unix(cron:session): session closed for user root
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Received disconnect from 103.162.31.192 port 54904:11: Bye Bye [preauth]
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Disconnected from 103.162.31.192 port 54904 [preauth]
Sep 29 17:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Connection closed by 213.212.36.174 port 36702 [preauth]
Sep 29 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: Failed password for root from 162.144.236.216 port 47448 ssh2
Sep 29 17:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Invalid user mongodb from 213.212.36.174
Sep 29 17:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: input_userauth_request: invalid user mongodb [preauth]
Sep 29 17:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1574]: Connection closed by 162.144.236.216 port 47448 [preauth]
Sep 29 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Failed password for invalid user mongodb from 213.212.36.174 port 41916 ssh2
Sep 29 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Connection closed by 213.212.36.174 port 41916 [preauth]
Sep 29 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Invalid user mongodb from 213.212.36.174
Sep 29 17:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: input_userauth_request: invalid user mongodb [preauth]
Sep 29 17:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Failed password for invalid user mongodb from 213.212.36.174 port 41920 ssh2
Sep 29 17:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Connection closed by 213.212.36.174 port 41920 [preauth]
Sep 29 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: Invalid user app from 213.212.36.174
Sep 29 17:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: input_userauth_request: invalid user app [preauth]
Sep 29 17:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 17:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Failed password for root from 49.247.35.31 port 54656 ssh2
Sep 29 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: Failed password for invalid user app from 213.212.36.174 port 58562 ssh2
Sep 29 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Received disconnect from 49.247.35.31 port 54656:11: Bye Bye [preauth]
Sep 29 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1688]: Disconnected from 49.247.35.31 port 54656 [preauth]
Sep 29 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1694]: Connection closed by 213.212.36.174 port 58562 [preauth]
Sep 29 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Failed password for root from 59.12.160.91 port 57940 ssh2
Sep 29 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Received disconnect from 59.12.160.91 port 57940:11: Bye Bye [preauth]
Sep 29 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Disconnected from 59.12.160.91 port 57940 [preauth]
Sep 29 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Failed password for root from 162.144.236.216 port 53996 ssh2
Sep 29 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Failed password for root from 213.212.36.174 port 58566 ssh2
Sep 29 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Invalid user proxyuser from 89.126.208.24
Sep 29 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: input_userauth_request: invalid user proxyuser [preauth]
Sep 29 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Connection closed by 213.212.36.174 port 58566 [preauth]
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Connection closed by 162.144.236.216 port 53996 [preauth]
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user proxyuser from 89.126.208.24 port 54566 ssh2
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Received disconnect from 89.126.208.24 port 54566:11: Bye Bye [preauth]
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Disconnected from 89.126.208.24 port 54566 [preauth]
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Invalid user www from 213.212.36.174
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: input_userauth_request: invalid user www [preauth]
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Failed password for invalid user www from 213.212.36.174 port 56166 ssh2
Sep 29 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1728]: Connection closed by 213.212.36.174 port 56166 [preauth]
Sep 29 17:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: Invalid user sonar from 213.212.36.174
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: input_userauth_request: invalid user sonar [preauth]
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: Successful su for rubyman by root
Sep 29 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: + ??? root:rubyman
Sep 29 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316188 of user rubyman.
Sep 29 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316188.
Sep 29 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: Failed password for invalid user sonar from 213.212.36.174 port 56172 ssh2
Sep 29 17:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: Connection closed by 213.212.36.174 port 56172 [preauth]
Sep 29 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31032]: pam_unix(cron:session): session closed for user root
Sep 29 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Invalid user elasticsearch from 213.212.36.174
Sep 29 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 29 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1744]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Failed password for invalid user elasticsearch from 213.212.36.174 port 58386 ssh2
Sep 29 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: Failed password for root from 162.144.236.216 port 60702 ssh2
Sep 29 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1730]: Connection closed by 162.144.236.216 port 60702 [preauth]
Sep 29 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1988]: Connection closed by 213.212.36.174 port 58386 [preauth]
Sep 29 17:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Invalid user docker from 213.212.36.174
Sep 29 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: input_userauth_request: invalid user docker [preauth]
Sep 29 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Failed password for invalid user docker from 213.212.36.174 port 58390 ssh2
Sep 29 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Failed password for root from 162.144.236.216 port 38960 ssh2
Sep 29 17:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Connection closed by 213.212.36.174 port 58390 [preauth]
Sep 29 17:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Connection closed by 162.144.236.216 port 38960 [preauth]
Sep 29 17:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2063]: Failed password for root from 213.212.36.174 port 38432 ssh2
Sep 29 17:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2063]: Connection closed by 213.212.36.174 port 38432 [preauth]
Sep 29 17:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Invalid user postgres from 213.212.36.174
Sep 29 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: input_userauth_request: invalid user postgres [preauth]
Sep 29 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Failed password for root from 162.144.236.216 port 43422 ssh2
Sep 29 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Failed password for invalid user postgres from 213.212.36.174 port 38448 ssh2
Sep 29 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Connection closed by 213.212.36.174 port 38448 [preauth]
Sep 29 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Connection closed by 162.144.236.216 port 43422 [preauth]
Sep 29 17:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user dev from 213.212.36.174
Sep 29 17:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user dev [preauth]
Sep 29 17:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user dev from 213.212.36.174 port 43560 ssh2
Sep 29 17:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 213.212.36.174 port 43560 [preauth]
Sep 29 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Invalid user guest from 213.212.36.174
Sep 29 17:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: input_userauth_request: invalid user guest [preauth]
Sep 29 17:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Failed password for root from 162.144.236.216 port 51270 ssh2
Sep 29 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Failed password for invalid user guest from 213.212.36.174 port 43570 ssh2
Sep 29 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Connection closed by 213.212.36.174 port 43570 [preauth]
Sep 29 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[594]: pam_unix(cron:session): session closed for user root
Sep 29 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Connection closed by 162.144.236.216 port 51270 [preauth]
Sep 29 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user tomcat from 213.212.36.174
Sep 29 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user tomcat [preauth]
Sep 29 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user tomcat from 213.212.36.174 port 55564 ssh2
Sep 29 17:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 213.212.36.174 port 55564 [preauth]
Sep 29 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Invalid user elsearch from 213.212.36.174
Sep 29 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: input_userauth_request: invalid user elsearch [preauth]
Sep 29 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Failed password for invalid user elsearch from 213.212.36.174 port 55572 ssh2
Sep 29 17:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Connection closed by 213.212.36.174 port 55572 [preauth]
Sep 29 17:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Invalid user bots from 103.162.31.192
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: input_userauth_request: invalid user bots [preauth]
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Invalid user git from 213.212.36.174
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: input_userauth_request: invalid user git [preauth]
Sep 29 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for invalid user bots from 103.162.31.192 port 53560 ssh2
Sep 29 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Received disconnect from 103.162.31.192 port 53560:11: Bye Bye [preauth]
Sep 29 17:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Disconnected from 103.162.31.192 port 53560 [preauth]
Sep 29 17:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Failed password for invalid user git from 213.212.36.174 port 44494 ssh2
Sep 29 17:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Connection closed by 213.212.36.174 port 44494 [preauth]
Sep 29 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Invalid user vagrant from 213.212.36.174
Sep 29 17:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: input_userauth_request: invalid user vagrant [preauth]
Sep 29 17:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Failed password for root from 162.144.236.216 port 57540 ssh2
Sep 29 17:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Failed password for invalid user vagrant from 213.212.36.174 port 44504 ssh2
Sep 29 17:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Connection closed by 213.212.36.174 port 44504 [preauth]
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Invalid user media from 167.99.55.34
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: input_userauth_request: invalid user media [preauth]
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Invalid user esuser from 213.212.36.174
Sep 29 17:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: input_userauth_request: invalid user esuser [preauth]
Sep 29 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: Invalid user ash from 49.247.35.31
Sep 29 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: input_userauth_request: invalid user ash [preauth]
Sep 29 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Failed password for invalid user media from 167.99.55.34 port 59602 ssh2
Sep 29 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Connection closed by 167.99.55.34 port 59602 [preauth]
Sep 29 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Failed password for invalid user esuser from 213.212.36.174 port 56718 ssh2
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Connection closed by 213.212.36.174 port 56718 [preauth]
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: Failed password for invalid user ash from 49.247.35.31 port 60772 ssh2
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: Received disconnect from 49.247.35.31 port 60772:11: Bye Bye [preauth]
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2218]: Disconnected from 49.247.35.31 port 60772 [preauth]
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Connection closed by 162.144.236.216 port 57540 [preauth]
Sep 29 17:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 17:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Invalid user ftpuser from 213.212.36.174
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Failed password for root from 89.126.208.24 port 49994 ssh2
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Received disconnect from 89.126.208.24 port 49994:11: Bye Bye [preauth]
Sep 29 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Disconnected from 89.126.208.24 port 49994 [preauth]
Sep 29 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: Successful su for rubyman by root
Sep 29 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: + ??? root:rubyman
Sep 29 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316192 of user rubyman.
Sep 29 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2303]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316192.
Sep 29 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Failed password for invalid user ftpuser from 213.212.36.174 port 56732 ssh2
Sep 29 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Connection closed by 213.212.36.174 port 56732 [preauth]
Sep 29 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session closed for user root
Sep 29 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Invalid user esuser from 213.212.36.174
Sep 29 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: input_userauth_request: invalid user esuser [preauth]
Sep 29 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Failed password for root from 59.12.160.91 port 55956 ssh2
Sep 29 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Received disconnect from 59.12.160.91 port 55956:11: Bye Bye [preauth]
Sep 29 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Disconnected from 59.12.160.91 port 55956 [preauth]
Sep 29 17:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Failed password for invalid user esuser from 213.212.36.174 port 34298 ssh2
Sep 29 17:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Connection closed by 213.212.36.174 port 34298 [preauth]
Sep 29 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Failed password for root from 162.144.236.216 port 37648 ssh2
Sep 29 17:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Connection closed by 162.144.236.216 port 37648 [preauth]
Sep 29 17:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: Failed password for root from 213.212.36.174 port 34306 ssh2
Sep 29 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2528]: Connection closed by 213.212.36.174 port 34306 [preauth]
Sep 29 17:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: Invalid user worker from 213.212.36.174
Sep 29 17:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: input_userauth_request: invalid user worker [preauth]
Sep 29 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: Failed password for invalid user worker from 213.212.36.174 port 53186 ssh2
Sep 29 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2546]: Connection closed by 213.212.36.174 port 53186 [preauth]
Sep 29 17:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Failed password for root from 185.156.73.233 port 55226 ssh2
Sep 29 17:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Connection closed by 185.156.73.233 port 55226 [preauth]
Sep 29 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Invalid user ftpuser from 213.212.36.174
Sep 29 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 17:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Failed password for invalid user ftpuser from 213.212.36.174 port 53198 ssh2
Sep 29 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Connection closed by 213.212.36.174 port 53198 [preauth]
Sep 29 17:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Failed password for root from 162.144.236.216 port 43950 ssh2
Sep 29 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: Invalid user admin from 213.212.36.174
Sep 29 17:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: input_userauth_request: invalid user admin [preauth]
Sep 29 17:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Connection closed by 162.144.236.216 port 43950 [preauth]
Sep 29 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: Failed password for invalid user admin from 213.212.36.174 port 35272 ssh2
Sep 29 17:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: Connection closed by 213.212.36.174 port 35272 [preauth]
Sep 29 17:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Invalid user steam from 213.212.36.174
Sep 29 17:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: input_userauth_request: invalid user steam [preauth]
Sep 29 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Failed password for invalid user steam from 213.212.36.174 port 35288 ssh2
Sep 29 17:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2598]: Connection closed by 213.212.36.174 port 35288 [preauth]
Sep 29 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1171]: pam_unix(cron:session): session closed for user root
Sep 29 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Invalid user es from 213.212.36.174
Sep 29 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: input_userauth_request: invalid user es [preauth]
Sep 29 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Invalid user minecraft from 20.163.71.109
Sep 29 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for invalid user es from 213.212.36.174 port 35086 ssh2
Sep 29 17:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Connection closed by 213.212.36.174 port 35086 [preauth]
Sep 29 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Failed password for invalid user minecraft from 20.163.71.109 port 34022 ssh2
Sep 29 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2634]: Connection closed by 20.163.71.109 port 34022 [preauth]
Sep 29 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: Failed password for root from 162.144.236.216 port 52032 ssh2
Sep 29 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: Connection closed by 162.144.236.216 port 52032 [preauth]
Sep 29 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Failed password for root from 213.212.36.174 port 35098 ssh2
Sep 29 17:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2646]: Connection closed by 213.212.36.174 port 35098 [preauth]
Sep 29 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Invalid user deploy from 213.212.36.174
Sep 29 17:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: input_userauth_request: invalid user deploy [preauth]
Sep 29 17:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Failed password for invalid user deploy from 213.212.36.174 port 34586 ssh2
Sep 29 17:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Connection closed by 213.212.36.174 port 34586 [preauth]
Sep 29 17:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Invalid user demo from 213.212.36.174
Sep 29 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: input_userauth_request: invalid user demo [preauth]
Sep 29 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Failed password for invalid user demo from 213.212.36.174 port 34592 ssh2
Sep 29 17:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Connection closed by 213.212.36.174 port 34592 [preauth]
Sep 29 17:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Invalid user deploy from 213.212.36.174
Sep 29 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: input_userauth_request: invalid user deploy [preauth]
Sep 29 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Failed password for root from 162.144.236.216 port 57668 ssh2
Sep 29 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Failed password for invalid user deploy from 213.212.36.174 port 47420 ssh2
Sep 29 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Connection closed by 213.212.36.174 port 47420 [preauth]
Sep 29 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Connection closed by 162.144.236.216 port 57668 [preauth]
Sep 29 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: Failed password for root from 103.162.31.192 port 55930 ssh2
Sep 29 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: Received disconnect from 103.162.31.192 port 55930:11: Bye Bye [preauth]
Sep 29 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: Disconnected from 103.162.31.192 port 55930 [preauth]
Sep 29 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Invalid user dev from 213.212.36.174
Sep 29 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: input_userauth_request: invalid user dev [preauth]
Sep 29 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2716]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: Successful su for rubyman by root
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: + ??? root:rubyman
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316198 of user rubyman.
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2781]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316198.
Sep 29 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Failed password for invalid user dev from 213.212.36.174 port 47434 ssh2
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2709]: Connection closed by 213.212.36.174 port 47434 [preauth]
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Failed password for root from 89.126.208.24 port 45434 ssh2
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Invalid user dummy from 49.247.35.31
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: input_userauth_request: invalid user dummy [preauth]
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Received disconnect from 89.126.208.24 port 45434:11: Bye Bye [preauth]
Sep 29 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Disconnected from 89.126.208.24 port 45434 [preauth]
Sep 29 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32086]: pam_unix(cron:session): session closed for user root
Sep 29 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Invalid user oscar from 213.212.36.174
Sep 29 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: input_userauth_request: invalid user oscar [preauth]
Sep 29 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Failed password for invalid user dummy from 49.247.35.31 port 12928 ssh2
Sep 29 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Received disconnect from 49.247.35.31 port 12928:11: Bye Bye [preauth]
Sep 29 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Disconnected from 49.247.35.31 port 12928 [preauth]
Sep 29 17:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Failed password for root from 162.144.236.216 port 36922 ssh2
Sep 29 17:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Connection closed by 162.144.236.216 port 36922 [preauth]
Sep 29 17:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2717]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Failed password for invalid user oscar from 213.212.36.174 port 56358 ssh2
Sep 29 17:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Connection closed by 213.212.36.174 port 56358 [preauth]
Sep 29 17:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Invalid user dolphinscheduler from 213.212.36.174
Sep 29 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Failed password for invalid user dolphinscheduler from 213.212.36.174 port 56372 ssh2
Sep 29 17:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Connection closed by 213.212.36.174 port 56372 [preauth]
Sep 29 17:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Invalid user pi from 213.212.36.174
Sep 29 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: input_userauth_request: invalid user pi [preauth]
Sep 29 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for root from 162.144.236.216 port 44100 ssh2
Sep 29 17:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 162.144.236.216 port 44100 [preauth]
Sep 29 17:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for invalid user pi from 213.212.36.174 port 34566 ssh2
Sep 29 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Connection closed by 213.212.36.174 port 34566 [preauth]
Sep 29 17:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Invalid user dev from 213.212.36.174
Sep 29 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: input_userauth_request: invalid user dev [preauth]
Sep 29 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3026]: Failed password for root from 59.12.160.91 port 53344 ssh2
Sep 29 17:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3026]: Received disconnect from 59.12.160.91 port 53344:11: Bye Bye [preauth]
Sep 29 17:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3026]: Disconnected from 59.12.160.91 port 53344 [preauth]
Sep 29 17:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Failed password for invalid user dev from 213.212.36.174 port 34576 ssh2
Sep 29 17:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Connection closed by 213.212.36.174 port 34576 [preauth]
Sep 29 17:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Invalid user oceanbase from 213.212.36.174
Sep 29 17:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: input_userauth_request: invalid user oceanbase [preauth]
Sep 29 17:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3024]: Failed password for root from 162.144.236.216 port 50894 ssh2
Sep 29 17:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for invalid user oceanbase from 213.212.36.174 port 53666 ssh2
Sep 29 17:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 213.212.36.174 port 53666 [preauth]
Sep 29 17:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3024]: Connection closed by 162.144.236.216 port 50894 [preauth]
Sep 29 17:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Invalid user lighthouse from 213.212.36.174
Sep 29 17:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: input_userauth_request: invalid user lighthouse [preauth]
Sep 29 17:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Failed password for invalid user lighthouse from 213.212.36.174 port 53682 ssh2
Sep 29 17:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Connection closed by 213.212.36.174 port 53682 [preauth]
Sep 29 17:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user root
Sep 29 17:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Failed password for root from 213.212.36.174 port 40736 ssh2
Sep 29 17:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Connection closed by 213.212.36.174 port 40736 [preauth]
Sep 29 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for root from 162.144.236.216 port 58520 ssh2
Sep 29 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: Failed password for root from 213.212.36.174 port 40750 ssh2
Sep 29 17:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3114]: Connection closed by 213.212.36.174 port 40750 [preauth]
Sep 29 17:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Connection closed by 162.144.236.216 port 58520 [preauth]
Sep 29 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Failed password for root from 213.212.36.174 port 54732 ssh2
Sep 29 17:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Connection closed by 213.212.36.174 port 54732 [preauth]
Sep 29 17:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3149]: Failed password for root from 213.212.36.174 port 54734 ssh2
Sep 29 17:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3149]: Connection closed by 213.212.36.174 port 54734 [preauth]
Sep 29 17:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Invalid user user from 213.212.36.174
Sep 29 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: input_userauth_request: invalid user user [preauth]
Sep 29 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Failed password for invalid user user from 213.212.36.174 port 50834 ssh2
Sep 29 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Connection closed by 213.212.36.174 port 50834 [preauth]
Sep 29 17:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for root from 162.144.236.216 port 36882 ssh2
Sep 29 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Connection closed by 162.144.236.216 port 36882 [preauth]
Sep 29 17:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3241]: Successful su for rubyman by root
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3241]: + ??? root:rubyman
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316200 of user rubyman.
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3241]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316200.
Sep 29 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Failed password for root from 213.212.36.174 port 50846 ssh2
Sep 29 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Connection closed by 213.212.36.174 port 50846 [preauth]
Sep 29 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Invalid user svnuser from 213.212.36.174
Sep 29 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: input_userauth_request: invalid user svnuser [preauth]
Sep 29 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session closed for user root
Sep 29 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: Failed password for root from 89.126.208.24 port 40874 ssh2
Sep 29 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: Received disconnect from 89.126.208.24 port 40874:11: Bye Bye [preauth]
Sep 29 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: Disconnected from 89.126.208.24 port 40874 [preauth]
Sep 29 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Failed password for invalid user svnuser from 213.212.36.174 port 35330 ssh2
Sep 29 17:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Connection closed by 213.212.36.174 port 35330 [preauth]
Sep 29 17:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Invalid user bioinfo from 103.162.31.192
Sep 29 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: input_userauth_request: invalid user bioinfo [preauth]
Sep 29 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 17:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Invalid user afzal from 49.247.35.31
Sep 29 17:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: input_userauth_request: invalid user afzal [preauth]
Sep 29 17:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Failed password for root from 162.144.236.216 port 44792 ssh2
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Failed password for invalid user bioinfo from 103.162.31.192 port 48176 ssh2
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Received disconnect from 103.162.31.192 port 48176:11: Bye Bye [preauth]
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Disconnected from 103.162.31.192 port 48176 [preauth]
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Invalid user ftpuser from 213.212.36.174
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Connection closed by 162.144.236.216 port 44792 [preauth]
Sep 29 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for invalid user afzal from 49.247.35.31 port 45970 ssh2
Sep 29 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Received disconnect from 49.247.35.31 port 45970:11: Bye Bye [preauth]
Sep 29 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Disconnected from 49.247.35.31 port 45970 [preauth]
Sep 29 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user ftpuser from 213.212.36.174 port 35336 ssh2
Sep 29 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Connection closed by 213.212.36.174 port 35336 [preauth]
Sep 29 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Invalid user ubuntu from 213.212.36.174
Sep 29 17:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 17:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Failed password for invalid user ubuntu from 213.212.36.174 port 50082 ssh2
Sep 29 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Connection closed by 213.212.36.174 port 50082 [preauth]
Sep 29 17:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Failed password for root from 162.144.236.216 port 50152 ssh2
Sep 29 17:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Failed password for root from 213.212.36.174 port 50090 ssh2
Sep 29 17:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Connection closed by 213.212.36.174 port 50090 [preauth]
Sep 29 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Connection closed by 162.144.236.216 port 50152 [preauth]
Sep 29 17:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: Invalid user esadmin from 213.212.36.174
Sep 29 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: input_userauth_request: invalid user esadmin [preauth]
Sep 29 17:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: Failed password for invalid user esadmin from 213.212.36.174 port 34968 ssh2
Sep 29 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: Connection closed by 213.212.36.174 port 34968 [preauth]
Sep 29 17:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Invalid user jupyter from 59.12.160.91
Sep 29 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 17:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Failed password for root from 213.212.36.174 port 34970 ssh2
Sep 29 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Connection closed by 213.212.36.174 port 34970 [preauth]
Sep 29 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Failed password for invalid user jupyter from 59.12.160.91 port 50606 ssh2
Sep 29 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Received disconnect from 59.12.160.91 port 50606:11: Bye Bye [preauth]
Sep 29 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Disconnected from 59.12.160.91 port 50606 [preauth]
Sep 29 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session closed for user root
Sep 29 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: Invalid user flask from 213.212.36.174
Sep 29 17:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: input_userauth_request: invalid user flask [preauth]
Sep 29 17:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: Failed password for invalid user flask from 213.212.36.174 port 59524 ssh2
Sep 29 17:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: Connection closed by 213.212.36.174 port 59524 [preauth]
Sep 29 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Failed password for root from 162.144.236.216 port 58034 ssh2
Sep 29 17:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Connection closed by 162.144.236.216 port 58034 [preauth]
Sep 29 17:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Invalid user deploy from 213.212.36.174
Sep 29 17:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: input_userauth_request: invalid user deploy [preauth]
Sep 29 17:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Failed password for invalid user deploy from 213.212.36.174 port 59540 ssh2
Sep 29 17:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Connection closed by 213.212.36.174 port 59540 [preauth]
Sep 29 17:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Failed password for root from 213.212.36.174 port 38128 ssh2
Sep 29 17:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Connection closed by 213.212.36.174 port 38128 [preauth]
Sep 29 17:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Failed password for root from 213.212.36.174 port 38150 ssh2
Sep 29 17:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Connection closed by 213.212.36.174 port 38150 [preauth]
Sep 29 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Invalid user oracle from 213.212.36.174
Sep 29 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Failed password for root from 162.144.236.216 port 36766 ssh2
Sep 29 17:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3584]: Connection closed by 162.144.236.216 port 36766 [preauth]
Sep 29 17:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user oracle from 213.212.36.174 port 41168 ssh2
Sep 29 17:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Connection closed by 213.212.36.174 port 41168 [preauth]
Sep 29 17:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Invalid user rabbitmq from 213.212.36.174
Sep 29 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 29 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session closed for user root
Sep 29 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for invalid user rabbitmq from 213.212.36.174 port 41178 ssh2
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3720]: Successful su for rubyman by root
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3720]: + ??? root:rubyman
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316208 of user rubyman.
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3720]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316208.
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Connection closed by 213.212.36.174 port 41178 [preauth]
Sep 29 17:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Failed password for root from 162.144.236.216 port 46464 ssh2
Sep 29 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3648]: pam_unix(cron:session): session closed for user root
Sep 29 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Connection closed by 162.144.236.216 port 46464 [preauth]
Sep 29 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 17:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session closed for user root
Sep 29 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Failed password for root from 213.212.36.174 port 33738 ssh2
Sep 29 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Failed password for root from 89.126.208.24 port 36318 ssh2
Sep 29 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Connection closed by 213.212.36.174 port 33738 [preauth]
Sep 29 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Received disconnect from 89.126.208.24 port 36318:11: Bye Bye [preauth]
Sep 29 17:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3839]: Disconnected from 89.126.208.24 port 36318 [preauth]
Sep 29 17:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3647]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3966]: Failed password for root from 213.212.36.174 port 33754 ssh2
Sep 29 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Failed password for root from 162.144.236.216 port 51072 ssh2
Sep 29 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3966]: Connection closed by 213.212.36.174 port 33754 [preauth]
Sep 29 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Connection closed by 162.144.236.216 port 51072 [preauth]
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: Invalid user owner from 49.247.35.31
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: input_userauth_request: invalid user owner [preauth]
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: Failed password for invalid user owner from 49.247.35.31 port 51015 ssh2
Sep 29 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: Received disconnect from 49.247.35.31 port 51015:11: Bye Bye [preauth]
Sep 29 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3980]: Disconnected from 49.247.35.31 port 51015 [preauth]
Sep 29 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Failed password for root from 103.162.31.192 port 36284 ssh2
Sep 29 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Received disconnect from 103.162.31.192 port 36284:11: Bye Bye [preauth]
Sep 29 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Disconnected from 103.162.31.192 port 36284 [preauth]
Sep 29 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Failed password for root from 213.212.36.174 port 53704 ssh2
Sep 29 17:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Connection closed by 213.212.36.174 port 53704 [preauth]
Sep 29 17:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Invalid user db2inst1 from 190.103.202.7
Sep 29 17:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: input_userauth_request: invalid user db2inst1 [preauth]
Sep 29 17:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 29 17:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Failed password for root from 162.144.236.216 port 57346 ssh2
Sep 29 17:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Failed password for root from 213.212.36.174 port 53706 ssh2
Sep 29 17:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Connection closed by 213.212.36.174 port 53706 [preauth]
Sep 29 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user db2inst1 from 190.103.202.7 port 37810 ssh2
Sep 29 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3982]: Connection closed by 162.144.236.216 port 57346 [preauth]
Sep 29 17:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Connection closed by 190.103.202.7 port 37810 [preauth]
Sep 29 17:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Invalid user wang from 213.212.36.174
Sep 29 17:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: input_userauth_request: invalid user wang [preauth]
Sep 29 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for invalid user wang from 213.212.36.174 port 45262 ssh2
Sep 29 17:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Connection closed by 213.212.36.174 port 45262 [preauth]
Sep 29 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Invalid user hadoop from 213.212.36.174
Sep 29 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: input_userauth_request: invalid user hadoop [preauth]
Sep 29 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Failed password for invalid user hadoop from 213.212.36.174 port 45276 ssh2
Sep 29 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Connection closed by 213.212.36.174 port 45276 [preauth]
Sep 29 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session closed for user root
Sep 29 17:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Failed password for root from 213.212.36.174 port 53292 ssh2
Sep 29 17:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Connection closed by 213.212.36.174 port 53292 [preauth]
Sep 29 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Failed password for root from 162.144.236.216 port 35498 ssh2
Sep 29 17:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Invalid user elasticsearch from 213.212.36.174
Sep 29 17:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: input_userauth_request: invalid user elasticsearch [preauth]
Sep 29 17:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Connection closed by 162.144.236.216 port 35498 [preauth]
Sep 29 17:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Failed password for invalid user elasticsearch from 213.212.36.174 port 53316 ssh2
Sep 29 17:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4097]: Connection closed by 213.212.36.174 port 53316 [preauth]
Sep 29 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 17:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 59.12.160.91 port 48218 ssh2
Sep 29 17:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Received disconnect from 59.12.160.91 port 48218:11: Bye Bye [preauth]
Sep 29 17:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Disconnected from 59.12.160.91 port 48218 [preauth]
Sep 29 17:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: User ftp from 213.212.36.174 not allowed because not listed in AllowUsers
Sep 29 17:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: input_userauth_request: invalid user ftp [preauth]
Sep 29 17:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=ftp
Sep 29 17:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Failed password for invalid user ftp from 213.212.36.174 port 34326 ssh2
Sep 29 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Connection closed by 213.212.36.174 port 34326 [preauth]
Sep 29 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Invalid user user from 80.94.95.112
Sep 29 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: input_userauth_request: invalid user user [preauth]
Sep 29 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 17:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user user from 80.94.95.112 port 64803 ssh2
Sep 29 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: Invalid user uftp from 213.212.36.174
Sep 29 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: input_userauth_request: invalid user uftp [preauth]
Sep 29 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user user from 80.94.95.112 port 64803 ssh2
Sep 29 17:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: Failed password for invalid user uftp from 213.212.36.174 port 34344 ssh2
Sep 29 17:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: Connection closed by 213.212.36.174 port 34344 [preauth]
Sep 29 17:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for root from 162.144.236.216 port 42690 ssh2
Sep 29 17:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user user from 80.94.95.112 port 64803 ssh2
Sep 29 17:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Connection closed by 162.144.236.216 port 42690 [preauth]
Sep 29 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Invalid user awsgui from 213.212.36.174
Sep 29 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: input_userauth_request: invalid user awsgui [preauth]
Sep 29 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user user from 80.94.95.112 port 64803 ssh2
Sep 29 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Failed password for invalid user awsgui from 213.212.36.174 port 57344 ssh2
Sep 29 17:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Connection closed by 213.212.36.174 port 57344 [preauth]
Sep 29 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user user from 80.94.95.112 port 64803 ssh2
Sep 29 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Received disconnect from 80.94.95.112 port 64803:11: Bye [preauth]
Sep 29 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Disconnected from 80.94.95.112 port 64803 [preauth]
Sep 29 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Invalid user dolphinscheduler from 213.212.36.174
Sep 29 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: input_userauth_request: invalid user dolphinscheduler [preauth]
Sep 29 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Failed password for invalid user dolphinscheduler from 213.212.36.174 port 57348 ssh2
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4185]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Connection closed by 213.212.36.174 port 57348 [preauth]
Sep 29 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: Successful su for rubyman by root
Sep 29 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: + ??? root:rubyman
Sep 29 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316210 of user rubyman.
Sep 29 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4260]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316210.
Sep 29 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Failed password for root from 162.144.236.216 port 49040 ssh2
Sep 29 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session closed for user root
Sep 29 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4334]: Failed password for root from 213.212.36.174 port 57358 ssh2
Sep 29 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4334]: Connection closed by 213.212.36.174 port 57358 [preauth]
Sep 29 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Connection closed by 162.144.236.216 port 49040 [preauth]
Sep 29 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Invalid user erfan from 89.126.208.24
Sep 29 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: input_userauth_request: invalid user erfan [preauth]
Sep 29 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: Invalid user yarn from 213.212.36.174
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: input_userauth_request: invalid user yarn [preauth]
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Failed password for invalid user erfan from 89.126.208.24 port 60002 ssh2
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Received disconnect from 89.126.208.24 port 60002:11: Bye Bye [preauth]
Sep 29 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Disconnected from 89.126.208.24 port 60002 [preauth]
Sep 29 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: Failed password for invalid user yarn from 213.212.36.174 port 52094 ssh2
Sep 29 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4468]: Connection closed by 213.212.36.174 port 52094 [preauth]
Sep 29 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Invalid user test2 from 213.212.36.174
Sep 29 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: input_userauth_request: invalid user test2 [preauth]
Sep 29 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Failed password for root from 162.144.236.216 port 56908 ssh2
Sep 29 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4453]: Connection closed by 162.144.236.216 port 56908 [preauth]
Sep 29 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Failed password for invalid user test2 from 213.212.36.174 port 52106 ssh2
Sep 29 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Connection closed by 213.212.36.174 port 52106 [preauth]
Sep 29 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Invalid user oracle from 213.212.36.174
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: input_userauth_request: invalid user oracle [preauth]
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Invalid user developer from 49.247.35.31
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: input_userauth_request: invalid user developer [preauth]
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Failed password for invalid user oracle from 213.212.36.174 port 42438 ssh2
Sep 29 17:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Connection closed by 213.212.36.174 port 42438 [preauth]
Sep 29 17:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Failed password for invalid user developer from 49.247.35.31 port 1256 ssh2
Sep 29 17:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Received disconnect from 49.247.35.31 port 1256:11: Bye Bye [preauth]
Sep 29 17:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4504]: Disconnected from 49.247.35.31 port 1256 [preauth]
Sep 29 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Invalid user guest from 213.212.36.174
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: input_userauth_request: invalid user guest [preauth]
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Invalid user riad from 103.162.31.192
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: input_userauth_request: invalid user riad [preauth]
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Invalid user test from 93.152.230.176
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: input_userauth_request: invalid user test [preauth]
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Failed password for invalid user guest from 213.212.36.174 port 42444 ssh2
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Connection closed by 213.212.36.174 port 42444 [preauth]
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Failed password for invalid user riad from 103.162.31.192 port 34564 ssh2
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Received disconnect from 103.162.31.192 port 34564:11: Bye Bye [preauth]
Sep 29 17:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4519]: Disconnected from 103.162.31.192 port 34564 [preauth]
Sep 29 17:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Failed password for root from 162.144.236.216 port 35846 ssh2
Sep 29 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Failed password for invalid user test from 93.152.230.176 port 52383 ssh2
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Connection closed by 162.144.236.216 port 35846 [preauth]
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Received disconnect from 93.152.230.176 port 52383:11: Client disconnecting normally [preauth]
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Disconnected from 93.152.230.176 port 52383 [preauth]
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Invalid user wang from 213.212.36.174
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: input_userauth_request: invalid user wang [preauth]
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Failed password for invalid user wang from 213.212.36.174 port 41632 ssh2
Sep 29 17:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4547]: Connection closed by 213.212.36.174 port 41632 [preauth]
Sep 29 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session closed for user root
Sep 29 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Invalid user www from 213.212.36.174
Sep 29 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: input_userauth_request: invalid user www [preauth]
Sep 29 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Failed password for invalid user www from 213.212.36.174 port 41650 ssh2
Sep 29 17:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Connection closed by 213.212.36.174 port 41650 [preauth]
Sep 29 17:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Failed password for root from 213.212.36.174 port 36864 ssh2
Sep 29 17:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Connection closed by 213.212.36.174 port 36864 [preauth]
Sep 29 17:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Invalid user nexus from 213.212.36.174
Sep 29 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: input_userauth_request: invalid user nexus [preauth]
Sep 29 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Failed password for root from 162.144.236.216 port 42556 ssh2
Sep 29 17:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Failed password for invalid user nexus from 213.212.36.174 port 36870 ssh2
Sep 29 17:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Connection closed by 213.212.36.174 port 36870 [preauth]
Sep 29 17:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Connection closed by 162.144.236.216 port 42556 [preauth]
Sep 29 17:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Invalid user app from 213.212.36.174
Sep 29 17:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: input_userauth_request: invalid user app [preauth]
Sep 29 17:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Failed password for invalid user app from 213.212.36.174 port 57808 ssh2
Sep 29 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Connection closed by 213.212.36.174 port 57808 [preauth]
Sep 29 17:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Invalid user nvidia from 213.212.36.174
Sep 29 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: input_userauth_request: invalid user nvidia [preauth]
Sep 29 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Invalid user accounting from 59.12.160.91
Sep 29 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: input_userauth_request: invalid user accounting [preauth]
Sep 29 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Failed password for invalid user nvidia from 213.212.36.174 port 57816 ssh2
Sep 29 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Connection closed by 213.212.36.174 port 57816 [preauth]
Sep 29 17:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Failed password for invalid user accounting from 59.12.160.91 port 45602 ssh2
Sep 29 17:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Received disconnect from 59.12.160.91 port 45602:11: Bye Bye [preauth]
Sep 29 17:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4658]: Disconnected from 59.12.160.91 port 45602 [preauth]
Sep 29 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: Failed password for root from 162.144.236.216 port 50132 ssh2
Sep 29 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4637]: Connection closed by 162.144.236.216 port 50132 [preauth]
Sep 29 17:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: Failed password for root from 213.212.36.174 port 35528 ssh2
Sep 29 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: Connection closed by 213.212.36.174 port 35528 [preauth]
Sep 29 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4677]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: Successful su for rubyman by root
Sep 29 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: + ??? root:rubyman
Sep 29 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316214 of user rubyman.
Sep 29 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316214.
Sep 29 17:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174  user=root
Sep 29 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user root
Sep 29 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Failed password for root from 213.212.36.174 port 35532 ssh2
Sep 29 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Connection closed by 213.212.36.174 port 35532 [preauth]
Sep 29 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for root from 162.144.236.216 port 56464 ssh2
Sep 29 17:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4678]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Invalid user es from 213.212.36.174
Sep 29 17:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: input_userauth_request: invalid user es [preauth]
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: Invalid user ceo from 89.126.208.24
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: input_userauth_request: invalid user ceo [preauth]
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Connection closed by 162.144.236.216 port 56464 [preauth]
Sep 29 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for invalid user es from 213.212.36.174 port 50046 ssh2
Sep 29 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection closed by 213.212.36.174 port 50046 [preauth]
Sep 29 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: Failed password for invalid user ceo from 89.126.208.24 port 55434 ssh2
Sep 29 17:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: Received disconnect from 89.126.208.24 port 55434:11: Bye Bye [preauth]
Sep 29 17:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4943]: Disconnected from 89.126.208.24 port 55434 [preauth]
Sep 29 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Invalid user sugi from 213.212.36.174
Sep 29 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: input_userauth_request: invalid user sugi [preauth]
Sep 29 17:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.212.36.174
Sep 29 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for invalid user sugi from 213.212.36.174 port 50060 ssh2
Sep 29 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 213.212.36.174 port 50060 [preauth]
Sep 29 17:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Failed password for root from 162.144.236.216 port 35662 ssh2
Sep 29 17:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Connection closed by 162.144.236.216 port 35662 [preauth]
Sep 29 17:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Invalid user profe from 49.247.35.31
Sep 29 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: input_userauth_request: invalid user profe [preauth]
Sep 29 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Failed password for root from 162.144.236.216 port 42122 ssh2
Sep 29 17:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Failed password for invalid user profe from 49.247.35.31 port 17393 ssh2
Sep 29 17:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Received disconnect from 49.247.35.31 port 17393:11: Bye Bye [preauth]
Sep 29 17:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Disconnected from 49.247.35.31 port 17393 [preauth]
Sep 29 17:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Connection closed by 162.144.236.216 port 42122 [preauth]
Sep 29 17:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user root
Sep 29 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 17:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: Failed password for root from 103.162.31.192 port 34306 ssh2
Sep 29 17:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: Received disconnect from 103.162.31.192 port 34306:11: Bye Bye [preauth]
Sep 29 17:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5074]: Disconnected from 103.162.31.192 port 34306 [preauth]
Sep 29 17:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: Failed password for root from 162.144.236.216 port 47816 ssh2
Sep 29 17:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5048]: Connection closed by 162.144.236.216 port 47816 [preauth]
Sep 29 17:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5149]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5148]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5146]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5210]: Successful su for rubyman by root
Sep 29 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5210]: + ??? root:rubyman
Sep 29 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316220 of user rubyman.
Sep 29 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5210]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316220.
Sep 29 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2239]: pam_unix(cron:session): session closed for user root
Sep 29 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5147]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Invalid user owner from 59.12.160.91
Sep 29 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: input_userauth_request: invalid user owner [preauth]
Sep 29 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for root from 162.144.236.216 port 57866 ssh2
Sep 29 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Connection closed by 162.144.236.216 port 57866 [preauth]
Sep 29 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Failed password for invalid user owner from 59.12.160.91 port 42940 ssh2
Sep 29 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Received disconnect from 59.12.160.91 port 42940:11: Bye Bye [preauth]
Sep 29 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5505]: Disconnected from 59.12.160.91 port 42940 [preauth]
Sep 29 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Invalid user minecraft from 89.126.208.24
Sep 29 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Failed password for invalid user minecraft from 89.126.208.24 port 50880 ssh2
Sep 29 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Received disconnect from 89.126.208.24 port 50880:11: Bye Bye [preauth]
Sep 29 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Disconnected from 89.126.208.24 port 50880 [preauth]
Sep 29 17:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Failed password for root from 162.144.236.216 port 38182 ssh2
Sep 29 17:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Connection closed by 162.144.236.216 port 38182 [preauth]
Sep 29 17:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: Failed password for root from 162.144.236.216 port 44882 ssh2
Sep 29 17:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: Connection closed by 162.144.236.216 port 44882 [preauth]
Sep 29 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user root
Sep 29 17:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 17:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Failed password for root from 49.247.35.31 port 38464 ssh2
Sep 29 17:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Received disconnect from 49.247.35.31 port 38464:11: Bye Bye [preauth]
Sep 29 17:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Disconnected from 49.247.35.31 port 38464 [preauth]
Sep 29 17:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Failed password for root from 162.144.236.216 port 50320 ssh2
Sep 29 17:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Connection closed by 162.144.236.216 port 50320 [preauth]
Sep 29 17:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: User sandbox from 103.162.31.192 not allowed because not listed in AllowUsers
Sep 29 17:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: input_userauth_request: invalid user sandbox [preauth]
Sep 29 17:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=sandbox
Sep 29 17:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Failed password for invalid user sandbox from 103.162.31.192 port 55190 ssh2
Sep 29 17:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Received disconnect from 103.162.31.192 port 55190:11: Bye Bye [preauth]
Sep 29 17:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Disconnected from 103.162.31.192 port 55190 [preauth]
Sep 29 17:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Failed password for root from 162.144.236.216 port 57696 ssh2
Sep 29 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session closed for user p13x
Sep 29 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Connection closed by 162.144.236.216 port 57696 [preauth]
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: Successful su for rubyman by root
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: + ??? root:rubyman
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316223 of user rubyman.
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session closed for user rubyman
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316223.
Sep 29 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2718]: pam_unix(cron:session): session closed for user root
Sep 29 17:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5687]: pam_unix(cron:session): session closed for user samftp
Sep 29 17:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Failed password for root from 162.144.236.216 port 35574 ssh2
Sep 29 17:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: Connection closed by 162.144.236.216 port 35574 [preauth]
Sep 29 17:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Failed password for root from 162.144.236.216 port 43410 ssh2
Sep 29 17:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5981]: Connection closed by 162.144.236.216 port 43410 [preauth]
Sep 29 17:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Invalid user reza from 89.126.208.24
Sep 29 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: input_userauth_request: invalid user reza [preauth]
Sep 29 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: User sandbox from 59.12.160.91 not allowed because not listed in AllowUsers
Sep 29 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: input_userauth_request: invalid user sandbox [preauth]
Sep 29 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=sandbox
Sep 29 17:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Failed password for invalid user reza from 89.126.208.24 port 46334 ssh2
Sep 29 17:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Received disconnect from 89.126.208.24 port 46334:11: Bye Bye [preauth]
Sep 29 17:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Disconnected from 89.126.208.24 port 46334 [preauth]
Sep 29 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for invalid user sandbox from 59.12.160.91 port 40578 ssh2
Sep 29 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Received disconnect from 59.12.160.91 port 40578:11: Bye Bye [preauth]
Sep 29 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Disconnected from 59.12.160.91 port 40578 [preauth]
Sep 29 17:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for root from 162.144.236.216 port 49660 ssh2
Sep 29 17:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Connection closed by 162.144.236.216 port 49660 [preauth]
Sep 29 17:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: Invalid user qadeer from 167.99.55.34
Sep 29 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: input_userauth_request: invalid user qadeer [preauth]
Sep 29 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: Failed password for invalid user qadeer from 167.99.55.34 port 43332 ssh2
Sep 29 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6049]: Connection closed by 167.99.55.34 port 43332 [preauth]
Sep 29 17:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user root
Sep 29 17:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 17:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: Failed password for root from 162.144.236.216 port 57084 ssh2
Sep 29 17:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6047]: Connection closed by 162.144.236.216 port 57084 [preauth]
Sep 29 17:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 17:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Invalid user riad from 49.247.35.31
Sep 29 17:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: input_userauth_request: invalid user riad [preauth]
Sep 29 17:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 17:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Failed password for invalid user riad from 49.247.35.31 port 54403 ssh2
Sep 29 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Received disconnect from 49.247.35.31 port 54403:11: Bye Bye [preauth]
Sep 29 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Disconnected from 49.247.35.31 port 54403 [preauth]
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6152]: pam_unix(cron:session): session closed for user root
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6160]: pam_unix(cron:session): session closed for user root
Sep 29 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6150]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: Successful su for rubyman by root
Sep 29 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: + ??? root:rubyman
Sep 29 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316226 of user rubyman.
Sep 29 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316226.
Sep 29 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session closed for user root
Sep 29 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6156]: pam_unix(cron:session): session closed for user root
Sep 29 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Invalid user chris from 103.162.31.192
Sep 29 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: input_userauth_request: invalid user chris [preauth]
Sep 29 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: Failed password for root from 162.144.236.216 port 35974 ssh2
Sep 29 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Failed password for invalid user chris from 103.162.31.192 port 34270 ssh2
Sep 29 18:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6115]: Connection closed by 162.144.236.216 port 35974 [preauth]
Sep 29 18:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Received disconnect from 103.162.31.192 port 34270:11: Bye Bye [preauth]
Sep 29 18:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Disconnected from 103.162.31.192 port 34270 [preauth]
Sep 29 18:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Failed password for root from 162.144.236.216 port 46276 ssh2
Sep 29 18:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Connection closed by 162.144.236.216 port 46276 [preauth]
Sep 29 18:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 18:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Failed password for root from 89.126.208.24 port 41782 ssh2
Sep 29 18:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Received disconnect from 89.126.208.24 port 41782:11: Bye Bye [preauth]
Sep 29 18:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6559]: Disconnected from 89.126.208.24 port 41782 [preauth]
Sep 29 18:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Failed password for root from 162.144.236.216 port 52690 ssh2
Sep 29 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Connection closed by 162.144.236.216 port 52690 [preauth]
Sep 29 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Invalid user foundry from 59.12.160.91
Sep 29 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5149]: pam_unix(cron:session): session closed for user root
Sep 29 18:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Failed password for invalid user foundry from 59.12.160.91 port 38942 ssh2
Sep 29 18:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Received disconnect from 59.12.160.91 port 38942:11: Bye Bye [preauth]
Sep 29 18:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Disconnected from 59.12.160.91 port 38942 [preauth]
Sep 29 18:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6725]: Failed password for root from 162.144.236.216 port 58990 ssh2
Sep 29 18:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6725]: Connection closed by 162.144.236.216 port 58990 [preauth]
Sep 29 18:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Invalid user superadmin from 49.247.35.31
Sep 29 18:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: Successful su for rubyman by root
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: + ??? root:rubyman
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316233 of user rubyman.
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316233.
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Failed password for invalid user superadmin from 49.247.35.31 port 45381 ssh2
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Received disconnect from 49.247.35.31 port 45381:11: Bye Bye [preauth]
Sep 29 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Disconnected from 49.247.35.31 port 45381 [preauth]
Sep 29 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Failed password for root from 162.144.236.216 port 40266 ssh2
Sep 29 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Connection closed by 162.144.236.216 port 40266 [preauth]
Sep 29 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session closed for user root
Sep 29 18:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Failed password for root from 162.144.236.216 port 47314 ssh2
Sep 29 18:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Connection closed by 162.144.236.216 port 47314 [preauth]
Sep 29 18:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Invalid user superadmin from 103.162.31.192
Sep 29 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Failed password for invalid user superadmin from 103.162.31.192 port 60280 ssh2
Sep 29 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Received disconnect from 103.162.31.192 port 60280:11: Bye Bye [preauth]
Sep 29 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Disconnected from 103.162.31.192 port 60280 [preauth]
Sep 29 18:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Invalid user foundry from 89.126.208.24
Sep 29 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Failed password for invalid user foundry from 89.126.208.24 port 37234 ssh2
Sep 29 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Received disconnect from 89.126.208.24 port 37234:11: Bye Bye [preauth]
Sep 29 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Disconnected from 89.126.208.24 port 37234 [preauth]
Sep 29 18:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Failed password for root from 162.144.236.216 port 55966 ssh2
Sep 29 18:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user root
Sep 29 18:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Connection closed by 162.144.236.216 port 55966 [preauth]
Sep 29 18:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for root from 162.144.236.216 port 36306 ssh2
Sep 29 18:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Failed password for root from 59.12.160.91 port 36832 ssh2
Sep 29 18:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Received disconnect from 59.12.160.91 port 36832:11: Bye Bye [preauth]
Sep 29 18:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7324]: Disconnected from 59.12.160.91 port 36832 [preauth]
Sep 29 18:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Connection closed by 162.144.236.216 port 36306 [preauth]
Sep 29 18:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Failed password for root from 162.144.236.216 port 43250 ssh2
Sep 29 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7345]: Connection closed by 162.144.236.216 port 43250 [preauth]
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7443]: Successful su for rubyman by root
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7443]: + ??? root:rubyman
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316240 of user rubyman.
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7443]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316240.
Sep 29 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Invalid user bioinfo from 49.247.35.31
Sep 29 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: input_userauth_request: invalid user bioinfo [preauth]
Sep 29 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4185]: pam_unix(cron:session): session closed for user root
Sep 29 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Failed password for invalid user bioinfo from 49.247.35.31 port 55870 ssh2
Sep 29 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Received disconnect from 49.247.35.31 port 55870:11: Bye Bye [preauth]
Sep 29 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7520]: Disconnected from 49.247.35.31 port 55870 [preauth]
Sep 29 18:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Invalid user admin from 103.176.79.190
Sep 29 18:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Failed password for invalid user admin from 103.176.79.190 port 59564 ssh2
Sep 29 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Received disconnect from 103.176.79.190 port 59564:11: Bye Bye [preauth]
Sep 29 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Disconnected from 103.176.79.190 port 59564 [preauth]
Sep 29 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for root from 162.144.236.216 port 48618 ssh2
Sep 29 18:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Connection closed by 162.144.236.216 port 48618 [preauth]
Sep 29 18:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: Invalid user user from 80.94.95.115
Sep 29 18:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: input_userauth_request: invalid user user [preauth]
Sep 29 18:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 18:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: Failed password for invalid user user from 80.94.95.115 port 25820 ssh2
Sep 29 18:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7690]: Connection closed by 80.94.95.115 port 25820 [preauth]
Sep 29 18:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Failed password for root from 162.144.236.216 port 56574 ssh2
Sep 29 18:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7661]: Connection closed by 162.144.236.216 port 56574 [preauth]
Sep 29 18:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: Invalid user sr from 89.126.208.24
Sep 29 18:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: input_userauth_request: invalid user sr [preauth]
Sep 29 18:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: Failed password for invalid user sr from 89.126.208.24 port 60900 ssh2
Sep 29 18:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: Received disconnect from 89.126.208.24 port 60900:11: Bye Bye [preauth]
Sep 29 18:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7709]: Disconnected from 89.126.208.24 port 60900 [preauth]
Sep 29 18:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Failed password for root from 162.144.236.216 port 36374 ssh2
Sep 29 18:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Connection closed by 162.144.236.216 port 36374 [preauth]
Sep 29 18:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6158]: pam_unix(cron:session): session closed for user root
Sep 29 18:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Failed password for root from 103.162.31.192 port 53026 ssh2
Sep 29 18:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Received disconnect from 103.162.31.192 port 53026:11: Bye Bye [preauth]
Sep 29 18:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Disconnected from 103.162.31.192 port 53026 [preauth]
Sep 29 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Failed password for root from 162.144.236.216 port 43748 ssh2
Sep 29 18:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Connection closed by 162.144.236.216 port 43748 [preauth]
Sep 29 18:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Failed password for root from 162.144.236.216 port 51168 ssh2
Sep 29 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Connection closed by 162.144.236.216 port 51168 [preauth]
Sep 29 18:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Failed password for root from 162.144.236.216 port 57602 ssh2
Sep 29 18:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Connection closed by 162.144.236.216 port 57602 [preauth]
Sep 29 18:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Invalid user developer from 59.12.160.91
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: input_userauth_request: invalid user developer [preauth]
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7857]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7936]: Successful su for rubyman by root
Sep 29 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7936]: + ??? root:rubyman
Sep 29 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316241 of user rubyman.
Sep 29 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7936]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316241.
Sep 29 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Failed password for invalid user developer from 59.12.160.91 port 34448 ssh2
Sep 29 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Received disconnect from 59.12.160.91 port 34448:11: Bye Bye [preauth]
Sep 29 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Disconnected from 59.12.160.91 port 34448 [preauth]
Sep 29 18:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session closed for user root
Sep 29 18:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: Failed password for root from 162.144.236.216 port 36052 ssh2
Sep 29 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: Connection closed by 162.144.236.216 port 36052 [preauth]
Sep 29 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Failed password for root from 49.247.35.31 port 46934 ssh2
Sep 29 18:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Received disconnect from 49.247.35.31 port 46934:11: Bye Bye [preauth]
Sep 29 18:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Disconnected from 49.247.35.31 port 46934 [preauth]
Sep 29 18:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: Failed password for root from 162.144.236.216 port 41834 ssh2
Sep 29 18:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: Connection closed by 162.144.236.216 port 41834 [preauth]
Sep 29 18:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Invalid user aa from 89.126.208.24
Sep 29 18:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: input_userauth_request: invalid user aa [preauth]
Sep 29 18:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Failed password for invalid user aa from 89.126.208.24 port 56344 ssh2
Sep 29 18:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Received disconnect from 89.126.208.24 port 56344:11: Bye Bye [preauth]
Sep 29 18:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8252]: Disconnected from 89.126.208.24 port 56344 [preauth]
Sep 29 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session closed for user root
Sep 29 18:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Failed password for root from 162.144.236.216 port 50778 ssh2
Sep 29 18:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8251]: Connection closed by 162.144.236.216 port 50778 [preauth]
Sep 29 18:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Invalid user webkul from 20.40.73.192
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: input_userauth_request: invalid user webkul [preauth]
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Invalid user anthony from 38.25.39.212
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: input_userauth_request: invalid user anthony [preauth]
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Failed password for invalid user webkul from 20.40.73.192 port 48856 ssh2
Sep 29 18:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Received disconnect from 20.40.73.192 port 48856:11: Bye Bye [preauth]
Sep 29 18:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Disconnected from 20.40.73.192 port 48856 [preauth]
Sep 29 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Failed password for invalid user anthony from 38.25.39.212 port 52744 ssh2
Sep 29 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Received disconnect from 38.25.39.212 port 52744:11: Bye Bye [preauth]
Sep 29 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8326]: Disconnected from 38.25.39.212 port 52744 [preauth]
Sep 29 18:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Invalid user aovalle from 103.162.31.192
Sep 29 18:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: input_userauth_request: invalid user aovalle [preauth]
Sep 29 18:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Failed password for root from 162.144.236.216 port 58418 ssh2
Sep 29 18:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for invalid user aovalle from 103.162.31.192 port 38866 ssh2
Sep 29 18:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Received disconnect from 103.162.31.192 port 38866:11: Bye Bye [preauth]
Sep 29 18:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Disconnected from 103.162.31.192 port 38866 [preauth]
Sep 29 18:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Connection closed by 162.144.236.216 port 58418 [preauth]
Sep 29 18:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8369]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: Successful su for rubyman by root
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: + ??? root:rubyman
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316245 of user rubyman.
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316245.
Sep 29 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Failed password for root from 162.144.236.216 port 36428 ssh2
Sep 29 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5148]: pam_unix(cron:session): session closed for user root
Sep 29 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Connection closed by 162.144.236.216 port 36428 [preauth]
Sep 29 18:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Failed password for root from 162.144.236.216 port 43762 ssh2
Sep 29 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8646]: Connection closed by 162.144.236.216 port 43762 [preauth]
Sep 29 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Invalid user student3 from 59.12.160.91
Sep 29 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: input_userauth_request: invalid user student3 [preauth]
Sep 29 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Failed password for invalid user student3 from 59.12.160.91 port 60290 ssh2
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Received disconnect from 59.12.160.91 port 60290:11: Bye Bye [preauth]
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Disconnected from 59.12.160.91 port 60290 [preauth]
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: User sandbox from 49.247.35.31 not allowed because not listed in AllowUsers
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: input_userauth_request: invalid user sandbox [preauth]
Sep 29 18:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=sandbox
Sep 29 18:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user sandbox from 49.247.35.31 port 1824 ssh2
Sep 29 18:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Received disconnect from 49.247.35.31 port 1824:11: Bye Bye [preauth]
Sep 29 18:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Disconnected from 49.247.35.31 port 1824 [preauth]
Sep 29 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7375]: pam_unix(cron:session): session closed for user root
Sep 29 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Invalid user certbot from 89.126.208.24
Sep 29 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: input_userauth_request: invalid user certbot [preauth]
Sep 29 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Failed password for root from 162.144.236.216 port 48834 ssh2
Sep 29 18:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Failed password for invalid user certbot from 89.126.208.24 port 51774 ssh2
Sep 29 18:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Received disconnect from 89.126.208.24 port 51774:11: Bye Bye [preauth]
Sep 29 18:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Disconnected from 89.126.208.24 port 51774 [preauth]
Sep 29 18:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Connection closed by 162.144.236.216 port 48834 [preauth]
Sep 29 18:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Invalid user test from 93.152.230.176
Sep 29 18:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: input_userauth_request: invalid user test [preauth]
Sep 29 18:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 18:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Failed password for invalid user test from 93.152.230.176 port 43882 ssh2
Sep 29 18:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Received disconnect from 93.152.230.176 port 43882:11: Client disconnecting normally [preauth]
Sep 29 18:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Disconnected from 93.152.230.176 port 43882 [preauth]
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8956]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session closed for user root
Sep 29 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8952]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9034]: Successful su for rubyman by root
Sep 29 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9034]: + ??? root:rubyman
Sep 29 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316249 of user rubyman.
Sep 29 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9034]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316249.
Sep 29 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: Failed password for root from 162.144.236.216 port 58036 ssh2
Sep 29 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session closed for user root
Sep 29 18:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: Connection closed by 162.144.236.216 port 58036 [preauth]
Sep 29 18:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user root
Sep 29 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Invalid user jupyter from 103.162.31.192
Sep 29 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Failed password for invalid user jupyter from 103.162.31.192 port 49526 ssh2
Sep 29 18:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Received disconnect from 103.162.31.192 port 49526:11: Bye Bye [preauth]
Sep 29 18:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Disconnected from 103.162.31.192 port 49526 [preauth]
Sep 29 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: Failed password for root from 162.144.236.216 port 37910 ssh2
Sep 29 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Invalid user nodeuser from 20.40.73.192
Sep 29 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: input_userauth_request: invalid user nodeuser [preauth]
Sep 29 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9302]: Connection closed by 162.144.236.216 port 37910 [preauth]
Sep 29 18:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Failed password for invalid user nodeuser from 20.40.73.192 port 52370 ssh2
Sep 29 18:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Received disconnect from 20.40.73.192 port 52370:11: Bye Bye [preauth]
Sep 29 18:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Disconnected from 20.40.73.192 port 52370 [preauth]
Sep 29 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session closed for user root
Sep 29 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Failed password for root from 59.12.160.91 port 57858 ssh2
Sep 29 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Received disconnect from 59.12.160.91 port 57858:11: Bye Bye [preauth]
Sep 29 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9465]: Disconnected from 59.12.160.91 port 57858 [preauth]
Sep 29 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Failed password for root from 49.247.35.31 port 20193 ssh2
Sep 29 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Received disconnect from 49.247.35.31 port 20193:11: Bye Bye [preauth]
Sep 29 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Disconnected from 49.247.35.31 port 20193 [preauth]
Sep 29 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Failed password for root from 38.25.39.212 port 55446 ssh2
Sep 29 18:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Received disconnect from 38.25.39.212 port 55446:11: Bye Bye [preauth]
Sep 29 18:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Disconnected from 38.25.39.212 port 55446 [preauth]
Sep 29 18:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 18:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for root from 89.126.208.24 port 47240 ssh2
Sep 29 18:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Received disconnect from 89.126.208.24 port 47240:11: Bye Bye [preauth]
Sep 29 18:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Disconnected from 89.126.208.24 port 47240 [preauth]
Sep 29 18:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Failed password for root from 162.144.236.216 port 46294 ssh2
Sep 29 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Connection closed by 162.144.236.216 port 46294 [preauth]
Sep 29 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Failed password for root from 162.144.236.216 port 58206 ssh2
Sep 29 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Connection closed by 162.144.236.216 port 58206 [preauth]
Sep 29 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9559]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: Successful su for rubyman by root
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: + ??? root:rubyman
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316255 of user rubyman.
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9640]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316255.
Sep 29 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for root from 162.144.236.216 port 34708 ssh2
Sep 29 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Connection closed by 162.144.236.216 port 34708 [preauth]
Sep 29 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6157]: pam_unix(cron:session): session closed for user root
Sep 29 18:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9560]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Failed password for root from 162.144.236.216 port 39496 ssh2
Sep 29 18:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Connection closed by 162.144.236.216 port 39496 [preauth]
Sep 29 18:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Invalid user gits from 103.176.79.190
Sep 29 18:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: input_userauth_request: invalid user gits [preauth]
Sep 29 18:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Invalid user student3 from 103.162.31.192
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: input_userauth_request: invalid user student3 [preauth]
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Failed password for invalid user gits from 103.176.79.190 port 35966 ssh2
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Received disconnect from 103.176.79.190 port 35966:11: Bye Bye [preauth]
Sep 29 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Disconnected from 103.176.79.190 port 35966 [preauth]
Sep 29 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Failed password for root from 162.144.236.216 port 45342 ssh2
Sep 29 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Failed password for invalid user student3 from 103.162.31.192 port 47190 ssh2
Sep 29 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Received disconnect from 103.162.31.192 port 47190:11: Bye Bye [preauth]
Sep 29 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Disconnected from 103.162.31.192 port 47190 [preauth]
Sep 29 18:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Connection closed by 162.144.236.216 port 45342 [preauth]
Sep 29 18:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session closed for user root
Sep 29 18:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Failed password for root from 162.144.236.216 port 52568 ssh2
Sep 29 18:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: Failed password for root from 20.40.73.192 port 54452 ssh2
Sep 29 18:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: Received disconnect from 20.40.73.192 port 54452:11: Bye Bye [preauth]
Sep 29 18:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: Disconnected from 20.40.73.192 port 54452 [preauth]
Sep 29 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Connection closed by 162.144.236.216 port 52568 [preauth]
Sep 29 18:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Invalid user vpnuser from 89.126.208.24
Sep 29 18:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: input_userauth_request: invalid user vpnuser [preauth]
Sep 29 18:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user vpnuser from 89.126.208.24 port 42664 ssh2
Sep 29 18:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Received disconnect from 89.126.208.24 port 42664:11: Bye Bye [preauth]
Sep 29 18:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Disconnected from 89.126.208.24 port 42664 [preauth]
Sep 29 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Failed password for root from 49.247.35.31 port 29013 ssh2
Sep 29 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Received disconnect from 49.247.35.31 port 29013:11: Bye Bye [preauth]
Sep 29 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Disconnected from 49.247.35.31 port 29013 [preauth]
Sep 29 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Invalid user foundry from 38.25.39.212
Sep 29 18:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Failed password for invalid user foundry from 38.25.39.212 port 51616 ssh2
Sep 29 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Received disconnect from 38.25.39.212 port 51616:11: Bye Bye [preauth]
Sep 29 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Disconnected from 38.25.39.212 port 51616 [preauth]
Sep 29 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Failed password for root from 59.12.160.91 port 55486 ssh2
Sep 29 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Received disconnect from 59.12.160.91 port 55486:11: Bye Bye [preauth]
Sep 29 18:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Disconnected from 59.12.160.91 port 55486 [preauth]
Sep 29 18:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Failed password for root from 162.144.236.216 port 58522 ssh2
Sep 29 18:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Connection closed by 162.144.236.216 port 58522 [preauth]
Sep 29 18:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10159]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: Successful su for rubyman by root
Sep 29 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: + ??? root:rubyman
Sep 29 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316260 of user rubyman.
Sep 29 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10234]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316260.
Sep 29 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session closed for user root
Sep 29 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Invalid user doremi from 167.99.55.34
Sep 29 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: input_userauth_request: invalid user doremi [preauth]
Sep 29 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Failed password for invalid user doremi from 167.99.55.34 port 55756 ssh2
Sep 29 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Connection closed by 167.99.55.34 port 55756 [preauth]
Sep 29 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10160]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Failed password for root from 162.144.236.216 port 38790 ssh2
Sep 29 18:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Connection closed by 162.144.236.216 port 38790 [preauth]
Sep 29 18:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Failed password for root from 162.144.236.216 port 45794 ssh2
Sep 29 18:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Connection closed by 162.144.236.216 port 45794 [preauth]
Sep 29 18:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Failed password for root from 162.144.236.216 port 52042 ssh2
Sep 29 18:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Connection closed by 162.144.236.216 port 52042 [preauth]
Sep 29 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8956]: pam_unix(cron:session): session closed for user root
Sep 29 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10539]: Failed password for root from 103.162.31.192 port 54186 ssh2
Sep 29 18:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10539]: Received disconnect from 103.162.31.192 port 54186:11: Bye Bye [preauth]
Sep 29 18:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10539]: Disconnected from 103.162.31.192 port 54186 [preauth]
Sep 29 18:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Invalid user chin from 89.126.208.24
Sep 29 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: input_userauth_request: invalid user chin [preauth]
Sep 29 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Failed password for invalid user chin from 89.126.208.24 port 38100 ssh2
Sep 29 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Received disconnect from 89.126.208.24 port 38100:11: Bye Bye [preauth]
Sep 29 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Disconnected from 89.126.208.24 port 38100 [preauth]
Sep 29 18:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: Failed password for root from 162.144.236.216 port 59214 ssh2
Sep 29 18:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Invalid user minecraft from 20.40.73.192
Sep 29 18:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 18:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: Connection closed by 162.144.236.216 port 59214 [preauth]
Sep 29 18:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Failed password for root from 49.247.35.31 port 16279 ssh2
Sep 29 18:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Received disconnect from 49.247.35.31 port 16279:11: Bye Bye [preauth]
Sep 29 18:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Disconnected from 49.247.35.31 port 16279 [preauth]
Sep 29 18:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Failed password for invalid user minecraft from 20.40.73.192 port 46834 ssh2
Sep 29 18:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Received disconnect from 20.40.73.192 port 46834:11: Bye Bye [preauth]
Sep 29 18:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Disconnected from 20.40.73.192 port 46834 [preauth]
Sep 29 18:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Invalid user consulta from 38.25.39.212
Sep 29 18:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: input_userauth_request: invalid user consulta [preauth]
Sep 29 18:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Failed password for invalid user consulta from 38.25.39.212 port 47782 ssh2
Sep 29 18:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Invalid user bloom from 103.176.79.190
Sep 29 18:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: input_userauth_request: invalid user bloom [preauth]
Sep 29 18:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Received disconnect from 38.25.39.212 port 47782:11: Bye Bye [preauth]
Sep 29 18:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Disconnected from 38.25.39.212 port 47782 [preauth]
Sep 29 18:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Invalid user profe from 59.12.160.91
Sep 29 18:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: input_userauth_request: invalid user profe [preauth]
Sep 29 18:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Failed password for invalid user bloom from 103.176.79.190 port 37738 ssh2
Sep 29 18:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Received disconnect from 103.176.79.190 port 37738:11: Bye Bye [preauth]
Sep 29 18:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10619]: Disconnected from 103.176.79.190 port 37738 [preauth]
Sep 29 18:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Failed password for invalid user profe from 59.12.160.91 port 52694 ssh2
Sep 29 18:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Received disconnect from 59.12.160.91 port 52694:11: Bye Bye [preauth]
Sep 29 18:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Disconnected from 59.12.160.91 port 52694 [preauth]
Sep 29 18:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10720]: Successful su for rubyman by root
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10720]: + ??? root:rubyman
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316263 of user rubyman.
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10720]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316263.
Sep 29 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Failed password for root from 162.144.236.216 port 37328 ssh2
Sep 29 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Connection closed by 162.144.236.216 port 37328 [preauth]
Sep 29 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7374]: pam_unix(cron:session): session closed for user root
Sep 29 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10650]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Failed password for root from 162.144.236.216 port 45294 ssh2
Sep 29 18:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Connection closed by 162.144.236.216 port 45294 [preauth]
Sep 29 18:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Failed password for root from 162.144.236.216 port 50920 ssh2
Sep 29 18:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10930]: Connection closed by 162.144.236.216 port 50920 [preauth]
Sep 29 18:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Invalid user admin from 80.94.95.112
Sep 29 18:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 18:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for invalid user admin from 80.94.95.112 port 43436 ssh2
Sep 29 18:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Failed password for root from 162.144.236.216 port 58590 ssh2
Sep 29 18:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Connection closed by 162.144.236.216 port 58590 [preauth]
Sep 29 18:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for invalid user admin from 80.94.95.112 port 43436 ssh2
Sep 29 18:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for invalid user admin from 80.94.95.112 port 43436 ssh2
Sep 29 18:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9563]: pam_unix(cron:session): session closed for user root
Sep 29 18:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for invalid user admin from 80.94.95.112 port 43436 ssh2
Sep 29 18:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for invalid user admin from 80.94.95.112 port 43436 ssh2
Sep 29 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Received disconnect from 80.94.95.112 port 43436:11: Bye [preauth]
Sep 29 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Disconnected from 80.94.95.112 port 43436 [preauth]
Sep 29 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: Failed password for root from 162.144.236.216 port 35698 ssh2
Sep 29 18:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for root from 89.126.208.24 port 33536 ssh2
Sep 29 18:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Received disconnect from 89.126.208.24 port 33536:11: Bye Bye [preauth]
Sep 29 18:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Disconnected from 89.126.208.24 port 33536 [preauth]
Sep 29 18:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: Connection closed by 162.144.236.216 port 35698 [preauth]
Sep 29 18:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Invalid user test from 103.162.31.192
Sep 29 18:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: input_userauth_request: invalid user test [preauth]
Sep 29 18:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Failed password for invalid user test from 103.162.31.192 port 49942 ssh2
Sep 29 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Received disconnect from 103.162.31.192 port 49942:11: Bye Bye [preauth]
Sep 29 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11065]: Disconnected from 103.162.31.192 port 49942 [preauth]
Sep 29 18:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: Failed password for root from 49.247.35.31 port 48700 ssh2
Sep 29 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: Received disconnect from 49.247.35.31 port 48700:11: Bye Bye [preauth]
Sep 29 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11087]: Disconnected from 49.247.35.31 port 48700 [preauth]
Sep 29 18:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: Failed password for root from 38.25.39.212 port 43958 ssh2
Sep 29 18:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: Received disconnect from 38.25.39.212 port 43958:11: Bye Bye [preauth]
Sep 29 18:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: Disconnected from 38.25.39.212 port 43958 [preauth]
Sep 29 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: Successful su for rubyman by root
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: + ??? root:rubyman
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316268 of user rubyman.
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316268.
Sep 29 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session closed for user root
Sep 29 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session closed for user root
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Invalid user bots from 59.12.160.91
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: input_userauth_request: invalid user bots [preauth]
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Failed password for root from 20.40.73.192 port 44388 ssh2
Sep 29 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Received disconnect from 20.40.73.192 port 44388:11: Bye Bye [preauth]
Sep 29 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Disconnected from 20.40.73.192 port 44388 [preauth]
Sep 29 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Failed password for root from 162.144.236.216 port 42104 ssh2
Sep 29 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Failed password for invalid user bots from 59.12.160.91 port 49968 ssh2
Sep 29 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Received disconnect from 59.12.160.91 port 49968:11: Bye Bye [preauth]
Sep 29 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Disconnected from 59.12.160.91 port 49968 [preauth]
Sep 29 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11057]: Connection closed by 162.144.236.216 port 42104 [preauth]
Sep 29 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Failed password for root from 162.144.236.216 port 53172 ssh2
Sep 29 18:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Connection closed by 162.144.236.216 port 53172 [preauth]
Sep 29 18:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Failed password for root from 162.144.236.216 port 59276 ssh2
Sep 29 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Connection closed by 162.144.236.216 port 59276 [preauth]
Sep 29 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Invalid user dspace from 103.176.79.190
Sep 29 18:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: input_userauth_request: invalid user dspace [preauth]
Sep 29 18:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11513]: Failed password for root from 162.144.236.216 port 37262 ssh2
Sep 29 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Failed password for invalid user dspace from 103.176.79.190 port 33522 ssh2
Sep 29 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Received disconnect from 103.176.79.190 port 33522:11: Bye Bye [preauth]
Sep 29 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11538]: Disconnected from 103.176.79.190 port 33522 [preauth]
Sep 29 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11513]: Connection closed by 162.144.236.216 port 37262 [preauth]
Sep 29 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user root
Sep 29 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Failed password for root from 162.144.236.216 port 43170 ssh2
Sep 29 18:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Connection closed by 162.144.236.216 port 43170 [preauth]
Sep 29 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Invalid user pi from 222.102.214.75
Sep 29 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: input_userauth_request: invalid user pi [preauth]
Sep 29 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.102.214.75
Sep 29 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user pi from 222.102.214.75 port 43231 ssh2
Sep 29 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 18:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user pi from 222.102.214.75 port 43231 ssh2
Sep 29 18:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Failed password for root from 89.126.208.24 port 57210 ssh2
Sep 29 18:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Received disconnect from 89.126.208.24 port 57210:11: Bye Bye [preauth]
Sep 29 18:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Disconnected from 89.126.208.24 port 57210 [preauth]
Sep 29 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user pi from 222.102.214.75 port 43231 ssh2
Sep 29 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Failed password for root from 162.144.236.216 port 49004 ssh2
Sep 29 18:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user pi from 222.102.214.75 port 43231 ssh2
Sep 29 18:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11582]: Connection closed by 162.144.236.216 port 49004 [preauth]
Sep 29 18:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user pi from 222.102.214.75 port 43231 ssh2
Sep 29 18:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Failed password for invalid user pi from 222.102.214.75 port 43231 ssh2
Sep 29 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: error: maximum authentication attempts exceeded for invalid user pi from 222.102.214.75 port 43231 ssh2 [preauth]
Sep 29 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: Disconnecting: Too many authentication failures [preauth]
Sep 29 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.102.214.75
Sep 29 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11580]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 29 18:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11739]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11736]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11737]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session closed for user root
Sep 29 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Failed password for root from 162.144.236.216 port 56474 ssh2
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11823]: Successful su for rubyman by root
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11823]: + ??? root:rubyman
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316273 of user rubyman.
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11823]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316273.
Sep 29 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: Invalid user foundry from 103.162.31.192
Sep 29 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11625]: Connection closed by 162.144.236.216 port 56474 [preauth]
Sep 29 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: Failed password for invalid user foundry from 103.162.31.192 port 33578 ssh2
Sep 29 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: Received disconnect from 103.162.31.192 port 33578:11: Bye Bye [preauth]
Sep 29 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11808]: Disconnected from 103.162.31.192 port 33578 [preauth]
Sep 29 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11736]: pam_unix(cron:session): session closed for user root
Sep 29 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session closed for user root
Sep 29 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for root from 49.247.35.31 port 48838 ssh2
Sep 29 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Received disconnect from 49.247.35.31 port 48838:11: Bye Bye [preauth]
Sep 29 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Disconnected from 49.247.35.31 port 48838 [preauth]
Sep 29 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Invalid user helen from 38.25.39.212
Sep 29 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: input_userauth_request: invalid user helen [preauth]
Sep 29 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Failed password for invalid user helen from 38.25.39.212 port 40136 ssh2
Sep 29 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Received disconnect from 38.25.39.212 port 40136:11: Bye Bye [preauth]
Sep 29 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12022]: Disconnected from 38.25.39.212 port 40136 [preauth]
Sep 29 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11675]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Invalid user bioinfo from 59.12.160.91
Sep 29 18:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: input_userauth_request: invalid user bioinfo [preauth]
Sep 29 18:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Failed password for invalid user bioinfo from 59.12.160.91 port 48170 ssh2
Sep 29 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Received disconnect from 59.12.160.91 port 48170:11: Bye Bye [preauth]
Sep 29 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12083]: Disconnected from 59.12.160.91 port 48170 [preauth]
Sep 29 18:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Failed password for root from 162.144.236.216 port 34412 ssh2
Sep 29 18:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Invalid user jupyter from 20.40.73.192
Sep 29 18:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 18:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Connection closed by 162.144.236.216 port 34412 [preauth]
Sep 29 18:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Failed password for invalid user jupyter from 20.40.73.192 port 55166 ssh2
Sep 29 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Received disconnect from 20.40.73.192 port 55166:11: Bye Bye [preauth]
Sep 29 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12093]: Disconnected from 20.40.73.192 port 55166 [preauth]
Sep 29 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user root
Sep 29 18:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Failed password for root from 162.144.236.216 port 42866 ssh2
Sep 29 18:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Connection closed by 162.144.236.216 port 42866 [preauth]
Sep 29 18:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Invalid user sentry from 89.126.208.24
Sep 29 18:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: input_userauth_request: invalid user sentry [preauth]
Sep 29 18:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Failed password for invalid user sentry from 89.126.208.24 port 52670 ssh2
Sep 29 18:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Received disconnect from 89.126.208.24 port 52670:11: Bye Bye [preauth]
Sep 29 18:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12203]: Disconnected from 89.126.208.24 port 52670 [preauth]
Sep 29 18:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 162.144.236.216 port 50238 ssh2
Sep 29 18:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Connection closed by 162.144.236.216 port 50238 [preauth]
Sep 29 18:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12234]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12309]: Successful su for rubyman by root
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12309]: + ??? root:rubyman
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316278 of user rubyman.
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12309]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316278.
Sep 29 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session closed for user root
Sep 29 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for root from 103.176.79.190 port 53710 ssh2
Sep 29 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Received disconnect from 103.176.79.190 port 53710:11: Bye Bye [preauth]
Sep 29 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Disconnected from 103.176.79.190 port 53710 [preauth]
Sep 29 18:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Failed password for root from 162.144.236.216 port 57508 ssh2
Sep 29 18:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Connection closed by 162.144.236.216 port 57508 [preauth]
Sep 29 18:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Failed password for root from 162.144.236.216 port 33834 ssh2
Sep 29 18:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Invalid user default from 185.156.73.233
Sep 29 18:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: input_userauth_request: invalid user default [preauth]
Sep 29 18:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Connection closed by 162.144.236.216 port 33834 [preauth]
Sep 29 18:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 18:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Invalid user rabbitmq from 38.25.39.212
Sep 29 18:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 29 18:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Failed password for invalid user default from 185.156.73.233 port 32056 ssh2
Sep 29 18:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12525]: Connection closed by 185.156.73.233 port 32056 [preauth]
Sep 29 18:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Failed password for invalid user rabbitmq from 38.25.39.212 port 36314 ssh2
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Received disconnect from 38.25.39.212 port 36314:11: Bye Bye [preauth]
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12543]: Disconnected from 38.25.39.212 port 36314 [preauth]
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Invalid user dummy from 103.162.31.192
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: input_userauth_request: invalid user dummy [preauth]
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: Invalid user crystal from 49.247.35.31
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: input_userauth_request: invalid user crystal [preauth]
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Failed password for root from 162.144.236.216 port 39662 ssh2
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Connection closed by 162.144.236.216 port 39662 [preauth]
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Failed password for invalid user dummy from 103.162.31.192 port 40152 ssh2
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Received disconnect from 103.162.31.192 port 40152:11: Bye Bye [preauth]
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Disconnected from 103.162.31.192 port 40152 [preauth]
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: Failed password for invalid user crystal from 49.247.35.31 port 57146 ssh2
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: Received disconnect from 49.247.35.31 port 57146:11: Bye Bye [preauth]
Sep 29 18:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12556]: Disconnected from 49.247.35.31 port 57146 [preauth]
Sep 29 18:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: Failed password for root from 162.144.236.216 port 44632 ssh2
Sep 29 18:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12558]: Connection closed by 162.144.236.216 port 44632 [preauth]
Sep 29 18:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Invalid user crystal from 59.12.160.91
Sep 29 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: input_userauth_request: invalid user crystal [preauth]
Sep 29 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user root
Sep 29 18:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Failed password for invalid user crystal from 59.12.160.91 port 46164 ssh2
Sep 29 18:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Received disconnect from 59.12.160.91 port 46164:11: Bye Bye [preauth]
Sep 29 18:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Disconnected from 59.12.160.91 port 46164 [preauth]
Sep 29 18:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Failed password for root from 162.144.236.216 port 49936 ssh2
Sep 29 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Connection closed by 162.144.236.216 port 49936 [preauth]
Sep 29 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Invalid user rabbitmq from 20.40.73.192
Sep 29 18:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 29 18:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Failed password for invalid user rabbitmq from 20.40.73.192 port 55964 ssh2
Sep 29 18:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Received disconnect from 20.40.73.192 port 55964:11: Bye Bye [preauth]
Sep 29 18:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Disconnected from 20.40.73.192 port 55964 [preauth]
Sep 29 18:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Invalid user test from 89.126.208.24
Sep 29 18:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: input_userauth_request: invalid user test [preauth]
Sep 29 18:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12664]: Failed password for root from 162.144.236.216 port 59156 ssh2
Sep 29 18:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Failed password for invalid user test from 89.126.208.24 port 48098 ssh2
Sep 29 18:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Received disconnect from 89.126.208.24 port 48098:11: Bye Bye [preauth]
Sep 29 18:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Disconnected from 89.126.208.24 port 48098 [preauth]
Sep 29 18:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12664]: Connection closed by 162.144.236.216 port 59156 [preauth]
Sep 29 18:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12716]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: Successful su for rubyman by root
Sep 29 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: + ??? root:rubyman
Sep 29 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316282 of user rubyman.
Sep 29 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12783]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316282.
Sep 29 18:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9561]: pam_unix(cron:session): session closed for user root
Sep 29 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for root from 162.144.236.216 port 37640 ssh2
Sep 29 18:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Connection closed by 162.144.236.216 port 37640 [preauth]
Sep 29 18:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for root from 162.144.236.216 port 43002 ssh2
Sep 29 18:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 162.144.236.216 port 43002 [preauth]
Sep 29 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Invalid user dspace from 38.25.39.212
Sep 29 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: input_userauth_request: invalid user dspace [preauth]
Sep 29 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Failed password for invalid user dspace from 38.25.39.212 port 60706 ssh2
Sep 29 18:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Received disconnect from 38.25.39.212 port 60706:11: Bye Bye [preauth]
Sep 29 18:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Disconnected from 38.25.39.212 port 60706 [preauth]
Sep 29 18:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Invalid user student3 from 49.247.35.31
Sep 29 18:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: input_userauth_request: invalid user student3 [preauth]
Sep 29 18:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Failed password for invalid user student3 from 49.247.35.31 port 23976 ssh2
Sep 29 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Received disconnect from 49.247.35.31 port 23976:11: Bye Bye [preauth]
Sep 29 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Disconnected from 49.247.35.31 port 23976 [preauth]
Sep 29 18:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Invalid user accounting from 103.162.31.192
Sep 29 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: input_userauth_request: invalid user accounting [preauth]
Sep 29 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Failed password for root from 162.144.236.216 port 51410 ssh2
Sep 29 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11739]: pam_unix(cron:session): session closed for user root
Sep 29 18:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Failed password for invalid user accounting from 103.162.31.192 port 49216 ssh2
Sep 29 18:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Received disconnect from 103.162.31.192 port 49216:11: Bye Bye [preauth]
Sep 29 18:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Disconnected from 103.162.31.192 port 49216 [preauth]
Sep 29 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Invalid user dns from 103.176.79.190
Sep 29 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: input_userauth_request: invalid user dns [preauth]
Sep 29 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Connection closed by 162.144.236.216 port 51410 [preauth]
Sep 29 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Failed password for invalid user dns from 103.176.79.190 port 39576 ssh2
Sep 29 18:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Received disconnect from 103.176.79.190 port 39576:11: Bye Bye [preauth]
Sep 29 18:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Disconnected from 103.176.79.190 port 39576 [preauth]
Sep 29 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Invalid user afzal from 59.12.160.91
Sep 29 18:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: input_userauth_request: invalid user afzal [preauth]
Sep 29 18:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Failed password for invalid user afzal from 59.12.160.91 port 43668 ssh2
Sep 29 18:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Received disconnect from 59.12.160.91 port 43668:11: Bye Bye [preauth]
Sep 29 18:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13139]: Disconnected from 59.12.160.91 port 43668 [preauth]
Sep 29 18:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for root from 162.144.236.216 port 58712 ssh2
Sep 29 18:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Invalid user dinesh from 89.126.208.24
Sep 29 18:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: input_userauth_request: invalid user dinesh [preauth]
Sep 29 18:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Connection closed by 162.144.236.216 port 58712 [preauth]
Sep 29 18:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Failed password for invalid user dinesh from 89.126.208.24 port 43534 ssh2
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Received disconnect from 89.126.208.24 port 43534:11: Bye Bye [preauth]
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Disconnected from 89.126.208.24 port 43534 [preauth]
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13178]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: Successful su for rubyman by root
Sep 29 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: + ??? root:rubyman
Sep 29 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316287 of user rubyman.
Sep 29 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13245]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316287.
Sep 29 18:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Invalid user sham from 20.40.73.192
Sep 29 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: input_userauth_request: invalid user sham [preauth]
Sep 29 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session closed for user root
Sep 29 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Failed password for invalid user sham from 20.40.73.192 port 55374 ssh2
Sep 29 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Received disconnect from 20.40.73.192 port 55374:11: Bye Bye [preauth]
Sep 29 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Disconnected from 20.40.73.192 port 55374 [preauth]
Sep 29 18:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13181]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Failed password for root from 162.144.236.216 port 39608 ssh2
Sep 29 18:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Connection closed by 162.144.236.216 port 39608 [preauth]
Sep 29 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: User bin from 93.152.230.176 not allowed because not listed in AllowUsers
Sep 29 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: input_userauth_request: invalid user bin [preauth]
Sep 29 18:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=bin
Sep 29 18:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: Failed password for invalid user bin from 93.152.230.176 port 26249 ssh2
Sep 29 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: Received disconnect from 93.152.230.176 port 26249:11: Client disconnecting normally [preauth]
Sep 29 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13475]: Disconnected from 93.152.230.176 port 26249 [preauth]
Sep 29 18:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: Failed password for root from 162.144.236.216 port 48418 ssh2
Sep 29 18:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: Connection closed by 162.144.236.216 port 48418 [preauth]
Sep 29 18:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Invalid user test from 38.25.39.212
Sep 29 18:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: input_userauth_request: invalid user test [preauth]
Sep 29 18:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Failed password for invalid user test from 38.25.39.212 port 56864 ssh2
Sep 29 18:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Received disconnect from 38.25.39.212 port 56864:11: Bye Bye [preauth]
Sep 29 18:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Disconnected from 38.25.39.212 port 56864 [preauth]
Sep 29 18:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user root
Sep 29 18:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for root from 49.247.35.31 port 51581 ssh2
Sep 29 18:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Received disconnect from 49.247.35.31 port 51581:11: Bye Bye [preauth]
Sep 29 18:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Disconnected from 49.247.35.31 port 51581 [preauth]
Sep 29 18:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Failed password for root from 162.144.236.216 port 55674 ssh2
Sep 29 18:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Connection closed by 162.144.236.216 port 55674 [preauth]
Sep 29 18:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Failed password for root from 103.162.31.192 port 51142 ssh2
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Received disconnect from 103.162.31.192 port 51142:11: Bye Bye [preauth]
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Disconnected from 103.162.31.192 port 51142 [preauth]
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Failed password for root from 162.144.236.216 port 36132 ssh2
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Invalid user chris from 59.12.160.91
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: input_userauth_request: invalid user chris [preauth]
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13599]: Connection closed by 162.144.236.216 port 36132 [preauth]
Sep 29 18:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Failed password for invalid user chris from 59.12.160.91 port 40926 ssh2
Sep 29 18:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Received disconnect from 59.12.160.91 port 40926:11: Bye Bye [preauth]
Sep 29 18:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13621]: Disconnected from 59.12.160.91 port 40926 [preauth]
Sep 29 18:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13636]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: Successful su for rubyman by root
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: + ??? root:rubyman
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316290 of user rubyman.
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13699]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316290.
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Invalid user mehdi from 89.126.208.24
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: input_userauth_request: invalid user mehdi [preauth]
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Failed password for root from 162.144.236.216 port 41328 ssh2
Sep 29 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Connection closed by 162.144.236.216 port 41328 [preauth]
Sep 29 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Failed password for invalid user mehdi from 89.126.208.24 port 38970 ssh2
Sep 29 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Received disconnect from 89.126.208.24 port 38970:11: Bye Bye [preauth]
Sep 29 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Disconnected from 89.126.208.24 port 38970 [preauth]
Sep 29 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user root
Sep 29 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13801]: Failed password for root from 103.176.79.190 port 48938 ssh2
Sep 29 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13801]: Received disconnect from 103.176.79.190 port 48938:11: Bye Bye [preauth]
Sep 29 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13801]: Disconnected from 103.176.79.190 port 48938 [preauth]
Sep 29 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13637]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Failed password for root from 162.144.236.216 port 46100 ssh2
Sep 29 18:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Connection closed by 162.144.236.216 port 46100 [preauth]
Sep 29 18:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13925]: Failed password for root from 162.144.236.216 port 53936 ssh2
Sep 29 18:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13925]: Connection closed by 162.144.236.216 port 53936 [preauth]
Sep 29 18:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Failed password for root from 20.40.73.192 port 40570 ssh2
Sep 29 18:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Received disconnect from 20.40.73.192 port 40570:11: Bye Bye [preauth]
Sep 29 18:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Disconnected from 20.40.73.192 port 40570 [preauth]
Sep 29 18:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Failed password for root from 162.144.236.216 port 60792 ssh2
Sep 29 18:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Connection closed by 162.144.236.216 port 60792 [preauth]
Sep 29 18:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session closed for user root
Sep 29 18:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Failed password for root from 38.25.39.212 port 53022 ssh2
Sep 29 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Received disconnect from 38.25.39.212 port 53022:11: Bye Bye [preauth]
Sep 29 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Disconnected from 38.25.39.212 port 53022 [preauth]
Sep 29 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: Invalid user colibri from 167.99.55.34
Sep 29 18:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: input_userauth_request: invalid user colibri [preauth]
Sep 29 18:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for root from 162.144.236.216 port 40274 ssh2
Sep 29 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: Failed password for invalid user colibri from 167.99.55.34 port 45136 ssh2
Sep 29 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: Connection closed by 167.99.55.34 port 45136 [preauth]
Sep 29 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 162.144.236.216 port 40274 [preauth]
Sep 29 18:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Invalid user minecraft from 49.247.35.31
Sep 29 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Failed password for invalid user minecraft from 49.247.35.31 port 27604 ssh2
Sep 29 18:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Received disconnect from 49.247.35.31 port 27604:11: Bye Bye [preauth]
Sep 29 18:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14146]: Disconnected from 49.247.35.31 port 27604 [preauth]
Sep 29 18:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Failed password for root from 162.144.236.216 port 46988 ssh2
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user root
Sep 29 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: Successful su for rubyman by root
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: + ??? root:rubyman
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316294 of user rubyman.
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316294.
Sep 29 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Connection closed by 162.144.236.216 port 46988 [preauth]
Sep 29 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user root
Sep 29 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for root from 89.126.208.24 port 34408 ssh2
Sep 29 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Received disconnect from 89.126.208.24 port 34408:11: Bye Bye [preauth]
Sep 29 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Disconnected from 89.126.208.24 port 34408 [preauth]
Sep 29 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user root
Sep 29 18:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: Invalid user incoming from 103.162.31.192
Sep 29 18:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: input_userauth_request: invalid user incoming [preauth]
Sep 29 18:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14463]: Failed password for root from 59.12.160.91 port 38344 ssh2
Sep 29 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14463]: Received disconnect from 59.12.160.91 port 38344:11: Bye Bye [preauth]
Sep 29 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14463]: Disconnected from 59.12.160.91 port 38344 [preauth]
Sep 29 18:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: Failed password for invalid user incoming from 103.162.31.192 port 44994 ssh2
Sep 29 18:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: Received disconnect from 103.162.31.192 port 44994:11: Bye Bye [preauth]
Sep 29 18:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14472]: Disconnected from 103.162.31.192 port 44994 [preauth]
Sep 29 18:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Invalid user user from 62.60.131.157
Sep 29 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: input_userauth_request: invalid user user [preauth]
Sep 29 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 18:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: Failed password for root from 162.144.236.216 port 55544 ssh2
Sep 29 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for invalid user user from 62.60.131.157 port 11971 ssh2
Sep 29 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14348]: Connection closed by 162.144.236.216 port 55544 [preauth]
Sep 29 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for invalid user user from 62.60.131.157 port 11971 ssh2
Sep 29 18:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for invalid user user from 62.60.131.157 port 11971 ssh2
Sep 29 18:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for invalid user user from 62.60.131.157 port 11971 ssh2
Sep 29 18:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Failed password for invalid user user from 62.60.131.157 port 11971 ssh2
Sep 29 18:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Received disconnect from 62.60.131.157 port 11971:11: Bye [preauth]
Sep 29 18:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: Disconnected from 62.60.131.157 port 11971 [preauth]
Sep 29 18:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 18:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14484]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 18:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Failed password for root from 162.144.236.216 port 33488 ssh2
Sep 29 18:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Connection closed by 162.144.236.216 port 33488 [preauth]
Sep 29 18:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Invalid user anthony from 103.176.79.190
Sep 29 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: input_userauth_request: invalid user anthony [preauth]
Sep 29 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13183]: pam_unix(cron:session): session closed for user root
Sep 29 18:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Failed password for invalid user anthony from 103.176.79.190 port 47714 ssh2
Sep 29 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Received disconnect from 103.176.79.190 port 47714:11: Bye Bye [preauth]
Sep 29 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14558]: Disconnected from 103.176.79.190 port 47714 [preauth]
Sep 29 18:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Failed password for root from 162.144.236.216 port 40930 ssh2
Sep 29 18:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Connection closed by 162.144.236.216 port 40930 [preauth]
Sep 29 18:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: Invalid user gits from 20.40.73.192
Sep 29 18:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: input_userauth_request: invalid user gits [preauth]
Sep 29 18:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: Failed password for invalid user gits from 20.40.73.192 port 46886 ssh2
Sep 29 18:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: Received disconnect from 20.40.73.192 port 46886:11: Bye Bye [preauth]
Sep 29 18:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14619]: Disconnected from 20.40.73.192 port 46886 [preauth]
Sep 29 18:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Failed password for root from 38.25.39.212 port 49202 ssh2
Sep 29 18:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Received disconnect from 38.25.39.212 port 49202:11: Bye Bye [preauth]
Sep 29 18:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Disconnected from 38.25.39.212 port 49202 [preauth]
Sep 29 18:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Invalid user test from 49.247.35.31
Sep 29 18:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: input_userauth_request: invalid user test [preauth]
Sep 29 18:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Failed password for root from 162.144.236.216 port 48146 ssh2
Sep 29 18:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Failed password for invalid user test from 49.247.35.31 port 62447 ssh2
Sep 29 18:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Received disconnect from 49.247.35.31 port 62447:11: Bye Bye [preauth]
Sep 29 18:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Disconnected from 49.247.35.31 port 62447 [preauth]
Sep 29 18:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Connection closed by 162.144.236.216 port 48146 [preauth]
Sep 29 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14654]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: Successful su for rubyman by root
Sep 29 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: + ??? root:rubyman
Sep 29 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316301 of user rubyman.
Sep 29 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316301.
Sep 29 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Invalid user control from 89.126.208.24
Sep 29 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: input_userauth_request: invalid user control [preauth]
Sep 29 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11737]: pam_unix(cron:session): session closed for user root
Sep 29 18:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14655]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Failed password for invalid user control from 89.126.208.24 port 58100 ssh2
Sep 29 18:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Received disconnect from 89.126.208.24 port 58100:11: Bye Bye [preauth]
Sep 29 18:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Disconnected from 89.126.208.24 port 58100 [preauth]
Sep 29 18:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: Failed password for root from 162.144.236.216 port 56904 ssh2
Sep 29 18:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14650]: Connection closed by 162.144.236.216 port 56904 [preauth]
Sep 29 18:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Failed password for root from 162.144.236.216 port 36736 ssh2
Sep 29 18:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14949]: Connection closed by 162.144.236.216 port 36736 [preauth]
Sep 29 18:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Invalid user minecraft from 103.162.31.192
Sep 29 18:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 18:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Failed password for root from 59.12.160.91 port 35832 ssh2
Sep 29 18:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Received disconnect from 59.12.160.91 port 35832:11: Bye Bye [preauth]
Sep 29 18:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Disconnected from 59.12.160.91 port 35832 [preauth]
Sep 29 18:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user minecraft from 103.162.31.192 port 44444 ssh2
Sep 29 18:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Received disconnect from 103.162.31.192 port 44444:11: Bye Bye [preauth]
Sep 29 18:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Disconnected from 103.162.31.192 port 44444 [preauth]
Sep 29 18:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session closed for user root
Sep 29 18:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Failed password for root from 162.144.236.216 port 44014 ssh2
Sep 29 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Connection closed by 162.144.236.216 port 44014 [preauth]
Sep 29 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Invalid user dev from 38.25.39.212
Sep 29 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: input_userauth_request: invalid user dev [preauth]
Sep 29 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Failed password for root from 162.144.236.216 port 53870 ssh2
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session closed for user root
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: Successful su for rubyman by root
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: + ??? root:rubyman
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316304 of user rubyman.
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15159]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316304.
Sep 29 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15070]: Connection closed by 162.144.236.216 port 53870 [preauth]
Sep 29 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Failed password for invalid user dev from 38.25.39.212 port 45370 ssh2
Sep 29 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Received disconnect from 38.25.39.212 port 45370:11: Bye Bye [preauth]
Sep 29 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15090]: Disconnected from 38.25.39.212 port 45370 [preauth]
Sep 29 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: Invalid user foundry from 49.247.35.31
Sep 29 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user root
Sep 29 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Invalid user nodeuser from 103.176.79.190
Sep 29 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: input_userauth_request: invalid user nodeuser [preauth]
Sep 29 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: Failed password for invalid user foundry from 49.247.35.31 port 18557 ssh2
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: Received disconnect from 49.247.35.31 port 18557:11: Bye Bye [preauth]
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15278]: Disconnected from 49.247.35.31 port 18557 [preauth]
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for invalid user nodeuser from 103.176.79.190 port 40330 ssh2
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Received disconnect from 103.176.79.190 port 40330:11: Bye Bye [preauth]
Sep 29 18:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Disconnected from 103.176.79.190 port 40330 [preauth]
Sep 29 18:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Invalid user superadmin from 89.126.208.24
Sep 29 18:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Failed password for root from 162.144.236.216 port 60590 ssh2
Sep 29 18:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Connection closed by 162.144.236.216 port 60590 [preauth]
Sep 29 18:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Failed password for invalid user superadmin from 89.126.208.24 port 53534 ssh2
Sep 29 18:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Received disconnect from 89.126.208.24 port 53534:11: Bye Bye [preauth]
Sep 29 18:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15382]: Disconnected from 89.126.208.24 port 53534 [preauth]
Sep 29 18:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Failed password for root from 20.40.73.192 port 51306 ssh2
Sep 29 18:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Received disconnect from 20.40.73.192 port 51306:11: Bye Bye [preauth]
Sep 29 18:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Disconnected from 20.40.73.192 port 51306 [preauth]
Sep 29 18:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Failed password for root from 162.144.236.216 port 40976 ssh2
Sep 29 18:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Connection closed by 162.144.236.216 port 40976 [preauth]
Sep 29 18:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for root from 162.144.236.216 port 46400 ssh2
Sep 29 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user root
Sep 29 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Connection closed by 162.144.236.216 port 46400 [preauth]
Sep 29 18:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Invalid user incoming from 59.12.160.91
Sep 29 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: input_userauth_request: invalid user incoming [preauth]
Sep 29 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Failed password for invalid user incoming from 59.12.160.91 port 33482 ssh2
Sep 29 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Received disconnect from 59.12.160.91 port 33482:11: Bye Bye [preauth]
Sep 29 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Disconnected from 59.12.160.91 port 33482 [preauth]
Sep 29 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Failed password for root from 103.162.31.192 port 49600 ssh2
Sep 29 18:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Received disconnect from 103.162.31.192 port 49600:11: Bye Bye [preauth]
Sep 29 18:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Disconnected from 103.162.31.192 port 49600 [preauth]
Sep 29 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: Failed password for root from 162.144.236.216 port 53262 ssh2
Sep 29 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15472]: Connection closed by 162.144.236.216 port 53262 [preauth]
Sep 29 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15539]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: Successful su for rubyman by root
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: + ??? root:rubyman
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316309 of user rubyman.
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316309.
Sep 29 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session closed for user root
Sep 29 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15537]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Failed password for root from 162.144.236.216 port 33566 ssh2
Sep 29 18:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Connection closed by 162.144.236.216 port 33566 [preauth]
Sep 29 18:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Failed password for root from 49.247.35.31 port 28471 ssh2
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Invalid user api_user from 89.126.208.24
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: input_userauth_request: invalid user api_user [preauth]
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Received disconnect from 49.247.35.31 port 28471:11: Bye Bye [preauth]
Sep 29 18:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Disconnected from 49.247.35.31 port 28471 [preauth]
Sep 29 18:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Failed password for invalid user api_user from 89.126.208.24 port 48974 ssh2
Sep 29 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Received disconnect from 89.126.208.24 port 48974:11: Bye Bye [preauth]
Sep 29 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Disconnected from 89.126.208.24 port 48974 [preauth]
Sep 29 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Failed password for root from 38.25.39.212 port 41540 ssh2
Sep 29 18:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Received disconnect from 38.25.39.212 port 41540:11: Bye Bye [preauth]
Sep 29 18:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Disconnected from 38.25.39.212 port 41540 [preauth]
Sep 29 18:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Failed password for root from 162.144.236.216 port 41116 ssh2
Sep 29 18:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15811]: Connection closed by 162.144.236.216 port 41116 [preauth]
Sep 29 18:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Failed password for root from 162.144.236.216 port 50658 ssh2
Sep 29 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session closed for user root
Sep 29 18:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Connection closed by 162.144.236.216 port 50658 [preauth]
Sep 29 18:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Failed password for root from 103.176.79.190 port 49938 ssh2
Sep 29 18:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Received disconnect from 103.176.79.190 port 49938:11: Bye Bye [preauth]
Sep 29 18:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Disconnected from 103.176.79.190 port 49938 [preauth]
Sep 29 18:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Failed password for root from 20.40.73.192 port 59528 ssh2
Sep 29 18:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Received disconnect from 20.40.73.192 port 59528:11: Bye Bye [preauth]
Sep 29 18:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Disconnected from 20.40.73.192 port 59528 [preauth]
Sep 29 18:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Failed password for root from 162.144.236.216 port 56254 ssh2
Sep 29 18:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Connection closed by 162.144.236.216 port 56254 [preauth]
Sep 29 18:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: Successful su for rubyman by root
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: + ??? root:rubyman
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316315 of user rubyman.
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316315.
Sep 29 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Invalid user dummy from 59.12.160.91
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: input_userauth_request: invalid user dummy [preauth]
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Failed password for root from 103.162.31.192 port 52884 ssh2
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Received disconnect from 103.162.31.192 port 52884:11: Bye Bye [preauth]
Sep 29 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Disconnected from 103.162.31.192 port 52884 [preauth]
Sep 29 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session closed for user root
Sep 29 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Failed password for invalid user dummy from 59.12.160.91 port 59110 ssh2
Sep 29 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Received disconnect from 59.12.160.91 port 59110:11: Bye Bye [preauth]
Sep 29 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16097]: Disconnected from 59.12.160.91 port 59110 [preauth]
Sep 29 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Failed password for root from 162.144.236.216 port 36104 ssh2
Sep 29 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Connection closed by 162.144.236.216 port 36104 [preauth]
Sep 29 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Failed password for root from 162.144.236.216 port 44748 ssh2
Sep 29 18:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Connection closed by 162.144.236.216 port 44748 [preauth]
Sep 29 18:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Invalid user ftpuser from 89.126.208.24
Sep 29 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: Failed password for root from 162.144.236.216 port 51166 ssh2
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Failed password for invalid user ftpuser from 89.126.208.24 port 44416 ssh2
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Received disconnect from 89.126.208.24 port 44416:11: Bye Bye [preauth]
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16288]: Disconnected from 89.126.208.24 port 44416 [preauth]
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for root from 49.247.35.31 port 14644 ssh2
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Received disconnect from 49.247.35.31 port 14644:11: Bye Bye [preauth]
Sep 29 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Disconnected from 49.247.35.31 port 14644 [preauth]
Sep 29 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16286]: Connection closed by 162.144.236.216 port 51166 [preauth]
Sep 29 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Invalid user webkul from 38.25.39.212
Sep 29 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: input_userauth_request: invalid user webkul [preauth]
Sep 29 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Failed password for invalid user webkul from 38.25.39.212 port 37704 ssh2
Sep 29 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Received disconnect from 38.25.39.212 port 37704:11: Bye Bye [preauth]
Sep 29 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Disconnected from 38.25.39.212 port 37704 [preauth]
Sep 29 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session closed for user root
Sep 29 18:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 162.144.236.216 port 57874 ssh2
Sep 29 18:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Connection closed by 162.144.236.216 port 57874 [preauth]
Sep 29 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Failed password for root from 162.144.236.216 port 38186 ssh2
Sep 29 18:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Connection closed by 162.144.236.216 port 38186 [preauth]
Sep 29 18:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16436]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session closed for user root
Sep 29 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16433]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16508]: Successful su for rubyman by root
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16508]: + ??? root:rubyman
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316319 of user rubyman.
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16508]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316319.
Sep 29 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16518]: Failed password for root from 20.40.73.192 port 48758 ssh2
Sep 29 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16518]: Received disconnect from 20.40.73.192 port 48758:11: Bye Bye [preauth]
Sep 29 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16518]: Disconnected from 20.40.73.192 port 48758 [preauth]
Sep 29 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13638]: pam_unix(cron:session): session closed for user root
Sep 29 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16436]: pam_unix(cron:session): session closed for user root
Sep 29 18:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16435]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Invalid user helen from 103.176.79.190
Sep 29 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: input_userauth_request: invalid user helen [preauth]
Sep 29 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Failed password for root from 162.144.236.216 port 46564 ssh2
Sep 29 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user helen from 103.176.79.190 port 36130 ssh2
Sep 29 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Received disconnect from 103.176.79.190 port 36130:11: Bye Bye [preauth]
Sep 29 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Disconnected from 103.176.79.190 port 36130 [preauth]
Sep 29 18:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Connection closed by 162.144.236.216 port 46564 [preauth]
Sep 29 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Invalid user ai from 59.12.160.91
Sep 29 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: input_userauth_request: invalid user ai [preauth]
Sep 29 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Invalid user apolo from 103.162.31.192
Sep 29 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: input_userauth_request: invalid user apolo [preauth]
Sep 29 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Failed password for invalid user ai from 59.12.160.91 port 57082 ssh2
Sep 29 18:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Received disconnect from 59.12.160.91 port 57082:11: Bye Bye [preauth]
Sep 29 18:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16773]: Disconnected from 59.12.160.91 port 57082 [preauth]
Sep 29 18:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Failed password for invalid user apolo from 103.162.31.192 port 33648 ssh2
Sep 29 18:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Received disconnect from 103.162.31.192 port 33648:11: Bye Bye [preauth]
Sep 29 18:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Disconnected from 103.162.31.192 port 33648 [preauth]
Sep 29 18:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: Invalid user james from 89.126.208.24
Sep 29 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: input_userauth_request: invalid user james [preauth]
Sep 29 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: Failed password for invalid user james from 89.126.208.24 port 39860 ssh2
Sep 29 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: Received disconnect from 89.126.208.24 port 39860:11: Bye Bye [preauth]
Sep 29 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: Disconnected from 89.126.208.24 port 39860 [preauth]
Sep 29 18:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Failed password for root from 162.144.236.216 port 54318 ssh2
Sep 29 18:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16761]: Connection closed by 162.144.236.216 port 54318 [preauth]
Sep 29 18:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Invalid user accounting from 49.247.35.31
Sep 29 18:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: input_userauth_request: invalid user accounting [preauth]
Sep 29 18:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for invalid user accounting from 49.247.35.31 port 48293 ssh2
Sep 29 18:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Received disconnect from 49.247.35.31 port 48293:11: Bye Bye [preauth]
Sep 29 18:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Disconnected from 49.247.35.31 port 48293 [preauth]
Sep 29 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15539]: pam_unix(cron:session): session closed for user root
Sep 29 18:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Failed password for root from 162.144.236.216 port 34482 ssh2
Sep 29 18:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Failed password for root from 38.25.39.212 port 33878 ssh2
Sep 29 18:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Received disconnect from 38.25.39.212 port 33878:11: Bye Bye [preauth]
Sep 29 18:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Disconnected from 38.25.39.212 port 33878 [preauth]
Sep 29 18:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Connection closed by 162.144.236.216 port 34482 [preauth]
Sep 29 18:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Failed password for root from 162.144.236.216 port 44276 ssh2
Sep 29 18:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16910]: Connection closed by 162.144.236.216 port 44276 [preauth]
Sep 29 18:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16931]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: Successful su for rubyman by root
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: + ??? root:rubyman
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316324 of user rubyman.
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17008]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316324.
Sep 29 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session closed for user root
Sep 29 18:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Failed password for root from 162.144.236.216 port 50030 ssh2
Sep 29 18:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16932]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Connection closed by 162.144.236.216 port 50030 [preauth]
Sep 29 18:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: Failed password for root from 162.144.236.216 port 55646 ssh2
Sep 29 18:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: Connection closed by 162.144.236.216 port 55646 [preauth]
Sep 29 18:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24  user=root
Sep 29 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Failed password for root from 89.126.208.24 port 35300 ssh2
Sep 29 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Received disconnect from 89.126.208.24 port 35300:11: Bye Bye [preauth]
Sep 29 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Disconnected from 89.126.208.24 port 35300 [preauth]
Sep 29 18:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Invalid user aovalle from 59.12.160.91
Sep 29 18:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: input_userauth_request: invalid user aovalle [preauth]
Sep 29 18:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Invalid user intern from 20.40.73.192
Sep 29 18:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: input_userauth_request: invalid user intern [preauth]
Sep 29 18:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Failed password for invalid user aovalle from 59.12.160.91 port 55068 ssh2
Sep 29 18:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Received disconnect from 59.12.160.91 port 55068:11: Bye Bye [preauth]
Sep 29 18:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Disconnected from 59.12.160.91 port 55068 [preauth]
Sep 29 18:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for invalid user intern from 20.40.73.192 port 50944 ssh2
Sep 29 18:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for root from 162.144.236.216 port 33326 ssh2
Sep 29 18:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Received disconnect from 20.40.73.192 port 50944:11: Bye Bye [preauth]
Sep 29 18:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Disconnected from 20.40.73.192 port 50944 [preauth]
Sep 29 18:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Connection closed by 162.144.236.216 port 33326 [preauth]
Sep 29 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Invalid user jupyter from 49.247.35.31
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Invalid user ai from 103.162.31.192
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: input_userauth_request: invalid user ai [preauth]
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user root
Sep 29 18:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 18:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for invalid user jupyter from 49.247.35.31 port 63994 ssh2
Sep 29 18:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Received disconnect from 49.247.35.31 port 63994:11: Bye Bye [preauth]
Sep 29 18:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Disconnected from 49.247.35.31 port 63994 [preauth]
Sep 29 18:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Failed password for invalid user ai from 103.162.31.192 port 60932 ssh2
Sep 29 18:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Received disconnect from 103.162.31.192 port 60932:11: Bye Bye [preauth]
Sep 29 18:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Disconnected from 103.162.31.192 port 60932 [preauth]
Sep 29 18:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Failed password for root from 93.152.230.176 port 5519 ssh2
Sep 29 18:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Received disconnect from 93.152.230.176 port 5519:11: Client disconnecting normally [preauth]
Sep 29 18:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17335]: Disconnected from 93.152.230.176 port 5519 [preauth]
Sep 29 18:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: Failed password for root from 162.144.236.216 port 42188 ssh2
Sep 29 18:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17314]: Connection closed by 162.144.236.216 port 42188 [preauth]
Sep 29 18:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Invalid user Sujan from 80.94.95.115
Sep 29 18:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: input_userauth_request: invalid user Sujan [preauth]
Sep 29 18:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 18:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Invalid user jupyter from 103.176.79.190
Sep 29 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for invalid user Sujan from 80.94.95.115 port 25452 ssh2
Sep 29 18:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Connection closed by 80.94.95.115 port 25452 [preauth]
Sep 29 18:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Failed password for invalid user jupyter from 103.176.79.190 port 50908 ssh2
Sep 29 18:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Received disconnect from 103.176.79.190 port 50908:11: Bye Bye [preauth]
Sep 29 18:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Disconnected from 103.176.79.190 port 50908 [preauth]
Sep 29 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Invalid user bloom from 38.25.39.212
Sep 29 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: input_userauth_request: invalid user bloom [preauth]
Sep 29 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Failed password for invalid user bloom from 38.25.39.212 port 58286 ssh2
Sep 29 18:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Received disconnect from 38.25.39.212 port 58286:11: Bye Bye [preauth]
Sep 29 18:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Disconnected from 38.25.39.212 port 58286 [preauth]
Sep 29 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: Successful su for rubyman by root
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: + ??? root:rubyman
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316329 of user rubyman.
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316329.
Sep 29 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Failed password for root from 162.144.236.216 port 48310 ssh2
Sep 29 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Connection closed by 162.144.236.216 port 48310 [preauth]
Sep 29 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14657]: pam_unix(cron:session): session closed for user root
Sep 29 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17423]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: Failed password for root from 162.144.236.216 port 58580 ssh2
Sep 29 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: Connection closed by 162.144.236.216 port 58580 [preauth]
Sep 29 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Invalid user uroosa from 167.99.55.34
Sep 29 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: input_userauth_request: invalid user uroosa [preauth]
Sep 29 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Failed password for invalid user uroosa from 167.99.55.34 port 58502 ssh2
Sep 29 18:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Connection closed by 167.99.55.34 port 58502 [preauth]
Sep 29 18:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Invalid user devuser from 89.126.208.24
Sep 29 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: input_userauth_request: invalid user devuser [preauth]
Sep 29 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.126.208.24
Sep 29 18:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 162.144.236.216 port 38592 ssh2
Sep 29 18:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Failed password for invalid user devuser from 89.126.208.24 port 58960 ssh2
Sep 29 18:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Received disconnect from 89.126.208.24 port 58960:11: Bye Bye [preauth]
Sep 29 18:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Disconnected from 89.126.208.24 port 58960 [preauth]
Sep 29 18:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Connection closed by 162.144.236.216 port 38592 [preauth]
Sep 29 18:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session closed for user root
Sep 29 18:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Invalid user riad from 59.12.160.91
Sep 29 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: input_userauth_request: invalid user riad [preauth]
Sep 29 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Invalid user incoming from 49.247.35.31
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: input_userauth_request: invalid user incoming [preauth]
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Failed password for invalid user riad from 59.12.160.91 port 52650 ssh2
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Received disconnect from 59.12.160.91 port 52650:11: Bye Bye [preauth]
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Disconnected from 59.12.160.91 port 52650 [preauth]
Sep 29 18:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17852]: Failed password for root from 162.144.236.216 port 46638 ssh2
Sep 29 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17852]: Connection closed by 162.144.236.216 port 46638 [preauth]
Sep 29 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Failed password for invalid user incoming from 49.247.35.31 port 4696 ssh2
Sep 29 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Received disconnect from 49.247.35.31 port 4696:11: Bye Bye [preauth]
Sep 29 18:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Disconnected from 49.247.35.31 port 4696 [preauth]
Sep 29 18:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Failed password for root from 103.162.31.192 port 59054 ssh2
Sep 29 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Received disconnect from 103.162.31.192 port 59054:11: Bye Bye [preauth]
Sep 29 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Disconnected from 103.162.31.192 port 59054 [preauth]
Sep 29 18:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Failed password for root from 20.40.73.192 port 50936 ssh2
Sep 29 18:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Received disconnect from 20.40.73.192 port 50936:11: Bye Bye [preauth]
Sep 29 18:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Disconnected from 20.40.73.192 port 50936 [preauth]
Sep 29 18:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: Failed password for root from 162.144.236.216 port 54166 ssh2
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: Connection closed by 162.144.236.216 port 54166 [preauth]
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17975]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18054]: Successful su for rubyman by root
Sep 29 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18054]: + ??? root:rubyman
Sep 29 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316331 of user rubyman.
Sep 29 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18054]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316331.
Sep 29 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Invalid user nodeuser from 38.25.39.212
Sep 29 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: input_userauth_request: invalid user nodeuser [preauth]
Sep 29 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session closed for user root
Sep 29 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Failed password for invalid user nodeuser from 38.25.39.212 port 54446 ssh2
Sep 29 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Received disconnect from 38.25.39.212 port 54446:11: Bye Bye [preauth]
Sep 29 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Disconnected from 38.25.39.212 port 54446 [preauth]
Sep 29 18:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17976]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: Failed password for root from 162.144.236.216 port 33164 ssh2
Sep 29 18:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Invalid user debian from 164.68.105.9
Sep 29 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: input_userauth_request: invalid user debian [preauth]
Sep 29 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: Connection closed by 162.144.236.216 port 33164 [preauth]
Sep 29 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Failed password for invalid user debian from 164.68.105.9 port 42228 ssh2
Sep 29 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18502]: Connection closed by 164.68.105.9 port 42228 [preauth]
Sep 29 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: Failed password for root from 162.144.236.216 port 39650 ssh2
Sep 29 18:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: Connection closed by 162.144.236.216 port 39650 [preauth]
Sep 29 18:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: Invalid user intern from 103.176.79.190
Sep 29 18:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: input_userauth_request: invalid user intern [preauth]
Sep 29 18:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: Failed password for invalid user intern from 103.176.79.190 port 55668 ssh2
Sep 29 18:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: Received disconnect from 103.176.79.190 port 55668:11: Bye Bye [preauth]
Sep 29 18:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18556]: Disconnected from 103.176.79.190 port 55668 [preauth]
Sep 29 18:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Failed password for root from 162.144.236.216 port 45898 ssh2
Sep 29 18:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Connection closed by 162.144.236.216 port 45898 [preauth]
Sep 29 18:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: Failed password for root from 162.144.236.216 port 52932 ssh2
Sep 29 18:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16934]: pam_unix(cron:session): session closed for user root
Sep 29 18:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: Connection closed by 162.144.236.216 port 52932 [preauth]
Sep 29 18:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Failed password for root from 162.144.236.216 port 58504 ssh2
Sep 29 18:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Connection closed by 162.144.236.216 port 58504 [preauth]
Sep 29 18:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Failed password for root from 59.12.160.91 port 49864 ssh2
Sep 29 18:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Received disconnect from 59.12.160.91 port 49864:11: Bye Bye [preauth]
Sep 29 18:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18690]: Disconnected from 59.12.160.91 port 49864 [preauth]
Sep 29 18:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for root from 49.247.35.31 port 29678 ssh2
Sep 29 18:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Received disconnect from 49.247.35.31 port 29678:11: Bye Bye [preauth]
Sep 29 18:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Disconnected from 49.247.35.31 port 29678 [preauth]
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: Successful su for rubyman by root
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: + ??? root:rubyman
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316335 of user rubyman.
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18775]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316335.
Sep 29 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Failed password for root from 162.144.236.216 port 36074 ssh2
Sep 29 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15538]: pam_unix(cron:session): session closed for user root
Sep 29 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18666]: Connection closed by 162.144.236.216 port 36074 [preauth]
Sep 29 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Failed password for root from 103.162.31.192 port 45268 ssh2
Sep 29 18:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Received disconnect from 103.162.31.192 port 45268:11: Bye Bye [preauth]
Sep 29 18:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18978]: Disconnected from 103.162.31.192 port 45268 [preauth]
Sep 29 18:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Failed password for root from 162.144.236.216 port 44988 ssh2
Sep 29 18:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Connection closed by 162.144.236.216 port 44988 [preauth]
Sep 29 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Invalid user kamil from 20.40.73.192
Sep 29 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: input_userauth_request: invalid user kamil [preauth]
Sep 29 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Failed password for invalid user kamil from 20.40.73.192 port 59842 ssh2
Sep 29 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Received disconnect from 20.40.73.192 port 59842:11: Bye Bye [preauth]
Sep 29 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19046]: Disconnected from 20.40.73.192 port 59842 [preauth]
Sep 29 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: Failed password for root from 38.25.39.212 port 50618 ssh2
Sep 29 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: Received disconnect from 38.25.39.212 port 50618:11: Bye Bye [preauth]
Sep 29 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: Disconnected from 38.25.39.212 port 50618 [preauth]
Sep 29 18:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19048]: Failed password for root from 162.144.236.216 port 50442 ssh2
Sep 29 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19048]: Connection closed by 162.144.236.216 port 50442 [preauth]
Sep 29 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17425]: pam_unix(cron:session): session closed for user root
Sep 29 18:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Failed password for root from 162.144.236.216 port 58222 ssh2
Sep 29 18:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Connection closed by 162.144.236.216 port 58222 [preauth]
Sep 29 18:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Invalid user consulta from 103.176.79.190
Sep 29 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: input_userauth_request: invalid user consulta [preauth]
Sep 29 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Failed password for invalid user consulta from 103.176.79.190 port 54988 ssh2
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Failed password for root from 162.144.236.216 port 37412 ssh2
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session closed for user root
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Received disconnect from 103.176.79.190 port 54988:11: Bye Bye [preauth]
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19182]: Disconnected from 103.176.79.190 port 54988 [preauth]
Sep 29 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: Successful su for rubyman by root
Sep 29 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: + ??? root:rubyman
Sep 29 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316340 of user rubyman.
Sep 29 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316340.
Sep 29 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Connection closed by 162.144.236.216 port 37412 [preauth]
Sep 29 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session closed for user root
Sep 29 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31  user=root
Sep 29 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Failed password for root from 49.247.35.31 port 44597 ssh2
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Received disconnect from 49.247.35.31 port 44597:11: Bye Bye [preauth]
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Disconnected from 49.247.35.31 port 44597 [preauth]
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Invalid user apolo from 59.12.160.91
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: input_userauth_request: invalid user apolo [preauth]
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session closed for user root
Sep 29 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Failed password for invalid user apolo from 59.12.160.91 port 47298 ssh2
Sep 29 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Received disconnect from 59.12.160.91 port 47298:11: Bye Bye [preauth]
Sep 29 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Disconnected from 59.12.160.91 port 47298 [preauth]
Sep 29 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for root from 162.144.236.216 port 45104 ssh2
Sep 29 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Connection closed by 162.144.236.216 port 45104 [preauth]
Sep 29 18:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Invalid user owner from 103.162.31.192
Sep 29 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: input_userauth_request: invalid user owner [preauth]
Sep 29 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Failed password for invalid user owner from 103.162.31.192 port 55960 ssh2
Sep 29 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Received disconnect from 103.162.31.192 port 55960:11: Bye Bye [preauth]
Sep 29 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Disconnected from 103.162.31.192 port 55960 [preauth]
Sep 29 18:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: Failed password for root from 162.144.236.216 port 52976 ssh2
Sep 29 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19870]: Connection closed by 162.144.236.216 port 52976 [preauth]
Sep 29 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Invalid user admin from 38.25.39.212
Sep 29 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Failed password for invalid user admin from 38.25.39.212 port 46776 ssh2
Sep 29 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Received disconnect from 38.25.39.212 port 46776:11: Bye Bye [preauth]
Sep 29 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Disconnected from 38.25.39.212 port 46776 [preauth]
Sep 29 18:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17978]: pam_unix(cron:session): session closed for user root
Sep 29 18:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Invalid user bloom from 20.40.73.192
Sep 29 18:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: input_userauth_request: invalid user bloom [preauth]
Sep 29 18:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Failed password for invalid user bloom from 20.40.73.192 port 39490 ssh2
Sep 29 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Received disconnect from 20.40.73.192 port 39490:11: Bye Bye [preauth]
Sep 29 18:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Disconnected from 20.40.73.192 port 39490 [preauth]
Sep 29 18:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19950]: Failed password for root from 162.144.236.216 port 33690 ssh2
Sep 29 18:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19950]: Connection closed by 162.144.236.216 port 33690 [preauth]
Sep 29 18:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20141]: Successful su for rubyman by root
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20141]: + ??? root:rubyman
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316345 of user rubyman.
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20141]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316345.
Sep 29 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: Failed password for root from 162.144.236.216 port 41984 ssh2
Sep 29 18:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20040]: Connection closed by 162.144.236.216 port 41984 [preauth]
Sep 29 18:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session closed for user root
Sep 29 18:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Failed password for root from 162.144.236.216 port 49316 ssh2
Sep 29 18:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Connection closed by 162.144.236.216 port 49316 [preauth]
Sep 29 18:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: Invalid user aovalle from 49.247.35.31
Sep 29 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: input_userauth_request: invalid user aovalle [preauth]
Sep 29 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.35.31
Sep 29 18:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Failed password for root from 162.144.236.216 port 57130 ssh2
Sep 29 18:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: Failed password for invalid user aovalle from 49.247.35.31 port 19136 ssh2
Sep 29 18:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: Received disconnect from 49.247.35.31 port 19136:11: Bye Bye [preauth]
Sep 29 18:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20416]: Disconnected from 49.247.35.31 port 19136 [preauth]
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Connection closed by 162.144.236.216 port 57130 [preauth]
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Invalid user test from 59.12.160.91
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: input_userauth_request: invalid user test [preauth]
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Failed password for invalid user test from 59.12.160.91 port 44504 ssh2
Sep 29 18:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Received disconnect from 59.12.160.91 port 44504:11: Bye Bye [preauth]
Sep 29 18:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Disconnected from 59.12.160.91 port 44504 [preauth]
Sep 29 18:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Invalid user dev from 103.176.79.190
Sep 29 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: input_userauth_request: invalid user dev [preauth]
Sep 29 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Failed password for root from 162.144.236.216 port 34438 ssh2
Sep 29 18:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Connection closed by 162.144.236.216 port 34438 [preauth]
Sep 29 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Failed password for invalid user dev from 103.176.79.190 port 55544 ssh2
Sep 29 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Received disconnect from 103.176.79.190 port 55544:11: Bye Bye [preauth]
Sep 29 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Disconnected from 103.176.79.190 port 55544 [preauth]
Sep 29 18:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session closed for user root
Sep 29 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Failed password for root from 162.144.236.216 port 42782 ssh2
Sep 29 18:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Connection closed by 162.144.236.216 port 42782 [preauth]
Sep 29 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Failed password for root from 38.25.39.212 port 42950 ssh2
Sep 29 18:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Received disconnect from 38.25.39.212 port 42950:11: Bye Bye [preauth]
Sep 29 18:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Disconnected from 38.25.39.212 port 42950 [preauth]
Sep 29 18:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Invalid user crystal from 103.162.31.192
Sep 29 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: input_userauth_request: invalid user crystal [preauth]
Sep 29 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Failed password for root from 162.144.236.216 port 48240 ssh2
Sep 29 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Failed password for invalid user crystal from 103.162.31.192 port 43584 ssh2
Sep 29 18:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Received disconnect from 103.162.31.192 port 43584:11: Bye Bye [preauth]
Sep 29 18:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Disconnected from 103.162.31.192 port 43584 [preauth]
Sep 29 18:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Connection closed by 162.144.236.216 port 48240 [preauth]
Sep 29 18:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Failed password for root from 162.144.236.216 port 54448 ssh2
Sep 29 18:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Connection closed by 162.144.236.216 port 54448 [preauth]
Sep 29 18:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Failed password for root from 162.144.236.216 port 33730 ssh2
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Connection closed by 162.144.236.216 port 33730 [preauth]
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20566]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: Successful su for rubyman by root
Sep 29 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: + ??? root:rubyman
Sep 29 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316352 of user rubyman.
Sep 29 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316352.
Sep 29 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Invalid user dspace from 20.40.73.192
Sep 29 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: input_userauth_request: invalid user dspace [preauth]
Sep 29 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16933]: pam_unix(cron:session): session closed for user root
Sep 29 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Failed password for invalid user dspace from 20.40.73.192 port 55978 ssh2
Sep 29 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Received disconnect from 20.40.73.192 port 55978:11: Bye Bye [preauth]
Sep 29 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Disconnected from 20.40.73.192 port 55978 [preauth]
Sep 29 18:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20567]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Failed password for root from 162.144.236.216 port 40274 ssh2
Sep 29 18:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Connection closed by 162.144.236.216 port 40274 [preauth]
Sep 29 18:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91  user=root
Sep 29 18:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: Failed password for root from 59.12.160.91 port 41836 ssh2
Sep 29 18:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: Failed password for root from 162.144.236.216 port 48284 ssh2
Sep 29 18:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: Received disconnect from 59.12.160.91 port 41836:11: Bye Bye [preauth]
Sep 29 18:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20923]: Disconnected from 59.12.160.91 port 41836 [preauth]
Sep 29 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20887]: Connection closed by 162.144.236.216 port 48284 [preauth]
Sep 29 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19201]: pam_unix(cron:session): session closed for user root
Sep 29 18:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Failed password for root from 162.144.236.216 port 55668 ssh2
Sep 29 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Invalid user intern from 38.25.39.212
Sep 29 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: input_userauth_request: invalid user intern [preauth]
Sep 29 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Connection closed by 162.144.236.216 port 55668 [preauth]
Sep 29 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Failed password for invalid user intern from 38.25.39.212 port 39118 ssh2
Sep 29 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Received disconnect from 38.25.39.212 port 39118:11: Bye Bye [preauth]
Sep 29 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Disconnected from 38.25.39.212 port 39118 [preauth]
Sep 29 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Failed password for root from 162.144.236.216 port 33694 ssh2
Sep 29 18:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Failed password for root from 103.176.79.190 port 42390 ssh2
Sep 29 18:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Received disconnect from 103.176.79.190 port 42390:11: Bye Bye [preauth]
Sep 29 18:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Disconnected from 103.176.79.190 port 42390 [preauth]
Sep 29 18:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Connection closed by 162.144.236.216 port 33694 [preauth]
Sep 29 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Failed password for root from 103.162.31.192 port 48182 ssh2
Sep 29 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Received disconnect from 103.162.31.192 port 48182:11: Bye Bye [preauth]
Sep 29 18:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Disconnected from 103.162.31.192 port 48182 [preauth]
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21034]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: Successful su for rubyman by root
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: + ??? root:rubyman
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316355 of user rubyman.
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316355.
Sep 29 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session closed for user root
Sep 29 18:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: Failed password for root from 162.144.236.216 port 39144 ssh2
Sep 29 18:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: Connection closed by 162.144.236.216 port 39144 [preauth]
Sep 29 18:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: Failed password for root from 20.40.73.192 port 47790 ssh2
Sep 29 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: Received disconnect from 20.40.73.192 port 47790:11: Bye Bye [preauth]
Sep 29 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21366]: Disconnected from 20.40.73.192 port 47790 [preauth]
Sep 29 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session closed for user root
Sep 29 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Failed password for root from 162.144.236.216 port 49468 ssh2
Sep 29 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Connection closed by 162.144.236.216 port 49468 [preauth]
Sep 29 18:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Invalid user superadmin from 59.12.160.91
Sep 29 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for invalid user superadmin from 59.12.160.91 port 39382 ssh2
Sep 29 18:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Received disconnect from 59.12.160.91 port 39382:11: Bye Bye [preauth]
Sep 29 18:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Disconnected from 59.12.160.91 port 39382 [preauth]
Sep 29 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: Failed password for root from 162.144.236.216 port 57296 ssh2
Sep 29 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: Connection closed by 162.144.236.216 port 57296 [preauth]
Sep 29 18:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Invalid user sham from 38.25.39.212
Sep 29 18:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: input_userauth_request: invalid user sham [preauth]
Sep 29 18:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: Successful su for rubyman by root
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: + ??? root:rubyman
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316358 of user rubyman.
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316358.
Sep 29 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Failed password for invalid user sham from 38.25.39.212 port 35286 ssh2
Sep 29 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Received disconnect from 38.25.39.212 port 35286:11: Bye Bye [preauth]
Sep 29 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Disconnected from 38.25.39.212 port 35286 [preauth]
Sep 29 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17977]: pam_unix(cron:session): session closed for user root
Sep 29 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Failed password for root from 162.144.236.216 port 37586 ssh2
Sep 29 18:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21480]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Connection closed by 162.144.236.216 port 37586 [preauth]
Sep 29 18:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: Invalid user afzal from 103.162.31.192
Sep 29 18:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: input_userauth_request: invalid user afzal [preauth]
Sep 29 18:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192
Sep 29 18:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Failed password for root from 162.144.236.216 port 46056 ssh2
Sep 29 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Connection closed by 162.144.236.216 port 46056 [preauth]
Sep 29 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: Failed password for invalid user afzal from 103.162.31.192 port 37306 ssh2
Sep 29 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: Received disconnect from 103.162.31.192 port 37306:11: Bye Bye [preauth]
Sep 29 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21772]: Disconnected from 103.162.31.192 port 37306 [preauth]
Sep 29 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Failed password for root from 103.176.79.190 port 48650 ssh2
Sep 29 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Received disconnect from 103.176.79.190 port 48650:11: Bye Bye [preauth]
Sep 29 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Disconnected from 103.176.79.190 port 48650 [preauth]
Sep 29 18:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Failed password for root from 162.144.236.216 port 53098 ssh2
Sep 29 18:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Connection closed by 162.144.236.216 port 53098 [preauth]
Sep 29 18:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20570]: pam_unix(cron:session): session closed for user root
Sep 29 18:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21833]: Did not receive identification string from 162.144.236.216
Sep 29 18:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Invalid user majid from 167.99.55.34
Sep 29 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: input_userauth_request: invalid user majid [preauth]
Sep 29 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Failed password for invalid user majid from 167.99.55.34 port 33756 ssh2
Sep 29 18:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Connection closed by 167.99.55.34 port 33756 [preauth]
Sep 29 18:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: Failed password for root from 162.144.236.216 port 33360 ssh2
Sep 29 18:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21876]: Connection closed by 162.144.236.216 port 33360 [preauth]
Sep 29 18:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: Failed password for root from 20.40.73.192 port 51682 ssh2
Sep 29 18:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: Received disconnect from 20.40.73.192 port 51682:11: Bye Bye [preauth]
Sep 29 18:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21920]: Disconnected from 20.40.73.192 port 51682 [preauth]
Sep 29 18:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Invalid user ash from 59.12.160.91
Sep 29 18:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: input_userauth_request: invalid user ash [preauth]
Sep 29 18:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21938]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21937]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21940]: pam_unix(cron:session): session closed for user root
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21935]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Failed password for invalid user ash from 59.12.160.91 port 37822 ssh2
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Received disconnect from 59.12.160.91 port 37822:11: Bye Bye [preauth]
Sep 29 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21932]: Disconnected from 59.12.160.91 port 37822 [preauth]
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22018]: Successful su for rubyman by root
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22018]: + ??? root:rubyman
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316364 of user rubyman.
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22018]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316364.
Sep 29 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: Invalid user admin from 93.152.230.176
Sep 29 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Failed password for root from 162.144.236.216 port 42032 ssh2
Sep 29 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: Failed password for invalid user admin from 93.152.230.176 port 46283 ssh2
Sep 29 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: Received disconnect from 93.152.230.176 port 46283:11: Client disconnecting normally [preauth]
Sep 29 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22015]: Disconnected from 93.152.230.176 port 46283 [preauth]
Sep 29 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21922]: Connection closed by 162.144.236.216 port 42032 [preauth]
Sep 29 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session closed for user root
Sep 29 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21937]: pam_unix(cron:session): session closed for user root
Sep 29 18:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21936]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Invalid user superadmin from 38.25.39.212
Sep 29 18:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for root from 162.144.236.216 port 49176 ssh2
Sep 29 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Failed password for invalid user superadmin from 38.25.39.212 port 59688 ssh2
Sep 29 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Received disconnect from 38.25.39.212 port 59688:11: Bye Bye [preauth]
Sep 29 18:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Disconnected from 38.25.39.212 port 59688 [preauth]
Sep 29 18:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Connection closed by 162.144.236.216 port 49176 [preauth]
Sep 29 18:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Failed password for root from 162.144.236.216 port 57494 ssh2
Sep 29 18:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Connection closed by 162.144.236.216 port 57494 [preauth]
Sep 29 18:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Sep 29 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: Failed password for root from 162.144.236.216 port 36306 ssh2
Sep 29 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.162.31.192  user=root
Sep 29 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22305]: Connection closed by 162.144.236.216 port 36306 [preauth]
Sep 29 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user root
Sep 29 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Failed password for root from 80.94.95.115 port 40344 ssh2
Sep 29 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Connection closed by 80.94.95.115 port 40344 [preauth]
Sep 29 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Failed password for root from 103.162.31.192 port 50014 ssh2
Sep 29 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Received disconnect from 103.162.31.192 port 50014:11: Bye Bye [preauth]
Sep 29 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Disconnected from 103.162.31.192 port 50014 [preauth]
Sep 29 18:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22349]: Failed password for root from 162.144.236.216 port 43590 ssh2
Sep 29 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22349]: Connection closed by 162.144.236.216 port 43590 [preauth]
Sep 29 18:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Failed password for root from 162.144.236.216 port 50390 ssh2
Sep 29 18:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Connection closed by 162.144.236.216 port 50390 [preauth]
Sep 29 18:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22414]: Failed password for root from 162.144.236.216 port 57230 ssh2
Sep 29 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22414]: Connection closed by 162.144.236.216 port 57230 [preauth]
Sep 29 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Invalid user foundry from 103.176.79.190
Sep 29 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Failed password for invalid user foundry from 103.176.79.190 port 43510 ssh2
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Received disconnect from 103.176.79.190 port 43510:11: Bye Bye [preauth]
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22435]: Disconnected from 103.176.79.190 port 43510 [preauth]
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22449]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: Successful su for rubyman by root
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: + ??? root:rubyman
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316369 of user rubyman.
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316369.
Sep 29 18:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22451]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session closed for user root
Sep 29 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Failed password for root from 162.144.236.216 port 35448 ssh2
Sep 29 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Connection closed by 162.144.236.216 port 35448 [preauth]
Sep 29 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Failed password for root from 162.144.236.216 port 44818 ssh2
Sep 29 18:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for root from 20.40.73.192 port 36384 ssh2
Sep 29 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Received disconnect from 20.40.73.192 port 36384:11: Bye Bye [preauth]
Sep 29 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Disconnected from 20.40.73.192 port 36384 [preauth]
Sep 29 18:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Connection closed by 162.144.236.216 port 44818 [preauth]
Sep 29 18:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Failed password for root from 38.25.39.212 port 55864 ssh2
Sep 29 18:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Received disconnect from 38.25.39.212 port 55864:11: Bye Bye [preauth]
Sep 29 18:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23007]: Disconnected from 38.25.39.212 port 55864 [preauth]
Sep 29 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session closed for user root
Sep 29 18:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Failed password for root from 162.144.236.216 port 49316 ssh2
Sep 29 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Connection closed by 162.144.236.216 port 49316 [preauth]
Sep 29 18:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: Failed password for root from 162.144.236.216 port 56588 ssh2
Sep 29 18:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: Connection closed by 162.144.236.216 port 56588 [preauth]
Sep 29 18:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23147]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: Successful su for rubyman by root
Sep 29 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: + ??? root:rubyman
Sep 29 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316372 of user rubyman.
Sep 29 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316372.
Sep 29 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user root
Sep 29 18:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: Failed password for root from 162.144.236.216 port 35338 ssh2
Sep 29 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23126]: Connection closed by 162.144.236.216 port 35338 [preauth]
Sep 29 18:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Failed password for root from 162.144.236.216 port 43328 ssh2
Sep 29 18:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Connection closed by 162.144.236.216 port 43328 [preauth]
Sep 29 18:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: Failed password for root from 103.176.79.190 port 43168 ssh2
Sep 29 18:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: Received disconnect from 103.176.79.190 port 43168:11: Bye Bye [preauth]
Sep 29 18:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23751]: Disconnected from 103.176.79.190 port 43168 [preauth]
Sep 29 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21939]: pam_unix(cron:session): session closed for user root
Sep 29 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Failed password for root from 162.144.236.216 port 50950 ssh2
Sep 29 18:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Connection closed by 162.144.236.216 port 50950 [preauth]
Sep 29 18:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Invalid user nodeuser from 38.25.39.212
Sep 29 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: input_userauth_request: invalid user nodeuser [preauth]
Sep 29 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Failed password for invalid user nodeuser from 38.25.39.212 port 52018 ssh2
Sep 29 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Received disconnect from 38.25.39.212 port 52018:11: Bye Bye [preauth]
Sep 29 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23796]: Disconnected from 38.25.39.212 port 52018 [preauth]
Sep 29 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Invalid user test from 20.40.73.192
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: input_userauth_request: invalid user test [preauth]
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23813]: Invalid user admin from 139.19.117.131
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23813]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Failed password for invalid user test from 20.40.73.192 port 46152 ssh2
Sep 29 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Received disconnect from 20.40.73.192 port 46152:11: Bye Bye [preauth]
Sep 29 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23807]: Disconnected from 20.40.73.192 port 46152 [preauth]
Sep 29 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: Failed password for root from 162.144.236.216 port 33076 ssh2
Sep 29 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23795]: Connection closed by 162.144.236.216 port 33076 [preauth]
Sep 29 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Failed password for root from 162.144.236.216 port 39142 ssh2
Sep 29 18:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23813]: Connection closed by 139.19.117.131 port 34194 [preauth]
Sep 29 18:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Connection closed by 162.144.236.216 port 39142 [preauth]
Sep 29 18:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Failed password for root from 162.144.236.216 port 44496 ssh2
Sep 29 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23860]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23925]: Successful su for rubyman by root
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23925]: + ??? root:rubyman
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316376 of user rubyman.
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23925]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316376.
Sep 29 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Connection closed by 162.144.236.216 port 44496 [preauth]
Sep 29 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20568]: pam_unix(cron:session): session closed for user root
Sep 29 18:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24194]: Did not receive identification string from 50.116.26.161
Sep 29 18:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24004]: Failed password for root from 162.144.236.216 port 50868 ssh2
Sep 29 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24004]: Connection closed by 162.144.236.216 port 50868 [preauth]
Sep 29 18:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24207]: Did not receive identification string from 162.144.236.216
Sep 29 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
Sep 29 18:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24230]: Failed password for root from 162.144.236.216 port 60314 ssh2
Sep 29 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24230]: Connection closed by 162.144.236.216 port 60314 [preauth]
Sep 29 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: Failed password for root from 162.144.236.216 port 39424 ssh2
Sep 29 18:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24289]: Connection closed by 162.144.236.216 port 39424 [preauth]
Sep 29 18:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Failed password for root from 38.25.39.212 port 48198 ssh2
Sep 29 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Received disconnect from 38.25.39.212 port 48198:11: Bye Bye [preauth]
Sep 29 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24325]: Disconnected from 38.25.39.212 port 48198 [preauth]
Sep 29 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24359]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24436]: Successful su for rubyman by root
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24436]: + ??? root:rubyman
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316379 of user rubyman.
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24436]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316379.
Sep 29 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Invalid user kamil from 103.176.79.190
Sep 29 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: input_userauth_request: invalid user kamil [preauth]
Sep 29 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Invalid user dev from 20.40.73.192
Sep 29 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: input_userauth_request: invalid user dev [preauth]
Sep 29 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Failed password for root from 162.144.236.216 port 45648 ssh2
Sep 29 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session closed for user root
Sep 29 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Failed password for invalid user kamil from 103.176.79.190 port 39474 ssh2
Sep 29 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Received disconnect from 103.176.79.190 port 39474:11: Bye Bye [preauth]
Sep 29 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24472]: Disconnected from 103.176.79.190 port 39474 [preauth]
Sep 29 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Failed password for invalid user dev from 20.40.73.192 port 42348 ssh2
Sep 29 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Connection closed by 162.144.236.216 port 45648 [preauth]
Sep 29 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Received disconnect from 20.40.73.192 port 42348:11: Bye Bye [preauth]
Sep 29 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Disconnected from 20.40.73.192 port 42348 [preauth]
Sep 29 18:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: Failed password for root from 162.144.236.216 port 52914 ssh2
Sep 29 18:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24636]: Connection closed by 162.144.236.216 port 52914 [preauth]
Sep 29 18:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: Failed password for root from 162.144.236.216 port 58826 ssh2
Sep 29 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: Connection closed by 162.144.236.216 port 58826 [preauth]
Sep 29 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23147]: pam_unix(cron:session): session closed for user root
Sep 29 18:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Failed password for root from 162.144.236.216 port 38694 ssh2
Sep 29 18:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Connection closed by 162.144.236.216 port 38694 [preauth]
Sep 29 18:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: Failed password for root from 162.144.236.216 port 45700 ssh2
Sep 29 18:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24777]: Connection closed by 162.144.236.216 port 45700 [preauth]
Sep 29 18:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Failed password for root from 162.144.236.216 port 53052 ssh2
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Connection closed by 162.144.236.216 port 53052 [preauth]
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Invalid user dns from 38.25.39.212
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: input_userauth_request: invalid user dns [preauth]
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Failed password for invalid user dns from 38.25.39.212 port 44364 ssh2
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Received disconnect from 38.25.39.212 port 44364:11: Bye Bye [preauth]
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Disconnected from 38.25.39.212 port 44364 [preauth]
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session closed for user root
Sep 29 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24906]: Successful su for rubyman by root
Sep 29 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24906]: + ??? root:rubyman
Sep 29 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316384 of user rubyman.
Sep 29 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24906]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316384.
Sep 29 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session closed for user root
Sep 29 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session closed for user root
Sep 29 18:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Failed password for root from 162.144.236.216 port 57952 ssh2
Sep 29 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Connection closed by 162.144.236.216 port 57952 [preauth]
Sep 29 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Failed password for root from 162.144.236.216 port 37442 ssh2
Sep 29 18:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Connection closed by 162.144.236.216 port 37442 [preauth]
Sep 29 18:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Failed password for root from 162.144.236.216 port 43578 ssh2
Sep 29 18:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Connection closed by 162.144.236.216 port 43578 [preauth]
Sep 29 18:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Invalid user anthony from 20.40.73.192
Sep 29 18:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: input_userauth_request: invalid user anthony [preauth]
Sep 29 18:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: Failed password for root from 162.144.236.216 port 50474 ssh2
Sep 29 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Failed password for invalid user anthony from 20.40.73.192 port 54092 ssh2
Sep 29 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25217]: Connection closed by 162.144.236.216 port 50474 [preauth]
Sep 29 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Received disconnect from 20.40.73.192 port 54092:11: Bye Bye [preauth]
Sep 29 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Disconnected from 20.40.73.192 port 54092 [preauth]
Sep 29 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23860]: pam_unix(cron:session): session closed for user root
Sep 29 18:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Invalid user webkul from 103.176.79.190
Sep 29 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: input_userauth_request: invalid user webkul [preauth]
Sep 29 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Failed password for invalid user webkul from 103.176.79.190 port 46542 ssh2
Sep 29 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Received disconnect from 103.176.79.190 port 46542:11: Bye Bye [preauth]
Sep 29 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Disconnected from 103.176.79.190 port 46542 [preauth]
Sep 29 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Failed password for root from 162.144.236.216 port 57026 ssh2
Sep 29 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25267]: Connection closed by 162.144.236.216 port 57026 [preauth]
Sep 29 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for root from 162.144.236.216 port 37322 ssh2
Sep 29 18:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Connection closed by 162.144.236.216 port 37322 [preauth]
Sep 29 18:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Invalid user wangzihao from 213.209.157.9
Sep 29 18:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: input_userauth_request: invalid user wangzihao [preauth]
Sep 29 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 18:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Failed password for invalid user wangzihao from 213.209.157.9 port 20638 ssh2
Sep 29 18:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Connection closed by 213.209.157.9 port 20638 [preauth]
Sep 29 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: Failed password for root from 162.144.236.216 port 44482 ssh2
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25553]: Connection closed by 162.144.236.216 port 44482 [preauth]
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25652]: Successful su for rubyman by root
Sep 29 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25652]: + ??? root:rubyman
Sep 29 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316390 of user rubyman.
Sep 29 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25652]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316390.
Sep 29 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21938]: pam_unix(cron:session): session closed for user root
Sep 29 18:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Invalid user minecraft from 38.25.39.212
Sep 29 18:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 18:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Failed password for invalid user minecraft from 38.25.39.212 port 40540 ssh2
Sep 29 18:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Received disconnect from 38.25.39.212 port 40540:11: Bye Bye [preauth]
Sep 29 18:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Disconnected from 38.25.39.212 port 40540 [preauth]
Sep 29 18:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: Failed password for root from 162.144.236.216 port 49800 ssh2
Sep 29 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25573]: Connection closed by 162.144.236.216 port 49800 [preauth]
Sep 29 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Failed password for root from 162.144.236.216 port 56882 ssh2
Sep 29 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Connection closed by 162.144.236.216 port 56882 [preauth]
Sep 29 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session closed for user root
Sep 29 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: Invalid user admin from 78.128.112.74
Sep 29 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 18:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for root from 162.144.236.216 port 34522 ssh2
Sep 29 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: Failed password for invalid user admin from 78.128.112.74 port 40872 ssh2
Sep 29 18:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: Connection closed by 78.128.112.74 port 40872 [preauth]
Sep 29 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Connection closed by 162.144.236.216 port 34522 [preauth]
Sep 29 18:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Failed password for root from 20.40.73.192 port 54650 ssh2
Sep 29 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Received disconnect from 20.40.73.192 port 54650:11: Bye Bye [preauth]
Sep 29 18:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Disconnected from 20.40.73.192 port 54650 [preauth]
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Failed password for root from 162.144.236.216 port 42622 ssh2
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: Successful su for rubyman by root
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: + ??? root:rubyman
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316396 of user rubyman.
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26230]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316396.
Sep 29 18:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Connection closed by 162.144.236.216 port 42622 [preauth]
Sep 29 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user root
Sep 29 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Failed password for root from 162.144.236.216 port 51312 ssh2
Sep 29 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26521]: Connection closed by 162.144.236.216 port 51312 [preauth]
Sep 29 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: Invalid user minecraft from 103.176.79.190
Sep 29 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: input_userauth_request: invalid user minecraft [preauth]
Sep 29 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: Failed password for invalid user minecraft from 103.176.79.190 port 47442 ssh2
Sep 29 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: Received disconnect from 103.176.79.190 port 47442:11: Bye Bye [preauth]
Sep 29 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26565]: Disconnected from 103.176.79.190 port 47442 [preauth]
Sep 29 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Invalid user jupyter from 38.25.39.212
Sep 29 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for root from 162.144.236.216 port 56702 ssh2
Sep 29 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Failed password for invalid user jupyter from 38.25.39.212 port 36704 ssh2
Sep 29 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Received disconnect from 38.25.39.212 port 36704:11: Bye Bye [preauth]
Sep 29 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Disconnected from 38.25.39.212 port 36704 [preauth]
Sep 29 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Connection closed by 162.144.236.216 port 56702 [preauth]
Sep 29 18:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Invalid user asim from 167.99.55.34
Sep 29 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: input_userauth_request: invalid user asim [preauth]
Sep 29 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Failed password for invalid user asim from 167.99.55.34 port 45664 ssh2
Sep 29 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Connection closed by 167.99.55.34 port 45664 [preauth]
Sep 29 18:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Failed password for root from 162.144.236.216 port 33694 ssh2
Sep 29 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Connection closed by 162.144.236.216 port 33694 [preauth]
Sep 29 18:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24840]: pam_unix(cron:session): session closed for user root
Sep 29 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Failed password for root from 162.144.236.216 port 40700 ssh2
Sep 29 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Connection closed by 162.144.236.216 port 40700 [preauth]
Sep 29 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Failed password for root from 162.144.236.216 port 49288 ssh2
Sep 29 18:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Connection closed by 162.144.236.216 port 49288 [preauth]
Sep 29 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Failed password for root from 162.144.236.216 port 57458 ssh2
Sep 29 18:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Connection closed by 162.144.236.216 port 57458 [preauth]
Sep 29 18:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26755]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26756]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26857]: Successful su for rubyman by root
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26857]: + ??? root:rubyman
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316397 of user rubyman.
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26857]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316397.
Sep 29 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session closed for user root
Sep 29 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26745]: Failed password for root from 162.144.236.216 port 34910 ssh2
Sep 29 18:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26745]: Connection closed by 162.144.236.216 port 34910 [preauth]
Sep 29 18:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Failed password for root from 162.144.236.216 port 40736 ssh2
Sep 29 18:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Connection closed by 162.144.236.216 port 40736 [preauth]
Sep 29 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Invalid user teamspeak from 93.152.230.176
Sep 29 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: input_userauth_request: invalid user teamspeak [preauth]
Sep 29 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Failed password for root from 20.40.73.192 port 34310 ssh2
Sep 29 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Received disconnect from 20.40.73.192 port 34310:11: Bye Bye [preauth]
Sep 29 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Disconnected from 20.40.73.192 port 34310 [preauth]
Sep 29 18:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Failed password for invalid user teamspeak from 93.152.230.176 port 25477 ssh2
Sep 29 18:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Received disconnect from 93.152.230.176 port 25477:11: Client disconnecting normally [preauth]
Sep 29 18:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Disconnected from 93.152.230.176 port 25477 [preauth]
Sep 29 18:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Failed password for root from 38.25.39.212 port 32868 ssh2
Sep 29 18:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Received disconnect from 38.25.39.212 port 32868:11: Bye Bye [preauth]
Sep 29 18:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Disconnected from 38.25.39.212 port 32868 [preauth]
Sep 29 18:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25582]: pam_unix(cron:session): session closed for user root
Sep 29 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: Failed password for root from 162.144.236.216 port 48734 ssh2
Sep 29 18:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27206]: Connection closed by 162.144.236.216 port 48734 [preauth]
Sep 29 18:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Invalid user nodeuser from 103.176.79.190
Sep 29 18:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: input_userauth_request: invalid user nodeuser [preauth]
Sep 29 18:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Failed password for invalid user nodeuser from 103.176.79.190 port 58478 ssh2
Sep 29 18:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Received disconnect from 103.176.79.190 port 58478:11: Bye Bye [preauth]
Sep 29 18:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Disconnected from 103.176.79.190 port 58478 [preauth]
Sep 29 18:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Failed password for root from 162.144.236.216 port 56258 ssh2
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Connection closed by 162.144.236.216 port 56258 [preauth]
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27308]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27496]: Successful su for rubyman by root
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27496]: + ??? root:rubyman
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316404 of user rubyman.
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27496]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316404.
Sep 29 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27306]: pam_unix(cron:session): session closed for user root
Sep 29 18:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session closed for user root
Sep 29 18:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: Failed password for root from 162.144.236.216 port 36162 ssh2
Sep 29 18:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: Connection closed by 162.144.236.216 port 36162 [preauth]
Sep 29 18:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: Invalid user prueba from 185.156.73.233
Sep 29 18:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: input_userauth_request: invalid user prueba [preauth]
Sep 29 18:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: Failed password for invalid user prueba from 185.156.73.233 port 63186 ssh2
Sep 29 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27925]: Connection closed by 185.156.73.233 port 63186 [preauth]
Sep 29 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session closed for user root
Sep 29 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Failed password for root from 38.25.39.212 port 57264 ssh2
Sep 29 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Received disconnect from 38.25.39.212 port 57264:11: Bye Bye [preauth]
Sep 29 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27988]: Disconnected from 38.25.39.212 port 57264 [preauth]
Sep 29 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Failed password for root from 162.144.236.216 port 47898 ssh2
Sep 29 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Connection closed by 162.144.236.216 port 47898 [preauth]
Sep 29 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Failed password for root from 20.40.73.192 port 33746 ssh2
Sep 29 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Received disconnect from 20.40.73.192 port 33746:11: Bye Bye [preauth]
Sep 29 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Disconnected from 20.40.73.192 port 33746 [preauth]
Sep 29 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Failed password for root from 162.144.236.216 port 57290 ssh2
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Connection closed by 162.144.236.216 port 57290 [preauth]
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28067]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session closed for user root
Sep 29 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28146]: Successful su for rubyman by root
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28146]: + ??? root:rubyman
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316406 of user rubyman.
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28146]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316406.
Sep 29 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28067]: pam_unix(cron:session): session closed for user root
Sep 29 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24359]: pam_unix(cron:session): session closed for user root
Sep 29 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Failed password for root from 162.144.236.216 port 36180 ssh2
Sep 29 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Connection closed by 162.144.236.216 port 36180 [preauth]
Sep 29 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for root from 162.144.236.216 port 41620 ssh2
Sep 29 18:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Connection closed by 162.144.236.216 port 41620 [preauth]
Sep 29 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Failed password for root from 103.176.79.190 port 40550 ssh2
Sep 29 18:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Received disconnect from 103.176.79.190 port 40550:11: Bye Bye [preauth]
Sep 29 18:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28425]: Disconnected from 103.176.79.190 port 40550 [preauth]
Sep 29 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Invalid user david from 62.60.131.157
Sep 29 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: input_userauth_request: invalid user david [preauth]
Sep 29 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Failed password for root from 162.144.236.216 port 47856 ssh2
Sep 29 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Connection closed by 162.144.236.216 port 47856 [preauth]
Sep 29 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user david from 62.60.131.157 port 61689 ssh2
Sep 29 18:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user david from 62.60.131.157 port 61689 ssh2
Sep 29 18:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user david from 62.60.131.157 port 61689 ssh2
Sep 29 18:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user david from 62.60.131.157 port 61689 ssh2
Sep 29 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26756]: pam_unix(cron:session): session closed for user root
Sep 29 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: Failed password for root from 162.144.236.216 port 54350 ssh2
Sep 29 18:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: Connection closed by 162.144.236.216 port 54350 [preauth]
Sep 29 18:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for invalid user david from 62.60.131.157 port 61689 ssh2
Sep 29 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Received disconnect from 62.60.131.157 port 61689:11: Bye [preauth]
Sep 29 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Disconnected from 62.60.131.157 port 61689 [preauth]
Sep 29 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 18:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Failed password for root from 162.144.236.216 port 33314 ssh2
Sep 29 18:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Connection closed by 162.144.236.216 port 33314 [preauth]
Sep 29 18:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Invalid user admin from 38.25.39.212
Sep 29 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Failed password for invalid user admin from 38.25.39.212 port 53442 ssh2
Sep 29 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Received disconnect from 38.25.39.212 port 53442:11: Bye Bye [preauth]
Sep 29 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Disconnected from 38.25.39.212 port 53442 [preauth]
Sep 29 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: Failed password for root from 162.144.236.216 port 40368 ssh2
Sep 29 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28645]: Connection closed by 162.144.236.216 port 40368 [preauth]
Sep 29 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Failed password for root from 162.144.236.216 port 46018 ssh2
Sep 29 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28672]: Connection closed by 162.144.236.216 port 46018 [preauth]
Sep 29 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28699]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28700]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28695]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28777]: Successful su for rubyman by root
Sep 29 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28777]: + ??? root:rubyman
Sep 29 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316412 of user rubyman.
Sep 29 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28777]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316412.
Sep 29 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: Failed password for root from 162.144.236.216 port 53284 ssh2
Sep 29 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24839]: pam_unix(cron:session): session closed for user root
Sep 29 18:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28692]: Connection closed by 162.144.236.216 port 53284 [preauth]
Sep 29 18:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Invalid user infinity from 20.40.73.192
Sep 29 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: input_userauth_request: invalid user infinity [preauth]
Sep 29 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29095]: Failed password for root from 162.144.236.216 port 60294 ssh2
Sep 29 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Failed password for invalid user infinity from 20.40.73.192 port 39830 ssh2
Sep 29 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Received disconnect from 20.40.73.192 port 39830:11: Bye Bye [preauth]
Sep 29 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Disconnected from 20.40.73.192 port 39830 [preauth]
Sep 29 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29095]: Connection closed by 162.144.236.216 port 60294 [preauth]
Sep 29 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: Failed password for root from 162.144.236.216 port 39552 ssh2
Sep 29 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: Connection closed by 162.144.236.216 port 39552 [preauth]
Sep 29 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27314]: pam_unix(cron:session): session closed for user root
Sep 29 18:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Failed password for root from 162.144.236.216 port 46920 ssh2
Sep 29 18:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Connection closed by 162.144.236.216 port 46920 [preauth]
Sep 29 18:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Invalid user rabbitmq from 103.176.79.190
Sep 29 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: input_userauth_request: invalid user rabbitmq [preauth]
Sep 29 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Failed password for invalid user rabbitmq from 103.176.79.190 port 59944 ssh2
Sep 29 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Received disconnect from 103.176.79.190 port 59944:11: Bye Bye [preauth]
Sep 29 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Disconnected from 103.176.79.190 port 59944 [preauth]
Sep 29 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Failed password for root from 162.144.236.216 port 54006 ssh2
Sep 29 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Failed password for root from 38.25.39.212 port 49608 ssh2
Sep 29 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Received disconnect from 38.25.39.212 port 49608:11: Bye Bye [preauth]
Sep 29 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Disconnected from 38.25.39.212 port 49608 [preauth]
Sep 29 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Connection closed by 162.144.236.216 port 54006 [preauth]
Sep 29 18:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: Successful su for rubyman by root
Sep 29 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: + ??? root:rubyman
Sep 29 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316418 of user rubyman.
Sep 29 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316418.
Sep 29 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25581]: pam_unix(cron:session): session closed for user root
Sep 29 18:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: Failed password for root from 162.144.236.216 port 60122 ssh2
Sep 29 18:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29297]: Connection closed by 162.144.236.216 port 60122 [preauth]
Sep 29 18:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Failed password for root from 162.144.236.216 port 39516 ssh2
Sep 29 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Connection closed by 162.144.236.216 port 39516 [preauth]
Sep 29 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: Failed password for root from 162.144.236.216 port 45836 ssh2
Sep 29 18:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session closed for user root
Sep 29 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: Connection closed by 162.144.236.216 port 45836 [preauth]
Sep 29 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: Invalid user admin from 20.40.73.192
Sep 29 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: Failed password for invalid user admin from 20.40.73.192 port 50752 ssh2
Sep 29 18:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: Received disconnect from 20.40.73.192 port 50752:11: Bye Bye [preauth]
Sep 29 18:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: Disconnected from 20.40.73.192 port 50752 [preauth]
Sep 29 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Failed password for root from 162.144.236.216 port 52880 ssh2
Sep 29 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Connection closed by 162.144.236.216 port 52880 [preauth]
Sep 29 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29838]: Successful su for rubyman by root
Sep 29 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29838]: + ??? root:rubyman
Sep 29 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316420 of user rubyman.
Sep 29 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29838]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316420.
Sep 29 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29739]: Failed password for root from 162.144.236.216 port 59842 ssh2
Sep 29 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session closed for user root
Sep 29 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29739]: Connection closed by 162.144.236.216 port 59842 [preauth]
Sep 29 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Invalid user kamil from 38.25.39.212
Sep 29 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: input_userauth_request: invalid user kamil [preauth]
Sep 29 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Failed password for invalid user kamil from 38.25.39.212 port 45776 ssh2
Sep 29 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Received disconnect from 38.25.39.212 port 45776:11: Bye Bye [preauth]
Sep 29 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Disconnected from 38.25.39.212 port 45776 [preauth]
Sep 29 18:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Failed password for root from 162.144.236.216 port 39760 ssh2
Sep 29 18:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Connection closed by 162.144.236.216 port 39760 [preauth]
Sep 29 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Failed password for root from 162.144.236.216 port 47506 ssh2
Sep 29 18:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Failed password for root from 103.176.79.190 port 47868 ssh2
Sep 29 18:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Received disconnect from 103.176.79.190 port 47868:11: Bye Bye [preauth]
Sep 29 18:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Disconnected from 103.176.79.190 port 47868 [preauth]
Sep 29 18:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Connection closed by 162.144.236.216 port 47506 [preauth]
Sep 29 18:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Failed password for root from 162.144.236.216 port 55452 ssh2
Sep 29 18:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Connection closed by 162.144.236.216 port 55452 [preauth]
Sep 29 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28700]: pam_unix(cron:session): session closed for user root
Sep 29 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30174]: Failed password for root from 162.144.236.216 port 33850 ssh2
Sep 29 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30174]: Connection closed by 162.144.236.216 port 33850 [preauth]
Sep 29 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Failed password for root from 162.144.236.216 port 39260 ssh2
Sep 29 18:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Connection closed by 162.144.236.216 port 39260 [preauth]
Sep 29 18:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Failed password for root from 162.144.236.216 port 47368 ssh2
Sep 29 18:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Connection closed by 162.144.236.216 port 47368 [preauth]
Sep 29 18:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: Successful su for rubyman by root
Sep 29 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: + ??? root:rubyman
Sep 29 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316425 of user rubyman.
Sep 29 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316425.
Sep 29 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26755]: pam_unix(cron:session): session closed for user root
Sep 29 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Invalid user superadmin from 20.40.73.192
Sep 29 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Failed password for root from 162.144.236.216 port 54638 ssh2
Sep 29 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Failed password for invalid user superadmin from 20.40.73.192 port 48002 ssh2
Sep 29 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Received disconnect from 20.40.73.192 port 48002:11: Bye Bye [preauth]
Sep 29 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Disconnected from 20.40.73.192 port 48002 [preauth]
Sep 29 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Connection closed by 162.144.236.216 port 54638 [preauth]
Sep 29 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: Failed password for root from 162.144.236.216 port 34884 ssh2
Sep 29 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212  user=root
Sep 29 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: Connection closed by 162.144.236.216 port 34884 [preauth]
Sep 29 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Failed password for root from 38.25.39.212 port 41946 ssh2
Sep 29 18:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Received disconnect from 38.25.39.212 port 41946:11: Bye Bye [preauth]
Sep 29 18:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Disconnected from 38.25.39.212 port 41946 [preauth]
Sep 29 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: Failed password for root from 162.144.236.216 port 41902 ssh2
Sep 29 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session closed for user root
Sep 29 18:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: Connection closed by 162.144.236.216 port 41902 [preauth]
Sep 29 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Invalid user infinity from 103.176.79.190
Sep 29 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: input_userauth_request: invalid user infinity [preauth]
Sep 29 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Failed password for invalid user infinity from 103.176.79.190 port 56760 ssh2
Sep 29 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Received disconnect from 103.176.79.190 port 56760:11: Bye Bye [preauth]
Sep 29 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Disconnected from 103.176.79.190 port 56760 [preauth]
Sep 29 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: Failed password for root from 162.144.236.216 port 46296 ssh2
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session closed for user root
Sep 29 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: Successful su for rubyman by root
Sep 29 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: + ??? root:rubyman
Sep 29 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316428 of user rubyman.
Sep 29 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316428.
Sep 29 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session closed for user root
Sep 29 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session closed for user root
Sep 29 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: Connection closed by 162.144.236.216 port 46296 [preauth]
Sep 29 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Invalid user hadiqa from 167.99.55.34
Sep 29 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: input_userauth_request: invalid user hadiqa [preauth]
Sep 29 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user hadiqa from 167.99.55.34 port 39128 ssh2
Sep 29 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Connection closed by 167.99.55.34 port 39128 [preauth]
Sep 29 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Failed password for root from 162.144.236.216 port 58108 ssh2
Sep 29 18:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31158]: Connection closed by 162.144.236.216 port 58108 [preauth]
Sep 29 18:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: Invalid user foundry from 20.40.73.192
Sep 29 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: input_userauth_request: invalid user foundry [preauth]
Sep 29 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: Failed password for invalid user foundry from 20.40.73.192 port 41122 ssh2
Sep 29 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: Received disconnect from 20.40.73.192 port 41122:11: Bye Bye [preauth]
Sep 29 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31257]: Disconnected from 20.40.73.192 port 41122 [preauth]
Sep 29 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user root
Sep 29 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Invalid user gits from 38.25.39.212
Sep 29 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: input_userauth_request: invalid user gits [preauth]
Sep 29 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Failed password for invalid user gits from 38.25.39.212 port 38120 ssh2
Sep 29 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Received disconnect from 38.25.39.212 port 38120:11: Bye Bye [preauth]
Sep 29 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Disconnected from 38.25.39.212 port 38120 [preauth]
Sep 29 18:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Failed password for root from 162.144.236.216 port 40278 ssh2
Sep 29 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Connection closed by 162.144.236.216 port 40278 [preauth]
Sep 29 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Failed password for root from 162.144.236.216 port 49812 ssh2
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Connection closed by 162.144.236.216 port 49812 [preauth]
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31353]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: Successful su for rubyman by root
Sep 29 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: + ??? root:rubyman
Sep 29 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316436 of user rubyman.
Sep 29 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31449]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316436.
Sep 29 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28068]: pam_unix(cron:session): session closed for user root
Sep 29 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Failed password for root from 162.144.236.216 port 56198 ssh2
Sep 29 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31418]: Connection closed by 162.144.236.216 port 56198 [preauth]
Sep 29 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Failed password for root from 162.144.236.216 port 33036 ssh2
Sep 29 18:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Connection closed by 162.144.236.216 port 33036 [preauth]
Sep 29 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Invalid user sham from 103.176.79.190
Sep 29 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: input_userauth_request: invalid user sham [preauth]
Sep 29 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Failed password for invalid user sham from 103.176.79.190 port 34556 ssh2
Sep 29 18:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Received disconnect from 103.176.79.190 port 34556:11: Bye Bye [preauth]
Sep 29 18:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31730]: Disconnected from 103.176.79.190 port 34556 [preauth]
Sep 29 18:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Failed password for root from 162.144.236.216 port 41018 ssh2
Sep 29 18:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Connection closed by 162.144.236.216 port 41018 [preauth]
Sep 29 18:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user root
Sep 29 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: Failed password for root from 162.144.236.216 port 49168 ssh2
Sep 29 18:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: Connection closed by 162.144.236.216 port 49168 [preauth]
Sep 29 18:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Invalid user dev from 93.152.230.176
Sep 29 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: input_userauth_request: invalid user dev [preauth]
Sep 29 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 18:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Failed password for invalid user dev from 93.152.230.176 port 56513 ssh2
Sep 29 18:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Received disconnect from 93.152.230.176 port 56513:11: Client disconnecting normally [preauth]
Sep 29 18:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Disconnected from 93.152.230.176 port 56513 [preauth]
Sep 29 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Failed password for root from 162.144.236.216 port 56322 ssh2
Sep 29 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Invalid user infinity from 38.25.39.212
Sep 29 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: input_userauth_request: invalid user infinity [preauth]
Sep 29 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.25.39.212
Sep 29 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31801]: Connection closed by 162.144.236.216 port 56322 [preauth]
Sep 29 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Failed password for invalid user infinity from 38.25.39.212 port 34290 ssh2
Sep 29 18:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Received disconnect from 38.25.39.212 port 34290:11: Bye Bye [preauth]
Sep 29 18:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Disconnected from 38.25.39.212 port 34290 [preauth]
Sep 29 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 162.144.236.216 port 35232 ssh2
Sep 29 18:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection closed by 162.144.236.216 port 35232 [preauth]
Sep 29 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Invalid user dns from 20.40.73.192
Sep 29 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: input_userauth_request: invalid user dns [preauth]
Sep 29 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for invalid user dns from 20.40.73.192 port 53476 ssh2
Sep 29 18:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Received disconnect from 20.40.73.192 port 53476:11: Bye Bye [preauth]
Sep 29 18:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Disconnected from 20.40.73.192 port 53476 [preauth]
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31872]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31944]: Successful su for rubyman by root
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31944]: + ??? root:rubyman
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316439 of user rubyman.
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31944]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316439.
Sep 29 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Failed password for root from 162.144.236.216 port 41142 ssh2
Sep 29 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28699]: pam_unix(cron:session): session closed for user root
Sep 29 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Connection closed by 162.144.236.216 port 41142 [preauth]
Sep 29 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: Failed password for root from 162.144.236.216 port 47926 ssh2
Sep 29 18:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32150]: Connection closed by 162.144.236.216 port 47926 [preauth]
Sep 29 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session closed for user root
Sep 29 18:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for root from 162.144.236.216 port 55398 ssh2
Sep 29 18:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Connection closed by 162.144.236.216 port 55398 [preauth]
Sep 29 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: Failed password for root from 162.144.236.216 port 33720 ssh2
Sep 29 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: Connection closed by 162.144.236.216 port 33720 [preauth]
Sep 29 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Invalid user test from 62.60.131.157
Sep 29 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: input_userauth_request: invalid user test [preauth]
Sep 29 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 18:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for invalid user test from 62.60.131.157 port 61691 ssh2
Sep 29 18:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Failed password for root from 103.176.79.190 port 38062 ssh2
Sep 29 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Received disconnect from 103.176.79.190 port 38062:11: Bye Bye [preauth]
Sep 29 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Disconnected from 103.176.79.190 port 38062 [preauth]
Sep 29 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for invalid user test from 62.60.131.157 port 61691 ssh2
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32335]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32397]: Successful su for rubyman by root
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32397]: + ??? root:rubyman
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316443 of user rubyman.
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32397]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316443.
Sep 29 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for invalid user test from 62.60.131.157 port 61691 ssh2
Sep 29 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session closed for user root
Sep 29 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Failed password for root from 162.144.236.216 port 41678 ssh2
Sep 29 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for invalid user test from 62.60.131.157 port 61691 ssh2
Sep 29 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Connection closed by 162.144.236.216 port 41678 [preauth]
Sep 29 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for invalid user test from 62.60.131.157 port 61691 ssh2
Sep 29 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Received disconnect from 62.60.131.157 port 61691:11: Bye [preauth]
Sep 29 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Disconnected from 62.60.131.157 port 61691 [preauth]
Sep 29 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 18:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Failed password for root from 162.144.236.216 port 47452 ssh2
Sep 29 18:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Invalid user nodeuser from 20.40.73.192
Sep 29 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: input_userauth_request: invalid user nodeuser [preauth]
Sep 29 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Connection closed by 162.144.236.216 port 47452 [preauth]
Sep 29 18:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Failed password for invalid user nodeuser from 20.40.73.192 port 58132 ssh2
Sep 29 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Received disconnect from 20.40.73.192 port 58132:11: Bye Bye [preauth]
Sep 29 18:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Disconnected from 20.40.73.192 port 58132 [preauth]
Sep 29 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session closed for user root
Sep 29 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Failed password for root from 162.144.236.216 port 54240 ssh2
Sep 29 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Connection closed by 162.144.236.216 port 54240 [preauth]
Sep 29 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Failed password for root from 162.144.236.216 port 34340 ssh2
Sep 29 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Connection closed by 162.144.236.216 port 34340 [preauth]
Sep 29 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: Failed password for root from 162.144.236.216 port 40166 ssh2
Sep 29 18:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: Connection closed by 162.144.236.216 port 40166 [preauth]
Sep 29 18:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: Successful su for rubyman by root
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: + ??? root:rubyman
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316446 of user rubyman.
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[379]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316446.
Sep 29 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session closed for user root
Sep 29 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Failed password for root from 162.144.236.216 port 45456 ssh2
Sep 29 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Connection closed by 162.144.236.216 port 45456 [preauth]
Sep 29 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[598]: Failed password for root from 162.144.236.216 port 54358 ssh2
Sep 29 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[598]: Connection closed by 162.144.236.216 port 54358 [preauth]
Sep 29 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Failed password for root from 162.144.236.216 port 33022 ssh2
Sep 29 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Connection closed by 162.144.236.216 port 33022 [preauth]
Sep 29 18:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31872]: pam_unix(cron:session): session closed for user root
Sep 29 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Failed password for root from 103.176.79.190 port 50220 ssh2
Sep 29 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: Failed password for root from 162.144.236.216 port 40452 ssh2
Sep 29 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Received disconnect from 103.176.79.190 port 50220:11: Bye Bye [preauth]
Sep 29 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Disconnected from 103.176.79.190 port 50220 [preauth]
Sep 29 18:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[656]: Connection closed by 162.144.236.216 port 40452 [preauth]
Sep 29 18:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Failed password for root from 162.144.236.216 port 48696 ssh2
Sep 29 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Connection closed by 162.144.236.216 port 48696 [preauth]
Sep 29 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Invalid user admin from 20.40.73.192
Sep 29 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: Invalid user admin from 80.94.95.116
Sep 29 18:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Failed password for invalid user admin from 20.40.73.192 port 54524 ssh2
Sep 29 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Received disconnect from 20.40.73.192 port 54524:11: Bye Bye [preauth]
Sep 29 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Disconnected from 20.40.73.192 port 54524 [preauth]
Sep 29 18:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: Failed password for invalid user admin from 80.94.95.116 port 23952 ssh2
Sep 29 18:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[733]: Connection closed by 80.94.95.116 port 23952 [preauth]
Sep 29 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for root from 162.144.236.216 port 54744 ssh2
Sep 29 18:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 162.144.236.216 port 54744 [preauth]
Sep 29 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[782]: pam_unix(cron:session): session closed for user root
Sep 29 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[774]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: Successful su for rubyman by root
Sep 29 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: + ??? root:rubyman
Sep 29 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316454 of user rubyman.
Sep 29 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[892]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316454.
Sep 29 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session closed for user root
Sep 29 18:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user root
Sep 29 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Failed password for root from 162.144.236.216 port 34530 ssh2
Sep 29 18:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Connection closed by 162.144.236.216 port 34530 [preauth]
Sep 29 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Failed password for root from 162.144.236.216 port 40496 ssh2
Sep 29 18:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Connection closed by 162.144.236.216 port 40496 [preauth]
Sep 29 18:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32335]: pam_unix(cron:session): session closed for user root
Sep 29 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Failed password for root from 162.144.236.216 port 47336 ssh2
Sep 29 18:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1254]: Connection closed by 162.144.236.216 port 47336 [preauth]
Sep 29 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for root from 162.144.236.216 port 54818 ssh2
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Connection closed by 162.144.236.216 port 54818 [preauth]
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: Successful su for rubyman by root
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: + ??? root:rubyman
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316456 of user rubyman.
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316456.
Sep 29 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Invalid user admin from 103.176.79.190
Sep 29 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: input_userauth_request: invalid user admin [preauth]
Sep 29 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session closed for user root
Sep 29 18:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Failed password for invalid user admin from 103.176.79.190 port 33190 ssh2
Sep 29 18:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Received disconnect from 103.176.79.190 port 33190:11: Bye Bye [preauth]
Sep 29 18:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Disconnected from 103.176.79.190 port 33190 [preauth]
Sep 29 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Invalid user helen from 20.40.73.192
Sep 29 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: input_userauth_request: invalid user helen [preauth]
Sep 29 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Failed password for root from 162.144.236.216 port 35890 ssh2
Sep 29 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Failed password for invalid user helen from 20.40.73.192 port 49590 ssh2
Sep 29 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Received disconnect from 20.40.73.192 port 49590:11: Bye Bye [preauth]
Sep 29 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Disconnected from 20.40.73.192 port 49590 [preauth]
Sep 29 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Connection closed by 162.144.236.216 port 35890 [preauth]
Sep 29 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for root from 162.144.236.216 port 43612 ssh2
Sep 29 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Connection closed by 162.144.236.216 port 43612 [preauth]
Sep 29 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session closed for user root
Sep 29 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Failed password for root from 162.144.236.216 port 49668 ssh2
Sep 29 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Connection closed by 162.144.236.216 port 49668 [preauth]
Sep 29 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Failed password for root from 162.144.236.216 port 56384 ssh2
Sep 29 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Connection closed by 162.144.236.216 port 56384 [preauth]
Sep 29 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1864]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1865]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1862]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: Successful su for rubyman by root
Sep 29 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: + ??? root:rubyman
Sep 29 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316462 of user rubyman.
Sep 29 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1933]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316462.
Sep 29 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session closed for user root
Sep 29 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: Failed password for root from 162.144.236.216 port 37112 ssh2
Sep 29 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1863]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: Connection closed by 162.144.236.216 port 37112 [preauth]
Sep 29 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Failed password for root from 162.144.236.216 port 43608 ssh2
Sep 29 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Connection closed by 162.144.236.216 port 43608 [preauth]
Sep 29 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for root from 162.144.236.216 port 50770 ssh2
Sep 29 18:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Connection closed by 162.144.236.216 port 50770 [preauth]
Sep 29 18:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user root
Sep 29 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192  user=root
Sep 29 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2207]: Failed password for root from 162.144.236.216 port 57506 ssh2
Sep 29 18:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Failed password for root from 20.40.73.192 port 43072 ssh2
Sep 29 18:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Received disconnect from 20.40.73.192 port 43072:11: Bye Bye [preauth]
Sep 29 18:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Disconnected from 20.40.73.192 port 43072 [preauth]
Sep 29 18:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2207]: Connection closed by 162.144.236.216 port 57506 [preauth]
Sep 29 18:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Invalid user superadmin from 103.176.79.190
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Invalid user maria from 167.99.55.34
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: input_userauth_request: invalid user maria [preauth]
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 18:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Failed password for invalid user superadmin from 103.176.79.190 port 58064 ssh2
Sep 29 18:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Received disconnect from 103.176.79.190 port 58064:11: Bye Bye [preauth]
Sep 29 18:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Disconnected from 103.176.79.190 port 58064 [preauth]
Sep 29 18:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Failed password for invalid user maria from 167.99.55.34 port 40756 ssh2
Sep 29 18:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Connection closed by 167.99.55.34 port 40756 [preauth]
Sep 29 18:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: Failed password for root from 162.144.236.216 port 37082 ssh2
Sep 29 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2260]: Connection closed by 162.144.236.216 port 37082 [preauth]
Sep 29 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 18:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Failed password for root from 190.103.202.7 port 38226 ssh2
Sep 29 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Connection closed by 190.103.202.7 port 38226 [preauth]
Sep 29 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2322]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2323]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2320]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: Successful su for rubyman by root
Sep 29 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: + ??? root:rubyman
Sep 29 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316465 of user rubyman.
Sep 29 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316465.
Sep 29 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session closed for user root
Sep 29 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Failed password for root from 162.144.236.216 port 44110 ssh2
Sep 29 18:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2309]: Connection closed by 162.144.236.216 port 44110 [preauth]
Sep 29 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Failed password for root from 162.144.236.216 port 50706 ssh2
Sep 29 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Connection closed by 162.144.236.216 port 50706 [preauth]
Sep 29 18:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Invalid user huangyong from 20.163.71.109
Sep 29 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: input_userauth_request: invalid user huangyong [preauth]
Sep 29 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 18:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Failed password for invalid user huangyong from 20.163.71.109 port 52780 ssh2
Sep 29 18:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Connection closed by 20.163.71.109 port 52780 [preauth]
Sep 29 18:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Failed password for root from 162.144.236.216 port 57286 ssh2
Sep 29 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Connection closed by 162.144.236.216 port 57286 [preauth]
Sep 29 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user root
Sep 29 18:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Failed password for root from 162.144.236.216 port 34582 ssh2
Sep 29 18:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Connection closed by 162.144.236.216 port 34582 [preauth]
Sep 29 18:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Failed password for root from 162.144.236.216 port 42024 ssh2
Sep 29 18:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Connection closed by 162.144.236.216 port 42024 [preauth]
Sep 29 18:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Invalid user consulta from 20.40.73.192
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: input_userauth_request: invalid user consulta [preauth]
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.40.73.192
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2831]: Successful su for rubyman by root
Sep 29 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2831]: + ??? root:rubyman
Sep 29 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316470 of user rubyman.
Sep 29 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2831]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316470.
Sep 29 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Failed password for invalid user consulta from 20.40.73.192 port 47372 ssh2
Sep 29 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Received disconnect from 20.40.73.192 port 47372:11: Bye Bye [preauth]
Sep 29 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Disconnected from 20.40.73.192 port 47372 [preauth]
Sep 29 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session closed for user root
Sep 29 18:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: Failed password for root from 162.144.236.216 port 50366 ssh2
Sep 29 18:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2754]: Connection closed by 162.144.236.216 port 50366 [preauth]
Sep 29 18:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Failed password for root from 103.176.79.190 port 54414 ssh2
Sep 29 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Received disconnect from 103.176.79.190 port 54414:11: Bye Bye [preauth]
Sep 29 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Disconnected from 103.176.79.190 port 54414 [preauth]
Sep 29 18:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: Failed password for root from 162.144.236.216 port 57362 ssh2
Sep 29 18:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3044]: Connection closed by 162.144.236.216 port 57362 [preauth]
Sep 29 18:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1865]: pam_unix(cron:session): session closed for user root
Sep 29 18:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Failed password for root from 162.144.236.216 port 38162 ssh2
Sep 29 18:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Connection closed by 162.144.236.216 port 38162 [preauth]
Sep 29 18:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Failed password for root from 162.144.236.216 port 44172 ssh2
Sep 29 18:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Connection closed by 162.144.236.216 port 44172 [preauth]
Sep 29 18:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session closed for user root
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Invalid user tunnel from 93.152.230.176
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: input_userauth_request: invalid user tunnel [preauth]
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: Successful su for rubyman by root
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: + ??? root:rubyman
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316472 of user rubyman.
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316472.
Sep 29 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Failed password for invalid user tunnel from 93.152.230.176 port 29477 ssh2
Sep 29 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Received disconnect from 93.152.230.176 port 29477:11: Client disconnecting normally [preauth]
Sep 29 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Disconnected from 93.152.230.176 port 29477 [preauth]
Sep 29 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for root from 162.144.236.216 port 51392 ssh2
Sep 29 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[318]: pam_unix(cron:session): session closed for user root
Sep 29 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3198]: pam_unix(cron:session): session closed for user root
Sep 29 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Connection closed by 162.144.236.216 port 51392 [preauth]
Sep 29 18:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Failed password for root from 162.144.236.216 port 57770 ssh2
Sep 29 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Connection closed by 162.144.236.216 port 57770 [preauth]
Sep 29 18:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Failed password for root from 162.144.236.216 port 34638 ssh2
Sep 29 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3539]: Connection closed by 162.144.236.216 port 34638 [preauth]
Sep 29 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2323]: pam_unix(cron:session): session closed for user root
Sep 29 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: Failed password for root from 162.144.236.216 port 41288 ssh2
Sep 29 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3572]: Connection closed by 162.144.236.216 port 41288 [preauth]
Sep 29 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Failed password for root from 162.144.236.216 port 47606 ssh2
Sep 29 18:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Connection closed by 162.144.236.216 port 47606 [preauth]
Sep 29 18:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 103.176.79.190 port 53028 ssh2
Sep 29 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Received disconnect from 103.176.79.190 port 53028:11: Bye Bye [preauth]
Sep 29 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Disconnected from 103.176.79.190 port 53028 [preauth]
Sep 29 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Failed password for root from 162.144.236.216 port 55096 ssh2
Sep 29 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Connection closed by 162.144.236.216 port 55096 [preauth]
Sep 29 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for root from 162.144.236.216 port 60298 ssh2
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Connection closed by 162.144.236.216 port 60298 [preauth]
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3747]: Successful su for rubyman by root
Sep 29 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3747]: + ??? root:rubyman
Sep 29 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316478 of user rubyman.
Sep 29 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3747]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316478.
Sep 29 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session closed for user root
Sep 29 18:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: Failed password for root from 162.144.236.216 port 37720 ssh2
Sep 29 18:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3668]: Connection closed by 162.144.236.216 port 37720 [preauth]
Sep 29 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Failed password for root from 162.144.236.216 port 44184 ssh2
Sep 29 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3968]: Connection closed by 162.144.236.216 port 44184 [preauth]
Sep 29 18:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session closed for user root
Sep 29 18:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Failed password for root from 162.144.236.216 port 52038 ssh2
Sep 29 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Connection closed by 162.144.236.216 port 52038 [preauth]
Sep 29 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Failed password for root from 162.144.236.216 port 57514 ssh2
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4129]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4206]: Successful su for rubyman by root
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4206]: + ??? root:rubyman
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316484 of user rubyman.
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4206]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316484.
Sep 29 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Connection closed by 162.144.236.216 port 57514 [preauth]
Sep 29 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user root
Sep 29 18:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Failed password for root from 162.144.236.216 port 36022 ssh2
Sep 29 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Invalid user test from 103.176.79.190
Sep 29 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: input_userauth_request: invalid user test [preauth]
Sep 29 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190
Sep 29 18:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Failed password for invalid user test from 103.176.79.190 port 48484 ssh2
Sep 29 18:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Received disconnect from 103.176.79.190 port 48484:11: Bye Bye [preauth]
Sep 29 18:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Disconnected from 103.176.79.190 port 48484 [preauth]
Sep 29 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Connection closed by 162.144.236.216 port 36022 [preauth]
Sep 29 18:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Failed password for root from 162.144.236.216 port 45880 ssh2
Sep 29 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Connection closed by 162.144.236.216 port 45880 [preauth]
Sep 29 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session closed for user root
Sep 29 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Failed password for root from 162.144.236.216 port 53594 ssh2
Sep 29 18:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4501]: Connection closed by 162.144.236.216 port 53594 [preauth]
Sep 29 18:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for root from 162.144.236.216 port 33730 ssh2
Sep 29 18:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Connection closed by 162.144.236.216 port 33730 [preauth]
Sep 29 18:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4577]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4575]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Failed password for root from 162.144.236.216 port 39900 ssh2
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: Successful su for rubyman by root
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: + ??? root:rubyman
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316487 of user rubyman.
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316487.
Sep 29 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4562]: Connection closed by 162.144.236.216 port 39900 [preauth]
Sep 29 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1864]: pam_unix(cron:session): session closed for user root
Sep 29 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4677]: Failed password for root from 162.144.236.216 port 45840 ssh2
Sep 29 18:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4677]: Connection closed by 162.144.236.216 port 45840 [preauth]
Sep 29 18:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Failed password for root from 162.144.236.216 port 51116 ssh2
Sep 29 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Connection closed by 162.144.236.216 port 51116 [preauth]
Sep 29 18:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Failed password for root from 162.144.236.216 port 58492 ssh2
Sep 29 18:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Connection closed by 162.144.236.216 port 58492 [preauth]
Sep 29 18:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Invalid user ubnt from 80.94.95.115
Sep 29 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Failed password for root from 162.144.236.216 port 36784 ssh2
Sep 29 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session closed for user root
Sep 29 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Failed password for invalid user ubnt from 80.94.95.115 port 20222 ssh2
Sep 29 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4937]: Connection closed by 80.94.95.115 port 20222 [preauth]
Sep 29 18:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Connection closed by 162.144.236.216 port 36784 [preauth]
Sep 29 18:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for root from 162.144.236.216 port 43236 ssh2
Sep 29 18:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 162.144.236.216 port 43236 [preauth]
Sep 29 18:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 18:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Failed password for root from 103.176.79.190 port 39282 ssh2
Sep 29 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Received disconnect from 103.176.79.190 port 39282:11: Bye Bye [preauth]
Sep 29 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Disconnected from 103.176.79.190 port 39282 [preauth]
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5044]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5042]: pam_unix(cron:session): session closed for user p13x
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: Successful su for rubyman by root
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: + ??? root:rubyman
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316492 of user rubyman.
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: pam_unix(su:session): session closed for user rubyman
Sep 29 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316492.
Sep 29 18:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Failed password for root from 162.144.236.216 port 50064 ssh2
Sep 29 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2322]: pam_unix(cron:session): session closed for user root
Sep 29 18:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5043]: pam_unix(cron:session): session closed for user samftp
Sep 29 18:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5016]: Connection closed by 162.144.236.216 port 50064 [preauth]
Sep 29 18:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: Failed password for root from 162.144.236.216 port 57826 ssh2
Sep 29 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5406]: Connection closed by 162.144.236.216 port 57826 [preauth]
Sep 29 18:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: Failed password for root from 162.144.236.216 port 36366 ssh2
Sep 29 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session closed for user root
Sep 29 18:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5446]: Connection closed by 162.144.236.216 port 36366 [preauth]
Sep 29 18:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Failed password for root from 162.144.236.216 port 43944 ssh2
Sep 29 18:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Connection closed by 162.144.236.216 port 43944 [preauth]
Sep 29 18:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 18:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 18:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Failed password for root from 162.144.236.216 port 49070 ssh2
Sep 29 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5558]: Connection closed by 162.144.236.216 port 49070 [preauth]
Sep 29 19:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5587]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session closed for user root
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5587]: pam_unix(cron:session): session closed for user root
Sep 29 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5692]: Successful su for rubyman by root
Sep 29 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5692]: + ??? root:rubyman
Sep 29 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316497 of user rubyman.
Sep 29 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5692]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316497.
Sep 29 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user root
Sep 29 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5584]: pam_unix(cron:session): session closed for user root
Sep 29 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Failed password for root from 162.144.236.216 port 55958 ssh2
Sep 29 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Connection closed by 162.144.236.216 port 55958 [preauth]
Sep 29 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for root from 162.144.236.216 port 34066 ssh2
Sep 29 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Connection closed by 162.144.236.216 port 34066 [preauth]
Sep 29 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Did not receive identification string from 208.81.60.70
Sep 29 19:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Invalid user picorv from 167.99.55.34
Sep 29 19:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: input_userauth_request: invalid user picorv [preauth]
Sep 29 19:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Failed password for invalid user picorv from 167.99.55.34 port 51434 ssh2
Sep 29 19:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Connection closed by 167.99.55.34 port 51434 [preauth]
Sep 29 19:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Failed password for root from 162.144.236.216 port 39484 ssh2
Sep 29 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Connection closed by 162.144.236.216 port 39484 [preauth]
Sep 29 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.79.190  user=root
Sep 29 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Failed password for root from 103.176.79.190 port 36466 ssh2
Sep 29 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Received disconnect from 103.176.79.190 port 36466:11: Bye Bye [preauth]
Sep 29 19:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Disconnected from 103.176.79.190 port 36466 [preauth]
Sep 29 19:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Failed password for root from 162.144.236.216 port 46102 ssh2
Sep 29 19:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Connection closed by 162.144.236.216 port 46102 [preauth]
Sep 29 19:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session closed for user root
Sep 29 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: Failed password for root from 162.144.236.216 port 51790 ssh2
Sep 29 19:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: Connection closed by 162.144.236.216 port 51790 [preauth]
Sep 29 19:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Failed password for root from 162.144.236.216 port 57888 ssh2
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6228]: Successful su for rubyman by root
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6228]: + ??? root:rubyman
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316502 of user rubyman.
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6228]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316502.
Sep 29 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Connection closed by 162.144.236.216 port 57888 [preauth]
Sep 29 19:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session closed for user root
Sep 29 19:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6152]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for root from 162.144.236.216 port 40170 ssh2
Sep 29 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 162.144.236.216 port 40170 [preauth]
Sep 29 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Invalid user tarique from 80.94.95.112
Sep 29 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: input_userauth_request: invalid user tarique [preauth]
Sep 29 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for invalid user tarique from 80.94.95.112 port 63764 ssh2
Sep 29 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for invalid user tarique from 80.94.95.112 port 63764 ssh2
Sep 29 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Failed password for root from 162.144.236.216 port 50132 ssh2
Sep 29 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5048]: pam_unix(cron:session): session closed for user root
Sep 29 19:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for invalid user tarique from 80.94.95.112 port 63764 ssh2
Sep 29 19:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Connection closed by 162.144.236.216 port 50132 [preauth]
Sep 29 19:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for invalid user tarique from 80.94.95.112 port 63764 ssh2
Sep 29 19:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Failed password for invalid user tarique from 80.94.95.112 port 63764 ssh2
Sep 29 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Received disconnect from 80.94.95.112 port 63764:11: Bye [preauth]
Sep 29 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: Disconnected from 80.94.95.112 port 63764 [preauth]
Sep 29 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 19:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6486]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Failed password for root from 162.144.236.216 port 57154 ssh2
Sep 29 19:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Connection closed by 162.144.236.216 port 57154 [preauth]
Sep 29 19:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for root from 162.144.236.216 port 33904 ssh2
Sep 29 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 162.144.236.216 port 33904 [preauth]
Sep 29 19:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: Successful su for rubyman by root
Sep 29 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: + ??? root:rubyman
Sep 29 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316506 of user rubyman.
Sep 29 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6776]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316506.
Sep 29 19:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session closed for user root
Sep 29 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 162.144.236.216 port 40430 ssh2
Sep 29 19:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Connection closed by 162.144.236.216 port 40430 [preauth]
Sep 29 19:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7013]: Failed password for root from 162.144.236.216 port 47928 ssh2
Sep 29 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7013]: Connection closed by 162.144.236.216 port 47928 [preauth]
Sep 29 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session closed for user root
Sep 29 19:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Failed password for root from 162.144.236.216 port 55120 ssh2
Sep 29 19:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Connection closed by 162.144.236.216 port 55120 [preauth]
Sep 29 19:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: Failed password for root from 162.144.236.216 port 34852 ssh2
Sep 29 19:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: Connection closed by 162.144.236.216 port 34852 [preauth]
Sep 29 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7312]: Successful su for rubyman by root
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7312]: + ??? root:rubyman
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7312]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316509 of user rubyman.
Sep 29 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316509.
Sep 29 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session closed for user root
Sep 29 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Failed password for root from 162.144.236.216 port 41970 ssh2
Sep 29 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Connection closed by 162.144.236.216 port 41970 [preauth]
Sep 29 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Failed password for root from 162.144.236.216 port 50718 ssh2
Sep 29 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Connection closed by 162.144.236.216 port 50718 [preauth]
Sep 29 19:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6157]: pam_unix(cron:session): session closed for user root
Sep 29 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Failed password for root from 162.144.236.216 port 58514 ssh2
Sep 29 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Connection closed by 162.144.236.216 port 58514 [preauth]
Sep 29 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Invalid user super from 93.152.230.176
Sep 29 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: input_userauth_request: invalid user super [preauth]
Sep 29 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 19:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Failed password for invalid user super from 93.152.230.176 port 31225 ssh2
Sep 29 19:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Received disconnect from 93.152.230.176 port 31225:11: Client disconnecting normally [preauth]
Sep 29 19:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Disconnected from 93.152.230.176 port 31225 [preauth]
Sep 29 19:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Failed password for root from 162.144.236.216 port 38258 ssh2
Sep 29 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7635]: Connection closed by 162.144.236.216 port 38258 [preauth]
Sep 29 19:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Failed password for root from 162.144.236.216 port 44288 ssh2
Sep 29 19:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Connection closed by 162.144.236.216 port 44288 [preauth]
Sep 29 19:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7777]: Successful su for rubyman by root
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7777]: + ??? root:rubyman
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316515 of user rubyman.
Sep 29 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7777]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316515.
Sep 29 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Failed password for root from 162.144.236.216 port 50936 ssh2
Sep 29 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Connection closed by 162.144.236.216 port 50936 [preauth]
Sep 29 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4577]: pam_unix(cron:session): session closed for user root
Sep 29 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Failed password for root from 162.144.236.216 port 57908 ssh2
Sep 29 19:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7968]: Connection closed by 162.144.236.216 port 57908 [preauth]
Sep 29 19:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Failed password for root from 162.144.236.216 port 37456 ssh2
Sep 29 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Invalid user linuxadmin from 20.163.71.109
Sep 29 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: input_userauth_request: invalid user linuxadmin [preauth]
Sep 29 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 19:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Connection closed by 162.144.236.216 port 37456 [preauth]
Sep 29 19:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Failed password for invalid user linuxadmin from 20.163.71.109 port 52678 ssh2
Sep 29 19:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Connection closed by 20.163.71.109 port 52678 [preauth]
Sep 29 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6708]: pam_unix(cron:session): session closed for user root
Sep 29 19:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Failed password for root from 162.144.236.216 port 43840 ssh2
Sep 29 19:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8067]: Connection closed by 162.144.236.216 port 43840 [preauth]
Sep 29 19:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: Failed password for root from 162.144.236.216 port 52010 ssh2
Sep 29 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8154]: Connection closed by 162.144.236.216 port 52010 [preauth]
Sep 29 19:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8224]: pam_unix(cron:session): session closed for user root
Sep 29 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8218]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8293]: Successful su for rubyman by root
Sep 29 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8293]: + ??? root:rubyman
Sep 29 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316521 of user rubyman.
Sep 29 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8293]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316521.
Sep 29 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5044]: pam_unix(cron:session): session closed for user root
Sep 29 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session closed for user root
Sep 29 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: Failed password for root from 162.144.236.216 port 59636 ssh2
Sep 29 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8215]: Connection closed by 162.144.236.216 port 59636 [preauth]
Sep 29 19:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: Failed password for root from 162.144.236.216 port 38348 ssh2
Sep 29 19:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8549]: Connection closed by 162.144.236.216 port 38348 [preauth]
Sep 29 19:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: Failed password for root from 162.144.236.216 port 44598 ssh2
Sep 29 19:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: Connection closed by 162.144.236.216 port 44598 [preauth]
Sep 29 19:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session closed for user root
Sep 29 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: Failed password for root from 162.144.236.216 port 53686 ssh2
Sep 29 19:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8630]: Connection closed by 162.144.236.216 port 53686 [preauth]
Sep 29 19:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8728]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Failed password for root from 162.144.236.216 port 60662 ssh2
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: Successful su for rubyman by root
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: + ??? root:rubyman
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316524 of user rubyman.
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316524.
Sep 29 19:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Connection closed by 162.144.236.216 port 60662 [preauth]
Sep 29 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5585]: pam_unix(cron:session): session closed for user root
Sep 29 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Failed password for root from 162.144.236.216 port 41048 ssh2
Sep 29 19:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Connection closed by 162.144.236.216 port 41048 [preauth]
Sep 29 19:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Failed password for root from 162.144.236.216 port 46948 ssh2
Sep 29 19:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Connection closed by 162.144.236.216 port 46948 [preauth]
Sep 29 19:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7709]: pam_unix(cron:session): session closed for user root
Sep 29 19:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Failed password for root from 162.144.236.216 port 53558 ssh2
Sep 29 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Connection closed by 162.144.236.216 port 53558 [preauth]
Sep 29 19:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for root from 162.144.236.216 port 60306 ssh2
Sep 29 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Connection closed by 162.144.236.216 port 60306 [preauth]
Sep 29 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9403]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: Successful su for rubyman by root
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: + ??? root:rubyman
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316528 of user rubyman.
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316528.
Sep 29 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6156]: pam_unix(cron:session): session closed for user root
Sep 29 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Failed password for root from 162.144.236.216 port 38704 ssh2
Sep 29 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9404]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Connection closed by 162.144.236.216 port 38704 [preauth]
Sep 29 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for root from 162.144.236.216 port 45020 ssh2
Sep 29 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Connection closed by 162.144.236.216 port 45020 [preauth]
Sep 29 19:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for root from 162.144.236.216 port 52276 ssh2
Sep 29 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Connection closed by 162.144.236.216 port 52276 [preauth]
Sep 29 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8223]: pam_unix(cron:session): session closed for user root
Sep 29 19:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Failed password for root from 162.144.236.216 port 60288 ssh2
Sep 29 19:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Connection closed by 162.144.236.216 port 60288 [preauth]
Sep 29 19:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for root from 162.144.236.216 port 37956 ssh2
Sep 29 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Connection closed by 162.144.236.216 port 37956 [preauth]
Sep 29 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: Invalid user sabir from 167.99.55.34
Sep 29 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: input_userauth_request: invalid user sabir [preauth]
Sep 29 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: Failed password for invalid user sabir from 167.99.55.34 port 43596 ssh2
Sep 29 19:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9951]: Connection closed by 167.99.55.34 port 43596 [preauth]
Sep 29 19:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: Failed password for root from 162.144.236.216 port 45554 ssh2
Sep 29 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: Connection closed by 162.144.236.216 port 45554 [preauth]
Sep 29 19:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9971]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9967]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10040]: Successful su for rubyman by root
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10040]: + ??? root:rubyman
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316532 of user rubyman.
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10040]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316532.
Sep 29 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6707]: pam_unix(cron:session): session closed for user root
Sep 29 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9968]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9963]: Failed password for root from 162.144.236.216 port 52146 ssh2
Sep 29 19:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9963]: Connection closed by 162.144.236.216 port 52146 [preauth]
Sep 29 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: Failed password for root from 162.144.236.216 port 58890 ssh2
Sep 29 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: Connection closed by 162.144.236.216 port 58890 [preauth]
Sep 29 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8728]: pam_unix(cron:session): session closed for user root
Sep 29 19:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for root from 162.144.236.216 port 37670 ssh2
Sep 29 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Connection closed by 162.144.236.216 port 37670 [preauth]
Sep 29 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for root from 162.144.236.216 port 45170 ssh2
Sep 29 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Connection closed by 162.144.236.216 port 45170 [preauth]
Sep 29 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Failed password for root from 162.144.236.216 port 51784 ssh2
Sep 29 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Connection closed by 162.144.236.216 port 51784 [preauth]
Sep 29 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10449]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10446]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: Successful su for rubyman by root
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: + ??? root:rubyman
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316535 of user rubyman.
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10600]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316535.
Sep 29 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10444]: pam_unix(cron:session): session closed for user root
Sep 29 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session closed for user root
Sep 29 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10448]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Failed password for root from 162.144.236.216 port 58026 ssh2
Sep 29 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Connection closed by 162.144.236.216 port 58026 [preauth]
Sep 29 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for root from 162.144.236.216 port 37476 ssh2
Sep 29 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Connection closed by 162.144.236.216 port 37476 [preauth]
Sep 29 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: Failed password for root from 162.144.236.216 port 45312 ssh2
Sep 29 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: Connection closed by 162.144.236.216 port 45312 [preauth]
Sep 29 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session closed for user root
Sep 29 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for root from 162.144.236.216 port 53392 ssh2
Sep 29 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Connection closed by 162.144.236.216 port 53392 [preauth]
Sep 29 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Failed password for root from 162.144.236.216 port 60752 ssh2
Sep 29 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Connection closed by 162.144.236.216 port 60752 [preauth]
Sep 29 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: Failed password for root from 162.144.236.216 port 37278 ssh2
Sep 29 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: Connection closed by 162.144.236.216 port 37278 [preauth]
Sep 29 19:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11004]: pam_unix(cron:session): session closed for user root
Sep 29 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11072]: Successful su for rubyman by root
Sep 29 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11072]: + ??? root:rubyman
Sep 29 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316544 of user rubyman.
Sep 29 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11072]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316544.
Sep 29 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Failed password for root from 162.144.236.216 port 45576 ssh2
Sep 29 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session closed for user root
Sep 29 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session closed for user root
Sep 29 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Connection closed by 162.144.236.216 port 45576 [preauth]
Sep 29 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10999]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Failed password for root from 162.144.236.216 port 53792 ssh2
Sep 29 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Connection closed by 162.144.236.216 port 53792 [preauth]
Sep 29 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Did not receive identification string from 195.154.212.47
Sep 29 19:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: Invalid user a from 195.154.212.47
Sep 29 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: input_userauth_request: invalid user a [preauth]
Sep 29 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: Failed password for invalid user a from 195.154.212.47 port 50116 ssh2
Sep 29 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: Connection closed by 195.154.212.47 port 50116 [preauth]
Sep 29 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Failed password for root from 162.144.236.216 port 59222 ssh2
Sep 29 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Invalid user nil from 195.154.212.47
Sep 29 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: input_userauth_request: invalid user nil [preauth]
Sep 29 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed none for invalid user nil from 195.154.212.47 port 50132 ssh2
Sep 29 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Connection closed by 195.154.212.47 port 50132 [preauth]
Sep 29 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Invalid user admin from 195.154.212.47
Sep 29 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11332]: Connection closed by 162.144.236.216 port 59222 [preauth]
Sep 29 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Failed password for invalid user admin from 195.154.212.47 port 50138 ssh2
Sep 29 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Connection closed by 195.154.212.47 port 50138 [preauth]
Sep 29 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9971]: pam_unix(cron:session): session closed for user root
Sep 29 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47  user=root
Sep 29 19:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: Failed password for root from 195.154.212.47 port 55900 ssh2
Sep 29 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11396]: Connection closed by 195.154.212.47 port 55900 [preauth]
Sep 29 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Invalid user orangepi from 195.154.212.47
Sep 29 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: input_userauth_request: invalid user orangepi [preauth]
Sep 29 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Failed password for invalid user orangepi from 195.154.212.47 port 55914 ssh2
Sep 29 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Connection closed by 195.154.212.47 port 55914 [preauth]
Sep 29 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Invalid user support from 195.154.212.47
Sep 29 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: input_userauth_request: invalid user support [preauth]
Sep 29 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Failed password for invalid user support from 195.154.212.47 port 55926 ssh2
Sep 29 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Connection closed by 195.154.212.47 port 55926 [preauth]
Sep 29 19:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Invalid user ubnt from 195.154.212.47
Sep 29 19:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: input_userauth_request: invalid user ubnt [preauth]
Sep 29 19:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Failed password for invalid user ubnt from 195.154.212.47 port 38140 ssh2
Sep 29 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Connection closed by 195.154.212.47 port 38140 [preauth]
Sep 29 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: Invalid user user from 195.154.212.47
Sep 29 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: input_userauth_request: invalid user user [preauth]
Sep 29 19:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: Failed password for invalid user user from 195.154.212.47 port 38156 ssh2
Sep 29 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11449]: Connection closed by 195.154.212.47 port 38156 [preauth]
Sep 29 19:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for root from 162.144.236.216 port 38488 ssh2
Sep 29 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Connection closed by 195.154.212.47 port 38162 [preauth]
Sep 29 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47  user=root
Sep 29 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Connection closed by 162.144.236.216 port 38488 [preauth]
Sep 29 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: Failed password for root from 195.154.212.47 port 38174 ssh2
Sep 29 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: Connection closed by 195.154.212.47 port 38174 [preauth]
Sep 29 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Invalid user admin from 195.154.212.47
Sep 29 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Failed password for invalid user admin from 195.154.212.47 port 52566 ssh2
Sep 29 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11468]: Connection closed by 195.154.212.47 port 52566 [preauth]
Sep 29 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: Invalid user admin from 195.154.212.47
Sep 29 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: Failed password for invalid user admin from 195.154.212.47 port 52568 ssh2
Sep 29 19:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: Connection closed by 195.154.212.47 port 52568 [preauth]
Sep 29 19:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Invalid user pi from 195.154.212.47
Sep 29 19:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: input_userauth_request: invalid user pi [preauth]
Sep 29 19:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Failed password for invalid user pi from 195.154.212.47 port 52580 ssh2
Sep 29 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Connection closed by 195.154.212.47 port 52580 [preauth]
Sep 29 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Invalid user debian from 195.154.212.47
Sep 29 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: input_userauth_request: invalid user debian [preauth]
Sep 29 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: Successful su for rubyman by root
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: + ??? root:rubyman
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316546 of user rubyman.
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316546.
Sep 29 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Failed password for invalid user debian from 195.154.212.47 port 52584 ssh2
Sep 29 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11494]: Connection closed by 195.154.212.47 port 52584 [preauth]
Sep 29 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Invalid user pi from 195.154.212.47
Sep 29 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: input_userauth_request: invalid user pi [preauth]
Sep 29 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Failed password for root from 162.144.236.216 port 46406 ssh2
Sep 29 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Connection closed by 162.144.236.216 port 46406 [preauth]
Sep 29 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Failed password for invalid user pi from 195.154.212.47 port 54996 ssh2
Sep 29 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Connection closed by 195.154.212.47 port 54996 [preauth]
Sep 29 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8222]: pam_unix(cron:session): session closed for user root
Sep 29 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Invalid user localadmin from 195.154.212.47
Sep 29 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: input_userauth_request: invalid user localadmin [preauth]
Sep 29 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for invalid user localadmin from 195.154.212.47 port 55010 ssh2
Sep 29 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Connection closed by 195.154.212.47 port 55010 [preauth]
Sep 29 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47  user=root
Sep 29 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: Failed password for root from 195.154.212.47 port 55022 ssh2
Sep 29 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11881]: Connection closed by 195.154.212.47 port 55022 [preauth]
Sep 29 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: Invalid user ubuntu from 195.154.212.47
Sep 29 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: Failed password for invalid user ubuntu from 195.154.212.47 port 52016 ssh2
Sep 29 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: Connection closed by 195.154.212.47 port 52016 [preauth]
Sep 29 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Invalid user pi from 195.154.212.47
Sep 29 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: input_userauth_request: invalid user pi [preauth]
Sep 29 19:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Failed password for invalid user pi from 195.154.212.47 port 52022 ssh2
Sep 29 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Connection closed by 195.154.212.47 port 52022 [preauth]
Sep 29 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Invalid user test from 195.154.212.47
Sep 29 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: input_userauth_request: invalid user test [preauth]
Sep 29 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Failed password for invalid user test from 195.154.212.47 port 52036 ssh2
Sep 29 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Connection closed by 195.154.212.47 port 52036 [preauth]
Sep 29 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47  user=root
Sep 29 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Failed password for root from 195.154.212.47 port 52038 ssh2
Sep 29 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Failed password for root from 162.144.236.216 port 53092 ssh2
Sep 29 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Connection closed by 195.154.212.47 port 52038 [preauth]
Sep 29 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Connection closed by 162.144.236.216 port 53092 [preauth]
Sep 29 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47  user=root
Sep 29 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Failed password for root from 195.154.212.47 port 52688 ssh2
Sep 29 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Connection closed by 195.154.212.47 port 52688 [preauth]
Sep 29 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Sep 29 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Invalid user admin from 195.154.212.47
Sep 29 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for root from 80.94.95.115 port 58598 ssh2
Sep 29 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 80.94.95.115 port 58598 [preauth]
Sep 29 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Failed password for invalid user admin from 195.154.212.47 port 52692 ssh2
Sep 29 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Connection closed by 195.154.212.47 port 52692 [preauth]
Sep 29 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Failed password for root from 162.144.236.216 port 33136 ssh2
Sep 29 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: Invalid user guest from 195.154.212.47
Sep 29 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: input_userauth_request: invalid user guest [preauth]
Sep 29 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.154.212.47
Sep 29 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Connection closed by 162.144.236.216 port 33136 [preauth]
Sep 29 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: Failed password for invalid user guest from 195.154.212.47 port 52698 ssh2
Sep 29 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11963]: Connection closed by 195.154.212.47 port 52698 [preauth]
Sep 29 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session closed for user root
Sep 29 19:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Failed password for root from 162.144.236.216 port 38468 ssh2
Sep 29 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Connection closed by 162.144.236.216 port 38468 [preauth]
Sep 29 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for root from 162.144.236.216 port 43928 ssh2
Sep 29 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Connection closed by 162.144.236.216 port 43928 [preauth]
Sep 29 19:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Failed password for root from 162.144.236.216 port 51060 ssh2
Sep 29 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Connection closed by 162.144.236.216 port 51060 [preauth]
Sep 29 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12128]: Successful su for rubyman by root
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12128]: + ??? root:rubyman
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316552 of user rubyman.
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12128]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316552.
Sep 29 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Failed password for root from 162.144.236.216 port 57008 ssh2
Sep 29 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Connection closed by 162.144.236.216 port 57008 [preauth]
Sep 29 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8727]: pam_unix(cron:session): session closed for user root
Sep 29 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Invalid user admin from 93.152.230.176
Sep 29 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Failed password for invalid user admin from 93.152.230.176 port 30977 ssh2
Sep 29 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Received disconnect from 93.152.230.176 port 30977:11: Client disconnecting normally [preauth]
Sep 29 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12316]: Disconnected from 93.152.230.176 port 30977 [preauth]
Sep 29 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Failed password for root from 162.144.236.216 port 35584 ssh2
Sep 29 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Connection closed by 162.144.236.216 port 35584 [preauth]
Sep 29 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Failed password for root from 162.144.236.216 port 45074 ssh2
Sep 29 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Connection closed by 162.144.236.216 port 45074 [preauth]
Sep 29 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Failed password for root from 162.144.236.216 port 52742 ssh2
Sep 29 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Connection closed by 162.144.236.216 port 52742 [preauth]
Sep 29 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11003]: pam_unix(cron:session): session closed for user root
Sep 29 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Failed password for root from 162.144.236.216 port 59296 ssh2
Sep 29 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12423]: Connection closed by 162.144.236.216 port 59296 [preauth]
Sep 29 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Failed password for root from 162.144.236.216 port 39402 ssh2
Sep 29 19:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Connection closed by 162.144.236.216 port 39402 [preauth]
Sep 29 19:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12516]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12517]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12579]: Successful su for rubyman by root
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12579]: + ??? root:rubyman
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316555 of user rubyman.
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12579]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316555.
Sep 29 19:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9405]: pam_unix(cron:session): session closed for user root
Sep 29 19:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12515]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Failed password for root from 162.144.236.216 port 48108 ssh2
Sep 29 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Connection closed by 162.144.236.216 port 48108 [preauth]
Sep 29 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Failed password for root from 162.144.236.216 port 55030 ssh2
Sep 29 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Connection closed by 162.144.236.216 port 55030 [preauth]
Sep 29 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session closed for user root
Sep 29 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Failed password for root from 162.144.236.216 port 37566 ssh2
Sep 29 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12877]: Connection closed by 162.144.236.216 port 37566 [preauth]
Sep 29 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Failed password for root from 162.144.236.216 port 44408 ssh2
Sep 29 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Connection closed by 162.144.236.216 port 44408 [preauth]
Sep 29 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Failed password for root from 162.144.236.216 port 49048 ssh2
Sep 29 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Connection closed by 162.144.236.216 port 49048 [preauth]
Sep 29 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12982]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12980]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13054]: Successful su for rubyman by root
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13054]: + ??? root:rubyman
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316558 of user rubyman.
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13054]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316558.
Sep 29 19:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: Failed password for root from 162.144.236.216 port 55670 ssh2
Sep 29 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12966]: Connection closed by 162.144.236.216 port 55670 [preauth]
Sep 29 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9970]: pam_unix(cron:session): session closed for user root
Sep 29 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12981]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Failed password for root from 162.144.236.216 port 35336 ssh2
Sep 29 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Connection closed by 162.144.236.216 port 35336 [preauth]
Sep 29 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for root from 162.144.236.216 port 40412 ssh2
Sep 29 19:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 162.144.236.216 port 40412 [preauth]
Sep 29 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session closed for user root
Sep 29 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Failed password for root from 162.144.236.216 port 47750 ssh2
Sep 29 19:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Connection closed by 162.144.236.216 port 47750 [preauth]
Sep 29 19:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Invalid user user from 62.60.131.157
Sep 29 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: input_userauth_request: invalid user user [preauth]
Sep 29 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 19:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Failed password for invalid user user from 62.60.131.157 port 44480 ssh2
Sep 29 19:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Failed password for invalid user user from 62.60.131.157 port 44480 ssh2
Sep 29 19:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Failed password for invalid user user from 62.60.131.157 port 44480 ssh2
Sep 29 19:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Failed password for invalid user user from 62.60.131.157 port 44480 ssh2
Sep 29 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for root from 162.144.236.216 port 54780 ssh2
Sep 29 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Failed password for invalid user user from 62.60.131.157 port 44480 ssh2
Sep 29 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Received disconnect from 62.60.131.157 port 44480:11: Bye [preauth]
Sep 29 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: Disconnected from 62.60.131.157 port 44480 [preauth]
Sep 29 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 19:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13442]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13444]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13444]: pam_unix(cron:session): session closed for user root
Sep 29 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: Successful su for rubyman by root
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: + ??? root:rubyman
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316564 of user rubyman.
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13510]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316564.
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 162.144.236.216 port 54780 [preauth]
Sep 29 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session closed for user root
Sep 29 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10449]: pam_unix(cron:session): session closed for user root
Sep 29 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Failed password for root from 162.144.236.216 port 33212 ssh2
Sep 29 19:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Connection closed by 162.144.236.216 port 33212 [preauth]
Sep 29 19:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Failed password for root from 162.144.236.216 port 41232 ssh2
Sep 29 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Connection closed by 162.144.236.216 port 41232 [preauth]
Sep 29 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Invalid user swerv from 167.99.55.34
Sep 29 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: input_userauth_request: invalid user swerv [preauth]
Sep 29 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Failed password for invalid user swerv from 167.99.55.34 port 37026 ssh2
Sep 29 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Connection closed by 167.99.55.34 port 37026 [preauth]
Sep 29 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12517]: pam_unix(cron:session): session closed for user root
Sep 29 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Failed password for root from 162.144.236.216 port 46904 ssh2
Sep 29 19:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13809]: Connection closed by 162.144.236.216 port 46904 [preauth]
Sep 29 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Failed password for root from 162.144.236.216 port 52618 ssh2
Sep 29 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Connection closed by 162.144.236.216 port 52618 [preauth]
Sep 29 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: Successful su for rubyman by root
Sep 29 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: + ??? root:rubyman
Sep 29 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316568 of user rubyman.
Sep 29 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316568.
Sep 29 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session closed for user root
Sep 29 19:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for root from 162.144.236.216 port 60784 ssh2
Sep 29 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Connection closed by 162.144.236.216 port 60784 [preauth]
Sep 29 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Failed password for root from 162.144.236.216 port 40864 ssh2
Sep 29 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Connection closed by 162.144.236.216 port 40864 [preauth]
Sep 29 19:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: Failed password for root from 162.144.236.216 port 47718 ssh2
Sep 29 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14301]: Connection closed by 162.144.236.216 port 47718 [preauth]
Sep 29 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12984]: pam_unix(cron:session): session closed for user root
Sep 29 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Failed password for root from 162.144.236.216 port 55852 ssh2
Sep 29 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Connection closed by 162.144.236.216 port 55852 [preauth]
Sep 29 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Failed password for root from 162.144.236.216 port 33544 ssh2
Sep 29 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Connection closed by 162.144.236.216 port 33544 [preauth]
Sep 29 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 162.144.236.216 port 41236 ssh2
Sep 29 19:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Connection closed by 162.144.236.216 port 41236 [preauth]
Sep 29 19:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Failed password for root from 162.144.236.216 port 47836 ssh2
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session closed for user root
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14499]: Successful su for rubyman by root
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14499]: + ??? root:rubyman
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316572 of user rubyman.
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14499]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316572.
Sep 29 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Connection closed by 162.144.236.216 port 47836 [preauth]
Sep 29 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
Sep 29 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: Failed password for root from 162.144.236.216 port 55780 ssh2
Sep 29 19:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: Connection closed by 162.144.236.216 port 55780 [preauth]
Sep 29 19:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: Failed password for root from 162.144.236.216 port 33442 ssh2
Sep 29 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14703]: Connection closed by 162.144.236.216 port 33442 [preauth]
Sep 29 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: Failed password for root from 162.144.236.216 port 40296 ssh2
Sep 29 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14727]: Connection closed by 162.144.236.216 port 40296 [preauth]
Sep 29 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: Failed password for root from 162.144.236.216 port 47030 ssh2
Sep 29 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: Connection closed by 162.144.236.216 port 47030 [preauth]
Sep 29 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session closed for user root
Sep 29 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Failed password for root from 162.144.236.216 port 52536 ssh2
Sep 29 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Connection closed by 162.144.236.216 port 52536 [preauth]
Sep 29 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Failed password for root from 162.144.236.216 port 32910 ssh2
Sep 29 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Connection closed by 162.144.236.216 port 32910 [preauth]
Sep 29 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: Successful su for rubyman by root
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: + ??? root:rubyman
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316579 of user rubyman.
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14933]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316579.
Sep 29 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session closed for user root
Sep 29 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: Failed password for root from 162.144.236.216 port 41550 ssh2
Sep 29 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: Connection closed by 162.144.236.216 port 41550 [preauth]
Sep 29 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Failed password for root from 162.144.236.216 port 50606 ssh2
Sep 29 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Connection closed by 162.144.236.216 port 50606 [preauth]
Sep 29 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13909]: pam_unix(cron:session): session closed for user root
Sep 29 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Failed password for root from 162.144.236.216 port 57618 ssh2
Sep 29 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Connection closed by 162.144.236.216 port 57618 [preauth]
Sep 29 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: Failed password for root from 162.144.236.216 port 38118 ssh2
Sep 29 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: Connection closed by 162.144.236.216 port 38118 [preauth]
Sep 29 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Failed password for root from 162.144.236.216 port 43904 ssh2
Sep 29 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Connection closed by 162.144.236.216 port 43904 [preauth]
Sep 29 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15300]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: Successful su for rubyman by root
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: + ??? root:rubyman
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316581 of user rubyman.
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316581.
Sep 29 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12516]: pam_unix(cron:session): session closed for user root
Sep 29 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Failed password for root from 162.144.236.216 port 50300 ssh2
Sep 29 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Connection closed by 162.144.236.216 port 50300 [preauth]
Sep 29 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: Failed password for root from 162.144.236.216 port 57568 ssh2
Sep 29 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15538]: Connection closed by 162.144.236.216 port 57568 [preauth]
Sep 29 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Failed password for root from 162.144.236.216 port 37442 ssh2
Sep 29 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session closed for user root
Sep 29 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Connection closed by 162.144.236.216 port 37442 [preauth]
Sep 29 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Failed password for root from 162.144.236.216 port 43270 ssh2
Sep 29 19:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Connection closed by 162.144.236.216 port 43270 [preauth]
Sep 29 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15704]: Failed password for root from 162.144.236.216 port 49714 ssh2
Sep 29 19:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15704]: Connection closed by 162.144.236.216 port 49714 [preauth]
Sep 29 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15737]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15737]: pam_unix(cron:session): session closed for user root
Sep 29 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15730]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15802]: Successful su for rubyman by root
Sep 29 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15802]: + ??? root:rubyman
Sep 29 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316589 of user rubyman.
Sep 29 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15802]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316589.
Sep 29 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session closed for user root
Sep 29 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12982]: pam_unix(cron:session): session closed for user root
Sep 29 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Failed password for root from 162.144.236.216 port 55686 ssh2
Sep 29 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Connection closed by 162.144.236.216 port 55686 [preauth]
Sep 29 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16007]: Failed password for root from 162.144.236.216 port 34318 ssh2
Sep 29 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16007]: Connection closed by 162.144.236.216 port 34318 [preauth]
Sep 29 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Failed password for root from 162.144.236.216 port 40632 ssh2
Sep 29 19:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Connection closed by 162.144.236.216 port 40632 [preauth]
Sep 29 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session closed for user root
Sep 29 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Failed password for root from 93.152.230.176 port 9383 ssh2
Sep 29 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Received disconnect from 93.152.230.176 port 9383:11: Client disconnecting normally [preauth]
Sep 29 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Disconnected from 93.152.230.176 port 9383 [preauth]
Sep 29 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16090]: Failed password for root from 162.144.236.216 port 49148 ssh2
Sep 29 19:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16090]: Connection closed by 162.144.236.216 port 49148 [preauth]
Sep 29 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Invalid user user1 from 185.156.73.233
Sep 29 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: input_userauth_request: invalid user user1 [preauth]
Sep 29 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 19:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Failed password for root from 162.144.236.216 port 57426 ssh2
Sep 29 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Failed password for invalid user user1 from 185.156.73.233 port 42516 ssh2
Sep 29 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Connection closed by 185.156.73.233 port 42516 [preauth]
Sep 29 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16158]: Connection closed by 162.144.236.216 port 57426 [preauth]
Sep 29 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: Successful su for rubyman by root
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: + ??? root:rubyman
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316592 of user rubyman.
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316592.
Sep 29 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13442]: pam_unix(cron:session): session closed for user root
Sep 29 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Failed password for root from 162.144.236.216 port 35742 ssh2
Sep 29 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Connection closed by 162.144.236.216 port 35742 [preauth]
Sep 29 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Failed password for root from 162.144.236.216 port 40728 ssh2
Sep 29 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Connection closed by 162.144.236.216 port 40728 [preauth]
Sep 29 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Invalid user zd from 164.68.105.9
Sep 29 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: input_userauth_request: invalid user zd [preauth]
Sep 29 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Failed password for root from 162.144.236.216 port 46720 ssh2
Sep 29 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Connection closed by 162.144.236.216 port 46720 [preauth]
Sep 29 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Failed password for invalid user zd from 164.68.105.9 port 35344 ssh2
Sep 29 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Connection closed by 164.68.105.9 port 35344 [preauth]
Sep 29 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Failed password for root from 162.144.236.216 port 53286 ssh2
Sep 29 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Connection closed by 162.144.236.216 port 53286 [preauth]
Sep 29 19:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15300]: pam_unix(cron:session): session closed for user root
Sep 29 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: Failed password for root from 162.144.236.216 port 59454 ssh2
Sep 29 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: Connection closed by 162.144.236.216 port 59454 [preauth]
Sep 29 19:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Failed password for root from 162.144.236.216 port 39066 ssh2
Sep 29 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Invalid user user from 80.94.95.112
Sep 29 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: input_userauth_request: invalid user user [preauth]
Sep 29 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Connection closed by 162.144.236.216 port 39066 [preauth]
Sep 29 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Failed password for invalid user user from 80.94.95.112 port 64163 ssh2
Sep 29 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Failed password for invalid user user from 80.94.95.112 port 64163 ssh2
Sep 29 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Failed password for invalid user user from 80.94.95.112 port 64163 ssh2
Sep 29 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: Failed password for root from 162.144.236.216 port 46800 ssh2
Sep 29 19:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: Connection closed by 162.144.236.216 port 46800 [preauth]
Sep 29 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Failed password for invalid user user from 80.94.95.112 port 64163 ssh2
Sep 29 19:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16665]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16663]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Failed password for invalid user user from 80.94.95.112 port 64163 ssh2
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16731]: Successful su for rubyman by root
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16731]: + ??? root:rubyman
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316595 of user rubyman.
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16731]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316595.
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Received disconnect from 80.94.95.112 port 64163:11: Bye [preauth]
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: Disconnected from 80.94.95.112 port 64163 [preauth]
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16640]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Failed password for root from 162.144.236.216 port 53410 ssh2
Sep 29 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Connection closed by 162.144.236.216 port 53410 [preauth]
Sep 29 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13908]: pam_unix(cron:session): session closed for user root
Sep 29 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 162.144.236.216 port 59038 ssh2
Sep 29 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Connection closed by 162.144.236.216 port 59038 [preauth]
Sep 29 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Failed password for root from 162.144.236.216 port 39914 ssh2
Sep 29 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16976]: Connection closed by 162.144.236.216 port 39914 [preauth]
Sep 29 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: Failed password for root from 162.144.236.216 port 49512 ssh2
Sep 29 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session closed for user root
Sep 29 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17009]: Connection closed by 162.144.236.216 port 49512 [preauth]
Sep 29 19:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Failed password for root from 162.144.236.216 port 54782 ssh2
Sep 29 19:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Connection closed by 162.144.236.216 port 54782 [preauth]
Sep 29 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17124]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17121]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: Successful su for rubyman by root
Sep 29 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: + ??? root:rubyman
Sep 29 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316601 of user rubyman.
Sep 29 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316601.
Sep 29 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session closed for user root
Sep 29 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Invalid user vr from 167.99.55.34
Sep 29 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: input_userauth_request: invalid user vr [preauth]
Sep 29 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Failed password for invalid user vr from 167.99.55.34 port 58656 ssh2
Sep 29 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17363]: Connection closed by 167.99.55.34 port 58656 [preauth]
Sep 29 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17122]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Failed password for root from 162.144.236.216 port 35238 ssh2
Sep 29 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Connection closed by 162.144.236.216 port 35238 [preauth]
Sep 29 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Failed password for root from 162.144.236.216 port 42826 ssh2
Sep 29 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Connection closed by 162.144.236.216 port 42826 [preauth]
Sep 29 19:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Failed password for root from 162.144.236.216 port 48430 ssh2
Sep 29 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Connection closed by 162.144.236.216 port 48430 [preauth]
Sep 29 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session closed for user root
Sep 29 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Failed password for root from 162.144.236.216 port 56056 ssh2
Sep 29 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Connection closed by 162.144.236.216 port 56056 [preauth]
Sep 29 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Failed password for root from 162.144.236.216 port 35292 ssh2
Sep 29 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Connection closed by 162.144.236.216 port 35292 [preauth]
Sep 29 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for root from 162.144.236.216 port 40748 ssh2
Sep 29 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Connection closed by 162.144.236.216 port 40748 [preauth]
Sep 29 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Failed password for root from 162.144.236.216 port 46608 ssh2
Sep 29 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: Successful su for rubyman by root
Sep 29 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: + ??? root:rubyman
Sep 29 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316603 of user rubyman.
Sep 29 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316603.
Sep 29 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Connection closed by 162.144.236.216 port 46608 [preauth]
Sep 29 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session closed for user root
Sep 29 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: Failed password for root from 162.144.236.216 port 55710 ssh2
Sep 29 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17739]: Connection closed by 162.144.236.216 port 55710 [preauth]
Sep 29 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Failed password for root from 162.144.236.216 port 34250 ssh2
Sep 29 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Connection closed by 162.144.236.216 port 34250 [preauth]
Sep 29 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Failed password for root from 162.144.236.216 port 40220 ssh2
Sep 29 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Connection closed by 162.144.236.216 port 40220 [preauth]
Sep 29 19:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18019]: Failed password for root from 162.144.236.216 port 46406 ssh2
Sep 29 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18019]: Connection closed by 162.144.236.216 port 46406 [preauth]
Sep 29 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session closed for user root
Sep 29 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: Failed password for root from 162.144.236.216 port 51882 ssh2
Sep 29 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: Connection closed by 162.144.236.216 port 51882 [preauth]
Sep 29 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Failed password for root from 162.144.236.216 port 57966 ssh2
Sep 29 19:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Connection closed by 162.144.236.216 port 57966 [preauth]
Sep 29 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Failed password for root from 162.144.236.216 port 36040 ssh2
Sep 29 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Connection closed by 162.144.236.216 port 36040 [preauth]
Sep 29 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18261]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18262]: pam_unix(cron:session): session closed for user root
Sep 29 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: Successful su for rubyman by root
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: + ??? root:rubyman
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316608 of user rubyman.
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316608.
Sep 29 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Failed password for root from 162.144.236.216 port 43760 ssh2
Sep 29 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Connection closed by 162.144.236.216 port 43760 [preauth]
Sep 29 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session closed for user root
Sep 29 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session closed for user root
Sep 29 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Failed password for root from 162.144.236.216 port 50216 ssh2
Sep 29 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Connection closed by 162.144.236.216 port 50216 [preauth]
Sep 29 19:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for root from 162.144.236.216 port 57042 ssh2
Sep 29 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Connection closed by 162.144.236.216 port 57042 [preauth]
Sep 29 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: Failed password for root from 162.144.236.216 port 35098 ssh2
Sep 29 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: Connection closed by 162.144.236.216 port 35098 [preauth]
Sep 29 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17124]: pam_unix(cron:session): session closed for user root
Sep 29 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Failed password for root from 162.144.236.216 port 41378 ssh2
Sep 29 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Connection closed by 162.144.236.216 port 41378 [preauth]
Sep 29 19:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for root from 162.144.236.216 port 47110 ssh2
Sep 29 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Connection closed by 162.144.236.216 port 47110 [preauth]
Sep 29 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18887]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18888]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18885]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18968]: Successful su for rubyman by root
Sep 29 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18968]: + ??? root:rubyman
Sep 29 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316613 of user rubyman.
Sep 29 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18968]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316613.
Sep 29 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session closed for user root
Sep 29 19:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18886]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Failed password for root from 162.144.236.216 port 55242 ssh2
Sep 29 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18878]: Connection closed by 162.144.236.216 port 55242 [preauth]
Sep 29 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Failed password for root from 162.144.236.216 port 34694 ssh2
Sep 29 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Connection closed by 162.144.236.216 port 34694 [preauth]
Sep 29 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Failed password for root from 162.144.236.216 port 40830 ssh2
Sep 29 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Connection closed by 162.144.236.216 port 40830 [preauth]
Sep 29 19:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session closed for user root
Sep 29 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Failed password for root from 162.144.236.216 port 47304 ssh2
Sep 29 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Connection closed by 162.144.236.216 port 47304 [preauth]
Sep 29 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for root from 162.144.236.216 port 53084 ssh2
Sep 29 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Connection closed by 162.144.236.216 port 53084 [preauth]
Sep 29 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Failed password for root from 162.144.236.216 port 58988 ssh2
Sep 29 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Connection closed by 162.144.236.216 port 58988 [preauth]
Sep 29 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19574]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19571]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: Successful su for rubyman by root
Sep 29 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: + ??? root:rubyman
Sep 29 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316617 of user rubyman.
Sep 29 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19746]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316617.
Sep 29 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session closed for user root
Sep 29 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: Failed password for root from 162.144.236.216 port 37414 ssh2
Sep 29 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19572]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: Connection closed by 162.144.236.216 port 37414 [preauth]
Sep 29 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20017]: Failed password for root from 162.144.236.216 port 46660 ssh2
Sep 29 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20017]: Connection closed by 162.144.236.216 port 46660 [preauth]
Sep 29 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 162.144.236.216 port 51474 ssh2
Sep 29 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Connection closed by 162.144.236.216 port 51474 [preauth]
Sep 29 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Failed password for root from 162.144.236.216 port 56606 ssh2
Sep 29 19:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18261]: pam_unix(cron:session): session closed for user root
Sep 29 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Connection closed by 162.144.236.216 port 56606 [preauth]
Sep 29 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Failed password for root from 162.144.236.216 port 34542 ssh2
Sep 29 19:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Connection closed by 162.144.236.216 port 34542 [preauth]
Sep 29 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20199]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: Successful su for rubyman by root
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: + ??? root:rubyman
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316621 of user rubyman.
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316621.
Sep 29 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16665]: pam_unix(cron:session): session closed for user root
Sep 29 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Failed password for root from 162.144.236.216 port 41000 ssh2
Sep 29 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20200]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Connection closed by 162.144.236.216 port 41000 [preauth]
Sep 29 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Failed password for root from 162.144.236.216 port 48362 ssh2
Sep 29 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Connection closed by 162.144.236.216 port 48362 [preauth]
Sep 29 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Connection closed by 103.29.70.204 port 35094 [preauth]
Sep 29 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Failed password for root from 162.144.236.216 port 55322 ssh2
Sep 29 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Connection closed by 162.144.236.216 port 55322 [preauth]
Sep 29 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18888]: pam_unix(cron:session): session closed for user root
Sep 29 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Failed password for root from 162.144.236.216 port 34958 ssh2
Sep 29 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Connection closed by 162.144.236.216 port 34958 [preauth]
Sep 29 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Failed password for root from 162.144.236.216 port 39726 ssh2
Sep 29 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Connection closed by 162.144.236.216 port 39726 [preauth]
Sep 29 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Failed password for root from 162.144.236.216 port 48076 ssh2
Sep 29 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Connection closed by 162.144.236.216 port 48076 [preauth]
Sep 29 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: Successful su for rubyman by root
Sep 29 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: + ??? root:rubyman
Sep 29 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316627 of user rubyman.
Sep 29 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20753]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316627.
Sep 29 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17123]: pam_unix(cron:session): session closed for user root
Sep 29 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Failed password for root from 162.144.236.216 port 55528 ssh2
Sep 29 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Connection closed by 162.144.236.216 port 55528 [preauth]
Sep 29 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Invalid user git from 93.152.230.176
Sep 29 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: input_userauth_request: invalid user git [preauth]
Sep 29 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 19:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Failed password for invalid user git from 93.152.230.176 port 57132 ssh2
Sep 29 19:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Received disconnect from 93.152.230.176 port 57132:11: Client disconnecting normally [preauth]
Sep 29 19:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Disconnected from 93.152.230.176 port 57132 [preauth]
Sep 29 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Failed password for root from 162.144.236.216 port 33300 ssh2
Sep 29 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Connection closed by 162.144.236.216 port 33300 [preauth]
Sep 29 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19574]: pam_unix(cron:session): session closed for user root
Sep 29 19:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Failed password for root from 162.144.236.216 port 39778 ssh2
Sep 29 19:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Connection closed by 162.144.236.216 port 39778 [preauth]
Sep 29 19:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Failed password for root from 162.144.236.216 port 46506 ssh2
Sep 29 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21083]: Connection closed by 162.144.236.216 port 46506 [preauth]
Sep 29 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: Failed password for root from 162.144.236.216 port 52982 ssh2
Sep 29 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: Connection closed by 162.144.236.216 port 52982 [preauth]
Sep 29 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21146]: pam_unix(cron:session): session closed for user root
Sep 29 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: Successful su for rubyman by root
Sep 29 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: + ??? root:rubyman
Sep 29 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316633 of user rubyman.
Sep 29 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316633.
Sep 29 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session closed for user root
Sep 29 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21138]: Failed password for root from 162.144.236.216 port 33612 ssh2
Sep 29 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session closed for user root
Sep 29 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21138]: Connection closed by 162.144.236.216 port 33612 [preauth]
Sep 29 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21142]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Failed password for root from 162.144.236.216 port 40656 ssh2
Sep 29 19:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Connection closed by 162.144.236.216 port 40656 [preauth]
Sep 29 19:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: Failed password for root from 162.144.236.216 port 47554 ssh2
Sep 29 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: Connection closed by 162.144.236.216 port 47554 [preauth]
Sep 29 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Failed password for root from 162.144.236.216 port 55194 ssh2
Sep 29 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Connection closed by 162.144.236.216 port 55194 [preauth]
Sep 29 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session closed for user root
Sep 29 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21519]: Failed password for root from 162.144.236.216 port 32810 ssh2
Sep 29 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21519]: Connection closed by 162.144.236.216 port 32810 [preauth]
Sep 29 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: Invalid user ayaz from 167.99.55.34
Sep 29 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: input_userauth_request: invalid user ayaz [preauth]
Sep 29 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: Failed password for invalid user ayaz from 167.99.55.34 port 49344 ssh2
Sep 29 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: Connection closed by 167.99.55.34 port 49344 [preauth]
Sep 29 19:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Failed password for root from 162.144.236.216 port 39478 ssh2
Sep 29 19:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Connection closed by 162.144.236.216 port 39478 [preauth]
Sep 29 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Sep 29 19:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Failed password for root from 80.94.95.116 port 62288 ssh2
Sep 29 19:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21604]: Connection closed by 80.94.95.116 port 62288 [preauth]
Sep 29 19:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Failed password for root from 162.144.236.216 port 48104 ssh2
Sep 29 19:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Connection closed by 162.144.236.216 port 48104 [preauth]
Sep 29 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21617]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: Successful su for rubyman by root
Sep 29 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: + ??? root:rubyman
Sep 29 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316636 of user rubyman.
Sep 29 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21691]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316636.
Sep 29 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Failed password for root from 162.144.236.216 port 56224 ssh2
Sep 29 19:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user root
Sep 29 19:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21615]: Connection closed by 162.144.236.216 port 56224 [preauth]
Sep 29 19:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21906]: Failed password for root from 162.144.236.216 port 34358 ssh2
Sep 29 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21906]: Connection closed by 162.144.236.216 port 34358 [preauth]
Sep 29 19:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21936]: Failed password for root from 162.144.236.216 port 42440 ssh2
Sep 29 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21936]: Connection closed by 162.144.236.216 port 42440 [preauth]
Sep 29 19:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session closed for user root
Sep 29 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21972]: Failed password for root from 162.144.236.216 port 51390 ssh2
Sep 29 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21972]: Connection closed by 162.144.236.216 port 51390 [preauth]
Sep 29 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Failed password for root from 162.144.236.216 port 59502 ssh2
Sep 29 19:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22021]: Connection closed by 162.144.236.216 port 59502 [preauth]
Sep 29 19:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Invalid user useruser from 138.68.58.124
Sep 29 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: input_userauth_request: invalid user useruser [preauth]
Sep 29 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Failed password for invalid user useruser from 138.68.58.124 port 49936 ssh2
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Connection closed by 138.68.58.124 port 49936 [preauth]
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22085]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22081]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: Successful su for rubyman by root
Sep 29 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: + ??? root:rubyman
Sep 29 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316639 of user rubyman.
Sep 29 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22151]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316639.
Sep 29 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18887]: pam_unix(cron:session): session closed for user root
Sep 29 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Failed password for root from 162.144.236.216 port 38938 ssh2
Sep 29 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22057]: Connection closed by 162.144.236.216 port 38938 [preauth]
Sep 29 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: Failed password for root from 162.144.236.216 port 45218 ssh2
Sep 29 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22338]: Connection closed by 162.144.236.216 port 45218 [preauth]
Sep 29 19:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Failed password for root from 162.144.236.216 port 50432 ssh2
Sep 29 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session closed for user root
Sep 29 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Connection closed by 162.144.236.216 port 50432 [preauth]
Sep 29 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: Did not receive identification string from 162.144.236.216
Sep 29 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Invalid user admin from 139.19.117.131
Sep 29 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Connection closed by 139.19.117.131 port 48696 [preauth]
Sep 29 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: Failed password for root from 162.144.236.216 port 33586 ssh2
Sep 29 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22478]: Connection closed by 162.144.236.216 port 33586 [preauth]
Sep 29 19:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22537]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: Successful su for rubyman by root
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: + ??? root:rubyman
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316644 of user rubyman.
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22598]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316644.
Sep 29 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19573]: pam_unix(cron:session): session closed for user root
Sep 29 19:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: Failed password for root from 162.144.236.216 port 41442 ssh2
Sep 29 19:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22536]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22533]: Connection closed by 162.144.236.216 port 41442 [preauth]
Sep 29 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Failed password for root from 162.144.236.216 port 45884 ssh2
Sep 29 19:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Connection closed by 162.144.236.216 port 45884 [preauth]
Sep 29 19:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Failed password for root from 162.144.236.216 port 53706 ssh2
Sep 29 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23065]: Connection closed by 162.144.236.216 port 53706 [preauth]
Sep 29 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: Failed password for root from 162.144.236.216 port 33042 ssh2
Sep 29 19:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21620]: pam_unix(cron:session): session closed for user root
Sep 29 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: Connection closed by 162.144.236.216 port 33042 [preauth]
Sep 29 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Failed password for root from 162.144.236.216 port 38062 ssh2
Sep 29 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23164]: Connection closed by 162.144.236.216 port 38062 [preauth]
Sep 29 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Failed password for root from 162.144.236.216 port 47410 ssh2
Sep 29 19:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Connection closed by 162.144.236.216 port 47410 [preauth]
Sep 29 19:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: Successful su for rubyman by root
Sep 29 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: + ??? root:rubyman
Sep 29 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316647 of user rubyman.
Sep 29 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23337]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316647.
Sep 29 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session closed for user root
Sep 29 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: Failed password for root from 162.144.236.216 port 53030 ssh2
Sep 29 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23246]: Connection closed by 162.144.236.216 port 53030 [preauth]
Sep 29 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Failed password for root from 162.144.236.216 port 33528 ssh2
Sep 29 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Connection closed by 162.144.236.216 port 33528 [preauth]
Sep 29 19:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22086]: pam_unix(cron:session): session closed for user root
Sep 29 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: Failed password for root from 162.144.236.216 port 39964 ssh2
Sep 29 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23831]: Connection closed by 162.144.236.216 port 39964 [preauth]
Sep 29 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Failed password for root from 162.144.236.216 port 46226 ssh2
Sep 29 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Connection closed by 162.144.236.216 port 46226 [preauth]
Sep 29 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for root from 162.144.236.216 port 54450 ssh2
Sep 29 19:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Connection closed by 162.144.236.216 port 54450 [preauth]
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23938]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session closed for user root
Sep 29 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23931]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24016]: Successful su for rubyman by root
Sep 29 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24016]: + ??? root:rubyman
Sep 29 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316652 of user rubyman.
Sep 29 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24016]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316652.
Sep 29 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23934]: pam_unix(cron:session): session closed for user root
Sep 29 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session closed for user root
Sep 29 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23932]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Failed password for root from 162.144.236.216 port 60042 ssh2
Sep 29 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Connection closed by 162.144.236.216 port 60042 [preauth]
Sep 29 19:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for root from 162.144.236.216 port 39200 ssh2
Sep 29 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 162.144.236.216 port 39200 [preauth]
Sep 29 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Failed password for root from 162.144.236.216 port 45512 ssh2
Sep 29 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Connection closed by 162.144.236.216 port 45512 [preauth]
Sep 29 19:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24363]: Failed password for root from 162.144.236.216 port 51824 ssh2
Sep 29 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session closed for user root
Sep 29 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24363]: Connection closed by 162.144.236.216 port 51824 [preauth]
Sep 29 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: Failed password for root from 162.144.236.216 port 58408 ssh2
Sep 29 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24386]: Connection closed by 162.144.236.216 port 58408 [preauth]
Sep 29 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Failed password for root from 162.144.236.216 port 37790 ssh2
Sep 29 19:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24437]: Connection closed by 162.144.236.216 port 37790 [preauth]
Sep 29 19:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Failed password for root from 162.144.236.216 port 46270 ssh2
Sep 29 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24478]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Connection closed by 162.144.236.216 port 46270 [preauth]
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24563]: Successful su for rubyman by root
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24563]: + ??? root:rubyman
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316657 of user rubyman.
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24563]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316657.
Sep 29 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user root
Sep 29 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24479]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for root from 162.144.236.216 port 52374 ssh2
Sep 29 19:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Connection closed by 162.144.236.216 port 52374 [preauth]
Sep 29 19:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Failed password for root from 162.144.236.216 port 33016 ssh2
Sep 29 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Connection closed by 162.144.236.216 port 33016 [preauth]
Sep 29 19:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23262]: pam_unix(cron:session): session closed for user root
Sep 29 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Failed password for root from 162.144.236.216 port 39538 ssh2
Sep 29 19:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24866]: Connection closed by 162.144.236.216 port 39538 [preauth]
Sep 29 19:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24914]: Failed password for root from 162.144.236.216 port 47778 ssh2
Sep 29 19:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24914]: Connection closed by 162.144.236.216 port 47778 [preauth]
Sep 29 19:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24940]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: Successful su for rubyman by root
Sep 29 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: + ??? root:rubyman
Sep 29 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316661 of user rubyman.
Sep 29 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25017]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316661.
Sep 29 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21619]: pam_unix(cron:session): session closed for user root
Sep 29 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: Failed password for root from 162.144.236.216 port 54698 ssh2
Sep 29 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24937]: Connection closed by 162.144.236.216 port 54698 [preauth]
Sep 29 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Failed password for root from 162.144.236.216 port 33444 ssh2
Sep 29 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Connection closed by 162.144.236.216 port 33444 [preauth]
Sep 29 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Failed password for root from 93.152.230.176 port 56660 ssh2
Sep 29 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Received disconnect from 93.152.230.176 port 56660:11: Client disconnecting normally [preauth]
Sep 29 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Disconnected from 93.152.230.176 port 56660 [preauth]
Sep 29 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23938]: pam_unix(cron:session): session closed for user root
Sep 29 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for root from 162.144.236.216 port 38952 ssh2
Sep 29 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 162.144.236.216 port 38952 [preauth]
Sep 29 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Failed password for root from 162.144.236.216 port 49398 ssh2
Sep 29 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Connection closed by 162.144.236.216 port 49398 [preauth]
Sep 29 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25708]: Successful su for rubyman by root
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25708]: + ??? root:rubyman
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316666 of user rubyman.
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25708]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316666.
Sep 29 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Failed password for root from 162.144.236.216 port 56640 ssh2
Sep 29 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22085]: pam_unix(cron:session): session closed for user root
Sep 29 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25630]: Connection closed by 162.144.236.216 port 56640 [preauth]
Sep 29 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Invalid user attaullah from 167.99.55.34
Sep 29 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: input_userauth_request: invalid user attaullah [preauth]
Sep 29 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Failed password for root from 162.144.236.216 port 37296 ssh2
Sep 29 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Failed password for invalid user attaullah from 167.99.55.34 port 39384 ssh2
Sep 29 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Connection closed by 167.99.55.34 port 39384 [preauth]
Sep 29 19:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Connection closed by 162.144.236.216 port 37296 [preauth]
Sep 29 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Failed password for root from 162.144.236.216 port 45934 ssh2
Sep 29 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26082]: Connection closed by 162.144.236.216 port 45934 [preauth]
Sep 29 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24481]: pam_unix(cron:session): session closed for user root
Sep 29 19:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Failed password for root from 162.144.236.216 port 52304 ssh2
Sep 29 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Connection closed by 162.144.236.216 port 52304 [preauth]
Sep 29 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Failed password for root from 162.144.236.216 port 58826 ssh2
Sep 29 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Connection closed by 162.144.236.216 port 58826 [preauth]
Sep 29 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: Successful su for rubyman by root
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: + ??? root:rubyman
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316670 of user rubyman.
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26394]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316670.
Sep 29 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26217]: pam_unix(cron:session): session closed for user root
Sep 29 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22537]: pam_unix(cron:session): session closed for user root
Sep 29 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26220]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Failed password for root from 162.144.236.216 port 35894 ssh2
Sep 29 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Connection closed by 162.144.236.216 port 35894 [preauth]
Sep 29 19:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Failed password for root from 162.144.236.216 port 43894 ssh2
Sep 29 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Connection closed by 162.144.236.216 port 43894 [preauth]
Sep 29 19:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24943]: pam_unix(cron:session): session closed for user root
Sep 29 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for root from 162.144.236.216 port 50808 ssh2
Sep 29 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Invalid user admin from 185.156.73.233
Sep 29 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Connection closed by 162.144.236.216 port 50808 [preauth]
Sep 29 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Failed password for invalid user admin from 185.156.73.233 port 43312 ssh2
Sep 29 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Connection closed by 185.156.73.233 port 43312 [preauth]
Sep 29 19:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Failed password for root from 162.144.236.216 port 55680 ssh2
Sep 29 19:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Connection closed by 162.144.236.216 port 55680 [preauth]
Sep 29 19:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user root
Sep 29 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26972]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27067]: Successful su for rubyman by root
Sep 29 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27067]: + ??? root:rubyman
Sep 29 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316674 of user rubyman.
Sep 29 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27067]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316674.
Sep 29 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session closed for user root
Sep 29 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session closed for user root
Sep 29 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Failed password for root from 162.144.236.216 port 33530 ssh2
Sep 29 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Connection closed by 162.144.236.216 port 33530 [preauth]
Sep 29 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Failed password for root from 162.144.236.216 port 41960 ssh2
Sep 29 19:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Connection closed by 162.144.236.216 port 41960 [preauth]
Sep 29 19:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session closed for user root
Sep 29 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: Failed password for root from 162.144.236.216 port 49722 ssh2
Sep 29 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27399]: Connection closed by 162.144.236.216 port 49722 [preauth]
Sep 29 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Failed password for root from 162.144.236.216 port 56688 ssh2
Sep 29 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Connection closed by 162.144.236.216 port 56688 [preauth]
Sep 29 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27519]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27753]: Successful su for rubyman by root
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27753]: + ??? root:rubyman
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316682 of user rubyman.
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27753]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316682.
Sep 29 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session closed for user root
Sep 29 19:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27520]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: Failed password for root from 162.144.236.216 port 35844 ssh2
Sep 29 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: Connection closed by 162.144.236.216 port 35844 [preauth]
Sep 29 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27995]: Failed password for root from 162.144.236.216 port 43960 ssh2
Sep 29 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27995]: Connection closed by 162.144.236.216 port 43960 [preauth]
Sep 29 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session closed for user root
Sep 29 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Failed password for root from 162.144.236.216 port 49388 ssh2
Sep 29 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Connection closed by 162.144.236.216 port 49388 [preauth]
Sep 29 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28116]: Did not receive identification string from 162.144.236.216
Sep 29 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28145]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28212]: Successful su for rubyman by root
Sep 29 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28212]: + ??? root:rubyman
Sep 29 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316684 of user rubyman.
Sep 29 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28212]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316684.
Sep 29 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Failed password for root from 162.144.236.216 port 33674 ssh2
Sep 29 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24480]: pam_unix(cron:session): session closed for user root
Sep 29 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Connection closed by 162.144.236.216 port 33674 [preauth]
Sep 29 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Failed password for root from 162.144.236.216 port 40790 ssh2
Sep 29 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Connection closed by 162.144.236.216 port 40790 [preauth]
Sep 29 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: Failed password for root from 162.144.236.216 port 47968 ssh2
Sep 29 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: Connection closed by 162.144.236.216 port 47968 [preauth]
Sep 29 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Failed password for root from 162.144.236.216 port 53540 ssh2
Sep 29 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28483]: Connection closed by 162.144.236.216 port 53540 [preauth]
Sep 29 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session closed for user root
Sep 29 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: Failed password for root from 162.144.236.216 port 60890 ssh2
Sep 29 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: Connection closed by 162.144.236.216 port 60890 [preauth]
Sep 29 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: Failed password for root from 162.144.236.216 port 39522 ssh2
Sep 29 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28673]: Connection closed by 162.144.236.216 port 39522 [preauth]
Sep 29 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28732]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28797]: Successful su for rubyman by root
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28797]: + ??? root:rubyman
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316688 of user rubyman.
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28797]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316688.
Sep 29 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24942]: pam_unix(cron:session): session closed for user root
Sep 29 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28733]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: Failed password for root from 162.144.236.216 port 46230 ssh2
Sep 29 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28718]: Connection closed by 162.144.236.216 port 46230 [preauth]
Sep 29 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Failed password for root from 162.144.236.216 port 52992 ssh2
Sep 29 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Did not receive identification string from 196.251.87.129
Sep 29 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29194]: Did not receive identification string from 196.251.87.129
Sep 29 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Connection closed by 162.144.236.216 port 52992 [preauth]
Sep 29 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27522]: pam_unix(cron:session): session closed for user root
Sep 29 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for root from 162.144.236.216 port 32990 ssh2
Sep 29 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Connection closed by 162.144.236.216 port 32990 [preauth]
Sep 29 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Failed password for root from 162.144.236.216 port 40466 ssh2
Sep 29 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29240]: Connection closed by 162.144.236.216 port 40466 [preauth]
Sep 29 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: Failed password for root from 162.144.236.216 port 46376 ssh2
Sep 29 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29254]: Connection closed by 162.144.236.216 port 46376 [preauth]
Sep 29 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for root from 162.144.236.216 port 51290 ssh2
Sep 29 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: Successful su for rubyman by root
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: + ??? root:rubyman
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316692 of user rubyman.
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316692.
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Connection closed by 162.144.236.216 port 51290 [preauth]
Sep 29 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
Sep 29 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: Failed password for root from 162.144.236.216 port 59052 ssh2
Sep 29 19:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29427]: Connection closed by 162.144.236.216 port 59052 [preauth]
Sep 29 19:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: Failed password for root from 162.144.236.216 port 35346 ssh2
Sep 29 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: Connection closed by 162.144.236.216 port 35346 [preauth]
Sep 29 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session closed for user root
Sep 29 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Failed password for root from 162.144.236.216 port 41396 ssh2
Sep 29 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Connection closed by 162.144.236.216 port 41396 [preauth]
Sep 29 19:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user root
Sep 29 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: Successful su for rubyman by root
Sep 29 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: + ??? root:rubyman
Sep 29 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316696 of user rubyman.
Sep 29 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29868]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316696.
Sep 29 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user root
Sep 29 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user root
Sep 29 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Failed password for root from 162.144.236.216 port 50682 ssh2
Sep 29 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29753]: Connection closed by 162.144.236.216 port 50682 [preauth]
Sep 29 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Failed password for root from 162.144.236.216 port 57910 ssh2
Sep 29 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Connection closed by 162.144.236.216 port 57910 [preauth]
Sep 29 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for root from 162.144.236.216 port 35974 ssh2
Sep 29 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Connection closed by 162.144.236.216 port 35974 [preauth]
Sep 29 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28735]: pam_unix(cron:session): session closed for user root
Sep 29 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: Failed password for root from 162.144.236.216 port 41746 ssh2
Sep 29 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: Connection closed by 162.144.236.216 port 41746 [preauth]
Sep 29 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Failed password for root from 162.144.236.216 port 48586 ssh2
Sep 29 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30267]: Connection closed by 162.144.236.216 port 48586 [preauth]
Sep 29 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30295]: Failed password for root from 162.144.236.216 port 54868 ssh2
Sep 29 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30295]: Connection closed by 162.144.236.216 port 54868 [preauth]
Sep 29 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Invalid user samina from 167.99.55.34
Sep 29 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: input_userauth_request: invalid user samina [preauth]
Sep 29 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Invalid user sara from 93.152.230.176
Sep 29 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: input_userauth_request: invalid user sara [preauth]
Sep 29 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Failed password for invalid user samina from 167.99.55.34 port 53306 ssh2
Sep 29 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30324]: Connection closed by 167.99.55.34 port 53306 [preauth]
Sep 29 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Failed password for invalid user sara from 93.152.230.176 port 56947 ssh2
Sep 29 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Received disconnect from 93.152.230.176 port 56947:11: Client disconnecting normally [preauth]
Sep 29 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30326]: Disconnected from 93.152.230.176 port 56947 [preauth]
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: Successful su for rubyman by root
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: + ??? root:rubyman
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316702 of user rubyman.
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30433]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316702.
Sep 29 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30322]: Failed password for root from 162.144.236.216 port 34872 ssh2
Sep 29 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30322]: Connection closed by 162.144.236.216 port 34872 [preauth]
Sep 29 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session closed for user root
Sep 29 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Failed password for root from 162.144.236.216 port 41098 ssh2
Sep 29 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Connection closed by 162.144.236.216 port 41098 [preauth]
Sep 29 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
Sep 29 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30766]: Failed password for root from 162.144.236.216 port 50324 ssh2
Sep 29 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30766]: Connection closed by 162.144.236.216 port 50324 [preauth]
Sep 29 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Failed password for root from 162.144.236.216 port 57276 ssh2
Sep 29 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30835]: Connection closed by 162.144.236.216 port 57276 [preauth]
Sep 29 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30906]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30977]: Successful su for rubyman by root
Sep 29 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30977]: + ??? root:rubyman
Sep 29 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316706 of user rubyman.
Sep 29 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30977]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316706.
Sep 29 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for root from 162.144.236.216 port 36102 ssh2
Sep 29 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27521]: pam_unix(cron:session): session closed for user root
Sep 29 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Connection closed by 162.144.236.216 port 36102 [preauth]
Sep 29 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Failed password for root from 162.144.236.216 port 43150 ssh2
Sep 29 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Connection closed by 162.144.236.216 port 43150 [preauth]
Sep 29 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user root
Sep 29 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Failed password for root from 162.144.236.216 port 47798 ssh2
Sep 29 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Invalid user backuppc from 103.217.144.161
Sep 29 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: input_userauth_request: invalid user backuppc [preauth]
Sep 29 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Failed password for invalid user backuppc from 103.217.144.161 port 38710 ssh2
Sep 29 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Received disconnect from 103.217.144.161 port 38710:11: Bye Bye [preauth]
Sep 29 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Disconnected from 103.217.144.161 port 38710 [preauth]
Sep 29 19:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Connection closed by 162.144.236.216 port 47798 [preauth]
Sep 29 19:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: Successful su for rubyman by root
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: + ??? root:rubyman
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316711 of user rubyman.
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31448]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316711.
Sep 29 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31308]: Failed password for root from 162.144.236.216 port 55456 ssh2
Sep 29 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31308]: Connection closed by 162.144.236.216 port 55456 [preauth]
Sep 29 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28145]: pam_unix(cron:session): session closed for user root
Sep 29 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: Failed password for root from 162.144.236.216 port 37236 ssh2
Sep 29 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: Connection closed by 162.144.236.216 port 37236 [preauth]
Sep 29 19:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: Failed password for root from 162.144.236.216 port 43168 ssh2
Sep 29 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: Connection closed by 162.144.236.216 port 43168 [preauth]
Sep 29 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session closed for user root
Sep 29 19:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: Failed password for root from 162.144.236.216 port 50284 ssh2
Sep 29 19:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: Connection closed by 162.144.236.216 port 50284 [preauth]
Sep 29 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: Successful su for rubyman by root
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: + ??? root:rubyman
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316715 of user rubyman.
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31921]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316715.
Sep 29 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session closed for user root
Sep 29 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Failed password for root from 162.144.236.216 port 33134 ssh2
Sep 29 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31838]: Connection closed by 162.144.236.216 port 33134 [preauth]
Sep 29 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: Failed password for root from 162.144.236.216 port 41386 ssh2
Sep 29 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: Connection closed by 162.144.236.216 port 41386 [preauth]
Sep 29 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: Failed password for root from 162.144.236.216 port 47190 ssh2
Sep 29 19:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32177]: Connection closed by 162.144.236.216 port 47190 [preauth]
Sep 29 19:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Failed password for root from 162.144.236.216 port 54028 ssh2
Sep 29 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32189]: Connection closed by 162.144.236.216 port 54028 [preauth]
Sep 29 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 19:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30909]: pam_unix(cron:session): session closed for user root
Sep 29 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: Failed password for root from 185.156.73.233 port 17338 ssh2
Sep 29 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: Connection closed by 185.156.73.233 port 17338 [preauth]
Sep 29 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: Failed password for root from 162.144.236.216 port 59574 ssh2
Sep 29 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32219]: Connection closed by 162.144.236.216 port 59574 [preauth]
Sep 29 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: Failed password for root from 162.144.236.216 port 38164 ssh2
Sep 29 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32260]: Connection closed by 162.144.236.216 port 38164 [preauth]
Sep 29 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Failed password for root from 162.144.236.216 port 44800 ssh2
Sep 29 19:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32291]: Connection closed by 162.144.236.216 port 44800 [preauth]
Sep 29 19:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session closed for user root
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: Successful su for rubyman by root
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: + ??? root:rubyman
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316723 of user rubyman.
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316723.
Sep 29 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user root
Sep 29 19:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session closed for user root
Sep 29 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for root from 162.144.236.216 port 52706 ssh2
Sep 29 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Connection closed by 162.144.236.216 port 52706 [preauth]
Sep 29 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Failed password for root from 162.144.236.216 port 32946 ssh2
Sep 29 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Connection closed by 162.144.236.216 port 32946 [preauth]
Sep 29 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Invalid user jeremy from 8.216.34.2
Sep 29 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: input_userauth_request: invalid user jeremy [preauth]
Sep 29 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Failed password for invalid user jeremy from 8.216.34.2 port 37890 ssh2
Sep 29 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Received disconnect from 8.216.34.2 port 37890:11: Bye Bye [preauth]
Sep 29 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32698]: Disconnected from 8.216.34.2 port 37890 [preauth]
Sep 29 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session closed for user root
Sep 29 19:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for root from 162.144.236.216 port 38804 ssh2
Sep 29 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Connection closed by 162.144.236.216 port 38804 [preauth]
Sep 29 19:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Failed password for root from 162.144.236.216 port 46244 ssh2
Sep 29 19:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Connection closed by 162.144.236.216 port 46244 [preauth]
Sep 29 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[338]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: Successful su for rubyman by root
Sep 29 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: + ??? root:rubyman
Sep 29 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316724 of user rubyman.
Sep 29 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[412]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316724.
Sep 29 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Invalid user stu from 23.94.112.185
Sep 29 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: input_userauth_request: invalid user stu [preauth]
Sep 29 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session closed for user root
Sep 29 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Failed password for invalid user stu from 23.94.112.185 port 42636 ssh2
Sep 29 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Received disconnect from 23.94.112.185 port 42636:11: Bye Bye [preauth]
Sep 29 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[580]: Disconnected from 23.94.112.185 port 42636 [preauth]
Sep 29 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Failed password for root from 162.144.236.216 port 53726 ssh2
Sep 29 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[333]: Connection closed by 162.144.236.216 port 53726 [preauth]
Sep 29 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Failed password for root from 162.144.236.216 port 60930 ssh2
Sep 29 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31854]: pam_unix(cron:session): session closed for user root
Sep 29 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Connection closed by 162.144.236.216 port 60930 [preauth]
Sep 29 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Failed password for root from 162.144.236.216 port 41186 ssh2
Sep 29 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Connection closed by 162.144.236.216 port 41186 [preauth]
Sep 29 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: Failed password for root from 162.144.236.216 port 48222 ssh2
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: Successful su for rubyman by root
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: + ??? root:rubyman
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316730 of user rubyman.
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316730.
Sep 29 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: Connection closed by 162.144.236.216 port 48222 [preauth]
Sep 29 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session closed for user root
Sep 29 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Failed password for root from 162.144.236.216 port 54496 ssh2
Sep 29 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Connection closed by 162.144.236.216 port 54496 [preauth]
Sep 29 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Invalid user jet from 8.216.34.2
Sep 29 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: input_userauth_request: invalid user jet [preauth]
Sep 29 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for root from 162.144.236.216 port 32998 ssh2
Sep 29 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Connection closed by 162.144.236.216 port 32998 [preauth]
Sep 29 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Failed password for invalid user jet from 8.216.34.2 port 39262 ssh2
Sep 29 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Received disconnect from 8.216.34.2 port 39262:11: Bye Bye [preauth]
Sep 29 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Disconnected from 8.216.34.2 port 39262 [preauth]
Sep 29 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Failed password for root from 162.144.236.216 port 40138 ssh2
Sep 29 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32319]: pam_unix(cron:session): session closed for user root
Sep 29 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Connection closed by 162.144.236.216 port 40138 [preauth]
Sep 29 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Failed password for root from 23.94.112.185 port 59968 ssh2
Sep 29 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Received disconnect from 23.94.112.185 port 59968:11: Bye Bye [preauth]
Sep 29 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Disconnected from 23.94.112.185 port 59968 [preauth]
Sep 29 19:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Failed password for root from 162.144.236.216 port 47482 ssh2
Sep 29 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Connection closed by 162.144.236.216 port 47482 [preauth]
Sep 29 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: Successful su for rubyman by root
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: + ??? root:rubyman
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316732 of user rubyman.
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316732.
Sep 29 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session closed for user root
Sep 29 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1327]: Failed password for root from 162.144.236.216 port 53614 ssh2
Sep 29 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1327]: Connection closed by 162.144.236.216 port 53614 [preauth]
Sep 29 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Invalid user admin from 103.217.144.161
Sep 29 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: input_userauth_request: invalid user admin [preauth]
Sep 29 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Failed password for invalid user admin from 103.217.144.161 port 33522 ssh2
Sep 29 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Received disconnect from 103.217.144.161 port 33522:11: Bye Bye [preauth]
Sep 29 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1666]: Disconnected from 103.217.144.161 port 33522 [preauth]
Sep 29 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: Failed password for root from 162.144.236.216 port 33782 ssh2
Sep 29 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: Connection closed by 162.144.236.216 port 33782 [preauth]
Sep 29 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Invalid user tayyaba from 167.99.55.34
Sep 29 19:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: input_userauth_request: invalid user tayyaba [preauth]
Sep 29 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[338]: pam_unix(cron:session): session closed for user root
Sep 29 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Failed password for invalid user tayyaba from 167.99.55.34 port 34078 ssh2
Sep 29 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1749]: Connection closed by 167.99.55.34 port 34078 [preauth]
Sep 29 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Failed password for root from 162.144.236.216 port 40668 ssh2
Sep 29 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Invalid user seekcy from 8.216.34.2
Sep 29 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Connection closed by 162.144.236.216 port 40668 [preauth]
Sep 29 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Failed password for invalid user seekcy from 8.216.34.2 port 38280 ssh2
Sep 29 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Received disconnect from 8.216.34.2 port 38280:11: Bye Bye [preauth]
Sep 29 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Disconnected from 8.216.34.2 port 38280 [preauth]
Sep 29 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Invalid user david from 23.94.112.185
Sep 29 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: input_userauth_request: invalid user david [preauth]
Sep 29 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user david from 23.94.112.185 port 51994 ssh2
Sep 29 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Received disconnect from 23.94.112.185 port 51994:11: Bye Bye [preauth]
Sep 29 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Disconnected from 23.94.112.185 port 51994 [preauth]
Sep 29 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Failed password for root from 162.144.236.216 port 47192 ssh2
Sep 29 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Connection closed by 162.144.236.216 port 47192 [preauth]
Sep 29 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1846]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1909]: Successful su for rubyman by root
Sep 29 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1909]: + ??? root:rubyman
Sep 29 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316736 of user rubyman.
Sep 29 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1909]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316736.
Sep 29 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31362]: pam_unix(cron:session): session closed for user root
Sep 29 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1840]: Failed password for root from 162.144.236.216 port 55636 ssh2
Sep 29 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1840]: Connection closed by 162.144.236.216 port 55636 [preauth]
Sep 29 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Failed password for root from 162.144.236.216 port 33086 ssh2
Sep 29 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Connection closed by 162.144.236.216 port 33086 [preauth]
Sep 29 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Invalid user daniel from 93.152.230.176
Sep 29 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: input_userauth_request: invalid user daniel [preauth]
Sep 29 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Failed password for invalid user daniel from 93.152.230.176 port 8512 ssh2
Sep 29 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Received disconnect from 93.152.230.176 port 8512:11: Client disconnecting normally [preauth]
Sep 29 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Disconnected from 93.152.230.176 port 8512 [preauth]
Sep 29 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session closed for user root
Sep 29 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Failed password for root from 162.144.236.216 port 40394 ssh2
Sep 29 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Connection closed by 162.144.236.216 port 40394 [preauth]
Sep 29 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Failed password for root from 8.216.34.2 port 41200 ssh2
Sep 29 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Received disconnect from 8.216.34.2 port 41200:11: Bye Bye [preauth]
Sep 29 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Disconnected from 8.216.34.2 port 41200 [preauth]
Sep 29 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2275]: Failed password for root from 103.217.144.161 port 48336 ssh2
Sep 29 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2275]: Received disconnect from 103.217.144.161 port 48336:11: Bye Bye [preauth]
Sep 29 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2275]: Disconnected from 103.217.144.161 port 48336 [preauth]
Sep 29 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Failed password for root from 162.144.236.216 port 48254 ssh2
Sep 29 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Connection closed by 162.144.236.216 port 48254 [preauth]
Sep 29 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user root
Sep 29 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2299]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: Successful su for rubyman by root
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: + ??? root:rubyman
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316742 of user rubyman.
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2367]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316742.
Sep 29 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: Failed password for root from 162.144.236.216 port 56030 ssh2
Sep 29 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: Connection closed by 162.144.236.216 port 56030 [preauth]
Sep 29 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session closed for user root
Sep 29 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session closed for user root
Sep 29 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Invalid user webuser from 23.94.112.185
Sep 29 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: input_userauth_request: invalid user webuser [preauth]
Sep 29 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2300]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Failed password for invalid user webuser from 23.94.112.185 port 33006 ssh2
Sep 29 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Received disconnect from 23.94.112.185 port 33006:11: Bye Bye [preauth]
Sep 29 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Disconnected from 23.94.112.185 port 33006 [preauth]
Sep 29 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: Failed password for root from 162.144.236.216 port 35106 ssh2
Sep 29 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: Connection closed by 162.144.236.216 port 35106 [preauth]
Sep 29 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius14@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius14 rhost=::ffff:45.142.193.185
Sep 29 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: Failed password for root from 162.144.236.216 port 43206 ssh2
Sep 29 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2629]: Connection closed by 162.144.236.216 port 43206 [preauth]
Sep 29 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session closed for user root
Sep 29 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Failed password for root from 162.144.236.216 port 51202 ssh2
Sep 29 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Connection closed by 162.144.236.216 port 51202 [preauth]
Sep 29 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Failed password for root from 162.144.236.216 port 58476 ssh2
Sep 29 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Connection closed by 162.144.236.216 port 58476 [preauth]
Sep 29 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Failed password for root from 8.216.34.2 port 38790 ssh2
Sep 29 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Received disconnect from 8.216.34.2 port 38790:11: Bye Bye [preauth]
Sep 29 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Disconnected from 8.216.34.2 port 38790 [preauth]
Sep 29 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: Successful su for rubyman by root
Sep 29 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: + ??? root:rubyman
Sep 29 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316746 of user rubyman.
Sep 29 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2864]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316746.
Sep 29 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session closed for user root
Sep 29 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Failed password for root from 162.144.236.216 port 37416 ssh2
Sep 29 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Connection closed by 162.144.236.216 port 37416 [preauth]
Sep 29 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Invalid user luis from 62.60.131.157
Sep 29 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: input_userauth_request: invalid user luis [preauth]
Sep 29 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user luis from 62.60.131.157 port 62168 ssh2
Sep 29 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user luis from 62.60.131.157 port 62168 ssh2
Sep 29 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user luis from 62.60.131.157 port 62168 ssh2
Sep 29 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Failed password for root from 162.144.236.216 port 44352 ssh2
Sep 29 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Connection closed by 162.144.236.216 port 44352 [preauth]
Sep 29 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user luis from 62.60.131.157 port 62168 ssh2
Sep 29 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Failed password for invalid user luis from 62.60.131.157 port 62168 ssh2
Sep 29 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Received disconnect from 62.60.131.157 port 62168:11: Bye [preauth]
Sep 29 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: Disconnected from 62.60.131.157 port 62168 [preauth]
Sep 29 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3065]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Failed password for root from 162.144.236.216 port 49780 ssh2
Sep 29 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Connection closed by 162.144.236.216 port 49780 [preauth]
Sep 29 19:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Failed password for root from 23.94.112.185 port 60814 ssh2
Sep 29 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Received disconnect from 23.94.112.185 port 60814:11: Bye Bye [preauth]
Sep 29 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Disconnected from 23.94.112.185 port 60814 [preauth]
Sep 29 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Failed password for root from 103.217.144.161 port 49658 ssh2
Sep 29 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Received disconnect from 103.217.144.161 port 49658:11: Bye Bye [preauth]
Sep 29 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Disconnected from 103.217.144.161 port 49658 [preauth]
Sep 29 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session closed for user root
Sep 29 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: Failed password for root from 162.144.236.216 port 55006 ssh2
Sep 29 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: Connection closed by 162.144.236.216 port 55006 [preauth]
Sep 29 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Invalid user everson from 8.216.34.2
Sep 29 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: input_userauth_request: invalid user everson [preauth]
Sep 29 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for root from 162.144.236.216 port 34656 ssh2
Sep 29 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Failed password for invalid user everson from 8.216.34.2 port 49214 ssh2
Sep 29 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Received disconnect from 8.216.34.2 port 49214:11: Bye Bye [preauth]
Sep 29 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Disconnected from 8.216.34.2 port 49214 [preauth]
Sep 29 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Connection closed by 162.144.236.216 port 34656 [preauth]
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: Successful su for rubyman by root
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: + ??? root:rubyman
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316751 of user rubyman.
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3306]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316751.
Sep 29 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[337]: pam_unix(cron:session): session closed for user root
Sep 29 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Failed password for root from 162.144.236.216 port 42800 ssh2
Sep 29 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Connection closed by 162.144.236.216 port 42800 [preauth]
Sep 29 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Failed password for root from 162.144.236.216 port 49524 ssh2
Sep 29 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Connection closed by 162.144.236.216 port 49524 [preauth]
Sep 29 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Failed password for root from 162.144.236.216 port 58812 ssh2
Sep 29 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3554]: Connection closed by 162.144.236.216 port 58812 [preauth]
Sep 29 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user root
Sep 29 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: Failed password for root from 162.144.236.216 port 37198 ssh2
Sep 29 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: Connection closed by 162.144.236.216 port 37198 [preauth]
Sep 29 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Invalid user grid from 23.94.112.185
Sep 29 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: input_userauth_request: invalid user grid [preauth]
Sep 29 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Failed password for invalid user grid from 23.94.112.185 port 46408 ssh2
Sep 29 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Received disconnect from 23.94.112.185 port 46408:11: Bye Bye [preauth]
Sep 29 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Disconnected from 23.94.112.185 port 46408 [preauth]
Sep 29 19:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Failed password for root from 162.144.236.216 port 44664 ssh2
Sep 29 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Connection closed by 162.144.236.216 port 44664 [preauth]
Sep 29 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3674]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3742]: Successful su for rubyman by root
Sep 29 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3742]: + ??? root:rubyman
Sep 29 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316755 of user rubyman.
Sep 29 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3742]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316755.
Sep 29 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session closed for user root
Sep 29 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Failed password for root from 8.216.34.2 port 39378 ssh2
Sep 29 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Received disconnect from 8.216.34.2 port 39378:11: Bye Bye [preauth]
Sep 29 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Disconnected from 8.216.34.2 port 39378 [preauth]
Sep 29 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Failed password for root from 103.217.144.161 port 40322 ssh2
Sep 29 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Received disconnect from 103.217.144.161 port 40322:11: Bye Bye [preauth]
Sep 29 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Disconnected from 103.217.144.161 port 40322 [preauth]
Sep 29 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Failed password for root from 162.144.236.216 port 50576 ssh2
Sep 29 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Connection closed by 162.144.236.216 port 50576 [preauth]
Sep 29 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: Failed password for root from 162.144.236.216 port 57438 ssh2
Sep 29 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: Connection closed by 162.144.236.216 port 57438 [preauth]
Sep 29 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2794]: pam_unix(cron:session): session closed for user root
Sep 29 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Failed password for root from 162.144.236.216 port 36772 ssh2
Sep 29 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Connection closed by 162.144.236.216 port 36772 [preauth]
Sep 29 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Failed password for root from 23.94.112.185 port 56830 ssh2
Sep 29 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Received disconnect from 23.94.112.185 port 56830:11: Bye Bye [preauth]
Sep 29 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Disconnected from 23.94.112.185 port 56830 [preauth]
Sep 29 19:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 162.144.236.216 port 45126 ssh2
Sep 29 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4133]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session closed for user p13x
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4208]: Successful su for rubyman by root
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4208]: + ??? root:rubyman
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316759 of user rubyman.
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4208]: pam_unix(su:session): session closed for user rubyman
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316759.
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Connection closed by 162.144.236.216 port 45126 [preauth]
Sep 29 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session closed for user root
Sep 29 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session closed for user samftp
Sep 29 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Failed password for root from 162.144.236.216 port 51092 ssh2
Sep 29 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Connection closed by 162.144.236.216 port 51092 [preauth]
Sep 29 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Invalid user vms from 8.216.34.2
Sep 29 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: input_userauth_request: invalid user vms [preauth]
Sep 29 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Invalid user 12345 from 80.94.95.115
Sep 29 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: input_userauth_request: invalid user 12345 [preauth]
Sep 29 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Failed password for invalid user vms from 8.216.34.2 port 34004 ssh2
Sep 29 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Received disconnect from 8.216.34.2 port 34004:11: Bye Bye [preauth]
Sep 29 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Disconnected from 8.216.34.2 port 34004 [preauth]
Sep 29 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Failed password for invalid user 12345 from 80.94.95.115 port 21702 ssh2
Sep 29 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Connection closed by 80.94.95.115 port 21702 [preauth]
Sep 29 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: Failed password for root from 162.144.236.216 port 56944 ssh2
Sep 29 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: Connection closed by 162.144.236.216 port 56944 [preauth]
Sep 29 19:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: Failed password for root from 162.144.236.216 port 35690 ssh2
Sep 29 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4450]: Connection closed by 162.144.236.216 port 35690 [preauth]
Sep 29 19:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3240]: pam_unix(cron:session): session closed for user root
Sep 29 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: Failed password for root from 162.144.236.216 port 41978 ssh2
Sep 29 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Invalid user seekcy from 103.217.144.161
Sep 29 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 19:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4483]: Connection closed by 162.144.236.216 port 41978 [preauth]
Sep 29 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Failed password for invalid user seekcy from 103.217.144.161 port 34508 ssh2
Sep 29 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Received disconnect from 103.217.144.161 port 34508:11: Bye Bye [preauth]
Sep 29 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Disconnected from 103.217.144.161 port 34508 [preauth]
Sep 29 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Invalid user pritchard from 62.60.131.157
Sep 29 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: input_userauth_request: invalid user pritchard [preauth]
Sep 29 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for invalid user pritchard from 62.60.131.157 port 62126 ssh2
Sep 29 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for invalid user pritchard from 62.60.131.157 port 62126 ssh2
Sep 29 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for invalid user pritchard from 62.60.131.157 port 62126 ssh2
Sep 29 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Failed password for root from 162.144.236.216 port 48864 ssh2
Sep 29 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for root from 23.94.112.185 port 59008 ssh2
Sep 29 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Received disconnect from 23.94.112.185 port 59008:11: Bye Bye [preauth]
Sep 29 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Disconnected from 23.94.112.185 port 59008 [preauth]
Sep 29 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for invalid user pritchard from 62.60.131.157 port 62126 ssh2
Sep 29 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4549]: Connection closed by 162.144.236.216 port 48864 [preauth]
Sep 29 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Failed password for invalid user pritchard from 62.60.131.157 port 62126 ssh2
Sep 29 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Received disconnect from 62.60.131.157 port 62126:11: Bye [preauth]
Sep 29 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: Disconnected from 62.60.131.157 port 62126 [preauth]
Sep 29 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4551]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session closed for user root
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session closed for user root
Sep 29 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4588]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: Successful su for rubyman by root
Sep 29 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: + ??? root:rubyman
Sep 29 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316767 of user rubyman.
Sep 29 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316767.
Sep 29 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session closed for user root
Sep 29 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1846]: pam_unix(cron:session): session closed for user root
Sep 29 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: Failed password for root from 162.144.236.216 port 54262 ssh2
Sep 29 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4575]: Connection closed by 162.144.236.216 port 54262 [preauth]
Sep 29 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4927]: Failed password for root from 162.144.236.216 port 33014 ssh2
Sep 29 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4927]: Connection closed by 162.144.236.216 port 33014 [preauth]
Sep 29 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Failed password for root from 8.216.34.2 port 58000 ssh2
Sep 29 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Received disconnect from 8.216.34.2 port 58000:11: Bye Bye [preauth]
Sep 29 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4978]: Disconnected from 8.216.34.2 port 58000 [preauth]
Sep 29 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4980]: Failed password for root from 162.144.236.216 port 39908 ssh2
Sep 29 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4980]: Connection closed by 162.144.236.216 port 39908 [preauth]
Sep 29 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3674]: pam_unix(cron:session): session closed for user root
Sep 29 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Failed password for root from 162.144.236.216 port 48292 ssh2
Sep 29 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5071]: Connection closed by 162.144.236.216 port 48292 [preauth]
Sep 29 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Failed password for root from 162.144.236.216 port 55616 ssh2
Sep 29 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5135]: Connection closed by 162.144.236.216 port 55616 [preauth]
Sep 29 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: Invalid user zimblyeat from 23.94.112.185
Sep 29 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: input_userauth_request: invalid user zimblyeat [preauth]
Sep 29 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: Failed password for invalid user zimblyeat from 23.94.112.185 port 48790 ssh2
Sep 29 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: Received disconnect from 23.94.112.185 port 48790:11: Bye Bye [preauth]
Sep 29 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5154]: Disconnected from 23.94.112.185 port 48790 [preauth]
Sep 29 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5169]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5167]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5247]: Successful su for rubyman by root
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5247]: + ??? root:rubyman
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316769 of user rubyman.
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5247]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316769.
Sep 29 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: Failed password for root from 162.144.236.216 port 36554 ssh2
Sep 29 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5153]: Connection closed by 162.144.236.216 port 36554 [preauth]
Sep 29 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session closed for user root
Sep 29 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Invalid user ucerd-hpc from 167.99.55.34
Sep 29 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: input_userauth_request: invalid user ucerd-hpc [preauth]
Sep 29 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5168]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Failed password for invalid user ucerd-hpc from 167.99.55.34 port 48154 ssh2
Sep 29 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Connection closed by 167.99.55.34 port 48154 [preauth]
Sep 29 20:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Failed password for root from 162.144.236.216 port 43890 ssh2
Sep 29 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5489]: Connection closed by 162.144.236.216 port 43890 [preauth]
Sep 29 20:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Invalid user casaos from 103.217.144.161
Sep 29 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: input_userauth_request: invalid user casaos [preauth]
Sep 29 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Failed password for invalid user casaos from 103.217.144.161 port 55964 ssh2
Sep 29 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Received disconnect from 103.217.144.161 port 55964:11: Bye Bye [preauth]
Sep 29 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5561]: Disconnected from 103.217.144.161 port 55964 [preauth]
Sep 29 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: Invalid user test2 from 8.216.34.2
Sep 29 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: input_userauth_request: invalid user test2 [preauth]
Sep 29 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Failed password for root from 162.144.236.216 port 50552 ssh2
Sep 29 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5569]: Connection closed by 162.144.236.216 port 50552 [preauth]
Sep 29 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: Failed password for invalid user test2 from 8.216.34.2 port 47144 ssh2
Sep 29 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: Received disconnect from 8.216.34.2 port 47144:11: Bye Bye [preauth]
Sep 29 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5588]: Disconnected from 8.216.34.2 port 47144 [preauth]
Sep 29 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Failed password for root from 162.144.236.216 port 58400 ssh2
Sep 29 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5590]: Connection closed by 162.144.236.216 port 58400 [preauth]
Sep 29 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4133]: pam_unix(cron:session): session closed for user root
Sep 29 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: Failed password for root from 162.144.236.216 port 39140 ssh2
Sep 29 20:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5652]: Connection closed by 162.144.236.216 port 39140 [preauth]
Sep 29 20:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Failed password for root from 162.144.236.216 port 45674 ssh2
Sep 29 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Connection closed by 162.144.236.216 port 45674 [preauth]
Sep 29 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: Failed password for root from 162.144.236.216 port 52186 ssh2
Sep 29 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5696]: Connection closed by 162.144.236.216 port 52186 [preauth]
Sep 29 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: Invalid user seekcy from 23.94.112.185
Sep 29 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: Successful su for rubyman by root
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: + ??? root:rubyman
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316773 of user rubyman.
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316773.
Sep 29 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: Failed password for invalid user seekcy from 23.94.112.185 port 39986 ssh2
Sep 29 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: Received disconnect from 23.94.112.185 port 39986:11: Bye Bye [preauth]
Sep 29 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5709]: Disconnected from 23.94.112.185 port 39986 [preauth]
Sep 29 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session closed for user root
Sep 29 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for root from 162.144.236.216 port 60106 ssh2
Sep 29 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Connection closed by 162.144.236.216 port 60106 [preauth]
Sep 29 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Failed password for root from 162.144.236.216 port 37502 ssh2
Sep 29 20:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5999]: Connection closed by 162.144.236.216 port 37502 [preauth]
Sep 29 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: Failed password for root from 162.144.236.216 port 44980 ssh2
Sep 29 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: Connection closed by 162.144.236.216 port 44980 [preauth]
Sep 29 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: Invalid user jak from 8.216.34.2
Sep 29 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: input_userauth_request: invalid user jak [preauth]
Sep 29 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: Failed password for invalid user jak from 8.216.34.2 port 56246 ssh2
Sep 29 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: Received disconnect from 8.216.34.2 port 56246:11: Bye Bye [preauth]
Sep 29 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: Disconnected from 8.216.34.2 port 56246 [preauth]
Sep 29 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Failed password for root from 162.144.236.216 port 50176 ssh2
Sep 29 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Connection closed by 162.144.236.216 port 50176 [preauth]
Sep 29 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session closed for user root
Sep 29 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Failed password for root from 162.144.236.216 port 57336 ssh2
Sep 29 20:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6089]: Connection closed by 162.144.236.216 port 57336 [preauth]
Sep 29 20:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Invalid user telecomadmin from 93.152.230.176
Sep 29 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: input_userauth_request: invalid user telecomadmin [preauth]
Sep 29 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Failed password for invalid user telecomadmin from 93.152.230.176 port 24540 ssh2
Sep 29 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Received disconnect from 93.152.230.176 port 24540:11: Client disconnecting normally [preauth]
Sep 29 20:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Disconnected from 93.152.230.176 port 24540 [preauth]
Sep 29 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Invalid user hex from 103.217.144.161
Sep 29 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: input_userauth_request: invalid user hex [preauth]
Sep 29 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Failed password for invalid user hex from 103.217.144.161 port 53542 ssh2
Sep 29 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Received disconnect from 103.217.144.161 port 53542:11: Bye Bye [preauth]
Sep 29 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Disconnected from 103.217.144.161 port 53542 [preauth]
Sep 29 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: Failed password for root from 162.144.236.216 port 36046 ssh2
Sep 29 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: Connection closed by 162.144.236.216 port 36046 [preauth]
Sep 29 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6191]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6189]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6258]: Successful su for rubyman by root
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6258]: + ??? root:rubyman
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316778 of user rubyman.
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6258]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316778.
Sep 29 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for root from 162.144.236.216 port 45722 ssh2
Sep 29 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 162.144.236.216 port 45722 [preauth]
Sep 29 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3239]: pam_unix(cron:session): session closed for user root
Sep 29 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6190]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: Failed password for root from 162.144.236.216 port 54118 ssh2
Sep 29 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6369]: Connection closed by 162.144.236.216 port 54118 [preauth]
Sep 29 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Invalid user seekcy from 23.94.112.185
Sep 29 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Failed password for invalid user seekcy from 23.94.112.185 port 56074 ssh2
Sep 29 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Received disconnect from 23.94.112.185 port 56074:11: Bye Bye [preauth]
Sep 29 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6468]: Disconnected from 23.94.112.185 port 56074 [preauth]
Sep 29 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: Failed password for root from 162.144.236.216 port 59732 ssh2
Sep 29 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6459]: Connection closed by 162.144.236.216 port 59732 [preauth]
Sep 29 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Failed password for root from 162.144.236.216 port 38980 ssh2
Sep 29 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Connection closed by 162.144.236.216 port 38980 [preauth]
Sep 29 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Invalid user geraldo from 8.216.34.2
Sep 29 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: input_userauth_request: invalid user geraldo [preauth]
Sep 29 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Failed password for invalid user geraldo from 8.216.34.2 port 56996 ssh2
Sep 29 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Received disconnect from 8.216.34.2 port 56996:11: Bye Bye [preauth]
Sep 29 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Disconnected from 8.216.34.2 port 56996 [preauth]
Sep 29 20:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 162.144.236.216 port 44726 ssh2
Sep 29 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5170]: pam_unix(cron:session): session closed for user root
Sep 29 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Connection closed by 162.144.236.216 port 44726 [preauth]
Sep 29 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 162.144.236.216 port 50904 ssh2
Sep 29 20:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Connection closed by 162.144.236.216 port 50904 [preauth]
Sep 29 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Did not receive identification string from 195.178.110.133
Sep 29 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Failed password for root from 162.144.236.216 port 58662 ssh2
Sep 29 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Connection closed by 162.144.236.216 port 58662 [preauth]
Sep 29 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6750]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6748]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6815]: Successful su for rubyman by root
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6815]: + ??? root:rubyman
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316781 of user rubyman.
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6815]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316781.
Sep 29 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Failed password for root from 162.144.236.216 port 38092 ssh2
Sep 29 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Connection closed by 162.144.236.216 port 38092 [preauth]
Sep 29 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session closed for user root
Sep 29 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6749]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Failed password for root from 162.144.236.216 port 46092 ssh2
Sep 29 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6994]: Connection closed by 162.144.236.216 port 46092 [preauth]
Sep 29 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7033]: Failed password for root from 164.68.105.9 port 52756 ssh2
Sep 29 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7033]: Connection closed by 164.68.105.9 port 52756 [preauth]
Sep 29 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Failed password for root from 162.144.236.216 port 53984 ssh2
Sep 29 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Invalid user seekcy from 103.217.144.161
Sep 29 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Connection closed by 162.144.236.216 port 53984 [preauth]
Sep 29 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Failed password for invalid user seekcy from 103.217.144.161 port 40636 ssh2
Sep 29 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Received disconnect from 103.217.144.161 port 40636:11: Bye Bye [preauth]
Sep 29 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Disconnected from 103.217.144.161 port 40636 [preauth]
Sep 29 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: Failed password for root from 162.144.236.216 port 60696 ssh2
Sep 29 20:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: Connection closed by 162.144.236.216 port 60696 [preauth]
Sep 29 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session closed for user root
Sep 29 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Invalid user hex from 8.216.34.2
Sep 29 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: input_userauth_request: invalid user hex [preauth]
Sep 29 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Failed password for invalid user hex from 8.216.34.2 port 44414 ssh2
Sep 29 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Received disconnect from 8.216.34.2 port 44414:11: Bye Bye [preauth]
Sep 29 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Disconnected from 8.216.34.2 port 44414 [preauth]
Sep 29 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Failed password for root from 162.144.236.216 port 38674 ssh2
Sep 29 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Connection closed by 162.144.236.216 port 38674 [preauth]
Sep 29 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Invalid user liyang from 23.94.112.185
Sep 29 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: input_userauth_request: invalid user liyang [preauth]
Sep 29 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed password for invalid user liyang from 23.94.112.185 port 50430 ssh2
Sep 29 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Received disconnect from 23.94.112.185 port 50430:11: Bye Bye [preauth]
Sep 29 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Disconnected from 23.94.112.185 port 50430 [preauth]
Sep 29 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Failed password for root from 162.144.236.216 port 47140 ssh2
Sep 29 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Connection closed by 162.144.236.216 port 47140 [preauth]
Sep 29 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Failed password for root from 162.144.236.216 port 54924 ssh2
Sep 29 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Connection closed by 162.144.236.216 port 54924 [preauth]
Sep 29 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7305]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7307]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7308]: pam_unix(cron:session): session closed for user root
Sep 29 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7303]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7393]: Successful su for rubyman by root
Sep 29 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7393]: + ??? root:rubyman
Sep 29 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316789 of user rubyman.
Sep 29 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7393]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316789.
Sep 29 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session closed for user root
Sep 29 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7305]: pam_unix(cron:session): session closed for user root
Sep 29 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for root from 162.144.236.216 port 32956 ssh2
Sep 29 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Connection closed by 162.144.236.216 port 32956 [preauth]
Sep 29 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7304]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: Invalid user 1234 from 185.156.73.233
Sep 29 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: input_userauth_request: invalid user 1234 [preauth]
Sep 29 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7618]: Failed password for root from 162.144.236.216 port 39752 ssh2
Sep 29 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7618]: Connection closed by 162.144.236.216 port 39752 [preauth]
Sep 29 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: Failed password for invalid user 1234 from 185.156.73.233 port 22456 ssh2
Sep 29 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7650]: Connection closed by 185.156.73.233 port 22456 [preauth]
Sep 29 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: Failed password for root from 162.144.236.216 port 47636 ssh2
Sep 29 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: Connection closed by 162.144.236.216 port 47636 [preauth]
Sep 29 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6194]: pam_unix(cron:session): session closed for user root
Sep 29 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: Failed password for root from 162.144.236.216 port 55522 ssh2
Sep 29 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: Connection closed by 162.144.236.216 port 55522 [preauth]
Sep 29 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: Received disconnect from 176.65.132.197 port 54498:11: Bye Bye [preauth]
Sep 29 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: Disconnected from 176.65.132.197 port 54498 [preauth]
Sep 29 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Failed password for root from 162.144.236.216 port 34004 ssh2
Sep 29 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Connection closed by 162.144.236.216 port 34004 [preauth]
Sep 29 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for root from 8.216.34.2 port 46310 ssh2
Sep 29 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Received disconnect from 8.216.34.2 port 46310:11: Bye Bye [preauth]
Sep 29 20:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Disconnected from 8.216.34.2 port 46310 [preauth]
Sep 29 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Failed password for root from 162.144.236.216 port 41470 ssh2
Sep 29 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Connection closed by 162.144.236.216 port 41470 [preauth]
Sep 29 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Invalid user jeremy from 103.217.144.161
Sep 29 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: input_userauth_request: invalid user jeremy [preauth]
Sep 29 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7817]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7815]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Failed password for invalid user jeremy from 103.217.144.161 port 51874 ssh2
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Received disconnect from 103.217.144.161 port 51874:11: Bye Bye [preauth]
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Disconnected from 103.217.144.161 port 51874 [preauth]
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: Successful su for rubyman by root
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: + ??? root:rubyman
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316793 of user rubyman.
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316793.
Sep 29 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Failed password for root from 162.144.236.216 port 48968 ssh2
Sep 29 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Connection closed by 162.144.236.216 port 48968 [preauth]
Sep 29 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session closed for user root
Sep 29 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7816]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Failed password for root from 162.144.236.216 port 55114 ssh2
Sep 29 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8096]: Connection closed by 162.144.236.216 port 55114 [preauth]
Sep 29 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Failed password for root from 23.94.112.185 port 39628 ssh2
Sep 29 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Received disconnect from 23.94.112.185 port 39628:11: Bye Bye [preauth]
Sep 29 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Disconnected from 23.94.112.185 port 39628 [preauth]
Sep 29 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Failed password for root from 162.144.236.216 port 33038 ssh2
Sep 29 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: Invalid user ubuntu from 195.178.110.133
Sep 29 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: input_userauth_request: invalid user ubuntu [preauth]
Sep 29 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Connection closed by 162.144.236.216 port 33038 [preauth]
Sep 29 20:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: Failed password for invalid user ubuntu from 195.178.110.133 port 32926 ssh2
Sep 29 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8186]: Connection closed by 195.178.110.133 port 32926 [preauth]
Sep 29 20:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8188]: Failed password for root from 162.144.236.216 port 38086 ssh2
Sep 29 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8188]: Connection closed by 162.144.236.216 port 38086 [preauth]
Sep 29 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session closed for user root
Sep 29 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: Failed password for root from 162.144.236.216 port 44398 ssh2
Sep 29 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8229]: Connection closed by 162.144.236.216 port 44398 [preauth]
Sep 29 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Failed password for root from 162.144.236.216 port 52152 ssh2
Sep 29 20:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Connection closed by 162.144.236.216 port 52152 [preauth]
Sep 29 20:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Failed password for root from 162.144.236.216 port 56668 ssh2
Sep 29 20:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8290]: Connection closed by 162.144.236.216 port 56668 [preauth]
Sep 29 20:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for root from 8.216.34.2 port 38200 ssh2
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Received disconnect from 8.216.34.2 port 38200:11: Bye Bye [preauth]
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Disconnected from 8.216.34.2 port 38200 [preauth]
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: Failed password for root from 162.144.236.216 port 35476 ssh2
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: Successful su for rubyman by root
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: + ??? root:rubyman
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316797 of user rubyman.
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8419]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316797.
Sep 29 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: Connection closed by 162.144.236.216 port 35476 [preauth]
Sep 29 20:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5169]: pam_unix(cron:session): session closed for user root
Sep 29 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8338]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Failed password for root from 162.144.236.216 port 42920 ssh2
Sep 29 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8474]: Connection closed by 162.144.236.216 port 42920 [preauth]
Sep 29 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: Invalid user casaos from 23.94.112.185
Sep 29 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: input_userauth_request: invalid user casaos [preauth]
Sep 29 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Failed password for root from 162.144.236.216 port 50464 ssh2
Sep 29 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: Failed password for invalid user casaos from 23.94.112.185 port 41244 ssh2
Sep 29 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: Received disconnect from 23.94.112.185 port 41244:11: Bye Bye [preauth]
Sep 29 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8673]: Disconnected from 23.94.112.185 port 41244 [preauth]
Sep 29 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Connection closed by 162.144.236.216 port 50464 [preauth]
Sep 29 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Failed password for root from 162.144.236.216 port 56000 ssh2
Sep 29 20:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Connection closed by 162.144.236.216 port 56000 [preauth]
Sep 29 20:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7307]: pam_unix(cron:session): session closed for user root
Sep 29 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Invalid user webuser from 103.217.144.161
Sep 29 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: input_userauth_request: invalid user webuser [preauth]
Sep 29 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: Failed password for root from 162.144.236.216 port 34410 ssh2
Sep 29 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Failed password for invalid user webuser from 103.217.144.161 port 54294 ssh2
Sep 29 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Received disconnect from 103.217.144.161 port 54294:11: Bye Bye [preauth]
Sep 29 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8739]: Disconnected from 103.217.144.161 port 54294 [preauth]
Sep 29 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: Connection closed by 162.144.236.216 port 34410 [preauth]
Sep 29 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Failed password for root from 162.144.236.216 port 41438 ssh2
Sep 29 20:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Connection closed by 162.144.236.216 port 41438 [preauth]
Sep 29 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Invalid user admin from 80.94.95.112
Sep 29 20:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 20:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for root from 162.144.236.216 port 48444 ssh2
Sep 29 20:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Connection closed by 162.144.236.216 port 48444 [preauth]
Sep 29 20:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user admin from 80.94.95.112 port 39654 ssh2
Sep 29 20:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user admin from 80.94.95.112 port 39654 ssh2
Sep 29 20:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user admin from 80.94.95.112 port 39654 ssh2
Sep 29 20:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user admin from 80.94.95.112 port 39654 ssh2
Sep 29 20:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user admin from 80.94.95.112 port 39654 ssh2
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: Failed password for root from 162.144.236.216 port 53196 ssh2
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Received disconnect from 80.94.95.112 port 39654:11: Bye [preauth]
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Disconnected from 80.94.95.112 port 39654 [preauth]
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9002]: Successful su for rubyman by root
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9002]: + ??? root:rubyman
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316800 of user rubyman.
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9002]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316800.
Sep 29 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: Connection closed by 162.144.236.216 port 53196 [preauth]
Sep 29 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session closed for user root
Sep 29 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Invalid user denis from 8.216.34.2
Sep 29 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: input_userauth_request: invalid user denis [preauth]
Sep 29 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Failed password for invalid user denis from 8.216.34.2 port 41350 ssh2
Sep 29 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Received disconnect from 8.216.34.2 port 41350:11: Bye Bye [preauth]
Sep 29 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9279]: Disconnected from 8.216.34.2 port 41350 [preauth]
Sep 29 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Failed password for root from 162.144.236.216 port 60532 ssh2
Sep 29 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Connection closed by 162.144.236.216 port 60532 [preauth]
Sep 29 20:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Invalid user backuppc from 23.94.112.185
Sep 29 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: input_userauth_request: invalid user backuppc [preauth]
Sep 29 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Failed password for root from 162.144.236.216 port 39220 ssh2
Sep 29 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Failed password for invalid user backuppc from 23.94.112.185 port 59022 ssh2
Sep 29 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Received disconnect from 23.94.112.185 port 59022:11: Bye Bye [preauth]
Sep 29 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Disconnected from 23.94.112.185 port 59022 [preauth]
Sep 29 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Connection closed by 162.144.236.216 port 39220 [preauth]
Sep 29 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: Failed password for root from 162.144.236.216 port 46254 ssh2
Sep 29 20:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9355]: Connection closed by 162.144.236.216 port 46254 [preauth]
Sep 29 20:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7818]: pam_unix(cron:session): session closed for user root
Sep 29 20:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9400]: Failed password for root from 162.144.236.216 port 52116 ssh2
Sep 29 20:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9400]: Connection closed by 162.144.236.216 port 52116 [preauth]
Sep 29 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Invalid user hpc from 167.99.55.34
Sep 29 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: input_userauth_request: invalid user hpc [preauth]
Sep 29 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Failed password for root from 162.144.236.216 port 59058 ssh2
Sep 29 20:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Failed password for invalid user hpc from 167.99.55.34 port 37768 ssh2
Sep 29 20:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Connection closed by 167.99.55.34 port 37768 [preauth]
Sep 29 20:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9442]: Connection closed by 162.144.236.216 port 59058 [preauth]
Sep 29 20:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Failed password for root from 162.144.236.216 port 38198 ssh2
Sep 29 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Connection closed by 162.144.236.216 port 38198 [preauth]
Sep 29 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Failed password for root from 162.144.236.216 port 44384 ssh2
Sep 29 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Connection closed by 162.144.236.216 port 44384 [preauth]
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: Successful su for rubyman by root
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: + ??? root:rubyman
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316805 of user rubyman.
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9662]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316805.
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session closed for user root
Sep 29 20:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6191]: pam_unix(cron:session): session closed for user root
Sep 29 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Failed password for root from 162.144.236.216 port 51274 ssh2
Sep 29 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Invalid user zimblyeat from 8.216.34.2
Sep 29 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: input_userauth_request: invalid user zimblyeat [preauth]
Sep 29 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Failed password for invalid user zimblyeat from 8.216.34.2 port 45566 ssh2
Sep 29 20:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Received disconnect from 8.216.34.2 port 45566:11: Bye Bye [preauth]
Sep 29 20:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9997]: Disconnected from 8.216.34.2 port 45566 [preauth]
Sep 29 20:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9804]: Connection closed by 162.144.236.216 port 51274 [preauth]
Sep 29 20:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Invalid user arman from 103.217.144.161
Sep 29 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: input_userauth_request: invalid user arman [preauth]
Sep 29 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Failed password for invalid user arman from 103.217.144.161 port 60764 ssh2
Sep 29 20:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Received disconnect from 103.217.144.161 port 60764:11: Bye Bye [preauth]
Sep 29 20:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Disconnected from 103.217.144.161 port 60764 [preauth]
Sep 29 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: Failed password for root from 162.144.236.216 port 58932 ssh2
Sep 29 20:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: Connection closed by 162.144.236.216 port 58932 [preauth]
Sep 29 20:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Invalid user seekcy from 23.94.112.185
Sep 29 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Failed password for invalid user seekcy from 23.94.112.185 port 35498 ssh2
Sep 29 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Received disconnect from 23.94.112.185 port 35498:11: Bye Bye [preauth]
Sep 29 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Disconnected from 23.94.112.185 port 35498 [preauth]
Sep 29 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Failed password for root from 162.144.236.216 port 36718 ssh2
Sep 29 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Connection closed by 162.144.236.216 port 36718 [preauth]
Sep 29 20:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session closed for user root
Sep 29 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Failed password for root from 162.144.236.216 port 44268 ssh2
Sep 29 20:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10079]: Connection closed by 162.144.236.216 port 44268 [preauth]
Sep 29 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Failed password for root from 162.144.236.216 port 52398 ssh2
Sep 29 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Connection closed by 162.144.236.216 port 52398 [preauth]
Sep 29 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: Failed password for root from 162.144.236.216 port 58012 ssh2
Sep 29 20:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10155]: Connection closed by 162.144.236.216 port 58012 [preauth]
Sep 29 20:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session closed for user root
Sep 29 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10192]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: Successful su for rubyman by root
Sep 29 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: + ??? root:rubyman
Sep 29 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316808 of user rubyman.
Sep 29 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316808.
Sep 29 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session closed for user root
Sep 29 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6750]: pam_unix(cron:session): session closed for user root
Sep 29 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for root from 162.144.236.216 port 38182 ssh2
Sep 29 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Connection closed by 162.144.236.216 port 38182 [preauth]
Sep 29 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10193]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Failed password for root from 162.144.236.216 port 45876 ssh2
Sep 29 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Invalid user grid from 8.216.34.2
Sep 29 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: input_userauth_request: invalid user grid [preauth]
Sep 29 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10503]: Connection closed by 162.144.236.216 port 45876 [preauth]
Sep 29 20:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Failed password for invalid user grid from 8.216.34.2 port 46626 ssh2
Sep 29 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Received disconnect from 8.216.34.2 port 46626:11: Bye Bye [preauth]
Sep 29 20:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10542]: Disconnected from 8.216.34.2 port 46626 [preauth]
Sep 29 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Failed password for root from 162.144.236.216 port 52162 ssh2
Sep 29 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Connection closed by 162.144.236.216 port 52162 [preauth]
Sep 29 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session closed for user root
Sep 29 20:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for root from 162.144.236.216 port 59060 ssh2
Sep 29 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Connection closed by 162.144.236.216 port 59060 [preauth]
Sep 29 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Failed password for root from 162.144.236.216 port 39310 ssh2
Sep 29 20:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10636]: Connection closed by 162.144.236.216 port 39310 [preauth]
Sep 29 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Failed password for root from 103.217.144.161 port 40662 ssh2
Sep 29 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Received disconnect from 103.217.144.161 port 40662:11: Bye Bye [preauth]
Sep 29 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Disconnected from 103.217.144.161 port 40662 [preauth]
Sep 29 20:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Failed password for root from 162.144.236.216 port 47504 ssh2
Sep 29 20:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Connection closed by 162.144.236.216 port 47504 [preauth]
Sep 29 20:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Invalid user soporte from 23.94.112.185
Sep 29 20:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: input_userauth_request: invalid user soporte [preauth]
Sep 29 20:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Failed password for invalid user soporte from 23.94.112.185 port 36312 ssh2
Sep 29 20:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Received disconnect from 23.94.112.185 port 36312:11: Bye Bye [preauth]
Sep 29 20:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Disconnected from 23.94.112.185 port 36312 [preauth]
Sep 29 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10716]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10717]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: Successful su for rubyman by root
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: + ??? root:rubyman
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316814 of user rubyman.
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316814.
Sep 29 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Failed password for root from 162.144.236.216 port 55242 ssh2
Sep 29 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Connection closed by 162.144.236.216 port 55242 [preauth]
Sep 29 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Invalid user alex from 93.152.230.176
Sep 29 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: input_userauth_request: invalid user alex [preauth]
Sep 29 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7306]: pam_unix(cron:session): session closed for user root
Sep 29 20:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10715]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Failed password for invalid user alex from 93.152.230.176 port 42672 ssh2
Sep 29 20:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Received disconnect from 93.152.230.176 port 42672:11: Client disconnecting normally [preauth]
Sep 29 20:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Disconnected from 93.152.230.176 port 42672 [preauth]
Sep 29 20:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Failed password for root from 162.144.236.216 port 35082 ssh2
Sep 29 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10957]: Connection closed by 162.144.236.216 port 35082 [preauth]
Sep 29 20:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Invalid user seekcy from 8.216.34.2
Sep 29 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Failed password for invalid user seekcy from 8.216.34.2 port 35296 ssh2
Sep 29 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Received disconnect from 8.216.34.2 port 35296:11: Bye Bye [preauth]
Sep 29 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11030]: Disconnected from 8.216.34.2 port 35296 [preauth]
Sep 29 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Failed password for root from 162.144.236.216 port 43898 ssh2
Sep 29 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Connection closed by 162.144.236.216 port 43898 [preauth]
Sep 29 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for root from 162.144.236.216 port 50264 ssh2
Sep 29 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Connection closed by 162.144.236.216 port 50264 [preauth]
Sep 29 20:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
Sep 29 20:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Failed password for root from 162.144.236.216 port 57574 ssh2
Sep 29 20:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Connection closed by 162.144.236.216 port 57574 [preauth]
Sep 29 20:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for root from 162.144.236.216 port 35872 ssh2
Sep 29 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Connection closed by 162.144.236.216 port 35872 [preauth]
Sep 29 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Failed password for root from 162.144.236.216 port 41958 ssh2
Sep 29 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Connection closed by 162.144.236.216 port 41958 [preauth]
Sep 29 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11229]: Successful su for rubyman by root
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11229]: + ??? root:rubyman
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316818 of user rubyman.
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11229]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316818.
Sep 29 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7817]: pam_unix(cron:session): session closed for user root
Sep 29 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11159]: Failed password for root from 162.144.236.216 port 49382 ssh2
Sep 29 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11159]: Connection closed by 162.144.236.216 port 49382 [preauth]
Sep 29 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Failed password for root from 162.144.236.216 port 55714 ssh2
Sep 29 20:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Connection closed by 162.144.236.216 port 55714 [preauth]
Sep 29 20:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Failed password for root from 162.144.236.216 port 35634 ssh2
Sep 29 20:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Connection closed by 162.144.236.216 port 35634 [preauth]
Sep 29 20:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: Invalid user jet from 23.94.112.185
Sep 29 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: input_userauth_request: invalid user jet [preauth]
Sep 29 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Failed password for root from 8.216.34.2 port 53078 ssh2
Sep 29 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Received disconnect from 8.216.34.2 port 53078:11: Bye Bye [preauth]
Sep 29 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Disconnected from 8.216.34.2 port 53078 [preauth]
Sep 29 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: Failed password for invalid user jet from 23.94.112.185 port 42380 ssh2
Sep 29 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: Received disconnect from 23.94.112.185 port 42380:11: Bye Bye [preauth]
Sep 29 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11479]: Disconnected from 23.94.112.185 port 42380 [preauth]
Sep 29 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Failed password for root from 103.217.144.161 port 52940 ssh2
Sep 29 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Received disconnect from 103.217.144.161 port 52940:11: Bye Bye [preauth]
Sep 29 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Disconnected from 103.217.144.161 port 52940 [preauth]
Sep 29 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: Failed password for root from 162.144.236.216 port 40724 ssh2
Sep 29 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11478]: Connection closed by 162.144.236.216 port 40724 [preauth]
Sep 29 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user root
Sep 29 20:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Failed password for root from 162.144.236.216 port 47994 ssh2
Sep 29 20:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Connection closed by 162.144.236.216 port 47994 [preauth]
Sep 29 20:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Failed password for root from 162.144.236.216 port 55092 ssh2
Sep 29 20:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Connection closed by 162.144.236.216 port 55092 [preauth]
Sep 29 20:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: Successful su for rubyman by root
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: + ??? root:rubyman
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316823 of user rubyman.
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316823.
Sep 29 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Failed password for root from 162.144.236.216 port 35316 ssh2
Sep 29 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11594]: Connection closed by 162.144.236.216 port 35316 [preauth]
Sep 29 20:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session closed for user root
Sep 29 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11607]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Failed password for root from 162.144.236.216 port 43168 ssh2
Sep 29 20:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11860]: Connection closed by 162.144.236.216 port 43168 [preauth]
Sep 29 20:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Failed password for root from 162.144.236.216 port 50294 ssh2
Sep 29 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Invalid user solana from 195.178.110.133
Sep 29 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: input_userauth_request: invalid user solana [preauth]
Sep 29 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Connection closed by 162.144.236.216 port 50294 [preauth]
Sep 29 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Failed password for invalid user solana from 195.178.110.133 port 51712 ssh2
Sep 29 20:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Connection closed by 195.178.110.133 port 51712 [preauth]
Sep 29 20:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Failed password for root from 162.144.236.216 port 56466 ssh2
Sep 29 20:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Connection closed by 162.144.236.216 port 56466 [preauth]
Sep 29 20:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Invalid user casaos from 8.216.34.2
Sep 29 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: input_userauth_request: invalid user casaos [preauth]
Sep 29 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10717]: pam_unix(cron:session): session closed for user root
Sep 29 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Failed password for invalid user casaos from 8.216.34.2 port 45210 ssh2
Sep 29 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Received disconnect from 8.216.34.2 port 45210:11: Bye Bye [preauth]
Sep 29 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12059]: Disconnected from 8.216.34.2 port 45210 [preauth]
Sep 29 20:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: Failed password for root from 162.144.236.216 port 34814 ssh2
Sep 29 20:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12047]: Connection closed by 162.144.236.216 port 34814 [preauth]
Sep 29 20:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Failed password for root from 162.144.236.216 port 42336 ssh2
Sep 29 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Invalid user user from 62.60.131.157
Sep 29 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: input_userauth_request: invalid user user [preauth]
Sep 29 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Connection closed by 162.144.236.216 port 42336 [preauth]
Sep 29 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user user from 62.60.131.157 port 45625 ssh2
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Invalid user arman from 23.94.112.185
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: input_userauth_request: invalid user arman [preauth]
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user user from 62.60.131.157 port 45625 ssh2
Sep 29 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Failed password for invalid user arman from 23.94.112.185 port 60640 ssh2
Sep 29 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Received disconnect from 23.94.112.185 port 60640:11: Bye Bye [preauth]
Sep 29 20:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Disconnected from 23.94.112.185 port 60640 [preauth]
Sep 29 20:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user user from 62.60.131.157 port 45625 ssh2
Sep 29 20:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user user from 62.60.131.157 port 45625 ssh2
Sep 29 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user user from 62.60.131.157 port 45625 ssh2
Sep 29 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Received disconnect from 62.60.131.157 port 45625:11: Bye [preauth]
Sep 29 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Disconnected from 62.60.131.157 port 45625 [preauth]
Sep 29 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 20:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 20:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Failed password for root from 162.144.236.216 port 46758 ssh2
Sep 29 20:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12120]: Connection closed by 162.144.236.216 port 46758 [preauth]
Sep 29 20:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: Successful su for rubyman by root
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: + ??? root:rubyman
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316826 of user rubyman.
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316826.
Sep 29 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: Invalid user unreal from 103.217.144.161
Sep 29 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: input_userauth_request: invalid user unreal [preauth]
Sep 29 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12141]: Failed password for root from 162.144.236.216 port 56242 ssh2
Sep 29 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12141]: Connection closed by 162.144.236.216 port 56242 [preauth]
Sep 29 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: Failed password for invalid user unreal from 103.217.144.161 port 54290 ssh2
Sep 29 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8933]: pam_unix(cron:session): session closed for user root
Sep 29 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: Received disconnect from 103.217.144.161 port 54290:11: Bye Bye [preauth]
Sep 29 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: Disconnected from 103.217.144.161 port 54290 [preauth]
Sep 29 20:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Failed password for root from 162.144.236.216 port 33632 ssh2
Sep 29 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Connection closed by 162.144.236.216 port 33632 [preauth]
Sep 29 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Failed password for root from 162.144.236.216 port 40902 ssh2
Sep 29 20:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Connection closed by 162.144.236.216 port 40902 [preauth]
Sep 29 20:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Failed password for root from 162.144.236.216 port 47618 ssh2
Sep 29 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Connection closed by 162.144.236.216 port 47618 [preauth]
Sep 29 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user root
Sep 29 20:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for root from 162.144.236.216 port 52972 ssh2
Sep 29 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user soporte from 8.216.34.2
Sep 29 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user soporte [preauth]
Sep 29 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 162.144.236.216 port 52972 [preauth]
Sep 29 20:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user soporte from 8.216.34.2 port 43518 ssh2
Sep 29 20:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Received disconnect from 8.216.34.2 port 43518:11: Bye Bye [preauth]
Sep 29 20:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Disconnected from 8.216.34.2 port 43518 [preauth]
Sep 29 20:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Failed password for root from 162.144.236.216 port 32782 ssh2
Sep 29 20:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Connection closed by 162.144.236.216 port 32782 [preauth]
Sep 29 20:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Invalid user jak from 23.94.112.185
Sep 29 20:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: input_userauth_request: invalid user jak [preauth]
Sep 29 20:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user jak from 23.94.112.185 port 42842 ssh2
Sep 29 20:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Received disconnect from 23.94.112.185 port 42842:11: Bye Bye [preauth]
Sep 29 20:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Disconnected from 23.94.112.185 port 42842 [preauth]
Sep 29 20:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for root from 162.144.236.216 port 38202 ssh2
Sep 29 20:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 162.144.236.216 port 38202 [preauth]
Sep 29 20:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12621]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12622]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12624]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12624]: pam_unix(cron:session): session closed for user root
Sep 29 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12618]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: Successful su for rubyman by root
Sep 29 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: + ??? root:rubyman
Sep 29 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316833 of user rubyman.
Sep 29 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12704]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316833.
Sep 29 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Failed password for root from 162.144.236.216 port 47156 ssh2
Sep 29 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Connection closed by 162.144.236.216 port 47156 [preauth]
Sep 29 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12620]: pam_unix(cron:session): session closed for user root
Sep 29 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user root
Sep 29 20:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12619]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Failed password for root from 162.144.236.216 port 52652 ssh2
Sep 29 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Connection closed by 162.144.236.216 port 52652 [preauth]
Sep 29 20:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 20:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: Failed password for root from 185.156.73.233 port 17000 ssh2
Sep 29 20:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: Connection closed by 185.156.73.233 port 17000 [preauth]
Sep 29 20:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Failed password for root from 162.144.236.216 port 58746 ssh2
Sep 29 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Connection closed by 162.144.236.216 port 58746 [preauth]
Sep 29 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: Failed password for root from 162.144.236.216 port 37156 ssh2
Sep 29 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: Connection closed by 162.144.236.216 port 37156 [preauth]
Sep 29 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11609]: pam_unix(cron:session): session closed for user root
Sep 29 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Invalid user grid from 103.217.144.161
Sep 29 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: input_userauth_request: invalid user grid [preauth]
Sep 29 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Failed password for root from 162.144.236.216 port 44298 ssh2
Sep 29 20:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Failed password for invalid user grid from 103.217.144.161 port 60552 ssh2
Sep 29 20:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Received disconnect from 103.217.144.161 port 60552:11: Bye Bye [preauth]
Sep 29 20:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Disconnected from 103.217.144.161 port 60552 [preauth]
Sep 29 20:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Connection closed by 162.144.236.216 port 44298 [preauth]
Sep 29 20:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: Invalid user webuser from 8.216.34.2
Sep 29 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: input_userauth_request: invalid user webuser [preauth]
Sep 29 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: Failed password for invalid user webuser from 8.216.34.2 port 51198 ssh2
Sep 29 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: Received disconnect from 8.216.34.2 port 51198:11: Bye Bye [preauth]
Sep 29 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13074]: Disconnected from 8.216.34.2 port 51198 [preauth]
Sep 29 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13072]: Failed password for root from 162.144.236.216 port 51434 ssh2
Sep 29 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Failed password for root from 23.94.112.185 port 60872 ssh2
Sep 29 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Received disconnect from 23.94.112.185 port 60872:11: Bye Bye [preauth]
Sep 29 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Disconnected from 23.94.112.185 port 60872 [preauth]
Sep 29 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13072]: Connection closed by 162.144.236.216 port 51434 [preauth]
Sep 29 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: Failed password for root from 162.144.236.216 port 58386 ssh2
Sep 29 20:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: Connection closed by 162.144.236.216 port 58386 [preauth]
Sep 29 20:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13204]: Successful su for rubyman by root
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13204]: + ??? root:rubyman
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316837 of user rubyman.
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13204]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316837.
Sep 29 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session closed for user root
Sep 29 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Failed password for root from 162.144.236.216 port 38544 ssh2
Sep 29 20:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Connection closed by 162.144.236.216 port 38544 [preauth]
Sep 29 20:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Failed password for root from 162.144.236.216 port 46974 ssh2
Sep 29 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: Invalid user cluster from 167.99.55.34
Sep 29 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: input_userauth_request: invalid user cluster [preauth]
Sep 29 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13424]: Connection closed by 162.144.236.216 port 46974 [preauth]
Sep 29 20:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: Failed password for invalid user cluster from 167.99.55.34 port 56842 ssh2
Sep 29 20:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13454]: Connection closed by 167.99.55.34 port 56842 [preauth]
Sep 29 20:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Failed password for root from 162.144.236.216 port 53856 ssh2
Sep 29 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Connection closed by 162.144.236.216 port 53856 [preauth]
Sep 29 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session closed for user root
Sep 29 20:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: Failed password for root from 162.144.236.216 port 33088 ssh2
Sep 29 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13489]: Connection closed by 162.144.236.216 port 33088 [preauth]
Sep 29 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Failed password for root from 162.144.236.216 port 38440 ssh2
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13523]: Connection closed by 162.144.236.216 port 38440 [preauth]
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Invalid user jeremy from 23.94.112.185
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: input_userauth_request: invalid user jeremy [preauth]
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Invalid user unreal from 8.216.34.2
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: input_userauth_request: invalid user unreal [preauth]
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for invalid user jeremy from 23.94.112.185 port 33312 ssh2
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Received disconnect from 23.94.112.185 port 33312:11: Bye Bye [preauth]
Sep 29 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Disconnected from 23.94.112.185 port 33312 [preauth]
Sep 29 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Failed password for invalid user unreal from 8.216.34.2 port 36288 ssh2
Sep 29 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Received disconnect from 8.216.34.2 port 36288:11: Bye Bye [preauth]
Sep 29 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Disconnected from 8.216.34.2 port 36288 [preauth]
Sep 29 20:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Failed password for root from 162.144.236.216 port 45860 ssh2
Sep 29 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Connection closed by 162.144.236.216 port 45860 [preauth]
Sep 29 20:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user root
Sep 29 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: Successful su for rubyman by root
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: + ??? root:rubyman
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316840 of user rubyman.
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316840.
Sep 29 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: Failed password for root from 162.144.236.216 port 52920 ssh2
Sep 29 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13581]: Connection closed by 162.144.236.216 port 52920 [preauth]
Sep 29 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10716]: pam_unix(cron:session): session closed for user root
Sep 29 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for root from 162.144.236.216 port 60104 ssh2
Sep 29 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 162.144.236.216 port 60104 [preauth]
Sep 29 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Invalid user liyang from 103.217.144.161
Sep 29 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: input_userauth_request: invalid user liyang [preauth]
Sep 29 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Failed password for invalid user liyang from 103.217.144.161 port 46952 ssh2
Sep 29 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Received disconnect from 103.217.144.161 port 46952:11: Bye Bye [preauth]
Sep 29 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Disconnected from 103.217.144.161 port 46952 [preauth]
Sep 29 20:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Failed password for root from 162.144.236.216 port 38226 ssh2
Sep 29 20:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13881]: Connection closed by 162.144.236.216 port 38226 [preauth]
Sep 29 20:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for root from 162.144.236.216 port 44692 ssh2
Sep 29 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Connection closed by 162.144.236.216 port 44692 [preauth]
Sep 29 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12622]: pam_unix(cron:session): session closed for user root
Sep 29 20:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Failed password for root from 162.144.236.216 port 52172 ssh2
Sep 29 20:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Connection closed by 162.144.236.216 port 52172 [preauth]
Sep 29 20:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Failed password for root from 162.144.236.216 port 57486 ssh2
Sep 29 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Connection closed by 162.144.236.216 port 57486 [preauth]
Sep 29 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Failed password for root from 162.144.236.216 port 35200 ssh2
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Invalid user admin from 8.216.34.2
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Connection closed by 162.144.236.216 port 35200 [preauth]
Sep 29 20:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Failed password for root from 23.94.112.185 port 40940 ssh2
Sep 29 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Received disconnect from 23.94.112.185 port 40940:11: Bye Bye [preauth]
Sep 29 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Disconnected from 23.94.112.185 port 40940 [preauth]
Sep 29 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Failed password for invalid user admin from 8.216.34.2 port 54416 ssh2
Sep 29 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Received disconnect from 8.216.34.2 port 54416:11: Bye Bye [preauth]
Sep 29 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Disconnected from 8.216.34.2 port 54416 [preauth]
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: Successful su for rubyman by root
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: + ??? root:rubyman
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316845 of user rubyman.
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316845.
Sep 29 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Failed password for root from 162.144.236.216 port 42928 ssh2
Sep 29 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14033]: Connection closed by 162.144.236.216 port 42928 [preauth]
Sep 29 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user root
Sep 29 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for root from 162.144.236.216 port 50864 ssh2
Sep 29 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Connection closed by 162.144.236.216 port 50864 [preauth]
Sep 29 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Failed password for root from 162.144.236.216 port 59704 ssh2
Sep 29 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Connection closed by 162.144.236.216 port 59704 [preauth]
Sep 29 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user root
Sep 29 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Failed password for root from 162.144.236.216 port 38736 ssh2
Sep 29 20:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Connection closed by 162.144.236.216 port 38736 [preauth]
Sep 29 20:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Failed password for root from 162.144.236.216 port 45844 ssh2
Sep 29 20:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Connection closed by 162.144.236.216 port 45844 [preauth]
Sep 29 20:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Invalid user jak from 103.217.144.161
Sep 29 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: input_userauth_request: invalid user jak [preauth]
Sep 29 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Failed password for root from 162.144.236.216 port 51486 ssh2
Sep 29 20:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Failed password for invalid user jak from 103.217.144.161 port 47518 ssh2
Sep 29 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Received disconnect from 103.217.144.161 port 47518:11: Bye Bye [preauth]
Sep 29 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14522]: Disconnected from 103.217.144.161 port 47518 [preauth]
Sep 29 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Connection closed by 162.144.236.216 port 51486 [preauth]
Sep 29 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Invalid user seekcy from 23.94.112.185
Sep 29 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Failed password for root from 162.144.236.216 port 57114 ssh2
Sep 29 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Connection closed by 162.144.236.216 port 57114 [preauth]
Sep 29 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for invalid user seekcy from 23.94.112.185 port 37084 ssh2
Sep 29 20:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Received disconnect from 23.94.112.185 port 37084:11: Bye Bye [preauth]
Sep 29 20:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Disconnected from 23.94.112.185 port 37084 [preauth]
Sep 29 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: Successful su for rubyman by root
Sep 29 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: + ??? root:rubyman
Sep 29 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316849 of user rubyman.
Sep 29 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316849.
Sep 29 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11608]: pam_unix(cron:session): session closed for user root
Sep 29 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: Failed password for root from 162.144.236.216 port 35714 ssh2
Sep 29 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: Connection closed by 162.144.236.216 port 35714 [preauth]
Sep 29 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Failed password for root from 8.216.34.2 port 44230 ssh2
Sep 29 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Received disconnect from 8.216.34.2 port 44230:11: Bye Bye [preauth]
Sep 29 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Disconnected from 8.216.34.2 port 44230 [preauth]
Sep 29 20:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Failed password for root from 162.144.236.216 port 45012 ssh2
Sep 29 20:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14836]: Connection closed by 162.144.236.216 port 45012 [preauth]
Sep 29 20:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Failed password for root from 162.144.236.216 port 53016 ssh2
Sep 29 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Connection closed by 162.144.236.216 port 53016 [preauth]
Sep 29 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14896]: Failed password for root from 162.144.236.216 port 58544 ssh2
Sep 29 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13596]: pam_unix(cron:session): session closed for user root
Sep 29 20:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14896]: Connection closed by 162.144.236.216 port 58544 [preauth]
Sep 29 20:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: Invalid user admin from 93.152.230.176
Sep 29 20:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: Failed password for invalid user admin from 93.152.230.176 port 5581 ssh2
Sep 29 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: Received disconnect from 93.152.230.176 port 5581:11: Client disconnecting normally [preauth]
Sep 29 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14929]: Disconnected from 93.152.230.176 port 5581 [preauth]
Sep 29 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: Failed password for root from 162.144.236.216 port 35448 ssh2
Sep 29 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14927]: Connection closed by 162.144.236.216 port 35448 [preauth]
Sep 29 20:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Failed password for root from 190.103.202.7 port 40798 ssh2
Sep 29 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14968]: Connection closed by 190.103.202.7 port 40798 [preauth]
Sep 29 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Failed password for root from 162.144.236.216 port 42646 ssh2
Sep 29 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Connection closed by 162.144.236.216 port 42646 [preauth]
Sep 29 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15007]: pam_unix(cron:session): session closed for user root
Sep 29 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15000]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: Failed password for root from 162.144.236.216 port 50964 ssh2
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: Successful su for rubyman by root
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: + ??? root:rubyman
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316854 of user rubyman.
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15074]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316854.
Sep 29 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: Connection closed by 162.144.236.216 port 50964 [preauth]
Sep 29 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15003]: pam_unix(cron:session): session closed for user root
Sep 29 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session closed for user root
Sep 29 20:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Failed password for root from 162.144.236.216 port 57796 ssh2
Sep 29 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15001]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Connection closed by 162.144.236.216 port 57796 [preauth]
Sep 29 20:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for root from 162.144.236.216 port 35776 ssh2
Sep 29 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Connection closed by 162.144.236.216 port 35776 [preauth]
Sep 29 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Invalid user liyang from 8.216.34.2
Sep 29 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: input_userauth_request: invalid user liyang [preauth]
Sep 29 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Invalid user denis from 103.217.144.161
Sep 29 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: input_userauth_request: invalid user denis [preauth]
Sep 29 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Failed password for invalid user liyang from 8.216.34.2 port 49328 ssh2
Sep 29 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Received disconnect from 8.216.34.2 port 49328:11: Bye Bye [preauth]
Sep 29 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15335]: Disconnected from 8.216.34.2 port 49328 [preauth]
Sep 29 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Failed password for invalid user denis from 103.217.144.161 port 60358 ssh2
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Invalid user sol from 195.178.110.133
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: input_userauth_request: invalid user sol [preauth]
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Received disconnect from 103.217.144.161 port 60358:11: Bye Bye [preauth]
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Disconnected from 103.217.144.161 port 60358 [preauth]
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 20:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Failed password for invalid user sol from 195.178.110.133 port 60116 ssh2
Sep 29 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Connection closed by 195.178.110.133 port 60116 [preauth]
Sep 29 20:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15337]: Failed password for root from 162.144.236.216 port 41668 ssh2
Sep 29 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15337]: Connection closed by 162.144.236.216 port 41668 [preauth]
Sep 29 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15355]: Failed password for root from 23.94.112.185 port 43436 ssh2
Sep 29 20:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15355]: Received disconnect from 23.94.112.185 port 43436:11: Bye Bye [preauth]
Sep 29 20:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15355]: Disconnected from 23.94.112.185 port 43436 [preauth]
Sep 29 20:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Failed password for root from 162.144.236.216 port 48370 ssh2
Sep 29 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session closed for user root
Sep 29 20:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15385]: Connection closed by 162.144.236.216 port 48370 [preauth]
Sep 29 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Failed password for root from 162.144.236.216 port 55002 ssh2
Sep 29 20:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Connection closed by 162.144.236.216 port 55002 [preauth]
Sep 29 20:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Failed password for root from 162.144.236.216 port 34222 ssh2
Sep 29 20:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Connection closed by 162.144.236.216 port 34222 [preauth]
Sep 29 20:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15478]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15546]: Successful su for rubyman by root
Sep 29 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15546]: + ??? root:rubyman
Sep 29 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316859 of user rubyman.
Sep 29 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15546]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316859.
Sep 29 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Failed password for root from 162.144.236.216 port 42736 ssh2
Sep 29 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15466]: Connection closed by 162.144.236.216 port 42736 [preauth]
Sep 29 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12621]: pam_unix(cron:session): session closed for user root
Sep 29 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: Failed password for root from 162.144.236.216 port 49516 ssh2
Sep 29 20:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: Connection closed by 162.144.236.216 port 49516 [preauth]
Sep 29 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: Failed password for root from 162.144.236.216 port 55654 ssh2
Sep 29 20:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: Connection closed by 162.144.236.216 port 55654 [preauth]
Sep 29 20:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Failed password for root from 162.144.236.216 port 59718 ssh2
Sep 29 20:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Connection closed by 162.144.236.216 port 59718 [preauth]
Sep 29 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Invalid user seekcy from 8.216.34.2
Sep 29 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for invalid user seekcy from 8.216.34.2 port 53304 ssh2
Sep 29 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Received disconnect from 8.216.34.2 port 53304:11: Bye Bye [preauth]
Sep 29 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Disconnected from 8.216.34.2 port 53304 [preauth]
Sep 29 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Invalid user vms from 23.94.112.185
Sep 29 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: input_userauth_request: invalid user vms [preauth]
Sep 29 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Failed password for invalid user vms from 23.94.112.185 port 48046 ssh2
Sep 29 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Received disconnect from 23.94.112.185 port 48046:11: Bye Bye [preauth]
Sep 29 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Disconnected from 23.94.112.185 port 48046 [preauth]
Sep 29 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Failed password for root from 162.144.236.216 port 38112 ssh2
Sep 29 20:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14567]: pam_unix(cron:session): session closed for user root
Sep 29 20:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Connection closed by 162.144.236.216 port 38112 [preauth]
Sep 29 20:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Failed password for root from 162.144.236.216 port 45094 ssh2
Sep 29 20:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Connection closed by 162.144.236.216 port 45094 [preauth]
Sep 29 20:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Failed password for root from 162.144.236.216 port 50388 ssh2
Sep 29 20:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Connection closed by 162.144.236.216 port 50388 [preauth]
Sep 29 20:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Invalid user soporte from 103.217.144.161
Sep 29 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: input_userauth_request: invalid user soporte [preauth]
Sep 29 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Failed password for invalid user soporte from 103.217.144.161 port 56584 ssh2
Sep 29 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Received disconnect from 103.217.144.161 port 56584:11: Bye Bye [preauth]
Sep 29 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Disconnected from 103.217.144.161 port 56584 [preauth]
Sep 29 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Failed password for root from 162.144.236.216 port 57564 ssh2
Sep 29 20:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15902]: Connection closed by 162.144.236.216 port 57564 [preauth]
Sep 29 20:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15925]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15997]: Successful su for rubyman by root
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15997]: + ??? root:rubyman
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316864 of user rubyman.
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15997]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316864.
Sep 29 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user root
Sep 29 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Failed password for root from 162.144.236.216 port 35840 ssh2
Sep 29 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Connection closed by 162.144.236.216 port 35840 [preauth]
Sep 29 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Failed password for root from 162.144.236.216 port 42178 ssh2
Sep 29 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Connection closed by 162.144.236.216 port 42178 [preauth]
Sep 29 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for root from 162.144.236.216 port 47396 ssh2
Sep 29 20:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 162.144.236.216 port 47396 [preauth]
Sep 29 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Invalid user everson from 23.94.112.185
Sep 29 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: input_userauth_request: invalid user everson [preauth]
Sep 29 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: Failed password for root from 162.144.236.216 port 54390 ssh2
Sep 29 20:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: Connection closed by 162.144.236.216 port 54390 [preauth]
Sep 29 20:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Failed password for invalid user everson from 23.94.112.185 port 33988 ssh2
Sep 29 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Received disconnect from 23.94.112.185 port 33988:11: Bye Bye [preauth]
Sep 29 20:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16268]: Disconnected from 23.94.112.185 port 33988 [preauth]
Sep 29 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Invalid user arman from 8.216.34.2
Sep 29 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: input_userauth_request: invalid user arman [preauth]
Sep 29 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15006]: pam_unix(cron:session): session closed for user root
Sep 29 20:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Failed password for invalid user arman from 8.216.34.2 port 42866 ssh2
Sep 29 20:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Received disconnect from 8.216.34.2 port 42866:11: Bye Bye [preauth]
Sep 29 20:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Disconnected from 8.216.34.2 port 42866 [preauth]
Sep 29 20:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Failed password for root from 162.144.236.216 port 60802 ssh2
Sep 29 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Connection closed by 162.144.236.216 port 60802 [preauth]
Sep 29 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for root from 162.144.236.216 port 39944 ssh2
Sep 29 20:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Connection closed by 162.144.236.216 port 39944 [preauth]
Sep 29 20:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Failed password for root from 162.144.236.216 port 47400 ssh2
Sep 29 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Connection closed by 162.144.236.216 port 47400 [preauth]
Sep 29 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16445]: Successful su for rubyman by root
Sep 29 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16445]: + ??? root:rubyman
Sep 29 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316867 of user rubyman.
Sep 29 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16445]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316867.
Sep 29 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user root
Sep 29 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Failed password for root from 162.144.236.216 port 55010 ssh2
Sep 29 20:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Connection closed by 162.144.236.216 port 55010 [preauth]
Sep 29 20:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Failed password for root from 162.144.236.216 port 34280 ssh2
Sep 29 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Connection closed by 162.144.236.216 port 34280 [preauth]
Sep 29 20:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Failed password for root from 162.144.236.216 port 41266 ssh2
Sep 29 20:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Connection closed by 162.144.236.216 port 41266 [preauth]
Sep 29 20:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Invalid user vms from 103.217.144.161
Sep 29 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: input_userauth_request: invalid user vms [preauth]
Sep 29 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: Failed password for root from 162.144.236.216 port 48030 ssh2
Sep 29 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user root
Sep 29 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16722]: Connection closed by 162.144.236.216 port 48030 [preauth]
Sep 29 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Failed password for invalid user vms from 103.217.144.161 port 32776 ssh2
Sep 29 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Received disconnect from 103.217.144.161 port 32776:11: Bye Bye [preauth]
Sep 29 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Disconnected from 103.217.144.161 port 32776 [preauth]
Sep 29 20:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Failed password for root from 8.216.34.2 port 49486 ssh2
Sep 29 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for root from 162.144.236.216 port 54530 ssh2
Sep 29 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Received disconnect from 8.216.34.2 port 49486:11: Bye Bye [preauth]
Sep 29 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Disconnected from 8.216.34.2 port 49486 [preauth]
Sep 29 20:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Connection closed by 162.144.236.216 port 54530 [preauth]
Sep 29 20:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for root from 162.144.236.216 port 59854 ssh2
Sep 29 20:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Connection closed by 162.144.236.216 port 59854 [preauth]
Sep 29 20:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for root from 23.94.112.185 port 47286 ssh2
Sep 29 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Received disconnect from 23.94.112.185 port 47286:11: Bye Bye [preauth]
Sep 29 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Disconnected from 23.94.112.185 port 47286 [preauth]
Sep 29 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Invalid user oracle from 167.99.55.34
Sep 29 20:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: input_userauth_request: invalid user oracle [preauth]
Sep 29 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for invalid user oracle from 167.99.55.34 port 43996 ssh2
Sep 29 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 167.99.55.34 port 43996 [preauth]
Sep 29 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Failed password for root from 162.144.236.216 port 38326 ssh2
Sep 29 20:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16819]: Connection closed by 162.144.236.216 port 38326 [preauth]
Sep 29 20:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16911]: Successful su for rubyman by root
Sep 29 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16911]: + ??? root:rubyman
Sep 29 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316872 of user rubyman.
Sep 29 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16911]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316872.
Sep 29 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session closed for user root
Sep 29 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Failed password for root from 162.144.236.216 port 44144 ssh2
Sep 29 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Connection closed by 162.144.236.216 port 44144 [preauth]
Sep 29 20:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Failed password for root from 162.144.236.216 port 50012 ssh2
Sep 29 20:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Connection closed by 162.144.236.216 port 50012 [preauth]
Sep 29 20:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Failed password for root from 162.144.236.216 port 56598 ssh2
Sep 29 20:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Connection closed by 162.144.236.216 port 56598 [preauth]
Sep 29 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Invalid user a from 80.94.95.116
Sep 29 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: input_userauth_request: invalid user a [preauth]
Sep 29 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Failed password for invalid user a from 80.94.95.116 port 62688 ssh2
Sep 29 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Connection closed by 80.94.95.116 port 62688 [preauth]
Sep 29 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Failed password for root from 162.144.236.216 port 36048 ssh2
Sep 29 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Connection closed by 162.144.236.216 port 36048 [preauth]
Sep 29 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15928]: pam_unix(cron:session): session closed for user root
Sep 29 20:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for root from 162.144.236.216 port 42158 ssh2
Sep 29 20:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Connection closed by 162.144.236.216 port 42158 [preauth]
Sep 29 20:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Failed password for root from 162.144.236.216 port 47688 ssh2
Sep 29 20:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Connection closed by 162.144.236.216 port 47688 [preauth]
Sep 29 20:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Failed password for root from 8.216.34.2 port 57184 ssh2
Sep 29 20:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Received disconnect from 8.216.34.2 port 57184:11: Bye Bye [preauth]
Sep 29 20:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17280]: Disconnected from 8.216.34.2 port 57184 [preauth]
Sep 29 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Invalid user test2 from 23.94.112.185
Sep 29 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: input_userauth_request: invalid user test2 [preauth]
Sep 29 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for invalid user test2 from 23.94.112.185 port 39444 ssh2
Sep 29 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Received disconnect from 23.94.112.185 port 39444:11: Bye Bye [preauth]
Sep 29 20:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Disconnected from 23.94.112.185 port 39444 [preauth]
Sep 29 20:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Failed password for root from 162.144.236.216 port 55352 ssh2
Sep 29 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Connection closed by 162.144.236.216 port 55352 [preauth]
Sep 29 20:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user root
Sep 29 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: Successful su for rubyman by root
Sep 29 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: + ??? root:rubyman
Sep 29 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316877 of user rubyman.
Sep 29 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316877.
Sep 29 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14566]: pam_unix(cron:session): session closed for user root
Sep 29 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session closed for user root
Sep 29 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17308]: Failed password for root from 162.144.236.216 port 35450 ssh2
Sep 29 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17308]: Connection closed by 162.144.236.216 port 35450 [preauth]
Sep 29 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Failed password for root from 162.144.236.216 port 42550 ssh2
Sep 29 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Connection closed by 162.144.236.216 port 42550 [preauth]
Sep 29 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: Failed password for root from 103.217.144.161 port 48788 ssh2
Sep 29 20:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: Received disconnect from 103.217.144.161 port 48788:11: Bye Bye [preauth]
Sep 29 20:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: Disconnected from 103.217.144.161 port 48788 [preauth]
Sep 29 20:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Failed password for root from 162.144.236.216 port 48026 ssh2
Sep 29 20:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Connection closed by 162.144.236.216 port 48026 [preauth]
Sep 29 20:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session closed for user root
Sep 29 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Failed password for root from 162.144.236.216 port 57706 ssh2
Sep 29 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Connection closed by 162.144.236.216 port 57706 [preauth]
Sep 29 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Failed password for root from 162.144.236.216 port 37206 ssh2
Sep 29 20:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17759]: Connection closed by 162.144.236.216 port 37206 [preauth]
Sep 29 20:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Failed password for root from 162.144.236.216 port 44110 ssh2
Sep 29 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Connection closed by 162.144.236.216 port 44110 [preauth]
Sep 29 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Invalid user seekcy from 8.216.34.2
Sep 29 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Failed password for invalid user seekcy from 8.216.34.2 port 55704 ssh2
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Invalid user geraldo from 23.94.112.185
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: input_userauth_request: invalid user geraldo [preauth]
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Received disconnect from 8.216.34.2 port 55704:11: Bye Bye [preauth]
Sep 29 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17865]: Disconnected from 8.216.34.2 port 55704 [preauth]
Sep 29 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Failed password for invalid user geraldo from 23.94.112.185 port 50550 ssh2
Sep 29 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Received disconnect from 23.94.112.185 port 50550:11: Bye Bye [preauth]
Sep 29 20:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Disconnected from 23.94.112.185 port 50550 [preauth]
Sep 29 20:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: Failed password for root from 162.144.236.216 port 50572 ssh2
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17867]: Connection closed by 162.144.236.216 port 50572 [preauth]
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: Successful su for rubyman by root
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: + ??? root:rubyman
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316881 of user rubyman.
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316881.
Sep 29 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15004]: pam_unix(cron:session): session closed for user root
Sep 29 20:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Failed password for root from 162.144.236.216 port 54272 ssh2
Sep 29 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Connection closed by 162.144.236.216 port 54272 [preauth]
Sep 29 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Failed password for root from 162.144.236.216 port 34046 ssh2
Sep 29 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Connection closed by 162.144.236.216 port 34046 [preauth]
Sep 29 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Failed password for root from 162.144.236.216 port 39880 ssh2
Sep 29 20:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Connection closed by 162.144.236.216 port 39880 [preauth]
Sep 29 20:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user root
Sep 29 20:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Failed password for root from 162.144.236.216 port 46694 ssh2
Sep 29 20:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Connection closed by 162.144.236.216 port 46694 [preauth]
Sep 29 20:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Failed password for root from 162.144.236.216 port 54400 ssh2
Sep 29 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18539]: Connection closed by 162.144.236.216 port 54400 [preauth]
Sep 29 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: Failed password for root from 162.144.236.216 port 60652 ssh2
Sep 29 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18573]: Connection closed by 162.144.236.216 port 60652 [preauth]
Sep 29 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: Failed password for root from 103.217.144.161 port 55722 ssh2
Sep 29 20:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: Received disconnect from 103.217.144.161 port 55722:11: Bye Bye [preauth]
Sep 29 20:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18596]: Disconnected from 103.217.144.161 port 55722 [preauth]
Sep 29 20:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Failed password for root from 162.144.236.216 port 39514 ssh2
Sep 29 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: Invalid user david from 8.216.34.2
Sep 29 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: input_userauth_request: invalid user david [preauth]
Sep 29 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Connection closed by 162.144.236.216 port 39514 [preauth]
Sep 29 20:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: Failed password for invalid user david from 8.216.34.2 port 41434 ssh2
Sep 29 20:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: Received disconnect from 8.216.34.2 port 41434:11: Bye Bye [preauth]
Sep 29 20:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18616]: Disconnected from 8.216.34.2 port 41434 [preauth]
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18633]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: Successful su for rubyman by root
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: + ??? root:rubyman
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316885 of user rubyman.
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18705]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316885.
Sep 29 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Failed password for root from 162.144.236.216 port 44270 ssh2
Sep 29 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
Sep 29 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Connection closed by 162.144.236.216 port 44270 [preauth]
Sep 29 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 162.144.236.216 port 49612 ssh2
Sep 29 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Connection closed by 162.144.236.216 port 49612 [preauth]
Sep 29 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18955]: Failed password for root from 162.144.236.216 port 57386 ssh2
Sep 29 20:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18955]: Connection closed by 162.144.236.216 port 57386 [preauth]
Sep 29 20:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Failed password for root from 23.94.112.185 port 34426 ssh2
Sep 29 20:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Received disconnect from 23.94.112.185 port 34426:11: Bye Bye [preauth]
Sep 29 20:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Disconnected from 23.94.112.185 port 34426 [preauth]
Sep 29 20:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Invalid user solv from 195.178.110.133
Sep 29 20:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: input_userauth_request: invalid user solv [preauth]
Sep 29 20:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Failed password for invalid user solv from 195.178.110.133 port 35460 ssh2
Sep 29 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18997]: Connection closed by 195.178.110.133 port 35460 [preauth]
Sep 29 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: Failed password for root from 162.144.236.216 port 34328 ssh2
Sep 29 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: Connection closed by 162.144.236.216 port 34328 [preauth]
Sep 29 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user root
Sep 29 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Failed password for root from 162.144.236.216 port 42716 ssh2
Sep 29 20:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19039]: Connection closed by 162.144.236.216 port 42716 [preauth]
Sep 29 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Invalid user pi from 93.152.230.176
Sep 29 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: input_userauth_request: invalid user pi [preauth]
Sep 29 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Failed password for invalid user pi from 93.152.230.176 port 47126 ssh2
Sep 29 20:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Received disconnect from 93.152.230.176 port 47126:11: Client disconnecting normally [preauth]
Sep 29 20:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19060]: Disconnected from 93.152.230.176 port 47126 [preauth]
Sep 29 20:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Failed password for root from 162.144.236.216 port 49922 ssh2
Sep 29 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19062]: Connection closed by 162.144.236.216 port 49922 [preauth]
Sep 29 20:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Failed password for root from 162.144.236.216 port 56824 ssh2
Sep 29 20:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Connection closed by 162.144.236.216 port 56824 [preauth]
Sep 29 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19125]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19126]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: Successful su for rubyman by root
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: + ??? root:rubyman
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316891 of user rubyman.
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316891.
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Failed password for root from 162.144.236.216 port 33616 ssh2
Sep 29 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Failed password for root from 8.216.34.2 port 38850 ssh2
Sep 29 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15927]: pam_unix(cron:session): session closed for user root
Sep 29 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Received disconnect from 8.216.34.2 port 38850:11: Bye Bye [preauth]
Sep 29 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Disconnected from 8.216.34.2 port 38850 [preauth]
Sep 29 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19112]: Connection closed by 162.144.236.216 port 33616 [preauth]
Sep 29 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19124]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for root from 162.144.236.216 port 40188 ssh2
Sep 29 20:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Connection closed by 162.144.236.216 port 40188 [preauth]
Sep 29 20:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19672]: Failed password for root from 162.144.236.216 port 45930 ssh2
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19672]: Connection closed by 162.144.236.216 port 45930 [preauth]
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Invalid user unreal from 23.94.112.185
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: input_userauth_request: invalid user unreal [preauth]
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Invalid user stu from 103.217.144.161
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: input_userauth_request: invalid user stu [preauth]
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Failed password for invalid user unreal from 23.94.112.185 port 37498 ssh2
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Received disconnect from 23.94.112.185 port 37498:11: Bye Bye [preauth]
Sep 29 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Disconnected from 23.94.112.185 port 37498 [preauth]
Sep 29 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Failed password for invalid user stu from 103.217.144.161 port 33460 ssh2
Sep 29 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Received disconnect from 103.217.144.161 port 33460:11: Bye Bye [preauth]
Sep 29 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Disconnected from 103.217.144.161 port 33460 [preauth]
Sep 29 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19753]: Failed password for root from 162.144.236.216 port 51274 ssh2
Sep 29 20:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19753]: Connection closed by 162.144.236.216 port 51274 [preauth]
Sep 29 20:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session closed for user root
Sep 29 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: Failed password for root from 162.144.236.216 port 57430 ssh2
Sep 29 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19809]: Connection closed by 162.144.236.216 port 57430 [preauth]
Sep 29 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Failed password for root from 162.144.236.216 port 36156 ssh2
Sep 29 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19850]: Connection closed by 162.144.236.216 port 36156 [preauth]
Sep 29 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for root from 162.144.236.216 port 42636 ssh2
Sep 29 20:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Connection closed by 162.144.236.216 port 42636 [preauth]
Sep 29 20:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19954]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19952]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20030]: Successful su for rubyman by root
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20030]: + ??? root:rubyman
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316893 of user rubyman.
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20030]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316893.
Sep 29 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: Failed password for root from 162.144.236.216 port 50646 ssh2
Sep 29 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: Connection closed by 162.144.236.216 port 50646 [preauth]
Sep 29 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session closed for user root
Sep 29 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19953]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Invalid user seekcy from 8.216.34.2
Sep 29 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Failed password for invalid user seekcy from 8.216.34.2 port 41554 ssh2
Sep 29 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Received disconnect from 8.216.34.2 port 41554:11: Bye Bye [preauth]
Sep 29 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Disconnected from 8.216.34.2 port 41554 [preauth]
Sep 29 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20232]: Failed password for root from 162.144.236.216 port 58426 ssh2
Sep 29 20:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20232]: Connection closed by 162.144.236.216 port 58426 [preauth]
Sep 29 20:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20285]: Failed password for root from 162.144.236.216 port 35112 ssh2
Sep 29 20:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20285]: Connection closed by 162.144.236.216 port 35112 [preauth]
Sep 29 20:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Failed password for root from 23.94.112.185 port 60464 ssh2
Sep 29 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Received disconnect from 23.94.112.185 port 60464:11: Bye Bye [preauth]
Sep 29 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20310]: Disconnected from 23.94.112.185 port 60464 [preauth]
Sep 29 20:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20323]: Failed password for root from 162.144.236.216 port 42516 ssh2
Sep 29 20:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20323]: Connection closed by 162.144.236.216 port 42516 [preauth]
Sep 29 20:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session closed for user root
Sep 29 20:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for root from 162.144.236.216 port 49728 ssh2
Sep 29 20:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Connection closed by 162.144.236.216 port 49728 [preauth]
Sep 29 20:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: Failed password for root from 162.144.236.216 port 57626 ssh2
Sep 29 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20402]: Connection closed by 162.144.236.216 port 57626 [preauth]
Sep 29 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Invalid user geraldo from 103.217.144.161
Sep 29 20:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: input_userauth_request: invalid user geraldo [preauth]
Sep 29 20:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Failed password for root from 162.144.236.216 port 36088 ssh2
Sep 29 20:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Connection closed by 162.144.236.216 port 36088 [preauth]
Sep 29 20:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Failed password for invalid user geraldo from 103.217.144.161 port 37594 ssh2
Sep 29 20:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Received disconnect from 103.217.144.161 port 37594:11: Bye Bye [preauth]
Sep 29 20:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20449]: Disconnected from 103.217.144.161 port 37594 [preauth]
Sep 29 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20468]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20467]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20466]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session closed for user root
Sep 29 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20542]: Successful su for rubyman by root
Sep 29 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20542]: + ??? root:rubyman
Sep 29 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316900 of user rubyman.
Sep 29 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20542]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316900.
Sep 29 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Failed password for root from 162.144.236.216 port 42204 ssh2
Sep 29 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Connection closed by 162.144.236.216 port 42204 [preauth]
Sep 29 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20466]: pam_unix(cron:session): session closed for user root
Sep 29 20:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
Sep 29 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Failed password for root from 162.144.236.216 port 48100 ssh2
Sep 29 20:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20464]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Connection closed by 162.144.236.216 port 48100 [preauth]
Sep 29 20:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Invalid user seekcy from 8.216.34.2
Sep 29 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Failed password for root from 162.144.236.216 port 52658 ssh2
Sep 29 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user seekcy from 8.216.34.2 port 44624 ssh2
Sep 29 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Connection closed by 162.144.236.216 port 52658 [preauth]
Sep 29 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Received disconnect from 8.216.34.2 port 44624:11: Bye Bye [preauth]
Sep 29 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Disconnected from 8.216.34.2 port 44624 [preauth]
Sep 29 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: Invalid user denis from 23.94.112.185
Sep 29 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: input_userauth_request: invalid user denis [preauth]
Sep 29 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: Failed password for root from 162.144.236.216 port 59122 ssh2
Sep 29 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: Failed password for invalid user denis from 23.94.112.185 port 59696 ssh2
Sep 29 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: Received disconnect from 23.94.112.185 port 59696:11: Bye Bye [preauth]
Sep 29 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: Disconnected from 23.94.112.185 port 59696 [preauth]
Sep 29 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20823]: Connection closed by 162.144.236.216 port 59122 [preauth]
Sep 29 20:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19126]: pam_unix(cron:session): session closed for user root
Sep 29 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Failed password for root from 162.144.236.216 port 38668 ssh2
Sep 29 20:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Connection closed by 162.144.236.216 port 38668 [preauth]
Sep 29 20:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Failed password for root from 162.144.236.216 port 47246 ssh2
Sep 29 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20906]: Connection closed by 162.144.236.216 port 47246 [preauth]
Sep 29 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Failed password for root from 162.144.236.216 port 54628 ssh2
Sep 29 20:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Connection closed by 162.144.236.216 port 54628 [preauth]
Sep 29 20:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20967]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20964]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: Successful su for rubyman by root
Sep 29 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: + ??? root:rubyman
Sep 29 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316903 of user rubyman.
Sep 29 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316903.
Sep 29 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Failed password for root from 162.144.236.216 port 32828 ssh2
Sep 29 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Connection closed by 162.144.236.216 port 32828 [preauth]
Sep 29 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user root
Sep 29 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: Failed password for root from 162.144.236.216 port 40182 ssh2
Sep 29 20:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: Connection closed by 162.144.236.216 port 40182 [preauth]
Sep 29 20:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2  user=root
Sep 29 20:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Failed password for root from 162.144.236.216 port 45906 ssh2
Sep 29 20:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21263]: Connection closed by 162.144.236.216 port 45906 [preauth]
Sep 29 20:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Failed password for root from 8.216.34.2 port 51840 ssh2
Sep 29 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Received disconnect from 8.216.34.2 port 51840:11: Bye Bye [preauth]
Sep 29 20:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21283]: Disconnected from 8.216.34.2 port 51840 [preauth]
Sep 29 20:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185  user=root
Sep 29 20:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: Failed password for root from 23.94.112.185 port 55524 ssh2
Sep 29 20:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: Received disconnect from 23.94.112.185 port 55524:11: Bye Bye [preauth]
Sep 29 20:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21302]: Disconnected from 23.94.112.185 port 55524 [preauth]
Sep 29 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Invalid user gao-4144 from 20.163.71.109
Sep 29 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: input_userauth_request: invalid user gao-4144 [preauth]
Sep 29 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 29 20:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Invalid user postgres from 167.99.55.34
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: input_userauth_request: invalid user postgres [preauth]
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: Invalid user seekcy from 103.217.144.161
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Failed password for root from 162.144.236.216 port 54034 ssh2
Sep 29 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Failed password for invalid user gao-4144 from 20.163.71.109 port 32934 ssh2
Sep 29 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21314]: Connection closed by 20.163.71.109 port 32934 [preauth]
Sep 29 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Connection closed by 162.144.236.216 port 54034 [preauth]
Sep 29 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Failed password for invalid user postgres from 167.99.55.34 port 33218 ssh2
Sep 29 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21319]: Connection closed by 167.99.55.34 port 33218 [preauth]
Sep 29 20:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: Failed password for invalid user seekcy from 103.217.144.161 port 35330 ssh2
Sep 29 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: Received disconnect from 103.217.144.161 port 35330:11: Bye Bye [preauth]
Sep 29 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21317]: Disconnected from 103.217.144.161 port 35330 [preauth]
Sep 29 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session closed for user root
Sep 29 20:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Failed password for root from 162.144.236.216 port 60604 ssh2
Sep 29 20:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Connection closed by 162.144.236.216 port 60604 [preauth]
Sep 29 20:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 162.144.236.216 port 39256 ssh2
Sep 29 20:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Connection closed by 162.144.236.216 port 39256 [preauth]
Sep 29 20:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Failed password for root from 162.144.236.216 port 45180 ssh2
Sep 29 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21400]: Connection closed by 162.144.236.216 port 45180 [preauth]
Sep 29 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21496]: Successful su for rubyman by root
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21496]: + ??? root:rubyman
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316908 of user rubyman.
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21496]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316908.
Sep 29 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Failed password for root from 162.144.236.216 port 52472 ssh2
Sep 29 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session closed for user root
Sep 29 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Connection closed by 162.144.236.216 port 52472 [preauth]
Sep 29 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Failed password for root from 162.144.236.216 port 58642 ssh2
Sep 29 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Connection closed by 162.144.236.216 port 58642 [preauth]
Sep 29 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Invalid user tashaun from 80.94.95.112
Sep 29 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: input_userauth_request: invalid user tashaun [preauth]
Sep 29 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user tashaun from 80.94.95.112 port 64160 ssh2
Sep 29 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user tashaun from 80.94.95.112 port 64160 ssh2
Sep 29 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Failed password for root from 162.144.236.216 port 35630 ssh2
Sep 29 20:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user tashaun from 80.94.95.112 port 64160 ssh2
Sep 29 20:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Connection closed by 162.144.236.216 port 35630 [preauth]
Sep 29 20:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user tashaun from 80.94.95.112 port 64160 ssh2
Sep 29 20:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user tashaun from 80.94.95.112 port 64160 ssh2
Sep 29 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Received disconnect from 80.94.95.112 port 64160:11: Bye [preauth]
Sep 29 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Disconnected from 80.94.95.112 port 64160 [preauth]
Sep 29 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 20:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 20:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Failed password for root from 162.144.236.216 port 42074 ssh2
Sep 29 20:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21738]: Connection closed by 162.144.236.216 port 42074 [preauth]
Sep 29 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: Invalid user backuppc from 8.216.34.2
Sep 29 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: input_userauth_request: invalid user backuppc [preauth]
Sep 29 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: Failed password for invalid user backuppc from 8.216.34.2 port 52310 ssh2
Sep 29 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: Received disconnect from 8.216.34.2 port 52310:11: Bye Bye [preauth]
Sep 29 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21776]: Disconnected from 8.216.34.2 port 52310 [preauth]
Sep 29 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: Invalid user seekcy from 23.94.112.185
Sep 29 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: Failed password for invalid user seekcy from 23.94.112.185 port 42634 ssh2
Sep 29 20:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: Received disconnect from 23.94.112.185 port 42634:11: Bye Bye [preauth]
Sep 29 20:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21786]: Disconnected from 23.94.112.185 port 42634 [preauth]
Sep 29 20:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20468]: pam_unix(cron:session): session closed for user root
Sep 29 20:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: Failed password for root from 162.144.236.216 port 48748 ssh2
Sep 29 20:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21771]: Connection closed by 162.144.236.216 port 48748 [preauth]
Sep 29 20:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21837]: Invalid user admin from 139.19.117.131
Sep 29 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21837]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: Failed password for root from 162.144.236.216 port 54958 ssh2
Sep 29 20:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21823]: Connection closed by 162.144.236.216 port 54958 [preauth]
Sep 29 20:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21837]: Connection closed by 139.19.117.131 port 33756 [preauth]
Sep 29 20:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: Failed password for root from 162.144.236.216 port 35464 ssh2
Sep 29 20:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21872]: Connection closed by 162.144.236.216 port 35464 [preauth]
Sep 29 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21896]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21958]: Successful su for rubyman by root
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21958]: + ??? root:rubyman
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316911 of user rubyman.
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21958]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316911.
Sep 29 20:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Failed password for root from 162.144.236.216 port 42730 ssh2
Sep 29 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18635]: pam_unix(cron:session): session closed for user root
Sep 29 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Connection closed by 162.144.236.216 port 42730 [preauth]
Sep 29 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Invalid user everson from 103.217.144.161
Sep 29 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: input_userauth_request: invalid user everson [preauth]
Sep 29 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Failed password for invalid user everson from 103.217.144.161 port 38598 ssh2
Sep 29 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Received disconnect from 103.217.144.161 port 38598:11: Bye Bye [preauth]
Sep 29 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Disconnected from 103.217.144.161 port 38598 [preauth]
Sep 29 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Failed password for root from 162.144.236.216 port 49686 ssh2
Sep 29 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Connection closed by 162.144.236.216 port 49686 [preauth]
Sep 29 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22206]: Failed password for root from 162.144.236.216 port 57466 ssh2
Sep 29 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22206]: Connection closed by 162.144.236.216 port 57466 [preauth]
Sep 29 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Invalid user test from 185.156.73.233
Sep 29 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: input_userauth_request: invalid user test [preauth]
Sep 29 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Failed password for invalid user test from 185.156.73.233 port 42094 ssh2
Sep 29 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Connection closed by 185.156.73.233 port 42094 [preauth]
Sep 29 20:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20967]: pam_unix(cron:session): session closed for user root
Sep 29 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: Failed password for root from 162.144.236.216 port 38732 ssh2
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Invalid user stu from 8.216.34.2
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: input_userauth_request: invalid user stu [preauth]
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.216.34.2
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: Connection closed by 162.144.236.216 port 38732 [preauth]
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Invalid user admin from 78.128.112.74
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Failed password for invalid user stu from 8.216.34.2 port 53454 ssh2
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Received disconnect from 8.216.34.2 port 53454:11: Bye Bye [preauth]
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Disconnected from 8.216.34.2 port 53454 [preauth]
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 20:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Failed password for invalid user admin from 78.128.112.74 port 39384 ssh2
Sep 29 20:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Connection closed by 78.128.112.74 port 39384 [preauth]
Sep 29 20:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: Failed password for root from 162.144.236.216 port 47138 ssh2
Sep 29 20:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: Connection closed by 162.144.236.216 port 47138 [preauth]
Sep 29 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22324]: Failed password for root from 162.144.236.216 port 53814 ssh2
Sep 29 20:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22324]: Connection closed by 162.144.236.216 port 53814 [preauth]
Sep 29 20:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: Failed password for root from 162.144.236.216 port 59810 ssh2
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22363]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22362]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22436]: Successful su for rubyman by root
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22436]: + ??? root:rubyman
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316916 of user rubyman.
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22436]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316916.
Sep 29 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: Connection closed by 162.144.236.216 port 59810 [preauth]
Sep 29 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Invalid user admin from 23.94.112.185
Sep 29 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Failed password for invalid user admin from 23.94.112.185 port 51800 ssh2
Sep 29 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Received disconnect from 23.94.112.185 port 51800:11: Bye Bye [preauth]
Sep 29 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Disconnected from 23.94.112.185 port 51800 [preauth]
Sep 29 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19125]: pam_unix(cron:session): session closed for user root
Sep 29 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22360]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Failed password for root from 162.144.236.216 port 37672 ssh2
Sep 29 20:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Connection closed by 162.144.236.216 port 37672 [preauth]
Sep 29 20:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Failed password for root from 162.144.236.216 port 43292 ssh2
Sep 29 20:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Did not receive identification string from 23.185.120.116
Sep 29 20:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Connection closed by 162.144.236.216 port 43292 [preauth]
Sep 29 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for root from 162.144.236.216 port 50868 ssh2
Sep 29 20:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Connection closed by 162.144.236.216 port 50868 [preauth]
Sep 29 20:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session closed for user root
Sep 29 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Failed password for root from 162.144.236.216 port 60552 ssh2
Sep 29 20:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22907]: Connection closed by 162.144.236.216 port 60552 [preauth]
Sep 29 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: Failed password for root from 103.217.144.161 port 40076 ssh2
Sep 29 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: Received disconnect from 103.217.144.161 port 40076:11: Bye Bye [preauth]
Sep 29 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22958]: Disconnected from 103.217.144.161 port 40076 [preauth]
Sep 29 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: Failed password for root from 162.144.236.216 port 39788 ssh2
Sep 29 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22957]: Connection closed by 162.144.236.216 port 39788 [preauth]
Sep 29 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Failed password for root from 162.144.236.216 port 47442 ssh2
Sep 29 20:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23001]: Connection closed by 162.144.236.216 port 47442 [preauth]
Sep 29 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session closed for user root
Sep 29 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23131]: Successful su for rubyman by root
Sep 29 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23131]: + ??? root:rubyman
Sep 29 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316921 of user rubyman.
Sep 29 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23131]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316921.
Sep 29 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Failed password for root from 162.144.236.216 port 53520 ssh2
Sep 29 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session closed for user root
Sep 29 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19954]: pam_unix(cron:session): session closed for user root
Sep 29 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23012]: Connection closed by 162.144.236.216 port 53520 [preauth]
Sep 29 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Invalid user seekcy from 23.94.112.185
Sep 29 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23029]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Failed password for invalid user seekcy from 23.94.112.185 port 53628 ssh2
Sep 29 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Received disconnect from 23.94.112.185 port 53628:11: Bye Bye [preauth]
Sep 29 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23410]: Disconnected from 23.94.112.185 port 53628 [preauth]
Sep 29 20:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Failed password for root from 162.144.236.216 port 60884 ssh2
Sep 29 20:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Connection closed by 162.144.236.216 port 60884 [preauth]
Sep 29 20:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: Failed password for root from 162.144.236.216 port 39104 ssh2
Sep 29 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23453]: Connection closed by 162.144.236.216 port 39104 [preauth]
Sep 29 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21899]: pam_unix(cron:session): session closed for user root
Sep 29 20:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23502]: Failed password for root from 162.144.236.216 port 45232 ssh2
Sep 29 20:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23502]: Connection closed by 162.144.236.216 port 45232 [preauth]
Sep 29 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: Invalid user user1 from 93.152.230.176
Sep 29 20:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: input_userauth_request: invalid user user1 [preauth]
Sep 29 20:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: Failed password for invalid user user1 from 93.152.230.176 port 37425 ssh2
Sep 29 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: Received disconnect from 93.152.230.176 port 37425:11: Client disconnecting normally [preauth]
Sep 29 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23789]: Disconnected from 93.152.230.176 port 37425 [preauth]
Sep 29 20:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: Failed password for root from 162.144.236.216 port 52420 ssh2
Sep 29 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23815]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23814]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23811]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23879]: Successful su for rubyman by root
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23879]: + ??? root:rubyman
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316925 of user rubyman.
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23879]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316925.
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: Connection closed by 162.144.236.216 port 52420 [preauth]
Sep 29 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20467]: pam_unix(cron:session): session closed for user root
Sep 29 20:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23813]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23901]: Failed password for root from 162.144.236.216 port 60750 ssh2
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23901]: Connection closed by 162.144.236.216 port 60750 [preauth]
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Invalid user hex from 23.94.112.185
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: input_userauth_request: invalid user hex [preauth]
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.112.185
Sep 29 20:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user hex from 23.94.112.185 port 34502 ssh2
Sep 29 20:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Received disconnect from 23.94.112.185 port 34502:11: Bye Bye [preauth]
Sep 29 20:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Disconnected from 23.94.112.185 port 34502 [preauth]
Sep 29 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Failed password for root from 162.144.236.216 port 38092 ssh2
Sep 29 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Invalid user zimblyeat from 103.217.144.161
Sep 29 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: input_userauth_request: invalid user zimblyeat [preauth]
Sep 29 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Connection closed by 162.144.236.216 port 38092 [preauth]
Sep 29 20:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Failed password for invalid user zimblyeat from 103.217.144.161 port 41010 ssh2
Sep 29 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Received disconnect from 103.217.144.161 port 41010:11: Bye Bye [preauth]
Sep 29 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Disconnected from 103.217.144.161 port 41010 [preauth]
Sep 29 20:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22363]: pam_unix(cron:session): session closed for user root
Sep 29 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Failed password for root from 162.144.236.216 port 46244 ssh2
Sep 29 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Connection closed by 162.144.236.216 port 46244 [preauth]
Sep 29 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: Failed password for root from 162.144.236.216 port 54802 ssh2
Sep 29 20:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24247]: Connection closed by 162.144.236.216 port 54802 [preauth]
Sep 29 20:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24307]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24385]: Successful su for rubyman by root
Sep 29 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24385]: + ??? root:rubyman
Sep 29 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316930 of user rubyman.
Sep 29 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24385]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316930.
Sep 29 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for root from 162.144.236.216 port 59244 ssh2
Sep 29 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Connection closed by 162.144.236.216 port 59244 [preauth]
Sep 29 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session closed for user root
Sep 29 20:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24308]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Failed password for root from 162.144.236.216 port 37824 ssh2
Sep 29 20:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Connection closed by 162.144.236.216 port 37824 [preauth]
Sep 29 20:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Failed password for root from 162.144.236.216 port 46120 ssh2
Sep 29 20:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Connection closed by 162.144.236.216 port 46120 [preauth]
Sep 29 20:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Failed password for root from 162.144.236.216 port 52230 ssh2
Sep 29 20:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Connection closed by 162.144.236.216 port 52230 [preauth]
Sep 29 20:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session closed for user root
Sep 29 20:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for root from 162.144.236.216 port 60140 ssh2
Sep 29 20:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Connection closed by 162.144.236.216 port 60140 [preauth]
Sep 29 20:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Failed password for root from 162.144.236.216 port 38958 ssh2
Sep 29 20:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Connection closed by 162.144.236.216 port 38958 [preauth]
Sep 29 20:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for root from 162.144.236.216 port 46240 ssh2
Sep 29 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Invalid user seekcy from 103.217.144.161
Sep 29 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 162.144.236.216 port 46240 [preauth]
Sep 29 20:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Failed password for invalid user seekcy from 103.217.144.161 port 50400 ssh2
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: Successful su for rubyman by root
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: + ??? root:rubyman
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316933 of user rubyman.
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Received disconnect from 103.217.144.161 port 50400:11: Bye Bye [preauth]
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Disconnected from 103.217.144.161 port 50400 [preauth]
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316933.
Sep 29 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session closed for user root
Sep 29 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Failed password for root from 162.144.236.216 port 54632 ssh2
Sep 29 20:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Connection closed by 162.144.236.216 port 54632 [preauth]
Sep 29 20:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: Failed password for root from 162.144.236.216 port 59500 ssh2
Sep 29 20:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25066]: Connection closed by 162.144.236.216 port 59500 [preauth]
Sep 29 20:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Failed password for root from 162.144.236.216 port 37774 ssh2
Sep 29 20:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Connection closed by 162.144.236.216 port 37774 [preauth]
Sep 29 20:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Failed password for root from 162.144.236.216 port 43050 ssh2
Sep 29 20:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Connection closed by 162.144.236.216 port 43050 [preauth]
Sep 29 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23815]: pam_unix(cron:session): session closed for user root
Sep 29 20:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Failed password for root from 162.144.236.216 port 49958 ssh2
Sep 29 20:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Connection closed by 162.144.236.216 port 49958 [preauth]
Sep 29 20:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Failed password for root from 162.144.236.216 port 55156 ssh2
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25649]: Successful su for rubyman by root
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25649]: + ??? root:rubyman
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316939 of user rubyman.
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25649]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316939.
Sep 29 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Connection closed by 162.144.236.216 port 55156 [preauth]
Sep 29 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session closed for user root
Sep 29 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session closed for user root
Sep 29 20:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: Invalid user alarm from 213.209.157.9
Sep 29 20:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: input_userauth_request: invalid user alarm [preauth]
Sep 29 20:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Invalid user oracle from 167.99.55.34
Sep 29 20:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: input_userauth_request: invalid user oracle [preauth]
Sep 29 20:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 20:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Failed password for invalid user oracle from 167.99.55.34 port 37356 ssh2
Sep 29 20:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Connection closed by 167.99.55.34 port 37356 [preauth]
Sep 29 20:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: Failed password for invalid user alarm from 213.209.157.9 port 42092 ssh2
Sep 29 20:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25666]: Connection closed by 213.209.157.9 port 42092 [preauth]
Sep 29 20:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Failed password for root from 162.144.236.216 port 34474 ssh2
Sep 29 20:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Connection closed by 162.144.236.216 port 34474 [preauth]
Sep 29 20:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: Failed password for root from 162.144.236.216 port 42768 ssh2
Sep 29 20:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session closed for user root
Sep 29 20:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26024]: Connection closed by 162.144.236.216 port 42768 [preauth]
Sep 29 20:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Invalid user david from 103.217.144.161
Sep 29 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: input_userauth_request: invalid user david [preauth]
Sep 29 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Failed password for invalid user david from 103.217.144.161 port 53746 ssh2
Sep 29 20:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Received disconnect from 103.217.144.161 port 53746:11: Bye Bye [preauth]
Sep 29 20:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Disconnected from 103.217.144.161 port 53746 [preauth]
Sep 29 20:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for root from 162.144.236.216 port 52372 ssh2
Sep 29 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 162.144.236.216 port 52372 [preauth]
Sep 29 20:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session closed for user root
Sep 29 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26245]: Successful su for rubyman by root
Sep 29 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26245]: + ??? root:rubyman
Sep 29 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316943 of user rubyman.
Sep 29 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26245]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316943.
Sep 29 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session closed for user root
Sep 29 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22362]: pam_unix(cron:session): session closed for user root
Sep 29 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: Failed password for root from 162.144.236.216 port 33140 ssh2
Sep 29 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: Connection closed by 162.144.236.216 port 33140 [preauth]
Sep 29 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Failed password for root from 162.144.236.216 port 41426 ssh2
Sep 29 20:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Connection closed by 162.144.236.216 port 41426 [preauth]
Sep 29 20:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user root
Sep 29 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Failed password for root from 162.144.236.216 port 48896 ssh2
Sep 29 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26615]: Connection closed by 162.144.236.216 port 48896 [preauth]
Sep 29 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Failed password for root from 162.144.236.216 port 58374 ssh2
Sep 29 20:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Connection closed by 162.144.236.216 port 58374 [preauth]
Sep 29 20:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26790]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26898]: Successful su for rubyman by root
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26898]: + ??? root:rubyman
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316948 of user rubyman.
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26898]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316948.
Sep 29 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Failed password for root from 162.144.236.216 port 37072 ssh2
Sep 29 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Connection closed by 162.144.236.216 port 37072 [preauth]
Sep 29 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23034]: pam_unix(cron:session): session closed for user root
Sep 29 20:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Failed password for root from 162.144.236.216 port 44420 ssh2
Sep 29 20:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Connection closed by 162.144.236.216 port 44420 [preauth]
Sep 29 20:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for root from 103.217.144.161 port 42644 ssh2
Sep 29 20:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Received disconnect from 103.217.144.161 port 42644:11: Bye Bye [preauth]
Sep 29 20:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Disconnected from 103.217.144.161 port 42644 [preauth]
Sep 29 20:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: Failed password for root from 162.144.236.216 port 50582 ssh2
Sep 29 20:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: Connection closed by 162.144.236.216 port 50582 [preauth]
Sep 29 20:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for root from 162.144.236.216 port 56678 ssh2
Sep 29 20:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Connection closed by 162.144.236.216 port 56678 [preauth]
Sep 29 20:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user root
Sep 29 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Failed password for root from 162.144.236.216 port 35244 ssh2
Sep 29 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Connection closed by 162.144.236.216 port 35244 [preauth]
Sep 29 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Failed password for root from 162.144.236.216 port 41102 ssh2
Sep 29 20:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Connection closed by 162.144.236.216 port 41102 [preauth]
Sep 29 20:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Failed password for root from 162.144.236.216 port 48628 ssh2
Sep 29 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Connection closed by 162.144.236.216 port 48628 [preauth]
Sep 29 20:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: Successful su for rubyman by root
Sep 29 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: + ??? root:rubyman
Sep 29 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316952 of user rubyman.
Sep 29 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27435]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316952.
Sep 29 20:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23814]: pam_unix(cron:session): session closed for user root
Sep 29 20:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27339]: Failed password for root from 162.144.236.216 port 55700 ssh2
Sep 29 20:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27339]: Connection closed by 162.144.236.216 port 55700 [preauth]
Sep 29 20:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Failed password for root from 162.144.236.216 port 35388 ssh2
Sep 29 20:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Connection closed by 162.144.236.216 port 35388 [preauth]
Sep 29 20:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26164]: pam_unix(cron:session): session closed for user root
Sep 29 20:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Failed password for root from 162.144.236.216 port 41624 ssh2
Sep 29 20:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Connection closed by 162.144.236.216 port 41624 [preauth]
Sep 29 20:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Invalid user seekcy from 103.217.144.161
Sep 29 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Failed password for invalid user seekcy from 103.217.144.161 port 50696 ssh2
Sep 29 20:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Received disconnect from 103.217.144.161 port 50696:11: Bye Bye [preauth]
Sep 29 20:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Disconnected from 103.217.144.161 port 50696 [preauth]
Sep 29 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Failed password for root from 162.144.236.216 port 49836 ssh2
Sep 29 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: Successful su for rubyman by root
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: + ??? root:rubyman
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316956 of user rubyman.
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316956.
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Connection closed by 162.144.236.216 port 49836 [preauth]
Sep 29 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session closed for user root
Sep 29 20:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27993]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Failed password for root from 162.144.236.216 port 58214 ssh2
Sep 29 20:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Connection closed by 162.144.236.216 port 58214 [preauth]
Sep 29 20:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: Failed password for root from 162.144.236.216 port 37430 ssh2
Sep 29 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: Connection closed by 162.144.236.216 port 37430 [preauth]
Sep 29 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 29 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Failed password for root from 185.156.73.233 port 37252 ssh2
Sep 29 20:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Connection closed by 185.156.73.233 port 37252 [preauth]
Sep 29 20:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26790]: pam_unix(cron:session): session closed for user root
Sep 29 20:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: Failed password for root from 162.144.236.216 port 42784 ssh2
Sep 29 20:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28355]: Connection closed by 162.144.236.216 port 42784 [preauth]
Sep 29 20:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Failed password for root from 162.144.236.216 port 49410 ssh2
Sep 29 20:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Connection closed by 162.144.236.216 port 49410 [preauth]
Sep 29 20:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28649]: Successful su for rubyman by root
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28649]: + ??? root:rubyman
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316960 of user rubyman.
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28649]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316960.
Sep 29 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user root
Sep 29 20:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: Failed password for root from 162.144.236.216 port 56784 ssh2
Sep 29 20:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28471]: Connection closed by 162.144.236.216 port 56784 [preauth]
Sep 29 20:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Invalid user kali from 93.152.230.176
Sep 29 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: input_userauth_request: invalid user kali [preauth]
Sep 29 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Failed password for invalid user kali from 93.152.230.176 port 11070 ssh2
Sep 29 20:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Received disconnect from 93.152.230.176 port 11070:11: Client disconnecting normally [preauth]
Sep 29 20:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Disconnected from 93.152.230.176 port 11070 [preauth]
Sep 29 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Failed password for root from 162.144.236.216 port 35408 ssh2
Sep 29 20:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Connection closed by 162.144.236.216 port 35408 [preauth]
Sep 29 20:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Failed password for root from 103.217.144.161 port 60918 ssh2
Sep 29 20:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Received disconnect from 103.217.144.161 port 60918:11: Bye Bye [preauth]
Sep 29 20:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Disconnected from 103.217.144.161 port 60918 [preauth]
Sep 29 20:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: Failed password for root from 162.144.236.216 port 42578 ssh2
Sep 29 20:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: Connection closed by 162.144.236.216 port 42578 [preauth]
Sep 29 20:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session closed for user root
Sep 29 20:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29044]: Failed password for root from 162.144.236.216 port 48276 ssh2
Sep 29 20:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29044]: Connection closed by 162.144.236.216 port 48276 [preauth]
Sep 29 20:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session closed for user root
Sep 29 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: Successful su for rubyman by root
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: + ??? root:rubyman
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316966 of user rubyman.
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316966.
Sep 29 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Failed password for root from 162.144.236.216 port 55906 ssh2
Sep 29 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session closed for user root
Sep 29 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session closed for user root
Sep 29 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29132]: Connection closed by 162.144.236.216 port 55906 [preauth]
Sep 29 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Failed password for root from 162.144.236.216 port 36254 ssh2
Sep 29 20:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Connection closed by 162.144.236.216 port 36254 [preauth]
Sep 29 20:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Failed password for root from 162.144.236.216 port 43080 ssh2
Sep 29 20:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Connection closed by 162.144.236.216 port 43080 [preauth]
Sep 29 20:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Failed password for root from 162.144.236.216 port 49058 ssh2
Sep 29 20:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Connection closed by 162.144.236.216 port 49058 [preauth]
Sep 29 20:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27996]: pam_unix(cron:session): session closed for user root
Sep 29 20:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Failed password for root from 162.144.236.216 port 56312 ssh2
Sep 29 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29566]: Connection closed by 162.144.236.216 port 56312 [preauth]
Sep 29 20:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29622]: Failed password for root from 162.144.236.216 port 34392 ssh2
Sep 29 20:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29622]: Connection closed by 162.144.236.216 port 34392 [preauth]
Sep 29 20:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: Invalid user test2 from 103.217.144.161
Sep 29 20:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: input_userauth_request: invalid user test2 [preauth]
Sep 29 20:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: Failed password for invalid user test2 from 103.217.144.161 port 40594 ssh2
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: Received disconnect from 103.217.144.161 port 40594:11: Bye Bye [preauth]
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29666]: Disconnected from 103.217.144.161 port 40594 [preauth]
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: Successful su for rubyman by root
Sep 29 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: + ??? root:rubyman
Sep 29 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316972 of user rubyman.
Sep 29 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316972.
Sep 29 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session closed for user root
Sep 29 20:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29679]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Failed password for root from 162.144.236.216 port 40118 ssh2
Sep 29 20:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Connection closed by 162.144.236.216 port 40118 [preauth]
Sep 29 20:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Failed password for root from 162.144.236.216 port 47506 ssh2
Sep 29 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29991]: Connection closed by 162.144.236.216 port 47506 [preauth]
Sep 29 20:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session closed for user root
Sep 29 20:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Failed password for root from 162.144.236.216 port 54858 ssh2
Sep 29 20:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Connection closed by 162.144.236.216 port 54858 [preauth]
Sep 29 20:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Invalid user postgres from 167.99.55.34
Sep 29 20:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: input_userauth_request: invalid user postgres [preauth]
Sep 29 20:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Failed password for invalid user postgres from 167.99.55.34 port 34574 ssh2
Sep 29 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Connection closed by 167.99.55.34 port 34574 [preauth]
Sep 29 20:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: Failed password for root from 162.144.236.216 port 59816 ssh2
Sep 29 20:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: Connection closed by 162.144.236.216 port 59816 [preauth]
Sep 29 20:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30188]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: Successful su for rubyman by root
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: + ??? root:rubyman
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316975 of user rubyman.
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30270]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316975.
Sep 29 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session closed for user root
Sep 29 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: Failed password for root from 162.144.236.216 port 39250 ssh2
Sep 29 20:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: Connection closed by 162.144.236.216 port 39250 [preauth]
Sep 29 20:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30187]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: Failed password for root from 162.144.236.216 port 47080 ssh2
Sep 29 20:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30578]: Connection closed by 162.144.236.216 port 47080 [preauth]
Sep 29 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Failed password for root from 162.144.236.216 port 53094 ssh2
Sep 29 20:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Connection closed by 162.144.236.216 port 53094 [preauth]
Sep 29 20:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29161]: pam_unix(cron:session): session closed for user root
Sep 29 20:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Failed password for root from 103.217.144.161 port 40838 ssh2
Sep 29 20:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Received disconnect from 103.217.144.161 port 40838:11: Bye Bye [preauth]
Sep 29 20:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Disconnected from 103.217.144.161 port 40838 [preauth]
Sep 29 20:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Failed password for root from 162.144.236.216 port 32918 ssh2
Sep 29 20:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Connection closed by 162.144.236.216 port 32918 [preauth]
Sep 29 20:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Failed password for root from 162.144.236.216 port 39648 ssh2
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30768]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30766]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30835]: Successful su for rubyman by root
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30835]: + ??? root:rubyman
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316979 of user rubyman.
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30835]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316979.
Sep 29 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Connection closed by 162.144.236.216 port 39648 [preauth]
Sep 29 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Invalid user user from 80.94.95.112
Sep 29 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: input_userauth_request: invalid user user [preauth]
Sep 29 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 20:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session closed for user root
Sep 29 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for invalid user user from 80.94.95.112 port 64434 ssh2
Sep 29 20:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30767]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Failed password for root from 162.144.236.216 port 47724 ssh2
Sep 29 20:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for invalid user user from 80.94.95.112 port 64434 ssh2
Sep 29 20:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Connection closed by 162.144.236.216 port 47724 [preauth]
Sep 29 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for invalid user user from 80.94.95.112 port 64434 ssh2
Sep 29 20:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for invalid user user from 80.94.95.112 port 64434 ssh2
Sep 29 20:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for invalid user user from 80.94.95.112 port 64434 ssh2
Sep 29 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Received disconnect from 80.94.95.112 port 64434:11: Bye [preauth]
Sep 29 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Disconnected from 80.94.95.112 port 64434 [preauth]
Sep 29 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 20:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Failed password for root from 162.144.236.216 port 54150 ssh2
Sep 29 20:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Connection closed by 162.144.236.216 port 54150 [preauth]
Sep 29 20:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Failed password for root from 162.144.236.216 port 33598 ssh2
Sep 29 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Connection closed by 162.144.236.216 port 33598 [preauth]
Sep 29 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 20:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session closed for user root
Sep 29 20:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: Failed password for root from 190.103.202.7 port 39902 ssh2
Sep 29 20:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31153]: Connection closed by 190.103.202.7 port 39902 [preauth]
Sep 29 20:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Failed password for root from 162.144.236.216 port 40288 ssh2
Sep 29 20:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Connection closed by 162.144.236.216 port 40288 [preauth]
Sep 29 20:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Failed password for root from 162.144.236.216 port 47802 ssh2
Sep 29 20:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Connection closed by 162.144.236.216 port 47802 [preauth]
Sep 29 20:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31307]: Successful su for rubyman by root
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31307]: + ??? root:rubyman
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316982 of user rubyman.
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31307]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316982.
Sep 29 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27995]: pam_unix(cron:session): session closed for user root
Sep 29 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Failed password for root from 162.144.236.216 port 54574 ssh2
Sep 29 20:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Connection closed by 162.144.236.216 port 54574 [preauth]
Sep 29 20:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: Invalid user jet from 103.217.144.161
Sep 29 20:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: input_userauth_request: invalid user jet [preauth]
Sep 29 20:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: Failed password for invalid user jet from 103.217.144.161 port 36998 ssh2
Sep 29 20:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: Received disconnect from 103.217.144.161 port 36998:11: Bye Bye [preauth]
Sep 29 20:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31575]: Disconnected from 103.217.144.161 port 36998 [preauth]
Sep 29 20:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Failed password for root from 162.144.236.216 port 59644 ssh2
Sep 29 20:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Connection closed by 162.144.236.216 port 59644 [preauth]
Sep 29 20:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30189]: pam_unix(cron:session): session closed for user root
Sep 29 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: Failed password for root from 162.144.236.216 port 38642 ssh2
Sep 29 20:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: Connection closed by 162.144.236.216 port 38642 [preauth]
Sep 29 20:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Failed password for root from 162.144.236.216 port 46458 ssh2
Sep 29 20:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Connection closed by 162.144.236.216 port 46458 [preauth]
Sep 29 20:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31732]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session closed for user root
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31729]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31806]: Successful su for rubyman by root
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31806]: + ??? root:rubyman
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316989 of user rubyman.
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31806]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316989.
Sep 29 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Failed password for root from 162.144.236.216 port 52114 ssh2
Sep 29 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Connection closed by 162.144.236.216 port 52114 [preauth]
Sep 29 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31732]: pam_unix(cron:session): session closed for user root
Sep 29 20:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28476]: pam_unix(cron:session): session closed for user root
Sep 29 20:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31730]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: Failed password for root from 162.144.236.216 port 57868 ssh2
Sep 29 20:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: Connection closed by 162.144.236.216 port 57868 [preauth]
Sep 29 20:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for root from 162.144.236.216 port 37616 ssh2
Sep 29 20:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Connection closed by 162.144.236.216 port 37616 [preauth]
Sep 29 20:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Failed password for root from 162.144.236.216 port 43998 ssh2
Sep 29 20:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32096]: Connection closed by 162.144.236.216 port 43998 [preauth]
Sep 29 20:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30769]: pam_unix(cron:session): session closed for user root
Sep 29 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for root from 162.144.236.216 port 50246 ssh2
Sep 29 20:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Connection closed by 162.144.236.216 port 50246 [preauth]
Sep 29 20:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Invalid user seekcy from 103.217.144.161
Sep 29 20:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: input_userauth_request: invalid user seekcy [preauth]
Sep 29 20:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161
Sep 29 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Failed password for invalid user seekcy from 103.217.144.161 port 57272 ssh2
Sep 29 20:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Received disconnect from 103.217.144.161 port 57272:11: Bye Bye [preauth]
Sep 29 20:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32209]: Disconnected from 103.217.144.161 port 57272 [preauth]
Sep 29 20:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Failed password for root from 162.144.236.216 port 56984 ssh2
Sep 29 20:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32173]: Connection closed by 162.144.236.216 port 56984 [preauth]
Sep 29 20:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32232]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: Successful su for rubyman by root
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: + ??? root:rubyman
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316995 of user rubyman.
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316995.
Sep 29 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session closed for user root
Sep 29 20:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32235]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Failed password for root from 162.144.236.216 port 35758 ssh2
Sep 29 20:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32229]: Connection closed by 162.144.236.216 port 35758 [preauth]
Sep 29 20:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: Failed password for root from 162.144.236.216 port 43242 ssh2
Sep 29 20:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32528]: Connection closed by 162.144.236.216 port 43242 [preauth]
Sep 29 20:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user root
Sep 29 20:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Failed password for root from 162.144.236.216 port 49570 ssh2
Sep 29 20:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Connection closed by 162.144.236.216 port 49570 [preauth]
Sep 29 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Failed password for root from 162.144.236.216 port 59888 ssh2
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32652]: Connection closed by 162.144.236.216 port 59888 [preauth]
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: Successful su for rubyman by root
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: + ??? root:rubyman
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 316997 of user rubyman.
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 316997.
Sep 29 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29680]: pam_unix(cron:session): session closed for user root
Sep 29 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Failed password for root from 162.144.236.216 port 40322 ssh2
Sep 29 20:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Connection closed by 162.144.236.216 port 40322 [preauth]
Sep 29 20:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: Failed password for root from 162.144.236.216 port 47718 ssh2
Sep 29 20:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Invalid user admin from 93.152.230.176
Sep 29 20:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 20:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: Connection closed by 162.144.236.216 port 47718 [preauth]
Sep 29 20:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Failed password for invalid user admin from 93.152.230.176 port 20397 ssh2
Sep 29 20:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Received disconnect from 93.152.230.176 port 20397:11: Client disconnecting normally [preauth]
Sep 29 20:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Disconnected from 93.152.230.176 port 20397 [preauth]
Sep 29 20:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.144.161  user=root
Sep 29 20:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Failed password for root from 103.217.144.161 port 40272 ssh2
Sep 29 20:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Received disconnect from 103.217.144.161 port 40272:11: Bye Bye [preauth]
Sep 29 20:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Disconnected from 103.217.144.161 port 40272 [preauth]
Sep 29 20:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Invalid user usuario from 80.94.95.116
Sep 29 20:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: input_userauth_request: invalid user usuario [preauth]
Sep 29 20:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[544]: Failed password for root from 162.144.236.216 port 54070 ssh2
Sep 29 20:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Failed password for invalid user usuario from 80.94.95.116 port 24398 ssh2
Sep 29 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Connection closed by 80.94.95.116 port 24398 [preauth]
Sep 29 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[544]: Connection closed by 162.144.236.216 port 54070 [preauth]
Sep 29 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session closed for user root
Sep 29 20:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Failed password for root from 162.144.236.216 port 60232 ssh2
Sep 29 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Connection closed by 162.144.236.216 port 60232 [preauth]
Sep 29 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Failed password for root from 162.144.236.216 port 38522 ssh2
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: Successful su for rubyman by root
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: + ??? root:rubyman
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317003 of user rubyman.
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317003.
Sep 29 20:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Connection closed by 162.144.236.216 port 38522 [preauth]
Sep 29 20:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30188]: pam_unix(cron:session): session closed for user root
Sep 29 20:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for root from 162.144.236.216 port 46410 ssh2
Sep 29 20:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Connection closed by 162.144.236.216 port 46410 [preauth]
Sep 29 20:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1054]: Failed password for root from 162.144.236.216 port 53558 ssh2
Sep 29 20:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1054]: Connection closed by 162.144.236.216 port 53558 [preauth]
Sep 29 20:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Failed password for root from 162.144.236.216 port 33616 ssh2
Sep 29 20:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Connection closed by 162.144.236.216 port 33616 [preauth]
Sep 29 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session closed for user root
Sep 29 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for root from 162.144.236.216 port 40842 ssh2
Sep 29 20:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Connection closed by 162.144.236.216 port 40842 [preauth]
Sep 29 20:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Failed password for root from 162.144.236.216 port 46518 ssh2
Sep 29 20:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Connection closed by 162.144.236.216 port 46518 [preauth]
Sep 29 20:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1215]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for root from 162.144.236.216 port 53584 ssh2
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: Successful su for rubyman by root
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: + ??? root:rubyman
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317004 of user rubyman.
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317004.
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 162.144.236.216 port 53584 [preauth]
Sep 29 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30768]: pam_unix(cron:session): session closed for user root
Sep 29 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Failed password for root from 162.144.236.216 port 60108 ssh2
Sep 29 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Connection closed by 162.144.236.216 port 60108 [preauth]
Sep 29 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Failed password for root from 162.144.236.216 port 37252 ssh2
Sep 29 20:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Connection closed by 162.144.236.216 port 37252 [preauth]
Sep 29 20:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: Invalid user postgres from 167.99.55.34
Sep 29 20:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: input_userauth_request: invalid user postgres [preauth]
Sep 29 20:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 20:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: Failed password for invalid user postgres from 167.99.55.34 port 59564 ssh2
Sep 29 20:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: Connection closed by 167.99.55.34 port 59564 [preauth]
Sep 29 20:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: Failed password for root from 162.144.236.216 port 44062 ssh2
Sep 29 20:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: Connection closed by 162.144.236.216 port 44062 [preauth]
Sep 29 20:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session closed for user root
Sep 29 20:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Failed password for root from 162.144.236.216 port 52014 ssh2
Sep 29 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Connection closed by 162.144.236.216 port 52014 [preauth]
Sep 29 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: Failed password for root from 162.144.236.216 port 58706 ssh2
Sep 29 20:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1641]: Connection closed by 162.144.236.216 port 58706 [preauth]
Sep 29 20:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: Failed password for root from 162.144.236.216 port 36358 ssh2
Sep 29 20:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: Connection closed by 162.144.236.216 port 36358 [preauth]
Sep 29 20:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Failed password for root from 162.144.236.216 port 44286 ssh2
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1704]: Connection closed by 162.144.236.216 port 44286 [preauth]
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1729]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1730]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1728]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1730]: pam_unix(cron:session): session closed for user root
Sep 29 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1725]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: Successful su for rubyman by root
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: + ??? root:rubyman
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317008 of user rubyman.
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1798]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317008.
Sep 29 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session closed for user root
Sep 29 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session closed for user root
Sep 29 20:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Failed password for root from 162.144.236.216 port 50916 ssh2
Sep 29 20:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1784]: Connection closed by 162.144.236.216 port 50916 [preauth]
Sep 29 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Failed password for root from 162.144.236.216 port 58162 ssh2
Sep 29 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Connection closed by 162.144.236.216 port 58162 [preauth]
Sep 29 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: Failed password for root from 162.144.236.216 port 36186 ssh2
Sep 29 20:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: Connection closed by 162.144.236.216 port 36186 [preauth]
Sep 29 20:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session closed for user root
Sep 29 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Failed password for root from 162.144.236.216 port 42140 ssh2
Sep 29 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Connection closed by 162.144.236.216 port 42140 [preauth]
Sep 29 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Failed password for root from 162.144.236.216 port 50058 ssh2
Sep 29 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Connection closed by 162.144.236.216 port 50058 [preauth]
Sep 29 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Failed password for root from 162.144.236.216 port 58082 ssh2
Sep 29 20:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2184]: Connection closed by 162.144.236.216 port 58082 [preauth]
Sep 29 20:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2217]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Failed password for root from 162.144.236.216 port 36210 ssh2
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: Successful su for rubyman by root
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: + ??? root:rubyman
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317014 of user rubyman.
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2287]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317014.
Sep 29 20:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Connection closed by 162.144.236.216 port 36210 [preauth]
Sep 29 20:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session closed for user root
Sep 29 20:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Failed password for root from 162.144.236.216 port 42326 ssh2
Sep 29 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Connection closed by 162.144.236.216 port 42326 [preauth]
Sep 29 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Failed password for root from 162.144.236.216 port 52512 ssh2
Sep 29 20:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Connection closed by 162.144.236.216 port 52512 [preauth]
Sep 29 20:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session closed for user root
Sep 29 20:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Failed password for root from 162.144.236.216 port 33736 ssh2
Sep 29 20:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Connection closed by 162.144.236.216 port 33736 [preauth]
Sep 29 20:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Failed password for root from 162.144.236.216 port 39992 ssh2
Sep 29 20:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Connection closed by 162.144.236.216 port 39992 [preauth]
Sep 29 20:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Failed password for root from 162.144.236.216 port 46258 ssh2
Sep 29 20:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Connection closed by 162.144.236.216 port 46258 [preauth]
Sep 29 20:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for root from 162.144.236.216 port 51424 ssh2
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Connection closed by 162.144.236.216 port 51424 [preauth]
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2731]: Successful su for rubyman by root
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2731]: + ??? root:rubyman
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317019 of user rubyman.
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2731]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317019.
Sep 29 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session closed for user root
Sep 29 20:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Failed password for root from 162.144.236.216 port 59264 ssh2
Sep 29 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Connection closed by 162.144.236.216 port 59264 [preauth]
Sep 29 20:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Failed password for root from 162.144.236.216 port 38208 ssh2
Sep 29 20:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Connection closed by 162.144.236.216 port 38208 [preauth]
Sep 29 20:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Invalid user admin from 80.94.95.25
Sep 29 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: input_userauth_request: invalid user admin [preauth]
Sep 29 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 20:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: Failed password for root from 162.144.236.216 port 46328 ssh2
Sep 29 20:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user admin from 80.94.95.25 port 5225 ssh2
Sep 29 20:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: Connection closed by 162.144.236.216 port 46328 [preauth]
Sep 29 20:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user admin from 80.94.95.25 port 5225 ssh2
Sep 29 20:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user admin from 80.94.95.25 port 5225 ssh2
Sep 29 20:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1729]: pam_unix(cron:session): session closed for user root
Sep 29 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2999]: Failed password for root from 162.144.236.216 port 53860 ssh2
Sep 29 20:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2999]: Connection closed by 162.144.236.216 port 53860 [preauth]
Sep 29 20:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user admin from 80.94.95.25 port 5225 ssh2
Sep 29 20:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 20:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user admin from 80.94.95.25 port 5225 ssh2
Sep 29 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Received disconnect from 80.94.95.25 port 5225:11: Bye [preauth]
Sep 29 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Disconnected from 80.94.95.25 port 5225 [preauth]
Sep 29 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 29 20:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 20:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Failed password for root from 162.144.236.216 port 59446 ssh2
Sep 29 20:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Connection closed by 162.144.236.216 port 59446 [preauth]
Sep 29 20:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Failed password for root from 162.144.236.216 port 37780 ssh2
Sep 29 20:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Connection closed by 162.144.236.216 port 37780 [preauth]
Sep 29 20:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Failed password for root from 162.144.236.216 port 42864 ssh2
Sep 29 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Connection closed by 162.144.236.216 port 42864 [preauth]
Sep 29 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3106]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: Successful su for rubyman by root
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: + ??? root:rubyman
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317022 of user rubyman.
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317022.
Sep 29 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Failed password for root from 162.144.236.216 port 48098 ssh2
Sep 29 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3102]: Connection closed by 162.144.236.216 port 48098 [preauth]
Sep 29 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session closed for user root
Sep 29 20:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3107]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for root from 162.144.236.216 port 52866 ssh2
Sep 29 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Connection closed by 162.144.236.216 port 52866 [preauth]
Sep 29 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for root from 162.144.236.216 port 58452 ssh2
Sep 29 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Connection closed by 162.144.236.216 port 58452 [preauth]
Sep 29 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Failed password for root from 162.144.236.216 port 36462 ssh2
Sep 29 20:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3407]: Connection closed by 162.144.236.216 port 36462 [preauth]
Sep 29 20:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2217]: pam_unix(cron:session): session closed for user root
Sep 29 20:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Failed password for root from 162.144.236.216 port 44998 ssh2
Sep 29 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: Connection closed by 162.144.236.216 port 44998 [preauth]
Sep 29 20:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Failed password for root from 162.144.236.216 port 51978 ssh2
Sep 29 20:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Connection closed by 162.144.236.216 port 51978 [preauth]
Sep 29 20:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: Failed password for root from 162.144.236.216 port 58512 ssh2
Sep 29 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3512]: Connection closed by 162.144.236.216 port 58512 [preauth]
Sep 29 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session closed for user p13x
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Failed password for root from 162.144.236.216 port 36246 ssh2
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: Successful su for rubyman by root
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: + ??? root:rubyman
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317026 of user rubyman.
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3609]: pam_unix(su:session): session closed for user rubyman
Sep 29 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317026.
Sep 29 20:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Connection closed by 162.144.236.216 port 36246 [preauth]
Sep 29 20:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session closed for user root
Sep 29 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session closed for user samftp
Sep 29 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Failed password for root from 162.144.236.216 port 43742 ssh2
Sep 29 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Connection closed by 162.144.236.216 port 43742 [preauth]
Sep 29 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Failed password for root from 162.144.236.216 port 50824 ssh2
Sep 29 20:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Connection closed by 162.144.236.216 port 50824 [preauth]
Sep 29 20:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for root from 162.144.236.216 port 59746 ssh2
Sep 29 20:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Connection closed by 162.144.236.216 port 59746 [preauth]
Sep 29 20:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session closed for user root
Sep 29 20:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Failed password for root from 162.144.236.216 port 39642 ssh2
Sep 29 20:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Connection closed by 162.144.236.216 port 39642 [preauth]
Sep 29 20:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 20:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for root from 162.144.236.216 port 45526 ssh2
Sep 29 20:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Connection closed by 162.144.236.216 port 45526 [preauth]
Sep 29 20:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 20:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3985]: Failed password for root from 162.144.236.216 port 55792 ssh2
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3985]: Connection closed by 162.144.236.216 port 55792 [preauth]
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4000]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user root
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4000]: pam_unix(cron:session): session closed for user root
Sep 29 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4106]: Successful su for rubyman by root
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4106]: + ??? root:rubyman
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317032 of user rubyman.
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4106]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317032.
Sep 29 21:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1217]: pam_unix(cron:session): session closed for user root
Sep 29 21:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session closed for user root
Sep 29 21:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Failed password for root from 162.144.236.216 port 32958 ssh2
Sep 29 21:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4080]: Connection closed by 162.144.236.216 port 32958 [preauth]
Sep 29 21:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Failed password for root from 162.144.236.216 port 41678 ssh2
Sep 29 21:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4361]: Connection closed by 162.144.236.216 port 41678 [preauth]
Sep 29 21:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: Failed password for root from 162.144.236.216 port 49310 ssh2
Sep 29 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4394]: Connection closed by 162.144.236.216 port 49310 [preauth]
Sep 29 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session closed for user root
Sep 29 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Failed password for root from 93.152.230.176 port 15050 ssh2
Sep 29 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Received disconnect from 93.152.230.176 port 15050:11: Client disconnecting normally [preauth]
Sep 29 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Disconnected from 93.152.230.176 port 15050 [preauth]
Sep 29 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Failed password for root from 162.144.236.216 port 56338 ssh2
Sep 29 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Connection closed by 162.144.236.216 port 56338 [preauth]
Sep 29 21:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Failed password for root from 162.144.236.216 port 34980 ssh2
Sep 29 21:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4499]: Connection closed by 162.144.236.216 port 34980 [preauth]
Sep 29 21:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Failed password for root from 162.144.236.216 port 40366 ssh2
Sep 29 21:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Connection closed by 162.144.236.216 port 40366 [preauth]
Sep 29 21:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4559]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: Successful su for rubyman by root
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: + ??? root:rubyman
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317038 of user rubyman.
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317038.
Sep 29 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Failed password for root from 162.144.236.216 port 46896 ssh2
Sep 29 21:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Connection closed by 162.144.236.216 port 46896 [preauth]
Sep 29 21:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1728]: pam_unix(cron:session): session closed for user root
Sep 29 21:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4716]: Failed password for root from 162.144.236.216 port 53016 ssh2
Sep 29 21:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4716]: Connection closed by 162.144.236.216 port 53016 [preauth]
Sep 29 21:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Failed password for root from 162.144.236.216 port 60934 ssh2
Sep 29 21:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4853]: Connection closed by 162.144.236.216 port 60934 [preauth]
Sep 29 21:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Failed password for root from 162.144.236.216 port 40608 ssh2
Sep 29 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session closed for user root
Sep 29 21:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Connection closed by 162.144.236.216 port 40608 [preauth]
Sep 29 21:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Invalid user admin from 185.156.73.233
Sep 29 21:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: input_userauth_request: invalid user admin [preauth]
Sep 29 21:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 21:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for root from 162.144.236.216 port 50036 ssh2
Sep 29 21:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Connection closed by 162.144.236.216 port 50036 [preauth]
Sep 29 21:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Failed password for invalid user admin from 185.156.73.233 port 21938 ssh2
Sep 29 21:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Connection closed by 185.156.73.233 port 21938 [preauth]
Sep 29 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Failed password for root from 162.144.236.216 port 57048 ssh2
Sep 29 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Connection closed by 162.144.236.216 port 57048 [preauth]
Sep 29 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34  user=root
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Failed password for root from 162.144.236.216 port 36188 ssh2
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Failed password for root from 167.99.55.34 port 54138 ssh2
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5037]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5036]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5034]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5031]: Connection closed by 167.99.55.34 port 54138 [preauth]
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5014]: Connection closed by 162.144.236.216 port 36188 [preauth]
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5109]: Successful su for rubyman by root
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5109]: + ??? root:rubyman
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317043 of user rubyman.
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5109]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317043.
Sep 29 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session closed for user root
Sep 29 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5035]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: Failed password for root from 162.144.236.216 port 42152 ssh2
Sep 29 21:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5134]: Connection closed by 162.144.236.216 port 42152 [preauth]
Sep 29 21:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for root from 162.144.236.216 port 48258 ssh2
Sep 29 21:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Connection closed by 162.144.236.216 port 48258 [preauth]
Sep 29 21:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Failed password for root from 162.144.236.216 port 54366 ssh2
Sep 29 21:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Connection closed by 162.144.236.216 port 54366 [preauth]
Sep 29 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for root from 162.144.236.216 port 33386 ssh2
Sep 29 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Connection closed by 162.144.236.216 port 33386 [preauth]
Sep 29 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user root
Sep 29 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: Failed password for root from 162.144.236.216 port 38988 ssh2
Sep 29 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5485]: Connection closed by 162.144.236.216 port 38988 [preauth]
Sep 29 21:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for root from 162.144.236.216 port 46996 ssh2
Sep 29 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Connection closed by 162.144.236.216 port 46996 [preauth]
Sep 29 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: Failed password for root from 162.144.236.216 port 52150 ssh2
Sep 29 21:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: Connection closed by 162.144.236.216 port 52150 [preauth]
Sep 29 21:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: Successful su for rubyman by root
Sep 29 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: + ??? root:rubyman
Sep 29 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317047 of user rubyman.
Sep 29 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5650]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317047.
Sep 29 21:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session closed for user root
Sep 29 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Failed password for root from 162.144.236.216 port 57796 ssh2
Sep 29 21:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Connection closed by 162.144.236.216 port 57796 [preauth]
Sep 29 21:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Failed password for root from 162.144.236.216 port 36114 ssh2
Sep 29 21:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Connection closed by 162.144.236.216 port 36114 [preauth]
Sep 29 21:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: Failed password for root from 162.144.236.216 port 42392 ssh2
Sep 29 21:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5889]: Connection closed by 162.144.236.216 port 42392 [preauth]
Sep 29 21:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for root from 162.144.236.216 port 49962 ssh2
Sep 29 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Connection closed by 162.144.236.216 port 49962 [preauth]
Sep 29 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session closed for user root
Sep 29 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Failed password for root from 162.144.236.216 port 57346 ssh2
Sep 29 21:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: Connection closed by 162.144.236.216 port 57346 [preauth]
Sep 29 21:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for root from 162.144.236.216 port 32892 ssh2
Sep 29 21:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 162.144.236.216 port 32892 [preauth]
Sep 29 21:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: Received disconnect from 91.224.92.79 port 62132:11:  [preauth]
Sep 29 21:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6018]: Disconnected from 91.224.92.79 port 62132 [preauth]
Sep 29 21:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Failed password for root from 162.144.236.216 port 41318 ssh2
Sep 29 21:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Connection closed by 162.144.236.216 port 41318 [preauth]
Sep 29 21:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6046]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6043]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: Successful su for rubyman by root
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: + ??? root:rubyman
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317049 of user rubyman.
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6107]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317049.
Sep 29 21:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Failed password for root from 162.144.236.216 port 49726 ssh2
Sep 29 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Connection closed by 162.144.236.216 port 49726 [preauth]
Sep 29 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session closed for user root
Sep 29 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6044]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: Invalid user admin from 185.156.73.233
Sep 29 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: input_userauth_request: invalid user admin [preauth]
Sep 29 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 21:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Failed password for root from 162.144.236.216 port 54834 ssh2
Sep 29 21:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: Failed password for invalid user admin from 185.156.73.233 port 22838 ssh2
Sep 29 21:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6319]: Connection closed by 185.156.73.233 port 22838 [preauth]
Sep 29 21:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6285]: Connection closed by 162.144.236.216 port 54834 [preauth]
Sep 29 21:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Failed password for root from 162.144.236.216 port 33718 ssh2
Sep 29 21:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Connection closed by 162.144.236.216 port 33718 [preauth]
Sep 29 21:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Failed password for root from 162.144.236.216 port 39286 ssh2
Sep 29 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Connection closed by 162.144.236.216 port 39286 [preauth]
Sep 29 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5037]: pam_unix(cron:session): session closed for user root
Sep 29 21:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Failed password for root from 162.144.236.216 port 47644 ssh2
Sep 29 21:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Connection closed by 162.144.236.216 port 47644 [preauth]
Sep 29 21:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6448]: Failed password for root from 162.144.236.216 port 56992 ssh2
Sep 29 21:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6448]: Connection closed by 162.144.236.216 port 56992 [preauth]
Sep 29 21:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: Failed password for root from 162.144.236.216 port 34354 ssh2
Sep 29 21:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6458]: Connection closed by 162.144.236.216 port 34354 [preauth]
Sep 29 21:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
Sep 29 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: Successful su for rubyman by root
Sep 29 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: + ??? root:rubyman
Sep 29 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317053 of user rubyman.
Sep 29 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317053.
Sep 29 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user root
Sep 29 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session closed for user root
Sep 29 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for root from 162.144.236.216 port 40532 ssh2
Sep 29 21:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Connection closed by 162.144.236.216 port 40532 [preauth]
Sep 29 21:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Failed password for root from 162.144.236.216 port 48160 ssh2
Sep 29 21:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Connection closed by 162.144.236.216 port 48160 [preauth]
Sep 29 21:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Failed password for root from 162.144.236.216 port 55334 ssh2
Sep 29 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Connection closed by 162.144.236.216 port 55334 [preauth]
Sep 29 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Failed password for root from 162.144.236.216 port 60590 ssh2
Sep 29 21:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Connection closed by 162.144.236.216 port 60590 [preauth]
Sep 29 21:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session closed for user root
Sep 29 21:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Failed password for root from 162.144.236.216 port 38770 ssh2
Sep 29 21:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Connection closed by 162.144.236.216 port 38770 [preauth]
Sep 29 21:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Failed password for root from 162.144.236.216 port 45864 ssh2
Sep 29 21:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Connection closed by 162.144.236.216 port 45864 [preauth]
Sep 29 21:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Failed password for root from 162.144.236.216 port 53754 ssh2
Sep 29 21:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7064]: Connection closed by 162.144.236.216 port 53754 [preauth]
Sep 29 21:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7115]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7112]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: Successful su for rubyman by root
Sep 29 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: + ??? root:rubyman
Sep 29 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317059 of user rubyman.
Sep 29 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317059.
Sep 29 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Failed password for root from 162.144.236.216 port 60108 ssh2
Sep 29 21:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session closed for user root
Sep 29 21:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7113]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Connection closed by 162.144.236.216 port 60108 [preauth]
Sep 29 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Failed password for root from 162.144.236.216 port 39544 ssh2
Sep 29 21:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: Connection closed by 162.144.236.216 port 39544 [preauth]
Sep 29 21:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Failed password for root from 162.144.236.216 port 46376 ssh2
Sep 29 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Connection closed by 162.144.236.216 port 46376 [preauth]
Sep 29 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6046]: pam_unix(cron:session): session closed for user root
Sep 29 21:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Failed password for root from 162.144.236.216 port 55018 ssh2
Sep 29 21:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7529]: Connection closed by 162.144.236.216 port 55018 [preauth]
Sep 29 21:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Failed password for root from 162.144.236.216 port 32922 ssh2
Sep 29 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Connection closed by 162.144.236.216 port 32922 [preauth]
Sep 29 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Failed password for root from 162.144.236.216 port 40480 ssh2
Sep 29 21:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Connection closed by 162.144.236.216 port 40480 [preauth]
Sep 29 21:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: Failed password for root from 162.144.236.216 port 47520 ssh2
Sep 29 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7710]: Successful su for rubyman by root
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7710]: + ??? root:rubyman
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317066 of user rubyman.
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7710]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317066.
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: Connection closed by 162.144.236.216 port 47520 [preauth]
Sep 29 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session closed for user root
Sep 29 21:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7637]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Failed password for root from 162.144.236.216 port 53684 ssh2
Sep 29 21:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7744]: Connection closed by 162.144.236.216 port 53684 [preauth]
Sep 29 21:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Failed password for root from 162.144.236.216 port 33540 ssh2
Sep 29 21:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Connection closed by 162.144.236.216 port 33540 [preauth]
Sep 29 21:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Failed password for root from 162.144.236.216 port 41118 ssh2
Sep 29 21:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Connection closed by 162.144.236.216 port 41118 [preauth]
Sep 29 21:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
Sep 29 21:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Failed password for root from 162.144.236.216 port 47876 ssh2
Sep 29 21:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Connection closed by 162.144.236.216 port 47876 [preauth]
Sep 29 21:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: Failed password for root from 162.144.236.216 port 55080 ssh2
Sep 29 21:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8072]: Connection closed by 162.144.236.216 port 55080 [preauth]
Sep 29 21:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: Failed password for root from 162.144.236.216 port 33760 ssh2
Sep 29 21:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: Connection closed by 162.144.236.216 port 33760 [preauth]
Sep 29 21:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8156]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8153]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8226]: Successful su for rubyman by root
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8226]: + ??? root:rubyman
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317068 of user rubyman.
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8226]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317068.
Sep 29 21:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8134]: Failed password for root from 162.144.236.216 port 40292 ssh2
Sep 29 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8134]: Connection closed by 162.144.236.216 port 40292 [preauth]
Sep 29 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5036]: pam_unix(cron:session): session closed for user root
Sep 29 21:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8154]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for root from 162.144.236.216 port 46928 ssh2
Sep 29 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 162.144.236.216 port 46928 [preauth]
Sep 29 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Failed password for root from 162.144.236.216 port 52200 ssh2
Sep 29 21:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Connection closed by 162.144.236.216 port 52200 [preauth]
Sep 29 21:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: Failed password for root from 162.144.236.216 port 58526 ssh2
Sep 29 21:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8482]: Connection closed by 162.144.236.216 port 58526 [preauth]
Sep 29 21:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7115]: pam_unix(cron:session): session closed for user root
Sep 29 21:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Failed password for root from 162.144.236.216 port 39112 ssh2
Sep 29 21:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Connection closed by 162.144.236.216 port 39112 [preauth]
Sep 29 21:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 21:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Failed password for root from 162.144.236.216 port 46072 ssh2
Sep 29 21:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Failed password for root from 93.152.230.176 port 20240 ssh2
Sep 29 21:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Received disconnect from 93.152.230.176 port 20240:11: Client disconnecting normally [preauth]
Sep 29 21:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Disconnected from 93.152.230.176 port 20240 [preauth]
Sep 29 21:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Connection closed by 162.144.236.216 port 46072 [preauth]
Sep 29 21:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Failed password for root from 162.144.236.216 port 53922 ssh2
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8635]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Connection closed by 162.144.236.216 port 53922 [preauth]
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8896]: Successful su for rubyman by root
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8896]: + ??? root:rubyman
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317071 of user rubyman.
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8896]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317071.
Sep 29 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8633]: pam_unix(cron:session): session closed for user root
Sep 29 21:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session closed for user root
Sep 29 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Failed password for root from 162.144.236.216 port 34980 ssh2
Sep 29 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Connection closed by 162.144.236.216 port 34980 [preauth]
Sep 29 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: Failed password for root from 162.144.236.216 port 42204 ssh2
Sep 29 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9127]: Connection closed by 162.144.236.216 port 42204 [preauth]
Sep 29 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Failed password for root from 162.144.236.216 port 46694 ssh2
Sep 29 21:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Connection closed by 162.144.236.216 port 46694 [preauth]
Sep 29 21:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session closed for user root
Sep 29 21:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Failed password for root from 162.144.236.216 port 55018 ssh2
Sep 29 21:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Invalid user ssh from 167.99.55.34
Sep 29 21:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: input_userauth_request: invalid user ssh [preauth]
Sep 29 21:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Connection closed by 162.144.236.216 port 55018 [preauth]
Sep 29 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for invalid user ssh from 167.99.55.34 port 35376 ssh2
Sep 29 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Connection closed by 167.99.55.34 port 35376 [preauth]
Sep 29 21:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Failed password for root from 162.144.236.216 port 34982 ssh2
Sep 29 21:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Connection closed by 162.144.236.216 port 34982 [preauth]
Sep 29 21:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Failed password for root from 162.144.236.216 port 40290 ssh2
Sep 29 21:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Connection closed by 162.144.236.216 port 40290 [preauth]
Sep 29 21:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for root from 162.144.236.216 port 46442 ssh2
Sep 29 21:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Connection closed by 162.144.236.216 port 46442 [preauth]
Sep 29 21:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9423]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9424]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9424]: pam_unix(cron:session): session closed for user root
Sep 29 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9490]: Successful su for rubyman by root
Sep 29 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9490]: + ??? root:rubyman
Sep 29 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317076 of user rubyman.
Sep 29 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9490]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317076.
Sep 29 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session closed for user root
Sep 29 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session closed for user root
Sep 29 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: Failed password for root from 162.144.236.216 port 54142 ssh2
Sep 29 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9416]: Connection closed by 162.144.236.216 port 54142 [preauth]
Sep 29 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Invalid user solana from 195.178.110.133
Sep 29 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: input_userauth_request: invalid user solana [preauth]
Sep 29 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Failed password for invalid user solana from 195.178.110.133 port 39722 ssh2
Sep 29 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9820]: Connection closed by 195.178.110.133 port 39722 [preauth]
Sep 29 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Failed password for root from 162.144.236.216 port 58336 ssh2
Sep 29 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Connection closed by 162.144.236.216 port 58336 [preauth]
Sep 29 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Failed password for root from 162.144.236.216 port 35880 ssh2
Sep 29 21:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9851]: Connection closed by 162.144.236.216 port 35880 [preauth]
Sep 29 21:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for root from 162.144.236.216 port 43404 ssh2
Sep 29 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Connection closed by 162.144.236.216 port 43404 [preauth]
Sep 29 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8156]: pam_unix(cron:session): session closed for user root
Sep 29 21:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Failed password for root from 162.144.236.216 port 51342 ssh2
Sep 29 21:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Connection closed by 162.144.236.216 port 51342 [preauth]
Sep 29 21:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: Failed password for root from 162.144.236.216 port 56868 ssh2
Sep 29 21:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: Connection closed by 162.144.236.216 port 56868 [preauth]
Sep 29 21:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Failed password for root from 162.144.236.216 port 35186 ssh2
Sep 29 21:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9998]: Connection closed by 162.144.236.216 port 35186 [preauth]
Sep 29 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10027]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10023]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: Successful su for rubyman by root
Sep 29 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: + ??? root:rubyman
Sep 29 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317082 of user rubyman.
Sep 29 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317082.
Sep 29 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Failed password for root from 162.144.236.216 port 42844 ssh2
Sep 29 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user root
Sep 29 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Connection closed by 162.144.236.216 port 42844 [preauth]
Sep 29 21:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10024]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10304]: Failed password for root from 162.144.236.216 port 51196 ssh2
Sep 29 21:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10304]: Connection closed by 162.144.236.216 port 51196 [preauth]
Sep 29 21:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Invalid user guest from 62.60.131.157
Sep 29 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: input_userauth_request: invalid user guest [preauth]
Sep 29 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 21:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user guest from 62.60.131.157 port 61733 ssh2
Sep 29 21:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Failed password for root from 162.144.236.216 port 58244 ssh2
Sep 29 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10362]: Connection closed by 162.144.236.216 port 58244 [preauth]
Sep 29 21:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user guest from 62.60.131.157 port 61733 ssh2
Sep 29 21:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user guest from 62.60.131.157 port 61733 ssh2
Sep 29 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user guest from 62.60.131.157 port 61733 ssh2
Sep 29 21:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user guest from 62.60.131.157 port 61733 ssh2
Sep 29 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Received disconnect from 62.60.131.157 port 61733:11: Bye [preauth]
Sep 29 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Disconnected from 62.60.131.157 port 61733 [preauth]
Sep 29 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 21:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: Failed password for root from 162.144.236.216 port 36602 ssh2
Sep 29 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10398]: Connection closed by 162.144.236.216 port 36602 [preauth]
Sep 29 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8638]: pam_unix(cron:session): session closed for user root
Sep 29 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Invalid user oscar from 62.60.131.157
Sep 29 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: input_userauth_request: invalid user oscar [preauth]
Sep 29 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for invalid user oscar from 62.60.131.157 port 61878 ssh2
Sep 29 21:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Failed password for root from 162.144.236.216 port 43936 ssh2
Sep 29 21:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Connection closed by 162.144.236.216 port 43936 [preauth]
Sep 29 21:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for invalid user oscar from 62.60.131.157 port 61878 ssh2
Sep 29 21:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for invalid user oscar from 62.60.131.157 port 61878 ssh2
Sep 29 21:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for invalid user oscar from 62.60.131.157 port 61878 ssh2
Sep 29 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for invalid user oscar from 62.60.131.157 port 61878 ssh2
Sep 29 21:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Received disconnect from 62.60.131.157 port 61878:11: Bye [preauth]
Sep 29 21:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Disconnected from 62.60.131.157 port 61878 [preauth]
Sep 29 21:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 21:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 21:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Failed password for root from 162.144.236.216 port 50250 ssh2
Sep 29 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10455]: Connection closed by 162.144.236.216 port 50250 [preauth]
Sep 29 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Failed password for root from 162.144.236.216 port 57430 ssh2
Sep 29 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Connection closed by 162.144.236.216 port 57430 [preauth]
Sep 29 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10587]: Successful su for rubyman by root
Sep 29 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10587]: + ??? root:rubyman
Sep 29 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317087 of user rubyman.
Sep 29 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10587]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317087.
Sep 29 21:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7114]: pam_unix(cron:session): session closed for user root
Sep 29 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Failed password for root from 162.144.236.216 port 35990 ssh2
Sep 29 21:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Connection closed by 162.144.236.216 port 35990 [preauth]
Sep 29 21:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Failed password for root from 162.144.236.216 port 41912 ssh2
Sep 29 21:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Connection closed by 162.144.236.216 port 41912 [preauth]
Sep 29 21:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Invalid user user from 62.60.131.157
Sep 29 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: input_userauth_request: invalid user user [preauth]
Sep 29 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 21:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 162.144.236.216 port 47906 ssh2
Sep 29 21:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Failed password for invalid user user from 62.60.131.157 port 40501 ssh2
Sep 29 21:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 162.144.236.216 port 47906 [preauth]
Sep 29 21:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Failed password for invalid user user from 62.60.131.157 port 40501 ssh2
Sep 29 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Failed password for invalid user user from 62.60.131.157 port 40501 ssh2
Sep 29 21:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Failed password for invalid user user from 62.60.131.157 port 40501 ssh2
Sep 29 21:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Failed password for root from 162.144.236.216 port 57708 ssh2
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Failed password for invalid user user from 62.60.131.157 port 40501 ssh2
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Received disconnect from 62.60.131.157 port 40501:11: Bye [preauth]
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: Disconnected from 62.60.131.157 port 40501 [preauth]
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10836]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10864]: Connection closed by 162.144.236.216 port 57708 [preauth]
Sep 29 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9423]: pam_unix(cron:session): session closed for user root
Sep 29 21:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for root from 162.144.236.216 port 35706 ssh2
Sep 29 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Connection closed by 162.144.236.216 port 35706 [preauth]
Sep 29 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Failed password for root from 162.144.236.216 port 40872 ssh2
Sep 29 21:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Connection closed by 162.144.236.216 port 40872 [preauth]
Sep 29 21:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Failed password for root from 162.144.236.216 port 47404 ssh2
Sep 29 21:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Connection closed by 162.144.236.216 port 47404 [preauth]
Sep 29 21:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: Successful su for rubyman by root
Sep 29 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: + ??? root:rubyman
Sep 29 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317091 of user rubyman.
Sep 29 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317091.
Sep 29 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7638]: pam_unix(cron:session): session closed for user root
Sep 29 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 162.144.236.216 port 53698 ssh2
Sep 29 21:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Connection closed by 162.144.236.216 port 53698 [preauth]
Sep 29 21:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: Failed password for root from 162.144.236.216 port 33556 ssh2
Sep 29 21:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: Connection closed by 162.144.236.216 port 33556 [preauth]
Sep 29 21:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for root from 162.144.236.216 port 41448 ssh2
Sep 29 21:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Connection closed by 162.144.236.216 port 41448 [preauth]
Sep 29 21:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10027]: pam_unix(cron:session): session closed for user root
Sep 29 21:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for root from 162.144.236.216 port 49622 ssh2
Sep 29 21:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Connection closed by 162.144.236.216 port 49622 [preauth]
Sep 29 21:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: Failed password for root from 162.144.236.216 port 58386 ssh2
Sep 29 21:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: Connection closed by 162.144.236.216 port 58386 [preauth]
Sep 29 21:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Failed password for root from 162.144.236.216 port 35904 ssh2
Sep 29 21:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Connection closed by 162.144.236.216 port 35904 [preauth]
Sep 29 21:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11414]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11412]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11476]: Successful su for rubyman by root
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11476]: + ??? root:rubyman
Sep 29 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317094 of user rubyman.
Sep 29 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11476]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317094.
Sep 29 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for root from 162.144.236.216 port 43880 ssh2
Sep 29 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Connection closed by 162.144.236.216 port 43880 [preauth]
Sep 29 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8155]: pam_unix(cron:session): session closed for user root
Sep 29 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11413]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Failed password for root from 162.144.236.216 port 50258 ssh2
Sep 29 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 162.144.236.216 port 50258 [preauth]
Sep 29 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Failed password for root from 162.144.236.216 port 57818 ssh2
Sep 29 21:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Connection closed by 162.144.236.216 port 57818 [preauth]
Sep 29 21:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Invalid user username from 80.94.95.116
Sep 29 21:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: input_userauth_request: invalid user username [preauth]
Sep 29 21:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 21:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Failed password for invalid user username from 80.94.95.116 port 49540 ssh2
Sep 29 21:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11840]: Connection closed by 80.94.95.116 port 49540 [preauth]
Sep 29 21:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Failed password for root from 162.144.236.216 port 37528 ssh2
Sep 29 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session closed for user root
Sep 29 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Connection closed by 162.144.236.216 port 37528 [preauth]
Sep 29 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Failed password for root from 162.144.236.216 port 45136 ssh2
Sep 29 21:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Connection closed by 162.144.236.216 port 45136 [preauth]
Sep 29 21:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Failed password for root from 162.144.236.216 port 51774 ssh2
Sep 29 21:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Connection closed by 162.144.236.216 port 51774 [preauth]
Sep 29 21:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Failed password for root from 162.144.236.216 port 57780 ssh2
Sep 29 21:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Connection closed by 162.144.236.216 port 57780 [preauth]
Sep 29 21:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11956]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session closed for user root
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: Successful su for rubyman by root
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: + ??? root:rubyman
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317098 of user rubyman.
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12025]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317098.
Sep 29 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11956]: pam_unix(cron:session): session closed for user root
Sep 29 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8637]: pam_unix(cron:session): session closed for user root
Sep 29 21:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Failed password for root from 162.144.236.216 port 37202 ssh2
Sep 29 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11952]: Connection closed by 162.144.236.216 port 37202 [preauth]
Sep 29 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11955]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Failed password for root from 162.144.236.216 port 43936 ssh2
Sep 29 21:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Connection closed by 162.144.236.216 port 43936 [preauth]
Sep 29 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Failed password for root from 162.144.236.216 port 50386 ssh2
Sep 29 21:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Connection closed by 162.144.236.216 port 50386 [preauth]
Sep 29 21:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12318]: Failed password for root from 162.144.236.216 port 56746 ssh2
Sep 29 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12318]: Connection closed by 162.144.236.216 port 56746 [preauth]
Sep 29 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10978]: pam_unix(cron:session): session closed for user root
Sep 29 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: Failed password for root from 162.144.236.216 port 35058 ssh2
Sep 29 21:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12347]: Connection closed by 162.144.236.216 port 35058 [preauth]
Sep 29 21:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Failed password for root from 162.144.236.216 port 42352 ssh2
Sep 29 21:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12385]: Connection closed by 162.144.236.216 port 42352 [preauth]
Sep 29 21:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: Failed password for root from 162.144.236.216 port 49556 ssh2
Sep 29 21:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12410]: Connection closed by 162.144.236.216 port 49556 [preauth]
Sep 29 21:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12509]: Successful su for rubyman by root
Sep 29 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12509]: + ??? root:rubyman
Sep 29 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317105 of user rubyman.
Sep 29 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12509]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317105.
Sep 29 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session closed for user root
Sep 29 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: Failed password for root from 162.144.236.216 port 55880 ssh2
Sep 29 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12432]: Connection closed by 162.144.236.216 port 55880 [preauth]
Sep 29 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12723]: Failed password for root from 162.144.236.216 port 33756 ssh2
Sep 29 21:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12723]: Connection closed by 162.144.236.216 port 33756 [preauth]
Sep 29 21:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Failed password for root from 162.144.236.216 port 40802 ssh2
Sep 29 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Connection closed by 162.144.236.216 port 40802 [preauth]
Sep 29 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for root from 162.144.236.216 port 47700 ssh2
Sep 29 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Connection closed by 162.144.236.216 port 47700 [preauth]
Sep 29 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session closed for user root
Sep 29 21:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Failed password for root from 162.144.236.216 port 54518 ssh2
Sep 29 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Connection closed by 162.144.236.216 port 54518 [preauth]
Sep 29 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Failed password for root from 162.144.236.216 port 32774 ssh2
Sep 29 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Connection closed by 162.144.236.216 port 32774 [preauth]
Sep 29 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user anonymous from 93.152.230.176
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user anonymous [preauth]
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12913]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12907]: pam_unix(cron:session): session closed for user root
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Failed password for root from 162.144.236.216 port 41176 ssh2
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12986]: Successful su for rubyman by root
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12986]: + ??? root:rubyman
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317108 of user rubyman.
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12986]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317108.
Sep 29 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12889]: Connection closed by 162.144.236.216 port 41176 [preauth]
Sep 29 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user anonymous from 93.152.230.176 port 6254 ssh2
Sep 29 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Received disconnect from 93.152.230.176 port 6254:11: Client disconnecting normally [preauth]
Sep 29 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Disconnected from 93.152.230.176 port 6254 [preauth]
Sep 29 21:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10025]: pam_unix(cron:session): session closed for user root
Sep 29 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Failed password for root from 162.144.236.216 port 48802 ssh2
Sep 29 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13062]: Connection closed by 162.144.236.216 port 48802 [preauth]
Sep 29 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Invalid user telnet from 167.99.55.34
Sep 29 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: input_userauth_request: invalid user telnet [preauth]
Sep 29 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.55.34
Sep 29 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for invalid user telnet from 167.99.55.34 port 44304 ssh2
Sep 29 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Connection closed by 167.99.55.34 port 44304 [preauth]
Sep 29 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: Invalid user solana from 195.178.110.133
Sep 29 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: input_userauth_request: invalid user solana [preauth]
Sep 29 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: Failed password for invalid user solana from 195.178.110.133 port 55148 ssh2
Sep 29 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: Connection closed by 195.178.110.133 port 55148 [preauth]
Sep 29 21:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Failed password for root from 162.144.236.216 port 55034 ssh2
Sep 29 21:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Connection closed by 162.144.236.216 port 55034 [preauth]
Sep 29 21:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Failed password for root from 162.144.236.216 port 36396 ssh2
Sep 29 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Connection closed by 162.144.236.216 port 36396 [preauth]
Sep 29 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11958]: pam_unix(cron:session): session closed for user root
Sep 29 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Failed password for root from 162.144.236.216 port 44038 ssh2
Sep 29 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13274]: Connection closed by 162.144.236.216 port 44038 [preauth]
Sep 29 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: Failed password for root from 162.144.236.216 port 50732 ssh2
Sep 29 21:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: Connection closed by 162.144.236.216 port 50732 [preauth]
Sep 29 21:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Failed password for root from 162.144.236.216 port 56716 ssh2
Sep 29 21:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Connection closed by 162.144.236.216 port 56716 [preauth]
Sep 29 21:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13448]: Successful su for rubyman by root
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13448]: + ??? root:rubyman
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317114 of user rubyman.
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13448]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317114.
Sep 29 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session closed for user root
Sep 29 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Failed password for root from 162.144.236.216 port 35054 ssh2
Sep 29 21:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Connection closed by 162.144.236.216 port 35054 [preauth]
Sep 29 21:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13629]: Failed password for root from 162.144.236.216 port 44482 ssh2
Sep 29 21:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13629]: Connection closed by 162.144.236.216 port 44482 [preauth]
Sep 29 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Failed password for root from 162.144.236.216 port 51116 ssh2
Sep 29 21:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13667]: Connection closed by 162.144.236.216 port 51116 [preauth]
Sep 29 21:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for root from 162.144.236.216 port 56720 ssh2
Sep 29 21:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 162.144.236.216 port 56720 [preauth]
Sep 29 21:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session closed for user root
Sep 29 21:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Failed password for root from 162.144.236.216 port 34296 ssh2
Sep 29 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Connection closed by 162.144.236.216 port 34296 [preauth]
Sep 29 21:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Failed password for root from 162.144.236.216 port 40536 ssh2
Sep 29 21:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Connection closed by 162.144.236.216 port 40536 [preauth]
Sep 29 21:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Failed password for root from 162.144.236.216 port 46824 ssh2
Sep 29 21:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Connection closed by 162.144.236.216 port 46824 [preauth]
Sep 29 21:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: Failed password for root from 162.144.236.216 port 53234 ssh2
Sep 29 21:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: Connection closed by 162.144.236.216 port 53234 [preauth]
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: Successful su for rubyman by root
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: + ??? root:rubyman
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317117 of user rubyman.
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317117.
Sep 29 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10977]: pam_unix(cron:session): session closed for user root
Sep 29 21:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Failed password for root from 162.144.236.216 port 60016 ssh2
Sep 29 21:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Connection closed by 162.144.236.216 port 60016 [preauth]
Sep 29 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: Failed password for root from 162.144.236.216 port 37350 ssh2
Sep 29 21:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14174]: Connection closed by 162.144.236.216 port 37350 [preauth]
Sep 29 21:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: Failed password for root from 162.144.236.216 port 44208 ssh2
Sep 29 21:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: Connection closed by 162.144.236.216 port 44208 [preauth]
Sep 29 21:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: Failed password for root from 162.144.236.216 port 51992 ssh2
Sep 29 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12913]: pam_unix(cron:session): session closed for user root
Sep 29 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14247]: Connection closed by 162.144.236.216 port 51992 [preauth]
Sep 29 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for root from 162.144.236.216 port 58144 ssh2
Sep 29 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Connection closed by 162.144.236.216 port 58144 [preauth]
Sep 29 21:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Connection reset by 205.210.31.168 port 59554 [preauth]
Sep 29 21:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Failed password for root from 162.144.236.216 port 39632 ssh2
Sep 29 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14313]: Connection closed by 162.144.236.216 port 39632 [preauth]
Sep 29 21:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Failed password for root from 162.144.236.216 port 45110 ssh2
Sep 29 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14332]: Connection closed by 162.144.236.216 port 45110 [preauth]
Sep 29 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14349]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session closed for user root
Sep 29 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14346]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14414]: Successful su for rubyman by root
Sep 29 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14414]: + ??? root:rubyman
Sep 29 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317126 of user rubyman.
Sep 29 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14414]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317126.
Sep 29 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11414]: pam_unix(cron:session): session closed for user root
Sep 29 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session closed for user root
Sep 29 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Failed password for root from 162.144.236.216 port 50918 ssh2
Sep 29 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Connection closed by 162.144.236.216 port 50918 [preauth]
Sep 29 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: Failed password for root from 162.144.236.216 port 58480 ssh2
Sep 29 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: Connection closed by 162.144.236.216 port 58480 [preauth]
Sep 29 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for root from 162.144.236.216 port 36200 ssh2
Sep 29 21:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Connection closed by 162.144.236.216 port 36200 [preauth]
Sep 29 21:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session closed for user root
Sep 29 21:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Failed password for root from 162.144.236.216 port 43048 ssh2
Sep 29 21:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Connection closed by 162.144.236.216 port 43048 [preauth]
Sep 29 21:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: Failed password for root from 162.144.236.216 port 50672 ssh2
Sep 29 21:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: Connection closed by 162.144.236.216 port 50672 [preauth]
Sep 29 21:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Invalid user pi from 139.47.14.220
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: input_userauth_request: invalid user pi [preauth]
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Invalid user pi from 139.47.14.220
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: input_userauth_request: invalid user pi [preauth]
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.47.14.220
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.47.14.220
Sep 29 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Failed password for root from 162.144.236.216 port 56234 ssh2
Sep 29 21:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Connection closed by 162.144.236.216 port 56234 [preauth]
Sep 29 21:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Failed password for invalid user pi from 139.47.14.220 port 45330 ssh2
Sep 29 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Failed password for invalid user pi from 139.47.14.220 port 45340 ssh2
Sep 29 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14782]: Connection closed by 139.47.14.220 port 45330 [preauth]
Sep 29 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Connection closed by 139.47.14.220 port 45340 [preauth]
Sep 29 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Failed password for root from 162.144.236.216 port 34216 ssh2
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Connection closed by 162.144.236.216 port 34216 [preauth]
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14810]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14885]: Successful su for rubyman by root
Sep 29 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14885]: + ??? root:rubyman
Sep 29 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317128 of user rubyman.
Sep 29 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14885]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317128.
Sep 29 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session closed for user root
Sep 29 21:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14811]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Failed password for root from 162.144.236.216 port 41838 ssh2
Sep 29 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14808]: Connection closed by 162.144.236.216 port 41838 [preauth]
Sep 29 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Failed password for root from 162.144.236.216 port 49642 ssh2
Sep 29 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Connection closed by 162.144.236.216 port 49642 [preauth]
Sep 29 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: Failed password for root from 162.144.236.216 port 57342 ssh2
Sep 29 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: Connection closed by 162.144.236.216 port 57342 [preauth]
Sep 29 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session closed for user root
Sep 29 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15145]: Failed password for root from 162.144.236.216 port 35836 ssh2
Sep 29 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15145]: Connection closed by 162.144.236.216 port 35836 [preauth]
Sep 29 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15184]: Failed password for root from 162.144.236.216 port 43074 ssh2
Sep 29 21:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15184]: Connection closed by 162.144.236.216 port 43074 [preauth]
Sep 29 21:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Failed password for root from 162.144.236.216 port 50226 ssh2
Sep 29 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Connection closed by 162.144.236.216 port 50226 [preauth]
Sep 29 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15240]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15316]: Successful su for rubyman by root
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15316]: + ??? root:rubyman
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317131 of user rubyman.
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15316]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317131.
Sep 29 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: Failed password for root from 162.144.236.216 port 57460 ssh2
Sep 29 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15228]: Connection closed by 162.144.236.216 port 57460 [preauth]
Sep 29 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session closed for user root
Sep 29 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Failed password for root from 162.144.236.216 port 36820 ssh2
Sep 29 21:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Connection closed by 162.144.236.216 port 36820 [preauth]
Sep 29 21:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: Failed password for root from 162.144.236.216 port 44130 ssh2
Sep 29 21:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: Connection closed by 162.144.236.216 port 44130 [preauth]
Sep 29 21:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Failed password for root from 162.144.236.216 port 50090 ssh2
Sep 29 21:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Connection closed by 162.144.236.216 port 50090 [preauth]
Sep 29 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Invalid user daniel from 185.156.73.233
Sep 29 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: input_userauth_request: invalid user daniel [preauth]
Sep 29 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Failed password for invalid user daniel from 185.156.73.233 port 19646 ssh2
Sep 29 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Connection closed by 185.156.73.233 port 19646 [preauth]
Sep 29 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session closed for user root
Sep 29 21:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Failed password for root from 162.144.236.216 port 57956 ssh2
Sep 29 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Connection closed by 162.144.236.216 port 57956 [preauth]
Sep 29 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Failed password for root from 162.144.236.216 port 36304 ssh2
Sep 29 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Connection closed by 162.144.236.216 port 36304 [preauth]
Sep 29 21:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: Failed password for root from 162.144.236.216 port 41626 ssh2
Sep 29 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: Connection closed by 162.144.236.216 port 41626 [preauth]
Sep 29 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15686]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15754]: Successful su for rubyman by root
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15754]: + ??? root:rubyman
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317136 of user rubyman.
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15754]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317136.
Sep 29 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session closed for user root
Sep 29 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Failed password for root from 162.144.236.216 port 48204 ssh2
Sep 29 21:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Connection closed by 162.144.236.216 port 48204 [preauth]
Sep 29 21:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15687]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Failed password for root from 162.144.236.216 port 56566 ssh2
Sep 29 21:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Connection closed by 162.144.236.216 port 56566 [preauth]
Sep 29 21:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15963]: Failed password for root from 162.144.236.216 port 35132 ssh2
Sep 29 21:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15963]: Connection closed by 162.144.236.216 port 35132 [preauth]
Sep 29 21:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15996]: Failed password for root from 162.144.236.216 port 41560 ssh2
Sep 29 21:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15996]: Connection closed by 162.144.236.216 port 41560 [preauth]
Sep 29 21:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session closed for user root
Sep 29 21:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Failed password for root from 162.144.236.216 port 48646 ssh2
Sep 29 21:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16030]: Connection closed by 162.144.236.216 port 48646 [preauth]
Sep 29 21:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 162.144.236.216 port 55470 ssh2
Sep 29 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Connection closed by 162.144.236.216 port 55470 [preauth]
Sep 29 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for root from 162.144.236.216 port 38342 ssh2
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Connection closed by 162.144.236.216 port 38342 [preauth]
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16183]: Successful su for rubyman by root
Sep 29 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16183]: + ??? root:rubyman
Sep 29 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317141 of user rubyman.
Sep 29 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16183]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317141.
Sep 29 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user root
Sep 29 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Failed password for root from 162.144.236.216 port 44556 ssh2
Sep 29 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Connection closed by 162.144.236.216 port 44556 [preauth]
Sep 29 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Failed password for root from 162.144.236.216 port 50106 ssh2
Sep 29 21:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Connection closed by 162.144.236.216 port 50106 [preauth]
Sep 29 21:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Invalid user solana from 195.178.110.133
Sep 29 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: input_userauth_request: invalid user solana [preauth]
Sep 29 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 21:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Failed password for invalid user solana from 195.178.110.133 port 56920 ssh2
Sep 29 21:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Connection closed by 195.178.110.133 port 56920 [preauth]
Sep 29 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Failed password for root from 162.144.236.216 port 58224 ssh2
Sep 29 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Connection closed by 162.144.236.216 port 58224 [preauth]
Sep 29 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session closed for user root
Sep 29 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Failed password for root from 162.144.236.216 port 38562 ssh2
Sep 29 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16465]: Connection closed by 162.144.236.216 port 38562 [preauth]
Sep 29 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Failed password for root from 162.144.236.216 port 44612 ssh2
Sep 29 21:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Connection closed by 162.144.236.216 port 44612 [preauth]
Sep 29 21:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: Failed password for root from 162.144.236.216 port 51034 ssh2
Sep 29 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16523]: Connection closed by 162.144.236.216 port 51034 [preauth]
Sep 29 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: Failed password for root from 162.144.236.216 port 57060 ssh2
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: Connection closed by 162.144.236.216 port 57060 [preauth]
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16584]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16579]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16585]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16585]: pam_unix(cron:session): session closed for user root
Sep 29 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16577]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: Successful su for rubyman by root
Sep 29 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: + ??? root:rubyman
Sep 29 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317146 of user rubyman.
Sep 29 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16654]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317146.
Sep 29 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Invalid user ftpuser from 93.152.230.176
Sep 29 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session closed for user root
Sep 29 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Failed password for root from 162.144.236.216 port 36656 ssh2
Sep 29 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16579]: pam_unix(cron:session): session closed for user root
Sep 29 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Connection closed by 162.144.236.216 port 36656 [preauth]
Sep 29 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Failed password for invalid user ftpuser from 93.152.230.176 port 10260 ssh2
Sep 29 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Received disconnect from 93.152.230.176 port 10260:11: Client disconnecting normally [preauth]
Sep 29 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Disconnected from 93.152.230.176 port 10260 [preauth]
Sep 29 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16578]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: Failed password for root from 162.144.236.216 port 43082 ssh2
Sep 29 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16852]: Connection closed by 162.144.236.216 port 43082 [preauth]
Sep 29 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Failed password for root from 162.144.236.216 port 48476 ssh2
Sep 29 21:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16909]: Connection closed by 162.144.236.216 port 48476 [preauth]
Sep 29 21:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16926]: Failed password for root from 162.144.236.216 port 53902 ssh2
Sep 29 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16926]: Connection closed by 162.144.236.216 port 53902 [preauth]
Sep 29 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session closed for user root
Sep 29 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Failed password for root from 162.144.236.216 port 33436 ssh2
Sep 29 21:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Connection closed by 162.144.236.216 port 33436 [preauth]
Sep 29 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: Failed password for root from 162.144.236.216 port 39450 ssh2
Sep 29 21:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16999]: Connection closed by 162.144.236.216 port 39450 [preauth]
Sep 29 21:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Failed password for root from 162.144.236.216 port 46084 ssh2
Sep 29 21:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Connection closed by 162.144.236.216 port 46084 [preauth]
Sep 29 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Failed password for root from 162.144.236.216 port 50566 ssh2
Sep 29 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Connection closed by 162.144.236.216 port 50566 [preauth]
Sep 29 21:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: Successful su for rubyman by root
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: + ??? root:rubyman
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317150 of user rubyman.
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317150.
Sep 29 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Failed password for root from 162.144.236.216 port 55628 ssh2
Sep 29 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14349]: pam_unix(cron:session): session closed for user root
Sep 29 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Connection closed by 162.144.236.216 port 55628 [preauth]
Sep 29 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Failed password for root from 162.144.236.216 port 34950 ssh2
Sep 29 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Connection closed by 162.144.236.216 port 34950 [preauth]
Sep 29 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Failed password for root from 162.144.236.216 port 41124 ssh2
Sep 29 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Connection closed by 162.144.236.216 port 41124 [preauth]
Sep 29 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: Failed password for root from 162.144.236.216 port 45930 ssh2
Sep 29 21:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: Connection closed by 162.144.236.216 port 45930 [preauth]
Sep 29 21:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16119]: pam_unix(cron:session): session closed for user root
Sep 29 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17435]: Failed password for root from 162.144.236.216 port 53146 ssh2
Sep 29 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17435]: Connection closed by 162.144.236.216 port 53146 [preauth]
Sep 29 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Failed password for root from 162.144.236.216 port 59642 ssh2
Sep 29 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Connection closed by 162.144.236.216 port 59642 [preauth]
Sep 29 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Failed password for root from 162.144.236.216 port 37922 ssh2
Sep 29 21:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Connection closed by 162.144.236.216 port 37922 [preauth]
Sep 29 21:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17597]: Successful su for rubyman by root
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17597]: + ??? root:rubyman
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317153 of user rubyman.
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17597]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317153.
Sep 29 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session closed for user root
Sep 29 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17526]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 162.144.236.216 port 47680 ssh2
Sep 29 21:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Connection closed by 162.144.236.216 port 47680 [preauth]
Sep 29 21:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for root from 162.144.236.216 port 54422 ssh2
Sep 29 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Connection closed by 162.144.236.216 port 54422 [preauth]
Sep 29 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Failed password for root from 162.144.236.216 port 32946 ssh2
Sep 29 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Connection closed by 162.144.236.216 port 32946 [preauth]
Sep 29 21:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Failed password for root from 162.144.236.216 port 40260 ssh2
Sep 29 21:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Connection closed by 162.144.236.216 port 40260 [preauth]
Sep 29 21:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16584]: pam_unix(cron:session): session closed for user root
Sep 29 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Failed password for root from 162.144.236.216 port 47412 ssh2
Sep 29 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Connection closed by 162.144.236.216 port 47412 [preauth]
Sep 29 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Failed password for root from 162.144.236.216 port 54456 ssh2
Sep 29 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18031]: Connection closed by 162.144.236.216 port 54456 [preauth]
Sep 29 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: Failed password for root from 162.144.236.216 port 32894 ssh2
Sep 29 21:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18071]: Connection closed by 162.144.236.216 port 32894 [preauth]
Sep 29 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: Successful su for rubyman by root
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: + ??? root:rubyman
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317157 of user rubyman.
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317157.
Sep 29 21:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Failed password for root from 162.144.236.216 port 39234 ssh2
Sep 29 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session closed for user root
Sep 29 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Connection closed by 162.144.236.216 port 39234 [preauth]
Sep 29 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Failed password for root from 162.144.236.216 port 45272 ssh2
Sep 29 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Connection closed by 162.144.236.216 port 45272 [preauth]
Sep 29 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Failed password for root from 162.144.236.216 port 51024 ssh2
Sep 29 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18652]: Connection closed by 162.144.236.216 port 51024 [preauth]
Sep 29 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Failed password for root from 162.144.236.216 port 57090 ssh2
Sep 29 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Connection closed by 162.144.236.216 port 57090 [preauth]
Sep 29 21:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session closed for user root
Sep 29 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for root from 162.144.236.216 port 35200 ssh2
Sep 29 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Connection closed by 162.144.236.216 port 35200 [preauth]
Sep 29 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Failed password for root from 162.144.236.216 port 44322 ssh2
Sep 29 21:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Connection closed by 162.144.236.216 port 44322 [preauth]
Sep 29 21:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Failed password for root from 162.144.236.216 port 50072 ssh2
Sep 29 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Connection closed by 162.144.236.216 port 50072 [preauth]
Sep 29 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18801]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: Successful su for rubyman by root
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: + ??? root:rubyman
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317161 of user rubyman.
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18880]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317161.
Sep 29 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: Failed password for root from 162.144.236.216 port 56988 ssh2
Sep 29 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session closed for user root
Sep 29 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18798]: Connection closed by 162.144.236.216 port 56988 [preauth]
Sep 29 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18802]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Failed password for root from 162.144.236.216 port 35502 ssh2
Sep 29 21:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Connection closed by 162.144.236.216 port 35502 [preauth]
Sep 29 21:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: Failed password for root from 162.144.236.216 port 42934 ssh2
Sep 29 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: Connection closed by 162.144.236.216 port 42934 [preauth]
Sep 29 21:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Failed password for root from 162.144.236.216 port 49666 ssh2
Sep 29 21:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Connection closed by 162.144.236.216 port 49666 [preauth]
Sep 29 21:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session closed for user root
Sep 29 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Failed password for root from 162.144.236.216 port 55716 ssh2
Sep 29 21:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Connection closed by 162.144.236.216 port 55716 [preauth]
Sep 29 21:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Failed password for root from 162.144.236.216 port 35588 ssh2
Sep 29 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Connection closed by 162.144.236.216 port 35588 [preauth]
Sep 29 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Failed password for root from 162.144.236.216 port 40252 ssh2
Sep 29 21:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Connection closed by 162.144.236.216 port 40252 [preauth]
Sep 29 21:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19343]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19347]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19347]: pam_unix(cron:session): session closed for user root
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19570]: Successful su for rubyman by root
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19570]: + ??? root:rubyman
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317166 of user rubyman.
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19570]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317166.
Sep 29 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19337]: pam_unix(cron:session): session closed for user root
Sep 29 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session closed for user root
Sep 29 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Failed password for root from 162.144.236.216 port 48236 ssh2
Sep 29 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19314]: Connection closed by 162.144.236.216 port 48236 [preauth]
Sep 29 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19920]: Failed password for root from 162.144.236.216 port 55442 ssh2
Sep 29 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19920]: Connection closed by 162.144.236.216 port 55442 [preauth]
Sep 29 21:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Failed password for root from 162.144.236.216 port 34920 ssh2
Sep 29 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Connection closed by 162.144.236.216 port 34920 [preauth]
Sep 29 21:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Failed password for root from 162.144.236.216 port 41698 ssh2
Sep 29 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Connection closed by 162.144.236.216 port 41698 [preauth]
Sep 29 21:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session closed for user root
Sep 29 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Failed password for root from 162.144.236.216 port 48036 ssh2
Sep 29 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Connection closed by 162.144.236.216 port 48036 [preauth]
Sep 29 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Failed password for root from 162.144.236.216 port 54800 ssh2
Sep 29 21:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Connection closed by 162.144.236.216 port 54800 [preauth]
Sep 29 21:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20129]: Failed password for root from 162.144.236.216 port 32918 ssh2
Sep 29 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20129]: Connection closed by 162.144.236.216 port 32918 [preauth]
Sep 29 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20157]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20158]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20155]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: Successful su for rubyman by root
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: + ??? root:rubyman
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317173 of user rubyman.
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317173.
Sep 29 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 162.144.236.216 port 39814 ssh2
Sep 29 21:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Connection closed by 162.144.236.216 port 39814 [preauth]
Sep 29 21:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20156]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session closed for user root
Sep 29 21:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: Failed password for root from 162.144.236.216 port 45578 ssh2
Sep 29 21:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: Connection closed by 162.144.236.216 port 45578 [preauth]
Sep 29 21:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: Failed password for root from 162.144.236.216 port 52528 ssh2
Sep 29 21:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: Connection closed by 162.144.236.216 port 52528 [preauth]
Sep 29 21:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Failed password for root from 162.144.236.216 port 57934 ssh2
Sep 29 21:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Connection closed by 162.144.236.216 port 57934 [preauth]
Sep 29 21:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session closed for user root
Sep 29 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for root from 162.144.236.216 port 36250 ssh2
Sep 29 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Connection closed by 162.144.236.216 port 36250 [preauth]
Sep 29 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Failed password for root from 162.144.236.216 port 43688 ssh2
Sep 29 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Connection closed by 162.144.236.216 port 43688 [preauth]
Sep 29 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: Failed password for root from 162.144.236.216 port 49998 ssh2
Sep 29 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20610]: Connection closed by 162.144.236.216 port 49998 [preauth]
Sep 29 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: Successful su for rubyman by root
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: + ??? root:rubyman
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317177 of user rubyman.
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317177.
Sep 29 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Failed password for root from 162.144.236.216 port 57014 ssh2
Sep 29 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Connection closed by 162.144.236.216 port 57014 [preauth]
Sep 29 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session closed for user root
Sep 29 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Failed password for root from 162.144.236.216 port 36380 ssh2
Sep 29 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20816]: Connection closed by 162.144.236.216 port 36380 [preauth]
Sep 29 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20943]: Failed password for root from 162.144.236.216 port 42436 ssh2
Sep 29 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20943]: Connection closed by 162.144.236.216 port 42436 [preauth]
Sep 29 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Failed password for root from 162.144.236.216 port 48378 ssh2
Sep 29 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Connection closed by 162.144.236.216 port 48378 [preauth]
Sep 29 21:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Failed password for root from 162.144.236.216 port 55008 ssh2
Sep 29 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19343]: pam_unix(cron:session): session closed for user root
Sep 29 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Connection closed by 162.144.236.216 port 55008 [preauth]
Sep 29 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Invalid user git from 185.156.73.233
Sep 29 21:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: input_userauth_request: invalid user git [preauth]
Sep 29 21:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Failed password for invalid user git from 185.156.73.233 port 29448 ssh2
Sep 29 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21045]: Connection closed by 185.156.73.233 port 29448 [preauth]
Sep 29 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Failed password for root from 162.144.236.216 port 34494 ssh2
Sep 29 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Connection closed by 162.144.236.216 port 34494 [preauth]
Sep 29 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Invalid user admin from 139.19.117.131
Sep 29 21:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: input_userauth_request: invalid user admin [preauth]
Sep 29 21:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Failed password for root from 162.144.236.216 port 39748 ssh2
Sep 29 21:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Connection closed by 162.144.236.216 port 39748 [preauth]
Sep 29 21:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21085]: Connection closed by 139.19.117.131 port 33188 [preauth]
Sep 29 21:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Failed password for root from 162.144.236.216 port 46566 ssh2
Sep 29 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Connection closed by 162.144.236.216 port 46566 [preauth]
Sep 29 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21127]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21125]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21189]: Successful su for rubyman by root
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21189]: + ??? root:rubyman
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317179 of user rubyman.
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21189]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317179.
Sep 29 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session closed for user root
Sep 29 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21126]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Failed password for root from 162.144.236.216 port 54178 ssh2
Sep 29 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Connection closed by 162.144.236.216 port 54178 [preauth]
Sep 29 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: Did not receive identification string from 43.224.124.144
Sep 29 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Invalid user openhabian from 93.152.230.176
Sep 29 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: input_userauth_request: invalid user openhabian [preauth]
Sep 29 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Failed password for invalid user openhabian from 93.152.230.176 port 26054 ssh2
Sep 29 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Received disconnect from 93.152.230.176 port 26054:11: Client disconnecting normally [preauth]
Sep 29 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Disconnected from 93.152.230.176 port 26054 [preauth]
Sep 29 21:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: Failed password for root from 162.144.236.216 port 33576 ssh2
Sep 29 21:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: Connection closed by 162.144.236.216 port 33576 [preauth]
Sep 29 21:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Failed password for root from 162.144.236.216 port 40802 ssh2
Sep 29 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Connection closed by 162.144.236.216 port 40802 [preauth]
Sep 29 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20158]: pam_unix(cron:session): session closed for user root
Sep 29 21:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Failed password for root from 162.144.236.216 port 47848 ssh2
Sep 29 21:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Connection closed by 162.144.236.216 port 47848 [preauth]
Sep 29 21:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Failed password for root from 162.144.236.216 port 56444 ssh2
Sep 29 21:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Connection closed by 162.144.236.216 port 56444 [preauth]
Sep 29 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Failed password for root from 162.144.236.216 port 34568 ssh2
Sep 29 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21530]: Connection closed by 162.144.236.216 port 34568 [preauth]
Sep 29 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Failed password for root from 162.144.236.216 port 40082 ssh2
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Connection closed by 162.144.236.216 port 40082 [preauth]
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21565]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: Successful su for rubyman by root
Sep 29 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: + ??? root:rubyman
Sep 29 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317183 of user rubyman.
Sep 29 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21634]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317183.
Sep 29 21:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session closed for user root
Sep 29 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21566]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21569]: Failed password for root from 162.144.236.216 port 46912 ssh2
Sep 29 21:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21569]: Connection closed by 162.144.236.216 port 46912 [preauth]
Sep 29 21:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: Failed password for root from 162.144.236.216 port 55220 ssh2
Sep 29 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21853]: Connection closed by 162.144.236.216 port 55220 [preauth]
Sep 29 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Failed password for root from 162.144.236.216 port 33254 ssh2
Sep 29 21:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Connection closed by 162.144.236.216 port 33254 [preauth]
Sep 29 21:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session closed for user root
Sep 29 21:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Failed password for root from 162.144.236.216 port 39122 ssh2
Sep 29 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21917]: Connection closed by 162.144.236.216 port 39122 [preauth]
Sep 29 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: Failed password for root from 162.144.236.216 port 46432 ssh2
Sep 29 21:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: Connection closed by 162.144.236.216 port 46432 [preauth]
Sep 29 21:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Failed password for root from 162.144.236.216 port 53510 ssh2
Sep 29 21:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21985]: Connection closed by 162.144.236.216 port 53510 [preauth]
Sep 29 21:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22029]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22030]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22027]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22030]: pam_unix(cron:session): session closed for user root
Sep 29 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22024]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22099]: Successful su for rubyman by root
Sep 29 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22099]: + ??? root:rubyman
Sep 29 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317191 of user rubyman.
Sep 29 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22099]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317191.
Sep 29 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22027]: pam_unix(cron:session): session closed for user root
Sep 29 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: Failed password for root from 162.144.236.216 port 34330 ssh2
Sep 29 21:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: Connection closed by 162.144.236.216 port 34330 [preauth]
Sep 29 21:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session closed for user root
Sep 29 21:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Failed password for root from 162.144.236.216 port 41846 ssh2
Sep 29 21:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Connection closed by 162.144.236.216 port 41846 [preauth]
Sep 29 21:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: Failed password for root from 162.144.236.216 port 48718 ssh2
Sep 29 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: Connection closed by 162.144.236.216 port 48718 [preauth]
Sep 29 21:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Failed password for root from 162.144.236.216 port 55844 ssh2
Sep 29 21:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Connection closed by 162.144.236.216 port 55844 [preauth]
Sep 29 21:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21128]: pam_unix(cron:session): session closed for user root
Sep 29 21:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Failed password for root from 162.144.236.216 port 34680 ssh2
Sep 29 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22416]: Connection closed by 162.144.236.216 port 34680 [preauth]
Sep 29 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Failed password for root from 162.144.236.216 port 39786 ssh2
Sep 29 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: Successful su for rubyman by root
Sep 29 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: + ??? root:rubyman
Sep 29 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317194 of user rubyman.
Sep 29 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317194.
Sep 29 21:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Connection closed by 162.144.236.216 port 39786 [preauth]
Sep 29 21:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session closed for user root
Sep 29 21:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Failed password for root from 162.144.236.216 port 49856 ssh2
Sep 29 21:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Connection closed by 162.144.236.216 port 49856 [preauth]
Sep 29 21:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Failed password for root from 162.144.236.216 port 56526 ssh2
Sep 29 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23029]: Connection closed by 162.144.236.216 port 56526 [preauth]
Sep 29 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Failed password for root from 162.144.236.216 port 35686 ssh2
Sep 29 21:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23055]: Connection closed by 162.144.236.216 port 35686 [preauth]
Sep 29 21:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session closed for user root
Sep 29 21:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Failed password for root from 162.144.236.216 port 41892 ssh2
Sep 29 21:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Connection closed by 162.144.236.216 port 41892 [preauth]
Sep 29 21:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: Failed password for root from 162.144.236.216 port 49082 ssh2
Sep 29 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: Connection closed by 162.144.236.216 port 49082 [preauth]
Sep 29 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23315]: Successful su for rubyman by root
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23315]: + ??? root:rubyman
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317197 of user rubyman.
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23315]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317197.
Sep 29 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20157]: pam_unix(cron:session): session closed for user root
Sep 29 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Failed password for root from 162.144.236.216 port 55254 ssh2
Sep 29 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Connection closed by 162.144.236.216 port 55254 [preauth]
Sep 29 21:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Failed password for root from 162.144.236.216 port 35712 ssh2
Sep 29 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Connection closed by 162.144.236.216 port 35712 [preauth]
Sep 29 21:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Failed password for root from 162.144.236.216 port 42874 ssh2
Sep 29 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Connection closed by 162.144.236.216 port 42874 [preauth]
Sep 29 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22029]: pam_unix(cron:session): session closed for user root
Sep 29 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Failed password for root from 162.144.236.216 port 50272 ssh2
Sep 29 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23835]: Connection closed by 162.144.236.216 port 50272 [preauth]
Sep 29 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: Failed password for root from 162.144.236.216 port 56686 ssh2
Sep 29 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23914]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23874]: Connection closed by 162.144.236.216 port 56686 [preauth]
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23984]: Successful su for rubyman by root
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23984]: + ??? root:rubyman
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317202 of user rubyman.
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23984]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317202.
Sep 29 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20654]: pam_unix(cron:session): session closed for user root
Sep 29 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23915]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for root from 162.144.236.216 port 36004 ssh2
Sep 29 21:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 162.144.236.216 port 36004 [preauth]
Sep 29 21:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: Failed password for root from 162.144.236.216 port 43946 ssh2
Sep 29 21:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24264]: Connection closed by 162.144.236.216 port 43946 [preauth]
Sep 29 21:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session closed for user root
Sep 29 21:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Invalid user solana from 195.178.110.133
Sep 29 21:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: input_userauth_request: invalid user solana [preauth]
Sep 29 21:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Failed password for invalid user solana from 195.178.110.133 port 54952 ssh2
Sep 29 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24335]: Connection closed by 195.178.110.133 port 54952 [preauth]
Sep 29 21:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: Failed password for root from 162.144.236.216 port 49970 ssh2
Sep 29 21:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24301]: Connection closed by 162.144.236.216 port 49970 [preauth]
Sep 29 21:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: Did not receive identification string from 162.144.236.216
Sep 29 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24436]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24434]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24432]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: Successful su for rubyman by root
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: + ??? root:rubyman
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317206 of user rubyman.
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24595]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317206.
Sep 29 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session closed for user root
Sep 29 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21127]: pam_unix(cron:session): session closed for user root
Sep 29 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Failed password for root from 162.144.236.216 port 32848 ssh2
Sep 29 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Connection closed by 162.144.236.216 port 32848 [preauth]
Sep 29 21:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24433]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: Failed password for root from 162.144.236.216 port 39506 ssh2
Sep 29 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24807]: Connection closed by 162.144.236.216 port 39506 [preauth]
Sep 29 21:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Failed password for root from 162.144.236.216 port 46524 ssh2
Sep 29 21:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Connection closed by 162.144.236.216 port 46524 [preauth]
Sep 29 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session closed for user root
Sep 29 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Failed password for root from 162.144.236.216 port 53558 ssh2
Sep 29 21:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Connection closed by 162.144.236.216 port 53558 [preauth]
Sep 29 21:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Failed password for root from 162.144.236.216 port 59288 ssh2
Sep 29 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24927]: Connection closed by 162.144.236.216 port 59288 [preauth]
Sep 29 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session closed for user root
Sep 29 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24997]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25068]: Successful su for rubyman by root
Sep 29 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25068]: + ??? root:rubyman
Sep 29 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317214 of user rubyman.
Sep 29 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25068]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317214.
Sep 29 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user root
Sep 29 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session closed for user root
Sep 29 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for root from 162.144.236.216 port 39328 ssh2
Sep 29 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Connection closed by 162.144.236.216 port 39328 [preauth]
Sep 29 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: Failed password for root from 162.144.236.216 port 45964 ssh2
Sep 29 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25549]: Connection closed by 162.144.236.216 port 45964 [preauth]
Sep 29 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Failed password for root from 162.144.236.216 port 53436 ssh2
Sep 29 21:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Connection closed by 162.144.236.216 port 53436 [preauth]
Sep 29 21:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Failed password for root from 162.144.236.216 port 60760 ssh2
Sep 29 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Connection closed by 162.144.236.216 port 60760 [preauth]
Sep 29 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session closed for user root
Sep 29 21:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Failed password for root from 162.144.236.216 port 38192 ssh2
Sep 29 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Connection closed by 162.144.236.216 port 38192 [preauth]
Sep 29 21:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Failed password for root from 162.144.236.216 port 44012 ssh2
Sep 29 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Connection closed by 162.144.236.216 port 44012 [preauth]
Sep 29 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: Failed password for root from 162.144.236.216 port 50334 ssh2
Sep 29 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25699]: Connection closed by 162.144.236.216 port 50334 [preauth]
Sep 29 21:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25725]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: Successful su for rubyman by root
Sep 29 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: + ??? root:rubyman
Sep 29 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317216 of user rubyman.
Sep 29 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25903]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317216.
Sep 29 21:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: Failed password for root from 162.144.236.216 port 56244 ssh2
Sep 29 21:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: Connection closed by 162.144.236.216 port 56244 [preauth]
Sep 29 21:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22028]: pam_unix(cron:session): session closed for user root
Sep 29 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25726]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Failed password for root from 162.144.236.216 port 33142 ssh2
Sep 29 21:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Connection closed by 162.144.236.216 port 33142 [preauth]
Sep 29 21:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Failed password for root from 162.144.236.216 port 38370 ssh2
Sep 29 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26130]: Connection closed by 162.144.236.216 port 38370 [preauth]
Sep 29 21:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Invalid user alice from 93.152.230.176
Sep 29 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: input_userauth_request: invalid user alice [preauth]
Sep 29 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 21:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Failed password for root from 162.144.236.216 port 45654 ssh2
Sep 29 21:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Failed password for invalid user alice from 93.152.230.176 port 49670 ssh2
Sep 29 21:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Received disconnect from 93.152.230.176 port 49670:11: Client disconnecting normally [preauth]
Sep 29 21:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Disconnected from 93.152.230.176 port 49670 [preauth]
Sep 29 21:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Connection closed by 162.144.236.216 port 45654 [preauth]
Sep 29 21:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24436]: pam_unix(cron:session): session closed for user root
Sep 29 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Failed password for root from 162.144.236.216 port 53880 ssh2
Sep 29 21:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26206]: Connection closed by 162.144.236.216 port 53880 [preauth]
Sep 29 21:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Failed password for root from 162.144.236.216 port 59658 ssh2
Sep 29 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26244]: Connection closed by 162.144.236.216 port 59658 [preauth]
Sep 29 21:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Failed password for root from 162.144.236.216 port 37154 ssh2
Sep 29 21:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Connection closed by 162.144.236.216 port 37154 [preauth]
Sep 29 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26317]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26399]: Successful su for rubyman by root
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26399]: + ??? root:rubyman
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317222 of user rubyman.
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26399]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317222.
Sep 29 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session closed for user root
Sep 29 21:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26318]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26398]: Failed password for root from 162.144.236.216 port 44700 ssh2
Sep 29 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26398]: Connection closed by 162.144.236.216 port 44700 [preauth]
Sep 29 21:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Failed password for root from 162.144.236.216 port 54234 ssh2
Sep 29 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Connection closed by 162.144.236.216 port 54234 [preauth]
Sep 29 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Invalid user pi from 80.94.95.116
Sep 29 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: input_userauth_request: invalid user pi [preauth]
Sep 29 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Failed password for invalid user pi from 80.94.95.116 port 23102 ssh2
Sep 29 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Connection closed by 80.94.95.116 port 23102 [preauth]
Sep 29 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
Sep 29 21:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Failed password for root from 162.144.236.216 port 33792 ssh2
Sep 29 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Connection closed by 162.144.236.216 port 33792 [preauth]
Sep 29 21:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Failed password for root from 162.144.236.216 port 41460 ssh2
Sep 29 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26970]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26971]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27055]: Successful su for rubyman by root
Sep 29 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27055]: + ??? root:rubyman
Sep 29 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317224 of user rubyman.
Sep 29 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27055]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317224.
Sep 29 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Connection closed by 162.144.236.216 port 41460 [preauth]
Sep 29 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session closed for user root
Sep 29 21:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Failed password for root from 162.144.236.216 port 49904 ssh2
Sep 29 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27201]: Connection closed by 162.144.236.216 port 49904 [preauth]
Sep 29 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Failed password for root from 162.144.236.216 port 56610 ssh2
Sep 29 21:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Connection closed by 162.144.236.216 port 56610 [preauth]
Sep 29 21:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Failed password for root from 162.144.236.216 port 33882 ssh2
Sep 29 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Connection closed by 162.144.236.216 port 33882 [preauth]
Sep 29 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session closed for user root
Sep 29 21:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: Failed password for root from 162.144.236.216 port 40938 ssh2
Sep 29 21:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27386]: Connection closed by 162.144.236.216 port 40938 [preauth]
Sep 29 21:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Failed password for root from 162.144.236.216 port 47328 ssh2
Sep 29 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Connection closed by 162.144.236.216 port 47328 [preauth]
Sep 29 21:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27478]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27709]: Successful su for rubyman by root
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27709]: + ??? root:rubyman
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317229 of user rubyman.
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27709]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317229.
Sep 29 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23916]: pam_unix(cron:session): session closed for user root
Sep 29 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Failed password for root from 162.144.236.216 port 51928 ssh2
Sep 29 21:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Connection closed by 162.144.236.216 port 51928 [preauth]
Sep 29 21:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for root from 162.144.236.216 port 58648 ssh2
Sep 29 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection closed by 162.144.236.216 port 58648 [preauth]
Sep 29 21:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Failed password for root from 162.144.236.216 port 38820 ssh2
Sep 29 21:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Connection closed by 162.144.236.216 port 38820 [preauth]
Sep 29 21:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session closed for user root
Sep 29 21:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Failed password for root from 162.144.236.216 port 43966 ssh2
Sep 29 21:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Connection closed by 162.144.236.216 port 43966 [preauth]
Sep 29 21:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session closed for user root
Sep 29 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28184]: Successful su for rubyman by root
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28184]: + ??? root:rubyman
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317234 of user rubyman.
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28184]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317234.
Sep 29 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Failed password for root from 162.144.236.216 port 51670 ssh2
Sep 29 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Connection closed by 162.144.236.216 port 51670 [preauth]
Sep 29 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session closed for user root
Sep 29 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24434]: pam_unix(cron:session): session closed for user root
Sep 29 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Failed password for root from 162.144.236.216 port 59476 ssh2
Sep 29 21:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Connection closed by 162.144.236.216 port 59476 [preauth]
Sep 29 21:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: Failed password for root from 162.144.236.216 port 36722 ssh2
Sep 29 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28467]: Connection closed by 162.144.236.216 port 36722 [preauth]
Sep 29 21:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26971]: pam_unix(cron:session): session closed for user root
Sep 29 21:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Failed password for root from 162.144.236.216 port 44076 ssh2
Sep 29 21:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Connection closed by 162.144.236.216 port 44076 [preauth]
Sep 29 21:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Failed password for root from 162.144.236.216 port 53098 ssh2
Sep 29 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: Successful su for rubyman by root
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: + ??? root:rubyman
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317238 of user rubyman.
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317238.
Sep 29 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Connection closed by 162.144.236.216 port 53098 [preauth]
Sep 29 21:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user root
Sep 29 21:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28858]: Failed password for root from 162.144.236.216 port 59640 ssh2
Sep 29 21:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28858]: Connection closed by 162.144.236.216 port 59640 [preauth]
Sep 29 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Failed password for root from 162.144.236.216 port 37424 ssh2
Sep 29 21:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29127]: Connection closed by 162.144.236.216 port 37424 [preauth]
Sep 29 21:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Failed password for root from 162.144.236.216 port 45392 ssh2
Sep 29 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Connection closed by 162.144.236.216 port 45392 [preauth]
Sep 29 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for root from 162.144.236.216 port 50958 ssh2
Sep 29 21:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27478]: pam_unix(cron:session): session closed for user root
Sep 29 21:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Connection closed by 162.144.236.216 port 50958 [preauth]
Sep 29 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29219]: Failed password for root from 162.144.236.216 port 56376 ssh2
Sep 29 21:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29219]: Connection closed by 162.144.236.216 port 56376 [preauth]
Sep 29 21:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Failed password for root from 162.144.236.216 port 34764 ssh2
Sep 29 21:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29243]: Connection closed by 162.144.236.216 port 34764 [preauth]
Sep 29 21:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for root from 162.144.236.216 port 41318 ssh2
Sep 29 21:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Connection closed by 162.144.236.216 port 41318 [preauth]
Sep 29 21:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29385]: Successful su for rubyman by root
Sep 29 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29385]: + ??? root:rubyman
Sep 29 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317243 of user rubyman.
Sep 29 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29385]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317243.
Sep 29 21:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25727]: pam_unix(cron:session): session closed for user root
Sep 29 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Failed password for root from 162.144.236.216 port 49578 ssh2
Sep 29 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Connection closed by 162.144.236.216 port 49578 [preauth]
Sep 29 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: Failed password for root from 162.144.236.216 port 55098 ssh2
Sep 29 21:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: Connection closed by 162.144.236.216 port 55098 [preauth]
Sep 29 21:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Failed password for root from 162.144.236.216 port 33602 ssh2
Sep 29 21:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session closed for user root
Sep 29 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Connection closed by 162.144.236.216 port 33602 [preauth]
Sep 29 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: Failed password for root from 162.144.236.216 port 40478 ssh2
Sep 29 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: Connection closed by 162.144.236.216 port 40478 [preauth]
Sep 29 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: Successful su for rubyman by root
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: + ??? root:rubyman
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317246 of user rubyman.
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317246.
Sep 29 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session closed for user root
Sep 29 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Failed password for root from 162.144.236.216 port 47756 ssh2
Sep 29 21:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Connection closed by 162.144.236.216 port 47756 [preauth]
Sep 29 21:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for root from 162.144.236.216 port 55292 ssh2
Sep 29 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 162.144.236.216 port 55292 [preauth]
Sep 29 21:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user root
Sep 29 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Failed password for root from 162.144.236.216 port 34928 ssh2
Sep 29 21:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Connection closed by 162.144.236.216 port 34928 [preauth]
Sep 29 21:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Failed password for root from 162.144.236.216 port 41868 ssh2
Sep 29 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Connection closed by 162.144.236.216 port 41868 [preauth]
Sep 29 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30376]: Successful su for rubyman by root
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30376]: + ??? root:rubyman
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317250 of user rubyman.
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30376]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317250.
Sep 29 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26970]: pam_unix(cron:session): session closed for user root
Sep 29 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: Failed password for root from 162.144.236.216 port 49142 ssh2
Sep 29 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30375]: Connection closed by 162.144.236.216 port 49142 [preauth]
Sep 29 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Failed password for root from 162.144.236.216 port 55330 ssh2
Sep 29 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Connection closed by 162.144.236.216 port 55330 [preauth]
Sep 29 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for root from 162.144.236.216 port 60372 ssh2
Sep 29 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Connection closed by 162.144.236.216 port 60372 [preauth]
Sep 29 21:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Failed password for root from 162.144.236.216 port 37756 ssh2
Sep 29 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Connection closed by 162.144.236.216 port 37756 [preauth]
Sep 29 21:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Invalid user scanner from 93.152.230.176
Sep 29 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: input_userauth_request: invalid user scanner [preauth]
Sep 29 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29317]: pam_unix(cron:session): session closed for user root
Sep 29 21:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Failed password for invalid user scanner from 93.152.230.176 port 57624 ssh2
Sep 29 21:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Received disconnect from 93.152.230.176 port 57624:11: Client disconnecting normally [preauth]
Sep 29 21:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Disconnected from 93.152.230.176 port 57624 [preauth]
Sep 29 21:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: Failed password for root from 162.144.236.216 port 43860 ssh2
Sep 29 21:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: Connection closed by 162.144.236.216 port 43860 [preauth]
Sep 29 21:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Failed password for root from 162.144.236.216 port 51070 ssh2
Sep 29 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: Connection closed by 162.144.236.216 port 51070 [preauth]
Sep 29 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: Failed password for root from 162.144.236.216 port 58620 ssh2
Sep 29 21:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: Connection closed by 162.144.236.216 port 58620 [preauth]
Sep 29 21:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30872]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30870]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30869]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session closed for user root
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: Successful su for rubyman by root
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: + ??? root:rubyman
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317256 of user rubyman.
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30943]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317256.
Sep 29 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30869]: pam_unix(cron:session): session closed for user root
Sep 29 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Failed password for root from 162.144.236.216 port 37582 ssh2
Sep 29 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session closed for user root
Sep 29 21:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Connection closed by 162.144.236.216 port 37582 [preauth]
Sep 29 21:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Failed password for root from 162.144.236.216 port 46630 ssh2
Sep 29 21:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Connection closed by 162.144.236.216 port 46630 [preauth]
Sep 29 21:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user root
Sep 29 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Failed password for root from 162.144.236.216 port 51828 ssh2
Sep 29 21:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Connection closed by 162.144.236.216 port 51828 [preauth]
Sep 29 21:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Failed password for root from 162.144.236.216 port 59078 ssh2
Sep 29 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Connection closed by 162.144.236.216 port 59078 [preauth]
Sep 29 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31358]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: Successful su for rubyman by root
Sep 29 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: + ??? root:rubyman
Sep 29 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317261 of user rubyman.
Sep 29 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317261.
Sep 29 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session closed for user root
Sep 29 21:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31359]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: Failed password for root from 162.144.236.216 port 37988 ssh2
Sep 29 21:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: Connection closed by 162.144.236.216 port 37988 [preauth]
Sep 29 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Failed password for root from 162.144.236.216 port 47014 ssh2
Sep 29 21:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Connection closed by 162.144.236.216 port 47014 [preauth]
Sep 29 21:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Invalid user admin from 185.156.73.233
Sep 29 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: input_userauth_request: invalid user admin [preauth]
Sep 29 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Failed password for invalid user admin from 185.156.73.233 port 63408 ssh2
Sep 29 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Connection closed by 185.156.73.233 port 63408 [preauth]
Sep 29 21:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session closed for user root
Sep 29 21:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Failed password for root from 162.144.236.216 port 54120 ssh2
Sep 29 21:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Connection closed by 162.144.236.216 port 54120 [preauth]
Sep 29 21:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Failed password for root from 162.144.236.216 port 34604 ssh2
Sep 29 21:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Connection closed by 162.144.236.216 port 34604 [preauth]
Sep 29 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: Successful su for rubyman by root
Sep 29 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: + ??? root:rubyman
Sep 29 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317264 of user rubyman.
Sep 29 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317264.
Sep 29 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session closed for user root
Sep 29 21:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Failed password for root from 162.144.236.216 port 40596 ssh2
Sep 29 21:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Connection closed by 162.144.236.216 port 40596 [preauth]
Sep 29 21:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32148]: Failed password for root from 162.144.236.216 port 47446 ssh2
Sep 29 21:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32148]: Connection closed by 162.144.236.216 port 47446 [preauth]
Sep 29 21:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32183]: Failed password for root from 162.144.236.216 port 55976 ssh2
Sep 29 21:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32183]: Connection closed by 162.144.236.216 port 55976 [preauth]
Sep 29 21:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30872]: pam_unix(cron:session): session closed for user root
Sep 29 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Failed password for root from 162.144.236.216 port 35684 ssh2
Sep 29 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Connection closed by 162.144.236.216 port 35684 [preauth]
Sep 29 21:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Failed password for root from 162.144.236.216 port 40696 ssh2
Sep 29 21:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32261]: Connection closed by 162.144.236.216 port 40696 [preauth]
Sep 29 21:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: Failed password for root from 162.144.236.216 port 46902 ssh2
Sep 29 21:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32285]: Connection closed by 162.144.236.216 port 46902 [preauth]
Sep 29 21:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32319]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: Successful su for rubyman by root
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: + ??? root:rubyman
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317268 of user rubyman.
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317268.
Sep 29 21:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Did not receive identification string from 162.144.236.216
Sep 29 21:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
Sep 29 21:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Failed password for root from 162.144.236.216 port 55364 ssh2
Sep 29 21:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Connection closed by 162.144.236.216 port 55364 [preauth]
Sep 29 21:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Failed password for root from 162.144.236.216 port 33442 ssh2
Sep 29 21:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Connection closed by 162.144.236.216 port 33442 [preauth]
Sep 29 21:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session closed for user root
Sep 29 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Failed password for root from 162.144.236.216 port 41284 ssh2
Sep 29 21:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Connection closed by 162.144.236.216 port 41284 [preauth]
Sep 29 21:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[370]: Successful su for rubyman by root
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[370]: + ??? root:rubyman
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317272 of user rubyman.
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[370]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317272.
Sep 29 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: Failed password for root from 162.144.236.216 port 48776 ssh2
Sep 29 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user root
Sep 29 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: Connection closed by 162.144.236.216 port 48776 [preauth]
Sep 29 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Failed password for root from 162.144.236.216 port 57110 ssh2
Sep 29 21:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Connection closed by 162.144.236.216 port 57110 [preauth]
Sep 29 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: Failed password for root from 162.144.236.216 port 35368 ssh2
Sep 29 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[616]: Connection closed by 162.144.236.216 port 35368 [preauth]
Sep 29 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session closed for user root
Sep 29 21:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Failed password for root from 162.144.236.216 port 41514 ssh2
Sep 29 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Connection closed by 162.144.236.216 port 41514 [preauth]
Sep 29 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Failed password for root from 162.144.236.216 port 49520 ssh2
Sep 29 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Connection closed by 162.144.236.216 port 49520 [preauth]
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[753]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[749]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[753]: pam_unix(cron:session): session closed for user root
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: Successful su for rubyman by root
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: + ??? root:rubyman
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317280 of user rubyman.
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[855]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317280.
Sep 29 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[749]: pam_unix(cron:session): session closed for user root
Sep 29 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user root
Sep 29 21:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[748]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: Failed password for root from 162.144.236.216 port 56120 ssh2
Sep 29 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: Connection closed by 162.144.236.216 port 56120 [preauth]
Sep 29 21:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Bad protocol version identification '\026\003\001' from 64.62.156.152 port 12958
Sep 29 21:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for root from 162.144.236.216 port 34216 ssh2
Sep 29 21:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Connection closed by 162.144.236.216 port 34216 [preauth]
Sep 29 21:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for root from 162.144.236.216 port 40242 ssh2
Sep 29 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Connection closed by 162.144.236.216 port 40242 [preauth]
Sep 29 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32319]: pam_unix(cron:session): session closed for user root
Sep 29 21:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Failed password for root from 162.144.236.216 port 46352 ssh2
Sep 29 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: Connection closed by 162.144.236.216 port 46352 [preauth]
Sep 29 21:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Failed password for root from 162.144.236.216 port 54876 ssh2
Sep 29 21:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Connection closed by 162.144.236.216 port 54876 [preauth]
Sep 29 21:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1309]: Failed password for root from 162.144.236.216 port 33268 ssh2
Sep 29 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1309]: Connection closed by 162.144.236.216 port 33268 [preauth]
Sep 29 21:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1347]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: Successful su for rubyman by root
Sep 29 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: + ??? root:rubyman
Sep 29 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317284 of user rubyman.
Sep 29 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317284.
Sep 29 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30870]: pam_unix(cron:session): session closed for user root
Sep 29 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: Failed password for root from 162.144.236.216 port 38942 ssh2
Sep 29 21:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: Connection closed by 162.144.236.216 port 38942 [preauth]
Sep 29 21:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 162.144.236.216 port 45158 ssh2
Sep 29 21:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Connection closed by 162.144.236.216 port 45158 [preauth]
Sep 29 21:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user root
Sep 29 21:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Failed password for root from 162.144.236.216 port 51638 ssh2
Sep 29 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Connection closed by 162.144.236.216 port 51638 [preauth]
Sep 29 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: Failed password for root from 162.144.236.216 port 60020 ssh2
Sep 29 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1805]: Connection closed by 162.144.236.216 port 60020 [preauth]
Sep 29 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: Successful su for rubyman by root
Sep 29 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: + ??? root:rubyman
Sep 29 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317288 of user rubyman.
Sep 29 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1905]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317288.
Sep 29 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Failed password for root from 162.144.236.216 port 35312 ssh2
Sep 29 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Connection closed by 162.144.236.216 port 35312 [preauth]
Sep 29 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session closed for user root
Sep 29 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: Failed password for root from 162.144.236.216 port 41822 ssh2
Sep 29 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2068]: Connection closed by 162.144.236.216 port 41822 [preauth]
Sep 29 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: Failed password for root from 162.144.236.216 port 48164 ssh2
Sep 29 21:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2125]: Connection closed by 162.144.236.216 port 48164 [preauth]
Sep 29 21:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Failed password for root from 162.144.236.216 port 55378 ssh2
Sep 29 21:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2162]: Connection closed by 162.144.236.216 port 55378 [preauth]
Sep 29 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Invalid user openvpn from 93.152.230.176
Sep 29 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: input_userauth_request: invalid user openvpn [preauth]
Sep 29 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Failed password for invalid user openvpn from 93.152.230.176 port 25896 ssh2
Sep 29 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Received disconnect from 93.152.230.176 port 25896:11: Client disconnecting normally [preauth]
Sep 29 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2191]: Disconnected from 93.152.230.176 port 25896 [preauth]
Sep 29 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[752]: pam_unix(cron:session): session closed for user root
Sep 29 21:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Failed password for root from 162.144.236.216 port 33550 ssh2
Sep 29 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Connection closed by 162.144.236.216 port 33550 [preauth]
Sep 29 21:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Failed password for root from 162.144.236.216 port 40998 ssh2
Sep 29 21:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Connection closed by 162.144.236.216 port 40998 [preauth]
Sep 29 21:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: Successful su for rubyman by root
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: + ??? root:rubyman
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317291 of user rubyman.
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2354]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317291.
Sep 29 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session closed for user root
Sep 29 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for root from 162.144.236.216 port 47536 ssh2
Sep 29 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Connection closed by 162.144.236.216 port 47536 [preauth]
Sep 29 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: Failed password for root from 162.144.236.216 port 56176 ssh2
Sep 29 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: Connection closed by 162.144.236.216 port 56176 [preauth]
Sep 29 21:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1358]: pam_unix(cron:session): session closed for user root
Sep 29 21:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for root from 162.144.236.216 port 36832 ssh2
Sep 29 21:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Connection closed by 162.144.236.216 port 36832 [preauth]
Sep 29 21:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2729]: pam_unix(cron:session): session closed for user p13x
Sep 29 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: Successful su for rubyman by root
Sep 29 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: + ??? root:rubyman
Sep 29 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317294 of user rubyman.
Sep 29 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: pam_unix(su:session): session closed for user rubyman
Sep 29 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317294.
Sep 29 21:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session closed for user root
Sep 29 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2716]: Failed password for root from 162.144.236.216 port 46654 ssh2
Sep 29 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2716]: Connection closed by 162.144.236.216 port 46654 [preauth]
Sep 29 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session closed for user samftp
Sep 29 21:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Failed password for root from 162.144.236.216 port 51818 ssh2
Sep 29 21:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Connection closed by 162.144.236.216 port 51818 [preauth]
Sep 29 21:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Failed password for root from 162.144.236.216 port 59116 ssh2
Sep 29 21:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3028]: Connection closed by 162.144.236.216 port 59116 [preauth]
Sep 29 21:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for root from 162.144.236.216 port 36660 ssh2
Sep 29 21:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 162.144.236.216 port 36660 [preauth]
Sep 29 21:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session closed for user root
Sep 29 21:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Failed password for root from 162.144.236.216 port 44732 ssh2
Sep 29 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Connection closed by 162.144.236.216 port 44732 [preauth]
Sep 29 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Failed password for root from 162.144.236.216 port 49230 ssh2
Sep 29 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Connection closed by 162.144.236.216 port 49230 [preauth]
Sep 29 21:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 162.144.236.216 port 54956 ssh2
Sep 29 21:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Connection closed by 162.144.236.216 port 54956 [preauth]
Sep 29 21:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Invalid user node from 195.178.110.133
Sep 29 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: input_userauth_request: invalid user node [preauth]
Sep 29 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.133
Sep 29 21:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 21:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Failed password for invalid user node from 195.178.110.133 port 38832 ssh2
Sep 29 22:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Connection closed by 195.178.110.133 port 38832 [preauth]
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for root from 162.144.236.216 port 32956 ssh2
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session closed for user root
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session closed for user root
Sep 29 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Connection closed by 162.144.236.216 port 32956 [preauth]
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: Successful su for rubyman by root
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: + ??? root:rubyman
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317299 of user rubyman.
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3275]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317299.
Sep 29 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[308]: pam_unix(cron:session): session closed for user root
Sep 29 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3170]: pam_unix(cron:session): session closed for user root
Sep 29 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Failed password for root from 162.144.236.216 port 39610 ssh2
Sep 29 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Connection closed by 162.144.236.216 port 39610 [preauth]
Sep 29 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3511]: Failed password for root from 162.144.236.216 port 45074 ssh2
Sep 29 22:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3511]: Connection closed by 162.144.236.216 port 45074 [preauth]
Sep 29 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session closed for user root
Sep 29 22:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Failed password for root from 162.144.236.216 port 53236 ssh2
Sep 29 22:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Connection closed by 162.144.236.216 port 53236 [preauth]
Sep 29 22:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: Failed password for root from 162.144.236.216 port 59660 ssh2
Sep 29 22:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: Connection closed by 162.144.236.216 port 59660 [preauth]
Sep 29 22:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3704]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: Successful su for rubyman by root
Sep 29 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: + ??? root:rubyman
Sep 29 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317306 of user rubyman.
Sep 29 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3787]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317306.
Sep 29 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[751]: pam_unix(cron:session): session closed for user root
Sep 29 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Failed password for root from 162.144.236.216 port 38982 ssh2
Sep 29 22:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Connection closed by 162.144.236.216 port 38982 [preauth]
Sep 29 22:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4002]: Failed password for root from 162.144.236.216 port 46340 ssh2
Sep 29 22:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4002]: Connection closed by 162.144.236.216 port 46340 [preauth]
Sep 29 22:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session closed for user root
Sep 29 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Failed password for root from 162.144.236.216 port 53264 ssh2
Sep 29 22:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Connection closed by 162.144.236.216 port 53264 [preauth]
Sep 29 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: Failed password for root from 162.144.236.216 port 57346 ssh2
Sep 29 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: Connection closed by 162.144.236.216 port 57346 [preauth]
Sep 29 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Sep 29 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Failed password for root from 80.94.95.116 port 57650 ssh2
Sep 29 22:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4143]: Connection closed by 80.94.95.116 port 57650 [preauth]
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: Successful su for rubyman by root
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: + ??? root:rubyman
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317310 of user rubyman.
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4245]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317310.
Sep 29 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1357]: pam_unix(cron:session): session closed for user root
Sep 29 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4158]: Failed password for root from 162.144.236.216 port 36008 ssh2
Sep 29 22:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4158]: Connection closed by 162.144.236.216 port 36008 [preauth]
Sep 29 22:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Failed password for root from 162.144.236.216 port 46130 ssh2
Sep 29 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4455]: Connection closed by 162.144.236.216 port 46130 [preauth]
Sep 29 22:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Invalid user thaddaeus from 80.94.95.112
Sep 29 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: input_userauth_request: invalid user thaddaeus [preauth]
Sep 29 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Failed password for root from 162.144.236.216 port 50960 ssh2
Sep 29 22:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Connection closed by 162.144.236.216 port 50960 [preauth]
Sep 29 22:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user thaddaeus from 80.94.95.112 port 63692 ssh2
Sep 29 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user thaddaeus from 80.94.95.112 port 63692 ssh2
Sep 29 22:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user thaddaeus from 80.94.95.112 port 63692 ssh2
Sep 29 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for root from 162.144.236.216 port 58914 ssh2
Sep 29 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user thaddaeus from 80.94.95.112 port 63692 ssh2
Sep 29 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Connection closed by 162.144.236.216 port 58914 [preauth]
Sep 29 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for invalid user thaddaeus from 80.94.95.112 port 63692 ssh2
Sep 29 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Received disconnect from 80.94.95.112 port 63692:11: Bye [preauth]
Sep 29 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Disconnected from 80.94.95.112 port 63692 [preauth]
Sep 29 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session closed for user root
Sep 29 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Failed password for root from 162.144.236.216 port 36996 ssh2
Sep 29 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Connection closed by 162.144.236.216 port 36996 [preauth]
Sep 29 22:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: Failed password for root from 162.144.236.216 port 45288 ssh2
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4689]: Successful su for rubyman by root
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4689]: + ??? root:rubyman
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317314 of user rubyman.
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4689]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317314.
Sep 29 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: Connection closed by 162.144.236.216 port 45288 [preauth]
Sep 29 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session closed for user root
Sep 29 22:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4618]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Failed password for root from 162.144.236.216 port 52814 ssh2
Sep 29 22:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Connection closed by 162.144.236.216 port 52814 [preauth]
Sep 29 22:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Failed password for root from 162.144.236.216 port 59086 ssh2
Sep 29 22:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Connection closed by 162.144.236.216 port 59086 [preauth]
Sep 29 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session closed for user root
Sep 29 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Failed password for root from 162.144.236.216 port 36724 ssh2
Sep 29 22:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4964]: Connection closed by 162.144.236.216 port 36724 [preauth]
Sep 29 22:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5073]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5145]: Successful su for rubyman by root
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5145]: + ??? root:rubyman
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317317 of user rubyman.
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5145]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317317.
Sep 29 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: Failed password for root from 162.144.236.216 port 45422 ssh2
Sep 29 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5049]: Connection closed by 162.144.236.216 port 45422 [preauth]
Sep 29 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session closed for user root
Sep 29 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5074]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Failed password for root from 162.144.236.216 port 53058 ssh2
Sep 29 22:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Connection closed by 162.144.236.216 port 53058 [preauth]
Sep 29 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for root from 162.144.236.216 port 34834 ssh2
Sep 29 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session closed for user root
Sep 29 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Connection closed by 162.144.236.216 port 34834 [preauth]
Sep 29 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Failed password for root from 162.144.236.216 port 43038 ssh2
Sep 29 22:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5538]: Connection closed by 162.144.236.216 port 43038 [preauth]
Sep 29 22:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5613]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5613]: pam_unix(cron:session): session closed for user root
Sep 29 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5683]: Successful su for rubyman by root
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5683]: + ??? root:rubyman
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317325 of user rubyman.
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5683]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317325.
Sep 29 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Failed password for root from 162.144.236.216 port 51810 ssh2
Sep 29 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5593]: Connection closed by 162.144.236.216 port 51810 [preauth]
Sep 29 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session closed for user root
Sep 29 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session closed for user root
Sep 29 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: Failed password for root from 162.144.236.216 port 56582 ssh2
Sep 29 22:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5810]: Connection closed by 162.144.236.216 port 56582 [preauth]
Sep 29 22:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Failed password for root from 162.144.236.216 port 33798 ssh2
Sep 29 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Connection closed by 162.144.236.216 port 33798 [preauth]
Sep 29 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Failed password for root from 162.144.236.216 port 40514 ssh2
Sep 29 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Connection closed by 162.144.236.216 port 40514 [preauth]
Sep 29 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Failed password for root from 162.144.236.216 port 47208 ssh2
Sep 29 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session closed for user root
Sep 29 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Connection closed by 162.144.236.216 port 47208 [preauth]
Sep 29 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Invalid user test from 93.152.230.176
Sep 29 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: input_userauth_request: invalid user test [preauth]
Sep 29 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Failed password for invalid user test from 93.152.230.176 port 41194 ssh2
Sep 29 22:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Received disconnect from 93.152.230.176 port 41194:11: Client disconnecting normally [preauth]
Sep 29 22:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Disconnected from 93.152.230.176 port 41194 [preauth]
Sep 29 22:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Failed password for root from 162.144.236.216 port 53426 ssh2
Sep 29 22:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Connection closed by 162.144.236.216 port 53426 [preauth]
Sep 29 22:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6104]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6100]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: Successful su for rubyman by root
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: + ??? root:rubyman
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317328 of user rubyman.
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317328.
Sep 29 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for root from 162.144.236.216 port 33354 ssh2
Sep 29 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3171]: pam_unix(cron:session): session closed for user root
Sep 29 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6103]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 162.144.236.216 port 33354 [preauth]
Sep 29 22:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Invalid user admin from 80.94.95.112
Sep 29 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: input_userauth_request: invalid user admin [preauth]
Sep 29 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user admin from 80.94.95.112 port 16818 ssh2
Sep 29 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user admin from 80.94.95.112 port 16818 ssh2
Sep 29 22:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user admin from 80.94.95.112 port 16818 ssh2
Sep 29 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6386]: Failed password for root from 162.144.236.216 port 41394 ssh2
Sep 29 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user admin from 80.94.95.112 port 16818 ssh2
Sep 29 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6386]: Connection closed by 162.144.236.216 port 41394 [preauth]
Sep 29 22:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user admin from 80.94.95.112 port 16818 ssh2
Sep 29 22:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Received disconnect from 80.94.95.112 port 16818:11: Bye [preauth]
Sep 29 22:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Disconnected from 80.94.95.112 port 16818 [preauth]
Sep 29 22:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 22:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session closed for user root
Sep 29 22:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: Failed password for root from 162.144.236.216 port 48596 ssh2
Sep 29 22:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6424]: Connection closed by 162.144.236.216 port 48596 [preauth]
Sep 29 22:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Failed password for root from 162.144.236.216 port 56432 ssh2
Sep 29 22:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6502]: Connection closed by 162.144.236.216 port 56432 [preauth]
Sep 29 22:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: Successful su for rubyman by root
Sep 29 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: + ??? root:rubyman
Sep 29 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317332 of user rubyman.
Sep 29 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317332.
Sep 29 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session closed for user root
Sep 29 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Failed password for root from 162.144.236.216 port 35130 ssh2
Sep 29 22:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Connection closed by 162.144.236.216 port 35130 [preauth]
Sep 29 22:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Failed password for root from 162.144.236.216 port 42294 ssh2
Sep 29 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6928]: Connection closed by 162.144.236.216 port 42294 [preauth]
Sep 29 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Failed password for root from 162.144.236.216 port 49022 ssh2
Sep 29 22:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Connection closed by 162.144.236.216 port 49022 [preauth]
Sep 29 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user root
Sep 29 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Failed password for root from 162.144.236.216 port 55794 ssh2
Sep 29 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Connection closed by 162.144.236.216 port 55794 [preauth]
Sep 29 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Failed password for root from 162.144.236.216 port 36776 ssh2
Sep 29 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7034]: Connection closed by 162.144.236.216 port 36776 [preauth]
Sep 29 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: Failed password for root from 162.144.236.216 port 45386 ssh2
Sep 29 22:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: Connection closed by 162.144.236.216 port 45386 [preauth]
Sep 29 22:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7264]: Successful su for rubyman by root
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7264]: + ??? root:rubyman
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317336 of user rubyman.
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7264]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317336.
Sep 29 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: Failed password for root from 162.144.236.216 port 54886 ssh2
Sep 29 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user root
Sep 29 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: Connection closed by 162.144.236.216 port 54886 [preauth]
Sep 29 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Failed password for root from 162.144.236.216 port 33366 ssh2
Sep 29 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Connection closed by 162.144.236.216 port 33366 [preauth]
Sep 29 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6105]: pam_unix(cron:session): session closed for user root
Sep 29 22:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: Failed password for root from 162.144.236.216 port 40126 ssh2
Sep 29 22:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: Connection closed by 162.144.236.216 port 40126 [preauth]
Sep 29 22:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Failed password for root from 162.144.236.216 port 47122 ssh2
Sep 29 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7580]: Connection closed by 162.144.236.216 port 47122 [preauth]
Sep 29 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 162.144.236.216 port 54308 ssh2
Sep 29 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Connection closed by 162.144.236.216 port 54308 [preauth]
Sep 29 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7647]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7649]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7813]: Successful su for rubyman by root
Sep 29 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7813]: + ??? root:rubyman
Sep 29 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317339 of user rubyman.
Sep 29 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7813]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317339.
Sep 29 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7647]: pam_unix(cron:session): session closed for user root
Sep 29 22:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user root
Sep 29 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7645]: Failed password for root from 162.144.236.216 port 35706 ssh2
Sep 29 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7645]: Connection closed by 162.144.236.216 port 35706 [preauth]
Sep 29 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: Invalid user support from 194.0.234.19
Sep 29 22:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: input_userauth_request: invalid user support [preauth]
Sep 29 22:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: Failed password for invalid user support from 194.0.234.19 port 55070 ssh2
Sep 29 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8070]: Connection closed by 194.0.234.19 port 55070 [preauth]
Sep 29 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8048]: Failed password for root from 162.144.236.216 port 41514 ssh2
Sep 29 22:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8048]: Connection closed by 162.144.236.216 port 41514 [preauth]
Sep 29 22:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: Failed password for root from 162.144.236.216 port 47996 ssh2
Sep 29 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8082]: Connection closed by 162.144.236.216 port 47996 [preauth]
Sep 29 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Failed password for root from 162.144.236.216 port 54832 ssh2
Sep 29 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Connection closed by 162.144.236.216 port 54832 [preauth]
Sep 29 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user root
Sep 29 22:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Failed password for root from 162.144.236.216 port 34848 ssh2
Sep 29 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Connection closed by 162.144.236.216 port 34848 [preauth]
Sep 29 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: Failed password for root from 162.144.236.216 port 41226 ssh2
Sep 29 22:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: Connection closed by 162.144.236.216 port 41226 [preauth]
Sep 29 22:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Failed password for root from 162.144.236.216 port 47678 ssh2
Sep 29 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Connection closed by 162.144.236.216 port 47678 [preauth]
Sep 29 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8279]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8280]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8280]: pam_unix(cron:session): session closed for user root
Sep 29 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8274]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: Successful su for rubyman by root
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: + ??? root:rubyman
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317349 of user rubyman.
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317349.
Sep 29 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: Failed password for root from 162.144.236.216 port 56176 ssh2
Sep 29 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session closed for user root
Sep 29 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: Connection closed by 162.144.236.216 port 56176 [preauth]
Sep 29 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5076]: pam_unix(cron:session): session closed for user root
Sep 29 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8275]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: Failed password for root from 162.144.236.216 port 60654 ssh2
Sep 29 22:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: Connection closed by 162.144.236.216 port 60654 [preauth]
Sep 29 22:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for root from 162.144.236.216 port 38760 ssh2
Sep 29 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Connection closed by 162.144.236.216 port 38760 [preauth]
Sep 29 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Failed password for root from 162.144.236.216 port 44298 ssh2
Sep 29 22:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Connection closed by 162.144.236.216 port 44298 [preauth]
Sep 29 22:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session closed for user root
Sep 29 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Failed password for root from 162.144.236.216 port 50406 ssh2
Sep 29 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Connection closed by 162.144.236.216 port 50406 [preauth]
Sep 29 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Invalid user user from 62.60.131.157
Sep 29 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: input_userauth_request: invalid user user [preauth]
Sep 29 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user user from 62.60.131.157 port 23134 ssh2
Sep 29 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user user from 62.60.131.157 port 23134 ssh2
Sep 29 22:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user user from 62.60.131.157 port 23134 ssh2
Sep 29 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: Failed password for root from 162.144.236.216 port 57764 ssh2
Sep 29 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: Connection closed by 162.144.236.216 port 57764 [preauth]
Sep 29 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user user from 62.60.131.157 port 23134 ssh2
Sep 29 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user user from 62.60.131.157 port 23134 ssh2
Sep 29 22:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Received disconnect from 62.60.131.157 port 23134:11: Bye [preauth]
Sep 29 22:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Disconnected from 62.60.131.157 port 23134 [preauth]
Sep 29 22:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 22:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 22:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Failed password for root from 162.144.236.216 port 37602 ssh2
Sep 29 22:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Connection closed by 162.144.236.216 port 37602 [preauth]
Sep 29 22:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Failed password for root from 162.144.236.216 port 45154 ssh2
Sep 29 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8903]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8971]: Successful su for rubyman by root
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8971]: + ??? root:rubyman
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317351 of user rubyman.
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8971]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317351.
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Connection closed by 162.144.236.216 port 45154 [preauth]
Sep 29 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5607]: pam_unix(cron:session): session closed for user root
Sep 29 22:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Failed password for root from 162.144.236.216 port 51504 ssh2
Sep 29 22:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Connection closed by 162.144.236.216 port 51504 [preauth]
Sep 29 22:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Failed password for root from 162.144.236.216 port 57678 ssh2
Sep 29 22:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9291]: Connection closed by 162.144.236.216 port 57678 [preauth]
Sep 29 22:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Failed password for root from 162.144.236.216 port 35678 ssh2
Sep 29 22:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9328]: Connection closed by 162.144.236.216 port 35678 [preauth]
Sep 29 22:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Failed password for root from 162.144.236.216 port 41858 ssh2
Sep 29 22:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session closed for user root
Sep 29 22:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Connection closed by 162.144.236.216 port 41858 [preauth]
Sep 29 22:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9405]: Failed password for root from 162.144.236.216 port 49914 ssh2
Sep 29 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9405]: Connection closed by 162.144.236.216 port 49914 [preauth]
Sep 29 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: Failed password for root from 162.144.236.216 port 57562 ssh2
Sep 29 22:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: Connection closed by 162.144.236.216 port 57562 [preauth]
Sep 29 22:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9461]: Failed password for root from 162.144.236.216 port 35650 ssh2
Sep 29 22:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9461]: Connection closed by 162.144.236.216 port 35650 [preauth]
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9475]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9539]: Successful su for rubyman by root
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9539]: + ??? root:rubyman
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317355 of user rubyman.
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9539]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317355.
Sep 29 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6104]: pam_unix(cron:session): session closed for user root
Sep 29 22:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: Failed password for root from 162.144.236.216 port 41740 ssh2
Sep 29 22:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: Connection closed by 162.144.236.216 port 41740 [preauth]
Sep 29 22:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Failed password for root from 162.144.236.216 port 46760 ssh2
Sep 29 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Connection closed by 162.144.236.216 port 46760 [preauth]
Sep 29 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Invalid user appltest from 138.68.58.124
Sep 29 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: input_userauth_request: invalid user appltest [preauth]
Sep 29 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Sep 29 22:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for root from 162.144.236.216 port 52824 ssh2
Sep 29 22:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Connection closed by 162.144.236.216 port 52824 [preauth]
Sep 29 22:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for invalid user appltest from 138.68.58.124 port 50314 ssh2
Sep 29 22:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Connection closed by 138.68.58.124 port 50314 [preauth]
Sep 29 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Failed password for root from 162.144.236.216 port 60436 ssh2
Sep 29 22:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Connection closed by 162.144.236.216 port 60436 [preauth]
Sep 29 22:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8279]: pam_unix(cron:session): session closed for user root
Sep 29 22:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Failed password for root from 162.144.236.216 port 38394 ssh2
Sep 29 22:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Connection closed by 162.144.236.216 port 38394 [preauth]
Sep 29 22:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Failed password for root from 162.144.236.216 port 44576 ssh2
Sep 29 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Invalid user bigdata from 46.101.170.54
Sep 29 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: input_userauth_request: invalid user bigdata [preauth]
Sep 29 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 29 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Connection closed by 162.144.236.216 port 44576 [preauth]
Sep 29 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Failed password for invalid user bigdata from 46.101.170.54 port 40948 ssh2
Sep 29 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10001]: Connection closed by 46.101.170.54 port 40948 [preauth]
Sep 29 22:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10016]: Failed password for root from 162.144.236.216 port 51068 ssh2
Sep 29 22:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10016]: Connection closed by 162.144.236.216 port 51068 [preauth]
Sep 29 22:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10056]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10054]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: Successful su for rubyman by root
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: + ??? root:rubyman
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317358 of user rubyman.
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317358.
Sep 29 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Failed password for root from 162.144.236.216 port 57572 ssh2
Sep 29 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Connection closed by 162.144.236.216 port 57572 [preauth]
Sep 29 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session closed for user root
Sep 29 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10055]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Failed password for root from 162.144.236.216 port 37116 ssh2
Sep 29 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Connection closed by 162.144.236.216 port 37116 [preauth]
Sep 29 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Failed password for root from 162.144.236.216 port 44530 ssh2
Sep 29 22:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Connection closed by 162.144.236.216 port 44530 [preauth]
Sep 29 22:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Failed password for root from 162.144.236.216 port 50142 ssh2
Sep 29 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Connection closed by 162.144.236.216 port 50142 [preauth]
Sep 29 22:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8903]: pam_unix(cron:session): session closed for user root
Sep 29 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: Failed password for root from 162.144.236.216 port 54870 ssh2
Sep 29 22:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10420]: Connection closed by 162.144.236.216 port 54870 [preauth]
Sep 29 22:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Failed password for root from 162.144.236.216 port 33726 ssh2
Sep 29 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Connection closed by 162.144.236.216 port 33726 [preauth]
Sep 29 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Invalid user free from 93.152.230.176
Sep 29 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: input_userauth_request: invalid user free [preauth]
Sep 29 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Failed password for invalid user free from 93.152.230.176 port 9937 ssh2
Sep 29 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Received disconnect from 93.152.230.176 port 9937:11: Client disconnecting normally [preauth]
Sep 29 22:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Disconnected from 93.152.230.176 port 9937 [preauth]
Sep 29 22:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10481]: Failed password for root from 162.144.236.216 port 39736 ssh2
Sep 29 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10481]: Connection closed by 162.144.236.216 port 39736 [preauth]
Sep 29 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Failed password for root from 162.144.236.216 port 46372 ssh2
Sep 29 22:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Connection closed by 162.144.236.216 port 46372 [preauth]
Sep 29 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Invalid user user from 80.94.95.112
Sep 29 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: input_userauth_request: invalid user user [preauth]
Sep 29 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10608]: Successful su for rubyman by root
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10608]: + ??? root:rubyman
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317364 of user rubyman.
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10608]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317364.
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user user from 80.94.95.112 port 64078 ssh2
Sep 29 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user user from 80.94.95.112 port 64078 ssh2
Sep 29 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session closed for user root
Sep 29 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user user from 80.94.95.112 port 64078 ssh2
Sep 29 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for root from 162.144.236.216 port 53560 ssh2
Sep 29 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Connection closed by 162.144.236.216 port 53560 [preauth]
Sep 29 22:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user user from 80.94.95.112 port 64078 ssh2
Sep 29 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user user from 80.94.95.112 port 64078 ssh2
Sep 29 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Received disconnect from 80.94.95.112 port 64078:11: Bye [preauth]
Sep 29 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Disconnected from 80.94.95.112 port 64078 [preauth]
Sep 29 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 22:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for root from 162.144.236.216 port 60508 ssh2
Sep 29 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 162.144.236.216 port 60508 [preauth]
Sep 29 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: Failed password for root from 162.144.236.216 port 36264 ssh2
Sep 29 22:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: Connection closed by 162.144.236.216 port 36264 [preauth]
Sep 29 22:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Failed password for root from 162.144.236.216 port 43384 ssh2
Sep 29 22:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Connection closed by 162.144.236.216 port 43384 [preauth]
Sep 29 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session closed for user root
Sep 29 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: Failed password for root from 162.144.236.216 port 52626 ssh2
Sep 29 22:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: Connection closed by 162.144.236.216 port 52626 [preauth]
Sep 29 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: Failed password for root from 162.144.236.216 port 59160 ssh2
Sep 29 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10929]: Connection closed by 162.144.236.216 port 59160 [preauth]
Sep 29 22:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Failed password for root from 162.144.236.216 port 35604 ssh2
Sep 29 22:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Connection closed by 162.144.236.216 port 35604 [preauth]
Sep 29 22:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user root
Sep 29 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: Successful su for rubyman by root
Sep 29 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: + ??? root:rubyman
Sep 29 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317370 of user rubyman.
Sep 29 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11063]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317370.
Sep 29 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Failed password for root from 162.144.236.216 port 42504 ssh2
Sep 29 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10980]: Connection closed by 162.144.236.216 port 42504 [preauth]
Sep 29 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session closed for user root
Sep 29 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7651]: pam_unix(cron:session): session closed for user root
Sep 29 22:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Failed password for root from 162.144.236.216 port 48190 ssh2
Sep 29 22:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Connection closed by 162.144.236.216 port 48190 [preauth]
Sep 29 22:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Failed password for root from 162.144.236.216 port 52962 ssh2
Sep 29 22:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Connection closed by 162.144.236.216 port 52962 [preauth]
Sep 29 22:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: Failed password for root from 162.144.236.216 port 58818 ssh2
Sep 29 22:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: Connection closed by 162.144.236.216 port 58818 [preauth]
Sep 29 22:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10057]: pam_unix(cron:session): session closed for user root
Sep 29 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Failed password for root from 162.144.236.216 port 38442 ssh2
Sep 29 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Connection closed by 162.144.236.216 port 38442 [preauth]
Sep 29 22:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11393]: Failed password for root from 162.144.236.216 port 45314 ssh2
Sep 29 22:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11393]: Connection closed by 162.144.236.216 port 45314 [preauth]
Sep 29 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Failed password for root from 162.144.236.216 port 52660 ssh2
Sep 29 22:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11426]: Connection closed by 162.144.236.216 port 52660 [preauth]
Sep 29 22:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Failed password for root from 162.144.236.216 port 59674 ssh2
Sep 29 22:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11441]: Connection closed by 162.144.236.216 port 59674 [preauth]
Sep 29 22:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11469]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11467]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: Successful su for rubyman by root
Sep 29 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: + ??? root:rubyman
Sep 29 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317373 of user rubyman.
Sep 29 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11538]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317373.
Sep 29 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session closed for user root
Sep 29 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11468]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Failed password for root from 162.144.236.216 port 37932 ssh2
Sep 29 22:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11460]: Connection closed by 162.144.236.216 port 37932 [preauth]
Sep 29 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11850]: Failed password for root from 162.144.236.216 port 46966 ssh2
Sep 29 22:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11850]: Connection closed by 162.144.236.216 port 46966 [preauth]
Sep 29 22:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Failed password for root from 162.144.236.216 port 54098 ssh2
Sep 29 22:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11879]: Connection closed by 162.144.236.216 port 54098 [preauth]
Sep 29 22:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Failed password for root from 162.144.236.216 port 59636 ssh2
Sep 29 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Connection closed by 162.144.236.216 port 59636 [preauth]
Sep 29 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session closed for user root
Sep 29 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Failed password for root from 162.144.236.216 port 36638 ssh2
Sep 29 22:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Connection closed by 162.144.236.216 port 36638 [preauth]
Sep 29 22:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for root from 162.144.236.216 port 42670 ssh2
Sep 29 22:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Connection closed by 162.144.236.216 port 42670 [preauth]
Sep 29 22:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Failed password for root from 162.144.236.216 port 50242 ssh2
Sep 29 22:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Connection closed by 162.144.236.216 port 50242 [preauth]
Sep 29 22:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session closed for user root
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: Successful su for rubyman by root
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: + ??? root:rubyman
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317378 of user rubyman.
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317378.
Sep 29 22:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session closed for user root
Sep 29 22:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Failed password for root from 162.144.236.216 port 57328 ssh2
Sep 29 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Connection closed by 162.144.236.216 port 57328 [preauth]
Sep 29 22:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Failed password for root from 162.144.236.216 port 35608 ssh2
Sep 29 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Connection closed by 162.144.236.216 port 35608 [preauth]
Sep 29 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Failed password for root from 162.144.236.216 port 41824 ssh2
Sep 29 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Connection closed by 162.144.236.216 port 41824 [preauth]
Sep 29 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Failed password for root from 162.144.236.216 port 48352 ssh2
Sep 29 22:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Connection closed by 162.144.236.216 port 48352 [preauth]
Sep 29 22:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session closed for user root
Sep 29 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for root from 162.144.236.216 port 54958 ssh2
Sep 29 22:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Connection closed by 162.144.236.216 port 54958 [preauth]
Sep 29 22:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 29 22:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Failed password for root from 20.163.71.109 port 41852 ssh2
Sep 29 22:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Connection closed by 20.163.71.109 port 41852 [preauth]
Sep 29 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Failed password for root from 162.144.236.216 port 33224 ssh2
Sep 29 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12405]: Connection closed by 162.144.236.216 port 33224 [preauth]
Sep 29 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Failed password for root from 162.144.236.216 port 41106 ssh2
Sep 29 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Connection closed by 162.144.236.216 port 41106 [preauth]
Sep 29 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12470]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: Successful su for rubyman by root
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: + ??? root:rubyman
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317382 of user rubyman.
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12533]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317382.
Sep 29 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9477]: pam_unix(cron:session): session closed for user root
Sep 29 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: Failed password for root from 162.144.236.216 port 47778 ssh2
Sep 29 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12454]: Connection closed by 162.144.236.216 port 47778 [preauth]
Sep 29 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: Failed password for root from 162.144.236.216 port 55522 ssh2
Sep 29 22:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12731]: Connection closed by 162.144.236.216 port 55522 [preauth]
Sep 29 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Failed password for root from 162.144.236.216 port 33522 ssh2
Sep 29 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Connection closed by 162.144.236.216 port 33522 [preauth]
Sep 29 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Failed password for root from 162.144.236.216 port 40452 ssh2
Sep 29 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Invalid user operator from 194.0.234.19
Sep 29 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: input_userauth_request: invalid user operator [preauth]
Sep 29 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Failed none for invalid user operator from 194.0.234.19 port 36582 ssh2
Sep 29 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Connection closed by 194.0.234.19 port 36582 [preauth]
Sep 29 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Connection closed by 162.144.236.216 port 40452 [preauth]
Sep 29 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user root
Sep 29 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Failed password for root from 162.144.236.216 port 46406 ssh2
Sep 29 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Connection closed by 162.144.236.216 port 46406 [preauth]
Sep 29 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Failed password for root from 162.144.236.216 port 55166 ssh2
Sep 29 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Connection closed by 162.144.236.216 port 55166 [preauth]
Sep 29 22:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Failed password for root from 162.144.236.216 port 60204 ssh2
Sep 29 22:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Connection closed by 162.144.236.216 port 60204 [preauth]
Sep 29 22:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: Successful su for rubyman by root
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: + ??? root:rubyman
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317386 of user rubyman.
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317386.
Sep 29 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Failed password for root from 162.144.236.216 port 38484 ssh2
Sep 29 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Connection closed by 162.144.236.216 port 38484 [preauth]
Sep 29 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10056]: pam_unix(cron:session): session closed for user root
Sep 29 22:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Failed password for root from 162.144.236.216 port 45102 ssh2
Sep 29 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13129]: Connection closed by 162.144.236.216 port 45102 [preauth]
Sep 29 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Bad protocol version identification '' from 3.132.23.201 port 40950
Sep 29 22:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Bad protocol version identification 'GET / HTTP/1.1' from 3.132.23.201 port 56056
Sep 29 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Failed password for root from 162.144.236.216 port 54224 ssh2
Sep 29 22:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Connection closed by 162.144.236.216 port 54224 [preauth]
Sep 29 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13254]: Failed password for root from 162.144.236.216 port 34170 ssh2
Sep 29 22:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13254]: Connection closed by 162.144.236.216 port 34170 [preauth]
Sep 29 22:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session closed for user root
Sep 29 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: Failed password for root from 162.144.236.216 port 40550 ssh2
Sep 29 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: Connection closed by 162.144.236.216 port 40550 [preauth]
Sep 29 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Failed password for root from 162.144.236.216 port 45932 ssh2
Sep 29 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Connection closed by 162.144.236.216 port 45932 [preauth]
Sep 29 22:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: Failed password for root from 162.144.236.216 port 53256 ssh2
Sep 29 22:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13375]: Connection closed by 162.144.236.216 port 53256 [preauth]
Sep 29 22:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session closed for user root
Sep 29 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13398]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13473]: Successful su for rubyman by root
Sep 29 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13473]: + ??? root:rubyman
Sep 29 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317393 of user rubyman.
Sep 29 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13473]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317393.
Sep 29 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: Failed password for root from 162.144.236.216 port 59246 ssh2
Sep 29 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session closed for user root
Sep 29 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session closed for user root
Sep 29 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: Connection closed by 162.144.236.216 port 59246 [preauth]
Sep 29 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13399]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Failed password for root from 162.144.236.216 port 39140 ssh2
Sep 29 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Connection closed by 162.144.236.216 port 39140 [preauth]
Sep 29 22:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Failed password for root from 162.144.236.216 port 45074 ssh2
Sep 29 22:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13702]: Connection closed by 162.144.236.216 port 45074 [preauth]
Sep 29 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: Failed password for root from 162.144.236.216 port 51398 ssh2
Sep 29 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: Connection closed by 162.144.236.216 port 51398 [preauth]
Sep 29 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user root
Sep 29 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Failed password for root from 162.144.236.216 port 59016 ssh2
Sep 29 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13765]: Connection closed by 162.144.236.216 port 59016 [preauth]
Sep 29 22:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for root from 162.144.236.216 port 36556 ssh2
Sep 29 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Connection closed by 162.144.236.216 port 36556 [preauth]
Sep 29 22:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Failed password for root from 162.144.236.216 port 46074 ssh2
Sep 29 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Connection closed by 162.144.236.216 port 46074 [preauth]
Sep 29 22:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13876]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13945]: Successful su for rubyman by root
Sep 29 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13945]: + ??? root:rubyman
Sep 29 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317396 of user rubyman.
Sep 29 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13945]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317396.
Sep 29 22:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Failed password for root from 162.144.236.216 port 53286 ssh2
Sep 29 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Connection closed by 162.144.236.216 port 53286 [preauth]
Sep 29 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user root
Sep 29 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Failed password for root from 162.144.236.216 port 58796 ssh2
Sep 29 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Connection closed by 162.144.236.216 port 58796 [preauth]
Sep 29 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Failed password for root from 162.144.236.216 port 39346 ssh2
Sep 29 22:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Connection closed by 162.144.236.216 port 39346 [preauth]
Sep 29 22:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14300]: Failed password for root from 162.144.236.216 port 47168 ssh2
Sep 29 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user root
Sep 29 22:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14300]: Connection closed by 162.144.236.216 port 47168 [preauth]
Sep 29 22:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Failed password for root from 162.144.236.216 port 54250 ssh2
Sep 29 22:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14331]: Connection closed by 162.144.236.216 port 54250 [preauth]
Sep 29 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Bad protocol version identification 'GET / HTTP/1.1' from 3.132.23.201 port 58502
Sep 29 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Invalid user test from 93.152.230.176
Sep 29 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: input_userauth_request: invalid user test [preauth]
Sep 29 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: Failed password for root from 162.144.236.216 port 32968 ssh2
Sep 29 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Failed password for invalid user test from 93.152.230.176 port 3443 ssh2
Sep 29 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Received disconnect from 93.152.230.176 port 3443:11: Client disconnecting normally [preauth]
Sep 29 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Disconnected from 93.152.230.176 port 3443 [preauth]
Sep 29 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: Connection closed by 162.144.236.216 port 32968 [preauth]
Sep 29 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: Failed password for root from 162.144.236.216 port 39716 ssh2
Sep 29 22:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: Connection closed by 162.144.236.216 port 39716 [preauth]
Sep 29 22:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14399]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: Successful su for rubyman by root
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: + ??? root:rubyman
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317400 of user rubyman.
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317400.
Sep 29 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11469]: pam_unix(cron:session): session closed for user root
Sep 29 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Failed password for root from 162.144.236.216 port 44726 ssh2
Sep 29 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Connection closed by 162.144.236.216 port 44726 [preauth]
Sep 29 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Failed password for root from 162.144.236.216 port 53164 ssh2
Sep 29 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Connection closed by 162.144.236.216 port 53164 [preauth]
Sep 29 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Failed password for root from 162.144.236.216 port 59182 ssh2
Sep 29 22:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Connection closed by 162.144.236.216 port 59182 [preauth]
Sep 29 22:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: User ftp from 62.60.131.157 not allowed because not listed in AllowUsers
Sep 29 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: input_userauth_request: invalid user ftp [preauth]
Sep 29 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=ftp
Sep 29 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for invalid user ftp from 62.60.131.157 port 61328 ssh2
Sep 29 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Failed password for root from 162.144.236.216 port 37520 ssh2
Sep 29 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for invalid user ftp from 62.60.131.157 port 61328 ssh2
Sep 29 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Connection closed by 162.144.236.216 port 37520 [preauth]
Sep 29 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for invalid user ftp from 62.60.131.157 port 61328 ssh2
Sep 29 22:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session closed for user root
Sep 29 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for invalid user ftp from 62.60.131.157 port 61328 ssh2
Sep 29 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14761]: Bad protocol version identification '\026\003\001' from 3.132.23.201 port 58630
Sep 29 22:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for invalid user ftp from 62.60.131.157 port 61328 ssh2
Sep 29 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Received disconnect from 62.60.131.157 port 61328:11: Bye [preauth]
Sep 29 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Disconnected from 62.60.131.157 port 61328 [preauth]
Sep 29 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=ftp
Sep 29 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Failed password for root from 162.144.236.216 port 44888 ssh2
Sep 29 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Connection closed by 162.144.236.216 port 44888 [preauth]
Sep 29 22:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Failed password for root from 162.144.236.216 port 52442 ssh2
Sep 29 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Connection closed by 162.144.236.216 port 52442 [preauth]
Sep 29 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Failed password for root from 162.144.236.216 port 57848 ssh2
Sep 29 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Connection closed by 162.144.236.216 port 57848 [preauth]
Sep 29 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: Successful su for rubyman by root
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: + ??? root:rubyman
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317403 of user rubyman.
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317403.
Sep 29 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: Failed password for root from 162.144.236.216 port 36412 ssh2
Sep 29 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: Connection closed by 162.144.236.216 port 36412 [preauth]
Sep 29 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session closed for user root
Sep 29 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: Failed password for root from 162.144.236.216 port 43096 ssh2
Sep 29 22:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15067]: Connection closed by 162.144.236.216 port 43096 [preauth]
Sep 29 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Failed password for root from 162.144.236.216 port 50458 ssh2
Sep 29 22:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Connection closed by 162.144.236.216 port 50458 [preauth]
Sep 29 22:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Failed password for root from 162.144.236.216 port 57910 ssh2
Sep 29 22:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15139]: Connection closed by 162.144.236.216 port 57910 [preauth]
Sep 29 22:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session closed for user root
Sep 29 22:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15161]: Failed password for root from 162.144.236.216 port 35388 ssh2
Sep 29 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15161]: Connection closed by 162.144.236.216 port 35388 [preauth]
Sep 29 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15201]: Failed password for root from 162.144.236.216 port 43740 ssh2
Sep 29 22:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15201]: Connection closed by 162.144.236.216 port 43740 [preauth]
Sep 29 22:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: Failed password for root from 162.144.236.216 port 49120 ssh2
Sep 29 22:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15233]: Connection closed by 162.144.236.216 port 49120 [preauth]
Sep 29 22:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15265]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15264]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15335]: Successful su for rubyman by root
Sep 29 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15335]: + ??? root:rubyman
Sep 29 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317407 of user rubyman.
Sep 29 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15335]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317407.
Sep 29 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user root
Sep 29 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Failed password for root from 162.144.236.216 port 56460 ssh2
Sep 29 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15245]: Connection closed by 162.144.236.216 port 56460 [preauth]
Sep 29 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Failed password for root from 162.144.236.216 port 38302 ssh2
Sep 29 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Connection closed by 162.144.236.216 port 38302 [preauth]
Sep 29 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: Failed password for root from 162.144.236.216 port 45128 ssh2
Sep 29 22:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15559]: Connection closed by 162.144.236.216 port 45128 [preauth]
Sep 29 22:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Failed password for root from 162.144.236.216 port 51392 ssh2
Sep 29 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Connection closed by 162.144.236.216 port 51392 [preauth]
Sep 29 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session closed for user root
Sep 29 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: Failed password for root from 162.144.236.216 port 57684 ssh2
Sep 29 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: Connection closed by 162.144.236.216 port 57684 [preauth]
Sep 29 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Failed password for root from 162.144.236.216 port 37054 ssh2
Sep 29 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15644]: Connection closed by 162.144.236.216 port 37054 [preauth]
Sep 29 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Failed password for root from 162.144.236.216 port 42728 ssh2
Sep 29 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Connection closed by 162.144.236.216 port 42728 [preauth]
Sep 29 22:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user root
Sep 29 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: Successful su for rubyman by root
Sep 29 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: + ??? root:rubyman
Sep 29 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317412 of user rubyman.
Sep 29 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317412.
Sep 29 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Connection closed by 3.132.23.201 port 35786 [preauth]
Sep 29 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session closed for user root
Sep 29 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user root
Sep 29 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Failed password for root from 162.144.236.216 port 49968 ssh2
Sep 29 22:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Connection closed by 162.144.236.216 port 49968 [preauth]
Sep 29 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: Failed password for root from 162.144.236.216 port 58104 ssh2
Sep 29 22:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: Connection closed by 162.144.236.216 port 58104 [preauth]
Sep 29 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16035]: Failed password for root from 162.144.236.216 port 38008 ssh2
Sep 29 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16035]: Connection closed by 162.144.236.216 port 38008 [preauth]
Sep 29 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session closed for user root
Sep 29 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for root from 162.144.236.216 port 45226 ssh2
Sep 29 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Connection closed by 162.144.236.216 port 45226 [preauth]
Sep 29 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Bad protocol version identification '\026\003\001' from 3.132.23.201 port 49282
Sep 29 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Failed password for root from 162.144.236.216 port 53212 ssh2
Sep 29 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16095]: Connection closed by 162.144.236.216 port 53212 [preauth]
Sep 29 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: Failed password for root from 162.144.236.216 port 33208 ssh2
Sep 29 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: Connection closed by 162.144.236.216 port 33208 [preauth]
Sep 29 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16245]: Successful su for rubyman by root
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16245]: + ??? root:rubyman
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317417 of user rubyman.
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16245]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317417.
Sep 29 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: Failed password for root from 162.144.236.216 port 39104 ssh2
Sep 29 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16155]: Connection closed by 162.144.236.216 port 39104 [preauth]
Sep 29 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session closed for user root
Sep 29 22:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: Failed password for root from 162.144.236.216 port 46336 ssh2
Sep 29 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16396]: Connection closed by 162.144.236.216 port 46336 [preauth]
Sep 29 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Failed password for root from 162.144.236.216 port 51442 ssh2
Sep 29 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Connection closed by 162.144.236.216 port 51442 [preauth]
Sep 29 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Failed password for root from 162.144.236.216 port 57308 ssh2
Sep 29 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Connection closed by 162.144.236.216 port 57308 [preauth]
Sep 29 22:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Failed password for root from 162.144.236.216 port 34816 ssh2
Sep 29 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Connection closed by 162.144.236.216 port 34816 [preauth]
Sep 29 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15265]: pam_unix(cron:session): session closed for user root
Sep 29 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Failed password for root from 162.144.236.216 port 39310 ssh2
Sep 29 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Connection closed by 162.144.236.216 port 39310 [preauth]
Sep 29 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16576]: Failed password for root from 162.144.236.216 port 47052 ssh2
Sep 29 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16576]: Connection closed by 162.144.236.216 port 47052 [preauth]
Sep 29 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Failed password for root from 162.144.236.216 port 53818 ssh2
Sep 29 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Connection closed by 162.144.236.216 port 53818 [preauth]
Sep 29 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16630]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: Successful su for rubyman by root
Sep 29 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: + ??? root:rubyman
Sep 29 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317422 of user rubyman.
Sep 29 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16693]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317422.
Sep 29 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: Failed password for root from 162.144.236.216 port 58950 ssh2
Sep 29 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: Connection closed by 162.144.236.216 port 58950 [preauth]
Sep 29 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user root
Sep 29 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16631]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Failed password for root from 162.144.236.216 port 38038 ssh2
Sep 29 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Connection closed by 162.144.236.216 port 38038 [preauth]
Sep 29 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Failed password for root from 162.144.236.216 port 42560 ssh2
Sep 29 22:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Connection closed by 162.144.236.216 port 42560 [preauth]
Sep 29 22:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Sep 29 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Sep 29 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Failed password for root from 62.60.131.157 port 61869 ssh2
Sep 29 22:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: Failed password for root from 194.0.234.19 port 40856 ssh2
Sep 29 22:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: Connection closed by 194.0.234.19 port 40856 [preauth]
Sep 29 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Failed password for root from 62.60.131.157 port 61869 ssh2
Sep 29 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Failed password for root from 162.144.236.216 port 51080 ssh2
Sep 29 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Failed password for root from 62.60.131.157 port 61869 ssh2
Sep 29 22:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Connection closed by 162.144.236.216 port 51080 [preauth]
Sep 29 22:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Failed password for root from 62.60.131.157 port 61869 ssh2
Sep 29 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Failed password for root from 62.60.131.157 port 61869 ssh2
Sep 29 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Received disconnect from 62.60.131.157 port 61869:11: Bye [preauth]
Sep 29 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Disconnected from 62.60.131.157 port 61869 [preauth]
Sep 29 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Sep 29 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Failed password for root from 162.144.236.216 port 58778 ssh2
Sep 29 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session closed for user root
Sep 29 22:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Connection closed by 162.144.236.216 port 58778 [preauth]
Sep 29 22:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Failed password for root from 162.144.236.216 port 37116 ssh2
Sep 29 22:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17022]: Connection closed by 162.144.236.216 port 37116 [preauth]
Sep 29 22:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for root from 162.144.236.216 port 44614 ssh2
Sep 29 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Connection closed by 162.144.236.216 port 44614 [preauth]
Sep 29 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17161]: Successful su for rubyman by root
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17161]: + ??? root:rubyman
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317426 of user rubyman.
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17161]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317426.
Sep 29 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: Failed password for root from 162.144.236.216 port 50224 ssh2
Sep 29 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17068]: Connection closed by 162.144.236.216 port 50224 [preauth]
Sep 29 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session closed for user root
Sep 29 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for root from 162.144.236.216 port 56866 ssh2
Sep 29 22:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Connection closed by 162.144.236.216 port 56866 [preauth]
Sep 29 22:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Failed password for root from 162.144.236.216 port 34968 ssh2
Sep 29 22:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17379]: Connection closed by 162.144.236.216 port 34968 [preauth]
Sep 29 22:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Failed password for root from 162.144.236.216 port 41668 ssh2
Sep 29 22:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Connection closed by 162.144.236.216 port 41668 [preauth]
Sep 29 22:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.45.15.8  user=root
Sep 29 22:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 113.45.15.8 port 53786 ssh2
Sep 29 22:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Received disconnect from 113.45.15.8 port 53786:11: Bye Bye [preauth]
Sep 29 22:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Disconnected from 113.45.15.8 port 53786 [preauth]
Sep 29 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session closed for user root
Sep 29 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for root from 162.144.236.216 port 47642 ssh2
Sep 29 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Connection closed by 162.144.236.216 port 47642 [preauth]
Sep 29 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Failed password for root from 162.144.236.216 port 55858 ssh2
Sep 29 22:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Connection closed by 162.144.236.216 port 55858 [preauth]
Sep 29 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Invalid user wcs from 114.220.176.69
Sep 29 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: input_userauth_request: invalid user wcs [preauth]
Sep 29 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.220.176.69
Sep 29 22:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Failed password for invalid user wcs from 114.220.176.69 port 47047 ssh2
Sep 29 22:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Received disconnect from 114.220.176.69 port 47047:11: Bye Bye [preauth]
Sep 29 22:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17511]: Disconnected from 114.220.176.69 port 47047 [preauth]
Sep 29 22:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Failed password for root from 162.144.236.216 port 34618 ssh2
Sep 29 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Connection closed by 162.144.236.216 port 34618 [preauth]
Sep 29 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Invalid user geoserver from 200.44.190.194
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17549]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: Successful su for rubyman by root
Sep 29 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: + ??? root:rubyman
Sep 29 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317429 of user rubyman.
Sep 29 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17618]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317429.
Sep 29 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Failed password for root from 162.144.236.216 port 42732 ssh2
Sep 29 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Failed password for invalid user geoserver from 200.44.190.194 port 45532 ssh2
Sep 29 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Received disconnect from 200.44.190.194 port 45532:11: Bye Bye [preauth]
Sep 29 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Disconnected from 200.44.190.194 port 45532 [preauth]
Sep 29 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Connection closed by 162.144.236.216 port 42732 [preauth]
Sep 29 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session closed for user root
Sep 29 22:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Failed password for root from 162.144.236.216 port 50060 ssh2
Sep 29 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Connection closed by 162.144.236.216 port 50060 [preauth]
Sep 29 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Failed password for root from 162.144.236.216 port 58574 ssh2
Sep 29 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Connection closed by 162.144.236.216 port 58574 [preauth]
Sep 29 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Failed password for root from 162.144.236.216 port 36648 ssh2
Sep 29 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Connection closed by 162.144.236.216 port 36648 [preauth]
Sep 29 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session closed for user root
Sep 29 22:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Failed password for root from 162.144.236.216 port 42608 ssh2
Sep 29 22:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Connection closed by 162.144.236.216 port 42608 [preauth]
Sep 29 22:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Failed password for root from 162.144.236.216 port 49868 ssh2
Sep 29 22:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Connection closed by 162.144.236.216 port 49868 [preauth]
Sep 29 22:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Invalid user admin from 93.152.230.176
Sep 29 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: input_userauth_request: invalid user admin [preauth]
Sep 29 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Failed password for invalid user admin from 93.152.230.176 port 18623 ssh2
Sep 29 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Received disconnect from 93.152.230.176 port 18623:11: Client disconnecting normally [preauth]
Sep 29 22:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Disconnected from 93.152.230.176 port 18623 [preauth]
Sep 29 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for root from 162.144.236.216 port 56372 ssh2
Sep 29 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Connection closed by 162.144.236.216 port 56372 [preauth]
Sep 29 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user root
Sep 29 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: Successful su for rubyman by root
Sep 29 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: + ??? root:rubyman
Sep 29 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317434 of user rubyman.
Sep 29 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317434.
Sep 29 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Failed password for root from 162.144.236.216 port 34864 ssh2
Sep 29 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Connection closed by 162.144.236.216 port 34864 [preauth]
Sep 29 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session closed for user root
Sep 29 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15264]: pam_unix(cron:session): session closed for user root
Sep 29 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Failed password for root from 162.144.236.216 port 42328 ssh2
Sep 29 22:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Connection closed by 162.144.236.216 port 42328 [preauth]
Sep 29 22:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for root from 162.144.236.216 port 48650 ssh2
Sep 29 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Invalid user admin9 from 12.189.234.28
Sep 29 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: input_userauth_request: invalid user admin9 [preauth]
Sep 29 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Connection closed by 162.144.236.216 port 48650 [preauth]
Sep 29 22:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Failed password for invalid user admin9 from 12.189.234.28 port 41761 ssh2
Sep 29 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Received disconnect from 12.189.234.28 port 41761:11: Bye Bye [preauth]
Sep 29 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Disconnected from 12.189.234.28 port 41761 [preauth]
Sep 29 22:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for root from 162.144.236.216 port 54944 ssh2
Sep 29 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Connection closed by 162.144.236.216 port 54944 [preauth]
Sep 29 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17087]: pam_unix(cron:session): session closed for user root
Sep 29 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Failed password for root from 162.144.236.216 port 32948 ssh2
Sep 29 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Connection closed by 162.144.236.216 port 32948 [preauth]
Sep 29 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: Failed password for root from 162.144.236.216 port 40428 ssh2
Sep 29 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: Connection closed by 162.144.236.216 port 40428 [preauth]
Sep 29 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: Failed password for root from 162.144.236.216 port 46470 ssh2
Sep 29 22:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: Connection closed by 162.144.236.216 port 46470 [preauth]
Sep 29 22:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: Invalid user admin from 78.128.112.74
Sep 29 22:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: input_userauth_request: invalid user admin [preauth]
Sep 29 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 29 22:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: Failed password for invalid user admin from 78.128.112.74 port 46372 ssh2
Sep 29 22:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18862]: Connection closed by 78.128.112.74 port 46372 [preauth]
Sep 29 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Failed password for root from 162.144.236.216 port 54010 ssh2
Sep 29 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: Successful su for rubyman by root
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: + ??? root:rubyman
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317440 of user rubyman.
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317440.
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Connection closed by 162.144.236.216 port 54010 [preauth]
Sep 29 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user root
Sep 29 22:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: Failed password for root from 162.144.236.216 port 60290 ssh2
Sep 29 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19022]: Connection closed by 162.144.236.216 port 60290 [preauth]
Sep 29 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Failed password for root from 162.144.236.216 port 38928 ssh2
Sep 29 22:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Connection closed by 162.144.236.216 port 38928 [preauth]
Sep 29 22:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: Failed password for root from 162.144.236.216 port 47108 ssh2
Sep 29 22:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: Connection closed by 162.144.236.216 port 47108 [preauth]
Sep 29 22:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Failed password for root from 198.199.68.33 port 46356 ssh2
Sep 29 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Received disconnect from 198.199.68.33 port 46356:11: Bye Bye [preauth]
Sep 29 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Disconnected from 198.199.68.33 port 46356 [preauth]
Sep 29 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user root
Sep 29 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: Failed password for root from 162.144.236.216 port 52976 ssh2
Sep 29 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19270]: Connection closed by 162.144.236.216 port 52976 [preauth]
Sep 29 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for root from 162.144.236.216 port 59522 ssh2
Sep 29 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Connection closed by 162.144.236.216 port 59522 [preauth]
Sep 29 22:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Failed password for root from 162.144.236.216 port 38002 ssh2
Sep 29 22:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19433]: Connection closed by 162.144.236.216 port 38002 [preauth]
Sep 29 22:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19557]: Failed password for root from 162.144.236.216 port 44856 ssh2
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19572]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19573]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19570]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: Successful su for rubyman by root
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: + ??? root:rubyman
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317443 of user rubyman.
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317443.
Sep 29 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19557]: Connection closed by 162.144.236.216 port 44856 [preauth]
Sep 29 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session closed for user root
Sep 29 22:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19571]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Failed password for root from 162.144.236.216 port 51656 ssh2
Sep 29 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Connection closed by 162.144.236.216 port 51656 [preauth]
Sep 29 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Failed password for root from 162.144.236.216 port 58388 ssh2
Sep 29 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Connection closed by 162.144.236.216 port 58388 [preauth]
Sep 29 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Invalid user gitea from 200.44.190.194
Sep 29 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: input_userauth_request: invalid user gitea [preauth]
Sep 29 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Failed password for invalid user gitea from 200.44.190.194 port 59694 ssh2
Sep 29 22:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Received disconnect from 200.44.190.194 port 59694:11: Bye Bye [preauth]
Sep 29 22:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Disconnected from 200.44.190.194 port 59694 [preauth]
Sep 29 22:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Failed password for root from 162.144.236.216 port 36654 ssh2
Sep 29 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Connection closed by 162.144.236.216 port 36654 [preauth]
Sep 29 22:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Failed password for root from 162.144.236.216 port 43228 ssh2
Sep 29 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Connection closed by 162.144.236.216 port 43228 [preauth]
Sep 29 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session closed for user root
Sep 29 22:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Failed password for root from 162.144.236.216 port 48428 ssh2
Sep 29 22:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Connection closed by 162.144.236.216 port 48428 [preauth]
Sep 29 22:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 162.144.236.216 port 55214 ssh2
Sep 29 22:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Connection closed by 162.144.236.216 port 55214 [preauth]
Sep 29 22:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20191]: Failed password for root from 198.199.68.33 port 34614 ssh2
Sep 29 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20191]: Received disconnect from 198.199.68.33 port 34614:11: Bye Bye [preauth]
Sep 29 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20191]: Disconnected from 198.199.68.33 port 34614 [preauth]
Sep 29 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Failed password for root from 162.144.236.216 port 33442 ssh2
Sep 29 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Connection closed by 162.144.236.216 port 33442 [preauth]
Sep 29 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 22:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Failed password for root from 12.189.234.28 port 34793 ssh2
Sep 29 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Received disconnect from 12.189.234.28 port 34793:11: Bye Bye [preauth]
Sep 29 22:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Disconnected from 12.189.234.28 port 34793 [preauth]
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20225]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20219]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: Successful su for rubyman by root
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: + ??? root:rubyman
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317447 of user rubyman.
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20301]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317447.
Sep 29 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20215]: Failed password for root from 162.144.236.216 port 41518 ssh2
Sep 29 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session closed for user root
Sep 29 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20215]: Connection closed by 162.144.236.216 port 41518 [preauth]
Sep 29 22:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20224]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Failed password for root from 162.144.236.216 port 46210 ssh2
Sep 29 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Connection closed by 162.144.236.216 port 46210 [preauth]
Sep 29 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Failed password for root from 162.144.236.216 port 52264 ssh2
Sep 29 22:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Connection closed by 162.144.236.216 port 52264 [preauth]
Sep 29 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for root from 162.144.236.216 port 59498 ssh2
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Connection closed by 162.144.236.216 port 59498 [preauth]
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: Invalid user admin from 200.44.190.194
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: input_userauth_request: invalid user admin [preauth]
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: Failed password for invalid user admin from 200.44.190.194 port 56954 ssh2
Sep 29 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: Received disconnect from 200.44.190.194 port 56954:11: Bye Bye [preauth]
Sep 29 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20584]: Disconnected from 200.44.190.194 port 56954 [preauth]
Sep 29 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session closed for user root
Sep 29 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Failed password for root from 162.144.236.216 port 36482 ssh2
Sep 29 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Connection closed by 162.144.236.216 port 36482 [preauth]
Sep 29 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Failed password for root from 162.144.236.216 port 43894 ssh2
Sep 29 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Connection closed by 162.144.236.216 port 43894 [preauth]
Sep 29 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Failed password for root from 198.199.68.33 port 60248 ssh2
Sep 29 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Received disconnect from 198.199.68.33 port 60248:11: Bye Bye [preauth]
Sep 29 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Disconnected from 198.199.68.33 port 60248 [preauth]
Sep 29 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Failed password for root from 162.144.236.216 port 50552 ssh2
Sep 29 22:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20657]: Connection closed by 162.144.236.216 port 50552 [preauth]
Sep 29 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Invalid user riccardo from 12.189.234.28
Sep 29 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: input_userauth_request: invalid user riccardo [preauth]
Sep 29 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Failed password for invalid user riccardo from 12.189.234.28 port 47150 ssh2
Sep 29 22:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Received disconnect from 12.189.234.28 port 47150:11: Bye Bye [preauth]
Sep 29 22:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Disconnected from 12.189.234.28 port 47150 [preauth]
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20780]: Successful su for rubyman by root
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20780]: + ??? root:rubyman
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317453 of user rubyman.
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20780]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317453.
Sep 29 22:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Failed password for root from 162.144.236.216 port 59362 ssh2
Sep 29 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session closed for user root
Sep 29 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20690]: Connection closed by 162.144.236.216 port 59362 [preauth]
Sep 29 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20705]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Failed password for root from 162.144.236.216 port 38250 ssh2
Sep 29 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Connection closed by 162.144.236.216 port 38250 [preauth]
Sep 29 22:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Failed password for root from 162.144.236.216 port 44996 ssh2
Sep 29 22:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Connection closed by 162.144.236.216 port 44996 [preauth]
Sep 29 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Failed password for root from 162.144.236.216 port 51696 ssh2
Sep 29 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Connection closed by 162.144.236.216 port 51696 [preauth]
Sep 29 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Invalid user gogs from 200.44.190.194
Sep 29 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: input_userauth_request: invalid user gogs [preauth]
Sep 29 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Failed password for root from 162.144.236.216 port 56676 ssh2
Sep 29 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19573]: pam_unix(cron:session): session closed for user root
Sep 29 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Connection closed by 162.144.236.216 port 56676 [preauth]
Sep 29 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Failed password for invalid user gogs from 200.44.190.194 port 48332 ssh2
Sep 29 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Received disconnect from 200.44.190.194 port 48332:11: Bye Bye [preauth]
Sep 29 22:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Disconnected from 200.44.190.194 port 48332 [preauth]
Sep 29 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Failed password for root from 162.144.236.216 port 34050 ssh2
Sep 29 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21097]: Connection closed by 162.144.236.216 port 34050 [preauth]
Sep 29 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Invalid user riccardo from 198.199.68.33
Sep 29 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: input_userauth_request: invalid user riccardo [preauth]
Sep 29 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Failed password for root from 162.144.236.216 port 39718 ssh2
Sep 29 22:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for invalid user riccardo from 198.199.68.33 port 35446 ssh2
Sep 29 22:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Received disconnect from 198.199.68.33 port 35446:11: Bye Bye [preauth]
Sep 29 22:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Disconnected from 198.199.68.33 port 35446 [preauth]
Sep 29 22:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Connection closed by 162.144.236.216 port 39718 [preauth]
Sep 29 22:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Invalid user ctl from 12.189.234.28
Sep 29 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: input_userauth_request: invalid user ctl [preauth]
Sep 29 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Failed password for invalid user ctl from 12.189.234.28 port 59512 ssh2
Sep 29 22:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Received disconnect from 12.189.234.28 port 59512:11: Bye Bye [preauth]
Sep 29 22:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Disconnected from 12.189.234.28 port 59512 [preauth]
Sep 29 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Failed password for root from 162.144.236.216 port 46558 ssh2
Sep 29 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Connection closed by 162.144.236.216 port 46558 [preauth]
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21175]: pam_unix(cron:session): session closed for user root
Sep 29 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: Successful su for rubyman by root
Sep 29 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: + ??? root:rubyman
Sep 29 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317455 of user rubyman.
Sep 29 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317455.
Sep 29 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session closed for user root
Sep 29 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session closed for user root
Sep 29 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Failed password for root from 162.144.236.216 port 54330 ssh2
Sep 29 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Connection closed by 162.144.236.216 port 54330 [preauth]
Sep 29 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21171]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: Failed password for root from 162.144.236.216 port 60906 ssh2
Sep 29 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: Connection closed by 162.144.236.216 port 60906 [preauth]
Sep 29 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Failed password for root from 162.144.236.216 port 39678 ssh2
Sep 29 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Connection closed by 162.144.236.216 port 39678 [preauth]
Sep 29 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Failed password for root from 162.144.236.216 port 45684 ssh2
Sep 29 22:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session closed for user root
Sep 29 22:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Invalid user erp from 200.44.190.194
Sep 29 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: input_userauth_request: invalid user erp [preauth]
Sep 29 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Connection closed by 162.144.236.216 port 45684 [preauth]
Sep 29 22:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Failed password for invalid user erp from 200.44.190.194 port 42508 ssh2
Sep 29 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Received disconnect from 200.44.190.194 port 42508:11: Bye Bye [preauth]
Sep 29 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Disconnected from 200.44.190.194 port 42508 [preauth]
Sep 29 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for root from 162.144.236.216 port 54344 ssh2
Sep 29 22:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Connection closed by 162.144.236.216 port 54344 [preauth]
Sep 29 22:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Invalid user hai from 198.199.68.33
Sep 29 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: input_userauth_request: invalid user hai [preauth]
Sep 29 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Failed password for invalid user hai from 198.199.68.33 port 54058 ssh2
Sep 29 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Received disconnect from 198.199.68.33 port 54058:11: Bye Bye [preauth]
Sep 29 22:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Disconnected from 198.199.68.33 port 54058 [preauth]
Sep 29 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Invalid user staging from 12.189.234.28
Sep 29 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: input_userauth_request: invalid user staging [preauth]
Sep 29 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Failed password for root from 162.144.236.216 port 59550 ssh2
Sep 29 22:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21589]: Connection closed by 162.144.236.216 port 59550 [preauth]
Sep 29 22:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Failed password for invalid user staging from 12.189.234.28 port 43644 ssh2
Sep 29 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Received disconnect from 12.189.234.28 port 43644:11: Bye Bye [preauth]
Sep 29 22:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21627]: Disconnected from 12.189.234.28 port 43644 [preauth]
Sep 29 22:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Failed password for root from 162.144.236.216 port 37042 ssh2
Sep 29 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Connection closed by 162.144.236.216 port 37042 [preauth]
Sep 29 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21659]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21653]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: Successful su for rubyman by root
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: + ??? root:rubyman
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317462 of user rubyman.
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317462.
Sep 29 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21641]: Failed password for root from 162.144.236.216 port 43136 ssh2
Sep 29 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21641]: Connection closed by 162.144.236.216 port 43136 [preauth]
Sep 29 22:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user root
Sep 29 22:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21655]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: Failed password for root from 162.144.236.216 port 49390 ssh2
Sep 29 22:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21878]: Connection closed by 162.144.236.216 port 49390 [preauth]
Sep 29 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: Failed password for root from 162.144.236.216 port 58150 ssh2
Sep 29 22:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21971]: Connection closed by 162.144.236.216 port 58150 [preauth]
Sep 29 22:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: Failed password for root from 162.144.236.216 port 39606 ssh2
Sep 29 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22011]: Connection closed by 162.144.236.216 port 39606 [preauth]
Sep 29 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20707]: pam_unix(cron:session): session closed for user root
Sep 29 22:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: Invalid user acct from 198.199.68.33
Sep 29 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: input_userauth_request: invalid user acct [preauth]
Sep 29 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: Failed password for invalid user acct from 198.199.68.33 port 37820 ssh2
Sep 29 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: Received disconnect from 198.199.68.33 port 37820:11: Bye Bye [preauth]
Sep 29 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22059]: Disconnected from 198.199.68.33 port 37820 [preauth]
Sep 29 22:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: Invalid user socksuser from 12.189.234.28
Sep 29 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: input_userauth_request: invalid user socksuser [preauth]
Sep 29 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: Failed password for root from 162.144.236.216 port 44388 ssh2
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: Failed password for invalid user socksuser from 12.189.234.28 port 56014 ssh2
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22047]: Connection closed by 162.144.236.216 port 44388 [preauth]
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: Received disconnect from 12.189.234.28 port 56014:11: Bye Bye [preauth]
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22069]: Disconnected from 12.189.234.28 port 56014 [preauth]
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Invalid user myuser from 200.44.190.194
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: input_userauth_request: invalid user myuser [preauth]
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for invalid user myuser from 200.44.190.194 port 54124 ssh2
Sep 29 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Received disconnect from 200.44.190.194 port 54124:11: Bye Bye [preauth]
Sep 29 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Disconnected from 200.44.190.194 port 54124 [preauth]
Sep 29 22:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 29 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for root from 164.68.105.9 port 41290 ssh2
Sep 29 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Connection closed by 164.68.105.9 port 41290 [preauth]
Sep 29 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Failed password for root from 162.144.236.216 port 50926 ssh2
Sep 29 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Invalid user admin from 194.0.234.19
Sep 29 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: input_userauth_request: invalid user admin [preauth]
Sep 29 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Connection closed by 162.144.236.216 port 50926 [preauth]
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: Successful su for rubyman by root
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: + ??? root:rubyman
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317465 of user rubyman.
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317465.
Sep 29 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Failed password for invalid user admin from 194.0.234.19 port 61270 ssh2
Sep 29 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Connection closed by 194.0.234.19 port 61270 [preauth]
Sep 29 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
Sep 29 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Failed password for root from 162.144.236.216 port 57694 ssh2
Sep 29 22:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Connection closed by 162.144.236.216 port 57694 [preauth]
Sep 29 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Failed password for root from 162.144.236.216 port 36546 ssh2
Sep 29 22:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Connection closed by 162.144.236.216 port 36546 [preauth]
Sep 29 22:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: Failed password for root from 162.144.236.216 port 42734 ssh2
Sep 29 22:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22457]: Connection closed by 162.144.236.216 port 42734 [preauth]
Sep 29 22:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session closed for user root
Sep 29 22:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Failed password for root from 162.144.236.216 port 50048 ssh2
Sep 29 22:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Connection closed by 162.144.236.216 port 50048 [preauth]
Sep 29 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Invalid user work from 198.199.68.33
Sep 29 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: input_userauth_request: invalid user work [preauth]
Sep 29 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Failed password for root from 12.189.234.28 port 40141 ssh2
Sep 29 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Received disconnect from 12.189.234.28 port 40141:11: Bye Bye [preauth]
Sep 29 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22534]: Disconnected from 12.189.234.28 port 40141 [preauth]
Sep 29 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Failed password for invalid user work from 198.199.68.33 port 54656 ssh2
Sep 29 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Received disconnect from 198.199.68.33 port 54656:11: Bye Bye [preauth]
Sep 29 22:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Disconnected from 198.199.68.33 port 54656 [preauth]
Sep 29 22:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22522]: Failed password for root from 162.144.236.216 port 55432 ssh2
Sep 29 22:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22522]: Connection closed by 162.144.236.216 port 55432 [preauth]
Sep 29 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Invalid user info from 93.152.230.176
Sep 29 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: input_userauth_request: invalid user info [preauth]
Sep 29 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Invalid user postgres from 200.44.190.194
Sep 29 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: input_userauth_request: invalid user postgres [preauth]
Sep 29 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Failed password for invalid user info from 93.152.230.176 port 13095 ssh2
Sep 29 22:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Received disconnect from 93.152.230.176 port 13095:11: Client disconnecting normally [preauth]
Sep 29 22:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Disconnected from 93.152.230.176 port 13095 [preauth]
Sep 29 22:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Failed password for root from 162.144.236.216 port 35582 ssh2
Sep 29 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user postgres from 200.44.190.194 port 38258 ssh2
Sep 29 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Received disconnect from 200.44.190.194 port 38258:11: Bye Bye [preauth]
Sep 29 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Disconnected from 200.44.190.194 port 38258 [preauth]
Sep 29 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22562]: Connection closed by 162.144.236.216 port 35582 [preauth]
Sep 29 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22678]: Successful su for rubyman by root
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22678]: + ??? root:rubyman
Sep 29 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317469 of user rubyman.
Sep 29 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22678]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317469.
Sep 29 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Failed password for root from 162.144.236.216 port 43042 ssh2
Sep 29 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Connection closed by 162.144.236.216 port 43042 [preauth]
Sep 29 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19572]: pam_unix(cron:session): session closed for user root
Sep 29 22:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: Failed password for root from 162.144.236.216 port 48124 ssh2
Sep 29 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23027]: Connection closed by 162.144.236.216 port 48124 [preauth]
Sep 29 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Failed password for root from 162.144.236.216 port 54338 ssh2
Sep 29 22:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23113]: Connection closed by 162.144.236.216 port 54338 [preauth]
Sep 29 22:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Invalid user myuser from 167.126.16.203
Sep 29 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: input_userauth_request: invalid user myuser [preauth]
Sep 29 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Failed password for invalid user myuser from 167.126.16.203 port 39444 ssh2
Sep 29 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Received disconnect from 167.126.16.203 port 39444:11: Bye Bye [preauth]
Sep 29 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Disconnected from 167.126.16.203 port 39444 [preauth]
Sep 29 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Failed password for root from 162.144.236.216 port 33542 ssh2
Sep 29 22:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Connection closed by 162.144.236.216 port 33542 [preauth]
Sep 29 22:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21659]: pam_unix(cron:session): session closed for user root
Sep 29 22:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: Failed password for root from 162.144.236.216 port 41814 ssh2
Sep 29 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23219]: Connection closed by 162.144.236.216 port 41814 [preauth]
Sep 29 22:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Invalid user geoserver from 12.189.234.28
Sep 29 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Failed password for invalid user geoserver from 12.189.234.28 port 52504 ssh2
Sep 29 22:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Received disconnect from 12.189.234.28 port 52504:11: Bye Bye [preauth]
Sep 29 22:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Disconnected from 12.189.234.28 port 52504 [preauth]
Sep 29 22:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Failed password for root from 162.144.236.216 port 47392 ssh2
Sep 29 22:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23259]: Connection closed by 162.144.236.216 port 47392 [preauth]
Sep 29 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Failed password for root from 162.144.236.216 port 54090 ssh2
Sep 29 22:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Failed password for root from 198.199.68.33 port 60094 ssh2
Sep 29 22:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Received disconnect from 198.199.68.33 port 60094:11: Bye Bye [preauth]
Sep 29 22:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Disconnected from 198.199.68.33 port 60094 [preauth]
Sep 29 22:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Connection closed by 162.144.236.216 port 54090 [preauth]
Sep 29 22:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: Failed password for root from 162.144.236.216 port 60394 ssh2
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23342]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23341]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23335]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23337]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: Successful su for rubyman by root
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: + ??? root:rubyman
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317473 of user rubyman.
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317473.
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23318]: Connection closed by 162.144.236.216 port 60394 [preauth]
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23335]: pam_unix(cron:session): session closed for user root
Sep 29 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20225]: pam_unix(cron:session): session closed for user root
Sep 29 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Failed password for root from 200.44.190.194 port 60056 ssh2
Sep 29 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Received disconnect from 200.44.190.194 port 60056:11: Bye Bye [preauth]
Sep 29 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Disconnected from 200.44.190.194 port 60056 [preauth]
Sep 29 22:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23338]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Failed password for root from 162.144.236.216 port 38228 ssh2
Sep 29 22:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23749]: Connection closed by 162.144.236.216 port 38228 [preauth]
Sep 29 22:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Failed password for root from 162.144.236.216 port 43934 ssh2
Sep 29 22:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Connection closed by 162.144.236.216 port 43934 [preauth]
Sep 29 22:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: Failed password for root from 162.144.236.216 port 51566 ssh2
Sep 29 22:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: Connection closed by 162.144.236.216 port 51566 [preauth]
Sep 29 22:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22132]: pam_unix(cron:session): session closed for user root
Sep 29 22:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: Failed password for root from 162.144.236.216 port 58142 ssh2
Sep 29 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: Connection closed by 162.144.236.216 port 58142 [preauth]
Sep 29 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 22:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: Failed password for root from 12.189.234.28 port 36629 ssh2
Sep 29 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: Received disconnect from 12.189.234.28 port 36629:11: Bye Bye [preauth]
Sep 29 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24065]: Disconnected from 12.189.234.28 port 36629 [preauth]
Sep 29 22:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for root from 162.144.236.216 port 36946 ssh2
Sep 29 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 162.144.236.216 port 36946 [preauth]
Sep 29 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Failed password for root from 162.144.236.216 port 43638 ssh2
Sep 29 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Connection closed by 162.144.236.216 port 43638 [preauth]
Sep 29 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Invalid user harry from 198.199.68.33
Sep 29 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: input_userauth_request: invalid user harry [preauth]
Sep 29 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Failed password for invalid user harry from 198.199.68.33 port 39242 ssh2
Sep 29 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Received disconnect from 198.199.68.33 port 39242:11: Bye Bye [preauth]
Sep 29 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Disconnected from 198.199.68.33 port 39242 [preauth]
Sep 29 22:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24121]: Failed password for root from 162.144.236.216 port 50568 ssh2
Sep 29 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24121]: Connection closed by 162.144.236.216 port 50568 [preauth]
Sep 29 22:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session closed for user root
Sep 29 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24230]: Successful su for rubyman by root
Sep 29 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24230]: + ??? root:rubyman
Sep 29 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317479 of user rubyman.
Sep 29 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24230]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317479.
Sep 29 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
Sep 29 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20706]: pam_unix(cron:session): session closed for user root
Sep 29 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: Failed password for root from 162.144.236.216 port 57400 ssh2
Sep 29 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24145]: Connection closed by 162.144.236.216 port 57400 [preauth]
Sep 29 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Invalid user user-backup from 200.44.190.194
Sep 29 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: input_userauth_request: invalid user user-backup [preauth]
Sep 29 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Failed password for invalid user user-backup from 200.44.190.194 port 37196 ssh2
Sep 29 22:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Received disconnect from 200.44.190.194 port 37196:11: Bye Bye [preauth]
Sep 29 22:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Disconnected from 200.44.190.194 port 37196 [preauth]
Sep 29 22:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: Failed password for root from 162.144.236.216 port 34182 ssh2
Sep 29 22:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: Connection closed by 162.144.236.216 port 34182 [preauth]
Sep 29 22:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: Failed password for root from 162.144.236.216 port 42110 ssh2
Sep 29 22:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: Connection closed by 162.144.236.216 port 42110 [preauth]
Sep 29 22:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Failed password for root from 162.144.236.216 port 47384 ssh2
Sep 29 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24542]: Connection closed by 162.144.236.216 port 47384 [preauth]
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user root
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Invalid user git-admin from 12.189.234.28
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: input_userauth_request: invalid user git-admin [preauth]
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Failed password for invalid user git-admin from 12.189.234.28 port 48992 ssh2
Sep 29 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Received disconnect from 12.189.234.28 port 48992:11: Bye Bye [preauth]
Sep 29 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Disconnected from 12.189.234.28 port 48992 [preauth]
Sep 29 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Failed password for root from 162.144.236.216 port 54820 ssh2
Sep 29 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Connection closed by 162.144.236.216 port 54820 [preauth]
Sep 29 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Failed password for root from 162.144.236.216 port 33362 ssh2
Sep 29 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Connection closed by 162.144.236.216 port 33362 [preauth]
Sep 29 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Invalid user user2 from 198.199.68.33
Sep 29 22:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: input_userauth_request: invalid user user2 [preauth]
Sep 29 22:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Failed password for invalid user user2 from 198.199.68.33 port 38308 ssh2
Sep 29 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Received disconnect from 198.199.68.33 port 38308:11: Bye Bye [preauth]
Sep 29 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24659]: Disconnected from 198.199.68.33 port 38308 [preauth]
Sep 29 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: Failed password for root from 162.144.236.216 port 39602 ssh2
Sep 29 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Invalid user linhai1 from 213.209.157.9
Sep 29 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: input_userauth_request: invalid user linhai1 [preauth]
Sep 29 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24651]: Connection closed by 162.144.236.216 port 39602 [preauth]
Sep 29 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 29 22:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Failed password for invalid user linhai1 from 213.209.157.9 port 55518 ssh2
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24683]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24767]: Successful su for rubyman by root
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24767]: + ??? root:rubyman
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317485 of user rubyman.
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24767]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317485.
Sep 29 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Connection closed by 213.209.157.9 port 55518 [preauth]
Sep 29 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Failed password for root from 162.144.236.216 port 46230 ssh2
Sep 29 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Connection closed by 162.144.236.216 port 46230 [preauth]
Sep 29 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session closed for user root
Sep 29 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for root from 162.144.236.216 port 53512 ssh2
Sep 29 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Connection closed by 162.144.236.216 port 53512 [preauth]
Sep 29 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Invalid user api_user from 200.44.190.194
Sep 29 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: input_userauth_request: invalid user api_user [preauth]
Sep 29 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Failed password for root from 162.144.236.216 port 33958 ssh2
Sep 29 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Failed password for invalid user api_user from 200.44.190.194 port 51462 ssh2
Sep 29 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Received disconnect from 200.44.190.194 port 51462:11: Bye Bye [preauth]
Sep 29 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Disconnected from 200.44.190.194 port 51462 [preauth]
Sep 29 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Connection closed by 162.144.236.216 port 33958 [preauth]
Sep 29 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Failed password for root from 162.144.236.216 port 40220 ssh2
Sep 29 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Invalid user user2 from 12.189.234.28
Sep 29 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: input_userauth_request: invalid user user2 [preauth]
Sep 29 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Connection closed by 162.144.236.216 port 40220 [preauth]
Sep 29 22:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Failed password for invalid user user2 from 12.189.234.28 port 33125 ssh2
Sep 29 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Received disconnect from 12.189.234.28 port 33125:11: Bye Bye [preauth]
Sep 29 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Disconnected from 12.189.234.28 port 33125 [preauth]
Sep 29 22:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23342]: pam_unix(cron:session): session closed for user root
Sep 29 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Failed password for root from 162.144.236.216 port 46326 ssh2
Sep 29 22:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Connection closed by 162.144.236.216 port 46326 [preauth]
Sep 29 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.220.176.69  user=root
Sep 29 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Failed password for root from 114.220.176.69 port 39469 ssh2
Sep 29 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Received disconnect from 114.220.176.69 port 39469:11: Bye Bye [preauth]
Sep 29 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Disconnected from 114.220.176.69 port 39469 [preauth]
Sep 29 22:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: Failed password for root from 162.144.236.216 port 54528 ssh2
Sep 29 22:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25091]: Connection closed by 162.144.236.216 port 54528 [preauth]
Sep 29 22:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Invalid user vin from 198.199.68.33
Sep 29 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: input_userauth_request: invalid user vin [preauth]
Sep 29 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Failed password for root from 162.144.236.216 port 33588 ssh2
Sep 29 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Failed password for invalid user vin from 198.199.68.33 port 41958 ssh2
Sep 29 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Received disconnect from 198.199.68.33 port 41958:11: Bye Bye [preauth]
Sep 29 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Disconnected from 198.199.68.33 port 41958 [preauth]
Sep 29 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Connection closed by 162.144.236.216 port 33588 [preauth]
Sep 29 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25171]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: Successful su for rubyman by root
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: + ??? root:rubyman
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317489 of user rubyman.
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317489.
Sep 29 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session closed for user root
Sep 29 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: Failed password for root from 162.144.236.216 port 38658 ssh2
Sep 29 22:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25153]: Connection closed by 162.144.236.216 port 38658 [preauth]
Sep 29 22:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: Failed password for root from 162.144.236.216 port 46698 ssh2
Sep 29 22:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25673]: Connection closed by 162.144.236.216 port 46698 [preauth]
Sep 29 22:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25711]: Failed password for root from 162.144.236.216 port 54326 ssh2
Sep 29 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25711]: Connection closed by 162.144.236.216 port 54326 [preauth]
Sep 29 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Invalid user chat from 200.44.190.194
Sep 29 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: input_userauth_request: invalid user chat [preauth]
Sep 29 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Failed password for invalid user chat from 200.44.190.194 port 49504 ssh2
Sep 29 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Received disconnect from 200.44.190.194 port 49504:11: Bye Bye [preauth]
Sep 29 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Disconnected from 200.44.190.194 port 49504 [preauth]
Sep 29 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for root from 12.189.234.28 port 45492 ssh2
Sep 29 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Received disconnect from 12.189.234.28 port 45492:11: Bye Bye [preauth]
Sep 29 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Disconnected from 12.189.234.28 port 45492 [preauth]
Sep 29 22:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session closed for user root
Sep 29 22:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25748]: Failed password for root from 162.144.236.216 port 34346 ssh2
Sep 29 22:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25748]: Connection closed by 162.144.236.216 port 34346 [preauth]
Sep 29 22:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Failed password for root from 162.144.236.216 port 43458 ssh2
Sep 29 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Connection closed by 162.144.236.216 port 43458 [preauth]
Sep 29 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Failed password for root from 162.144.236.216 port 50806 ssh2
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Connection closed by 162.144.236.216 port 50806 [preauth]
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Invalid user gianluca from 198.199.68.33
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: input_userauth_request: invalid user gianluca [preauth]
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Failed password for invalid user gianluca from 198.199.68.33 port 36136 ssh2
Sep 29 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Received disconnect from 198.199.68.33 port 36136:11: Bye Bye [preauth]
Sep 29 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Disconnected from 198.199.68.33 port 36136 [preauth]
Sep 29 22:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Failed password for root from 162.144.236.216 port 57364 ssh2
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Connection closed by 162.144.236.216 port 57364 [preauth]
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26052]: Successful su for rubyman by root
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26052]: + ??? root:rubyman
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317493 of user rubyman.
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26052]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317493.
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Invalid user titu from 167.126.16.203
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: input_userauth_request: invalid user titu [preauth]
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Failed password for invalid user titu from 167.126.16.203 port 40024 ssh2
Sep 29 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22131]: pam_unix(cron:session): session closed for user root
Sep 29 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Received disconnect from 167.126.16.203 port 40024:11: Bye Bye [preauth]
Sep 29 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Disconnected from 167.126.16.203 port 40024 [preauth]
Sep 29 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Failed password for root from 162.144.236.216 port 34910 ssh2
Sep 29 22:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Connection closed by 162.144.236.216 port 34910 [preauth]
Sep 29 22:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Failed password for root from 162.144.236.216 port 41596 ssh2
Sep 29 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Connection closed by 162.144.236.216 port 41596 [preauth]
Sep 29 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: Failed password for root from 162.144.236.216 port 47788 ssh2
Sep 29 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26303]: Connection closed by 162.144.236.216 port 47788 [preauth]
Sep 29 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session closed for user root
Sep 29 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Failed password for root from 12.189.234.28 port 57848 ssh2
Sep 29 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Received disconnect from 12.189.234.28 port 57848:11: Bye Bye [preauth]
Sep 29 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Disconnected from 12.189.234.28 port 57848 [preauth]
Sep 29 22:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Invalid user vms from 200.44.190.194
Sep 29 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: input_userauth_request: invalid user vms [preauth]
Sep 29 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Failed password for invalid user vms from 200.44.190.194 port 59032 ssh2
Sep 29 22:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Received disconnect from 200.44.190.194 port 59032:11: Bye Bye [preauth]
Sep 29 22:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26400]: Disconnected from 200.44.190.194 port 59032 [preauth]
Sep 29 22:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: Failed password for root from 162.144.236.216 port 55440 ssh2
Sep 29 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26355]: Connection closed by 162.144.236.216 port 55440 [preauth]
Sep 29 22:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Invalid user vahid from 198.199.68.33
Sep 29 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: input_userauth_request: invalid user vahid [preauth]
Sep 29 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Failed password for invalid user vahid from 198.199.68.33 port 46860 ssh2
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Received disconnect from 198.199.68.33 port 46860:11: Bye Bye [preauth]
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Disconnected from 198.199.68.33 port 46860 [preauth]
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26555]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: Successful su for rubyman by root
Sep 29 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: + ??? root:rubyman
Sep 29 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317497 of user rubyman.
Sep 29 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317497.
Sep 29 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: Failed password for root from 162.144.236.216 port 35038 ssh2
Sep 29 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: Connection closed by 162.144.236.216 port 35038 [preauth]
Sep 29 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session closed for user root
Sep 29 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26848]: Failed password for root from 162.144.236.216 port 42576 ssh2
Sep 29 22:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26848]: Connection closed by 162.144.236.216 port 42576 [preauth]
Sep 29 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26961]: Failed password for root from 162.144.236.216 port 51094 ssh2
Sep 29 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26961]: Connection closed by 162.144.236.216 port 51094 [preauth]
Sep 29 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Failed password for root from 162.144.236.216 port 58944 ssh2
Sep 29 22:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27012]: Connection closed by 162.144.236.216 port 58944 [preauth]
Sep 29 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25174]: pam_unix(cron:session): session closed for user root
Sep 29 22:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27043]: Failed password for root from 162.144.236.216 port 36450 ssh2
Sep 29 22:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27043]: Connection closed by 162.144.236.216 port 36450 [preauth]
Sep 29 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Invalid user flectra from 12.189.234.28
Sep 29 22:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: input_userauth_request: invalid user flectra [preauth]
Sep 29 22:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Failed password for invalid user flectra from 12.189.234.28 port 41984 ssh2
Sep 29 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Received disconnect from 12.189.234.28 port 41984:11: Bye Bye [preauth]
Sep 29 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27087]: Disconnected from 12.189.234.28 port 41984 [preauth]
Sep 29 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Failed password for root from 162.144.236.216 port 43894 ssh2
Sep 29 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Connection closed by 162.144.236.216 port 43894 [preauth]
Sep 29 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Invalid user deamon from 200.44.190.194
Sep 29 22:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: input_userauth_request: invalid user deamon [preauth]
Sep 29 22:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Failed password for invalid user deamon from 200.44.190.194 port 48664 ssh2
Sep 29 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Received disconnect from 200.44.190.194 port 48664:11: Bye Bye [preauth]
Sep 29 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Disconnected from 200.44.190.194 port 48664 [preauth]
Sep 29 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session closed for user root
Sep 29 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: Successful su for rubyman by root
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: + ??? root:rubyman
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317503 of user rubyman.
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317503.
Sep 29 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: Failed password for root from 162.144.236.216 port 53546 ssh2
Sep 29 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27108]: Connection closed by 162.144.236.216 port 53546 [preauth]
Sep 29 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session closed for user root
Sep 29 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Invalid user socksuser from 198.199.68.33
Sep 29 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: input_userauth_request: invalid user socksuser [preauth]
Sep 29 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23341]: pam_unix(cron:session): session closed for user root
Sep 29 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Failed password for invalid user socksuser from 198.199.68.33 port 53368 ssh2
Sep 29 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Received disconnect from 198.199.68.33 port 53368:11: Bye Bye [preauth]
Sep 29 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27329]: Disconnected from 198.199.68.33 port 53368 [preauth]
Sep 29 22:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Failed password for root from 162.144.236.216 port 60060 ssh2
Sep 29 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Connection closed by 162.144.236.216 port 60060 [preauth]
Sep 29 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Failed password for root from 162.144.236.216 port 38686 ssh2
Sep 29 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Connection closed by 162.144.236.216 port 38686 [preauth]
Sep 29 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Invalid user api_user from 167.126.16.203
Sep 29 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: input_userauth_request: invalid user api_user [preauth]
Sep 29 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Failed password for invalid user api_user from 167.126.16.203 port 40252 ssh2
Sep 29 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Received disconnect from 167.126.16.203 port 40252:11: Bye Bye [preauth]
Sep 29 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Disconnected from 167.126.16.203 port 40252 [preauth]
Sep 29 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Failed password for root from 162.144.236.216 port 44582 ssh2
Sep 29 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27521]: Connection closed by 162.144.236.216 port 44582 [preauth]
Sep 29 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: Failed password for root from 162.144.236.216 port 51214 ssh2
Sep 29 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25982]: pam_unix(cron:session): session closed for user root
Sep 29 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: Connection closed by 162.144.236.216 port 51214 [preauth]
Sep 29 22:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: Failed password for root from 162.144.236.216 port 57668 ssh2
Sep 29 22:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: Connection closed by 162.144.236.216 port 57668 [preauth]
Sep 29 22:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Failed password for root from 162.144.236.216 port 37362 ssh2
Sep 29 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27784]: Connection closed by 162.144.236.216 port 37362 [preauth]
Sep 29 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 22:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Failed password for root from 12.189.234.28 port 54347 ssh2
Sep 29 22:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Received disconnect from 12.189.234.28 port 54347:11: Bye Bye [preauth]
Sep 29 22:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Disconnected from 12.189.234.28 port 54347 [preauth]
Sep 29 22:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Invalid user toto from 93.152.230.176
Sep 29 22:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: input_userauth_request: invalid user toto [preauth]
Sep 29 22:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Failed password for invalid user toto from 93.152.230.176 port 12351 ssh2
Sep 29 22:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Received disconnect from 93.152.230.176 port 12351:11: Client disconnecting normally [preauth]
Sep 29 22:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27815]: Disconnected from 93.152.230.176 port 12351 [preauth]
Sep 29 22:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Failed password for root from 162.144.236.216 port 42650 ssh2
Sep 29 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Connection closed by 162.144.236.216 port 42650 [preauth]
Sep 29 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27836]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: Successful su for rubyman by root
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: + ??? root:rubyman
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317507 of user rubyman.
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27911]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317507.
Sep 29 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session closed for user root
Sep 29 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 22:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: Failed password for root from 162.144.236.216 port 50710 ssh2
Sep 29 22:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27834]: Connection closed by 162.144.236.216 port 50710 [preauth]
Sep 29 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Failed password for root from 200.44.190.194 port 34148 ssh2
Sep 29 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Received disconnect from 200.44.190.194 port 34148:11: Bye Bye [preauth]
Sep 29 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Disconnected from 200.44.190.194 port 34148 [preauth]
Sep 29 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Failed password for root from 198.199.68.33 port 47198 ssh2
Sep 29 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Received disconnect from 198.199.68.33 port 47198:11: Bye Bye [preauth]
Sep 29 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28127]: Disconnected from 198.199.68.33 port 47198 [preauth]
Sep 29 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Failed password for root from 162.144.236.216 port 57552 ssh2
Sep 29 22:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Connection closed by 162.144.236.216 port 57552 [preauth]
Sep 29 22:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: Failed password for root from 162.144.236.216 port 35368 ssh2
Sep 29 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28173]: Connection closed by 162.144.236.216 port 35368 [preauth]
Sep 29 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Failed password for root from 162.144.236.216 port 42272 ssh2
Sep 29 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26555]: pam_unix(cron:session): session closed for user root
Sep 29 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Connection closed by 162.144.236.216 port 42272 [preauth]
Sep 29 22:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Invalid user admin from 194.0.234.19
Sep 29 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: input_userauth_request: invalid user admin [preauth]
Sep 29 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 22:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Failed password for invalid user admin from 194.0.234.19 port 17694 ssh2
Sep 29 22:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Connection closed by 194.0.234.19 port 17694 [preauth]
Sep 29 22:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: Failed password for root from 162.144.236.216 port 49262 ssh2
Sep 29 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28237]: Connection closed by 162.144.236.216 port 49262 [preauth]
Sep 29 22:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 22:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=drml500@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 22:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Failed password for root from 162.144.236.216 port 57634 ssh2
Sep 29 22:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Connection closed by 162.144.236.216 port 57634 [preauth]
Sep 29 22:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 22:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=drml500 rhost=::ffff:45.142.193.185
Sep 29 22:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Failed password for root from 162.144.236.216 port 35776 ssh2
Sep 29 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Invalid user work from 12.189.234.28
Sep 29 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: input_userauth_request: invalid user work [preauth]
Sep 29 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Connection closed by 162.144.236.216 port 35776 [preauth]
Sep 29 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Failed password for invalid user work from 12.189.234.28 port 38476 ssh2
Sep 29 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Received disconnect from 12.189.234.28 port 38476:11: Bye Bye [preauth]
Sep 29 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Disconnected from 12.189.234.28 port 38476 [preauth]
Sep 29 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28340]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: Successful su for rubyman by root
Sep 29 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: + ??? root:rubyman
Sep 29 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317513 of user rubyman.
Sep 29 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28408]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317513.
Sep 29 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user root
Sep 29 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28329]: Failed password for root from 162.144.236.216 port 40604 ssh2
Sep 29 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28329]: Connection closed by 162.144.236.216 port 40604 [preauth]
Sep 29 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Invalid user staging from 198.199.68.33
Sep 29 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: input_userauth_request: invalid user staging [preauth]
Sep 29 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Failed password for invalid user staging from 198.199.68.33 port 52172 ssh2
Sep 29 22:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Received disconnect from 198.199.68.33 port 52172:11: Bye Bye [preauth]
Sep 29 22:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Disconnected from 198.199.68.33 port 52172 [preauth]
Sep 29 22:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Failed password for root from 162.144.236.216 port 48542 ssh2
Sep 29 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Connection closed by 162.144.236.216 port 48542 [preauth]
Sep 29 22:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Invalid user agent from 200.44.190.194
Sep 29 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: input_userauth_request: invalid user agent [preauth]
Sep 29 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Failed password for invalid user agent from 200.44.190.194 port 40488 ssh2
Sep 29 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Received disconnect from 200.44.190.194 port 40488:11: Bye Bye [preauth]
Sep 29 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Disconnected from 200.44.190.194 port 40488 [preauth]
Sep 29 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session closed for user root
Sep 29 22:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Failed password for root from 162.144.236.216 port 56930 ssh2
Sep 29 22:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Connection closed by 162.144.236.216 port 56930 [preauth]
Sep 29 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Failed password for root from 162.144.236.216 port 37054 ssh2
Sep 29 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Connection closed by 162.144.236.216 port 37054 [preauth]
Sep 29 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Invalid user hai from 12.189.234.28
Sep 29 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: input_userauth_request: invalid user hai [preauth]
Sep 29 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29102]: Successful su for rubyman by root
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29102]: + ??? root:rubyman
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317514 of user rubyman.
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29102]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317514.
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Failed password for invalid user hai from 12.189.234.28 port 50843 ssh2
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Received disconnect from 12.189.234.28 port 50843:11: Bye Bye [preauth]
Sep 29 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29012]: Disconnected from 12.189.234.28 port 50843 [preauth]
Sep 29 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Failed password for root from 162.144.236.216 port 44254 ssh2
Sep 29 22:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Connection closed by 162.144.236.216 port 44254 [preauth]
Sep 29 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25173]: pam_unix(cron:session): session closed for user root
Sep 29 22:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29016]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for root from 162.144.236.216 port 51264 ssh2
Sep 29 22:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Connection closed by 162.144.236.216 port 51264 [preauth]
Sep 29 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Invalid user git-admin from 198.199.68.33
Sep 29 22:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: input_userauth_request: invalid user git-admin [preauth]
Sep 29 22:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Failed password for invalid user git-admin from 198.199.68.33 port 36584 ssh2
Sep 29 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Received disconnect from 198.199.68.33 port 36584:11: Bye Bye [preauth]
Sep 29 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Disconnected from 198.199.68.33 port 36584 [preauth]
Sep 29 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for root from 162.144.236.216 port 57648 ssh2
Sep 29 22:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Connection closed by 162.144.236.216 port 57648 [preauth]
Sep 29 22:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Failed password for root from 162.144.236.216 port 35346 ssh2
Sep 29 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Connection closed by 162.144.236.216 port 35346 [preauth]
Sep 29 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Invalid user titu from 200.44.190.194
Sep 29 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: input_userauth_request: invalid user titu [preauth]
Sep 29 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Failed password for invalid user titu from 200.44.190.194 port 43530 ssh2
Sep 29 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Received disconnect from 200.44.190.194 port 43530:11: Bye Bye [preauth]
Sep 29 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Disconnected from 200.44.190.194 port 43530 [preauth]
Sep 29 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session closed for user root
Sep 29 22:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: Failed password for root from 162.144.236.216 port 42758 ssh2
Sep 29 22:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29410]: Connection closed by 162.144.236.216 port 42758 [preauth]
Sep 29 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29462]: Failed password for root from 162.144.236.216 port 50068 ssh2
Sep 29 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29462]: Connection closed by 162.144.236.216 port 50068 [preauth]
Sep 29 22:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29479]: Failed password for root from 162.144.236.216 port 55952 ssh2
Sep 29 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29479]: Connection closed by 162.144.236.216 port 55952 [preauth]
Sep 29 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Invalid user store from 12.189.234.28
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: input_userauth_request: invalid user store [preauth]
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Failed password for root from 162.144.236.216 port 34864 ssh2
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29530]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29531]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: Successful su for rubyman by root
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: + ??? root:rubyman
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317520 of user rubyman.
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29596]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317520.
Sep 29 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Connection closed by 162.144.236.216 port 34864 [preauth]
Sep 29 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Failed password for invalid user store from 12.189.234.28 port 34971 ssh2
Sep 29 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Received disconnect from 12.189.234.28 port 34971:11: Bye Bye [preauth]
Sep 29 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Disconnected from 12.189.234.28 port 34971 [preauth]
Sep 29 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25979]: pam_unix(cron:session): session closed for user root
Sep 29 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Failed password for root from 162.144.236.216 port 41442 ssh2
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Invalid user abbas from 167.126.16.203
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: input_userauth_request: invalid user abbas [preauth]
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Invalid user titu from 198.199.68.33
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: input_userauth_request: invalid user titu [preauth]
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Connection closed by 162.144.236.216 port 41442 [preauth]
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for invalid user abbas from 167.126.16.203 port 56052 ssh2
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Received disconnect from 167.126.16.203 port 56052:11: Bye Bye [preauth]
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Disconnected from 167.126.16.203 port 56052 [preauth]
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Failed password for invalid user titu from 198.199.68.33 port 55270 ssh2
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Received disconnect from 198.199.68.33 port 55270:11: Bye Bye [preauth]
Sep 29 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Disconnected from 198.199.68.33 port 55270 [preauth]
Sep 29 22:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Failed password for root from 162.144.236.216 port 48278 ssh2
Sep 29 22:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28340]: pam_unix(cron:session): session closed for user root
Sep 29 22:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Connection closed by 162.144.236.216 port 48278 [preauth]
Sep 29 22:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Invalid user candy from 200.44.190.194
Sep 29 22:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: input_userauth_request: invalid user candy [preauth]
Sep 29 22:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user candy from 200.44.190.194 port 42958 ssh2
Sep 29 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Received disconnect from 200.44.190.194 port 42958:11: Bye Bye [preauth]
Sep 29 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Disconnected from 200.44.190.194 port 42958 [preauth]
Sep 29 22:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Failed password for root from 162.144.236.216 port 56408 ssh2
Sep 29 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Connection closed by 162.144.236.216 port 56408 [preauth]
Sep 29 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Failed password for root from 162.144.236.216 port 34920 ssh2
Sep 29 22:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Connection closed by 162.144.236.216 port 34920 [preauth]
Sep 29 22:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Failed password for root from 162.144.236.216 port 42428 ssh2
Sep 29 22:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Connection closed by 162.144.236.216 port 42428 [preauth]
Sep 29 22:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user root
Sep 29 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: Successful su for rubyman by root
Sep 29 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: + ??? root:rubyman
Sep 29 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317522 of user rubyman.
Sep 29 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317522.
Sep 29 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
Sep 29 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Invalid user odoo from 12.189.234.28
Sep 29 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: input_userauth_request: invalid user odoo [preauth]
Sep 29 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session closed for user root
Sep 29 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Failed password for invalid user odoo from 12.189.234.28 port 47334 ssh2
Sep 29 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Received disconnect from 12.189.234.28 port 47334:11: Bye Bye [preauth]
Sep 29 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Disconnected from 12.189.234.28 port 47334 [preauth]
Sep 29 22:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Failed password for root from 162.144.236.216 port 48034 ssh2
Sep 29 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Connection closed by 162.144.236.216 port 48034 [preauth]
Sep 29 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Failed password for root from 162.144.236.216 port 55874 ssh2
Sep 29 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Connection closed by 162.144.236.216 port 55874 [preauth]
Sep 29 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Invalid user old from 167.126.16.203
Sep 29 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: input_userauth_request: invalid user old [preauth]
Sep 29 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Failed password for invalid user old from 167.126.16.203 port 60352 ssh2
Sep 29 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Received disconnect from 167.126.16.203 port 60352:11: Bye Bye [preauth]
Sep 29 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Disconnected from 167.126.16.203 port 60352 [preauth]
Sep 29 22:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Invalid user agent from 198.199.68.33
Sep 29 22:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: input_userauth_request: invalid user agent [preauth]
Sep 29 22:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Failed password for root from 162.144.236.216 port 34182 ssh2
Sep 29 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Failed password for invalid user agent from 198.199.68.33 port 60952 ssh2
Sep 29 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Received disconnect from 198.199.68.33 port 60952:11: Bye Bye [preauth]
Sep 29 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Disconnected from 198.199.68.33 port 60952 [preauth]
Sep 29 22:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Connection closed by 162.144.236.216 port 34182 [preauth]
Sep 29 22:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for root from 162.144.236.216 port 40510 ssh2
Sep 29 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session closed for user root
Sep 29 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 162.144.236.216 port 40510 [preauth]
Sep 29 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Failed password for root from 162.144.236.216 port 47010 ssh2
Sep 29 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Connection closed by 162.144.236.216 port 47010 [preauth]
Sep 29 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Failed password for root from 162.144.236.216 port 53366 ssh2
Sep 29 22:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Connection closed by 162.144.236.216 port 53366 [preauth]
Sep 29 22:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Invalid user work from 200.44.190.194
Sep 29 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: input_userauth_request: invalid user work [preauth]
Sep 29 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Failed password for invalid user work from 200.44.190.194 port 36650 ssh2
Sep 29 22:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Received disconnect from 200.44.190.194 port 36650:11: Bye Bye [preauth]
Sep 29 22:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Disconnected from 200.44.190.194 port 36650 [preauth]
Sep 29 22:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Failed password for root from 162.144.236.216 port 60248 ssh2
Sep 29 22:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Connection closed by 162.144.236.216 port 60248 [preauth]
Sep 29 22:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30751]: Successful su for rubyman by root
Sep 29 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30751]: + ??? root:rubyman
Sep 29 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317528 of user rubyman.
Sep 29 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30751]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317528.
Sep 29 22:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Failed password for root from 162.144.236.216 port 38504 ssh2
Sep 29 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session closed for user root
Sep 29 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Connection closed by 162.144.236.216 port 38504 [preauth]
Sep 29 22:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30679]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: Failed password for root from 162.144.236.216 port 45212 ssh2
Sep 29 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30942]: Connection closed by 162.144.236.216 port 45212 [preauth]
Sep 29 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Invalid user csuser from 12.189.234.28
Sep 29 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: input_userauth_request: invalid user csuser [preauth]
Sep 29 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Failed password for invalid user csuser from 12.189.234.28 port 59697 ssh2
Sep 29 22:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Received disconnect from 12.189.234.28 port 59697:11: Bye Bye [preauth]
Sep 29 22:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Disconnected from 12.189.234.28 port 59697 [preauth]
Sep 29 22:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203  user=root
Sep 29 22:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: Failed password for root from 167.126.16.203 port 40198 ssh2
Sep 29 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: Received disconnect from 167.126.16.203 port 40198:11: Bye Bye [preauth]
Sep 29 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31005]: Disconnected from 167.126.16.203 port 40198 [preauth]
Sep 29 22:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Failed password for root from 162.144.236.216 port 51056 ssh2
Sep 29 22:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Connection closed by 162.144.236.216 port 51056 [preauth]
Sep 29 22:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Invalid user odoo from 198.199.68.33
Sep 29 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: input_userauth_request: invalid user odoo [preauth]
Sep 29 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Failed password for invalid user odoo from 198.199.68.33 port 40818 ssh2
Sep 29 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Received disconnect from 198.199.68.33 port 40818:11: Bye Bye [preauth]
Sep 29 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Disconnected from 198.199.68.33 port 40818 [preauth]
Sep 29 22:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for root from 162.144.236.216 port 58146 ssh2
Sep 29 22:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Connection closed by 162.144.236.216 port 58146 [preauth]
Sep 29 22:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29531]: pam_unix(cron:session): session closed for user root
Sep 29 22:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Failed password for root from 162.144.236.216 port 37920 ssh2
Sep 29 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Connection closed by 162.144.236.216 port 37920 [preauth]
Sep 29 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Invalid user cuser from 114.220.176.69
Sep 29 22:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: input_userauth_request: invalid user cuser [preauth]
Sep 29 22:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.220.176.69
Sep 29 22:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Failed password for invalid user cuser from 114.220.176.69 port 45481 ssh2
Sep 29 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Failed password for root from 162.144.236.216 port 45738 ssh2
Sep 29 22:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Connection closed by 162.144.236.216 port 45738 [preauth]
Sep 29 22:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31141]: Failed password for root from 162.144.236.216 port 52558 ssh2
Sep 29 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31141]: Connection closed by 162.144.236.216 port 52558 [preauth]
Sep 29 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31170]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31168]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31234]: Successful su for rubyman by root
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31234]: + ??? root:rubyman
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317532 of user rubyman.
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31234]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317532.
Sep 29 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session closed for user root
Sep 29 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Failed password for root from 162.144.236.216 port 60612 ssh2
Sep 29 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Connection closed by 162.144.236.216 port 60612 [preauth]
Sep 29 22:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Failed password for root from 200.44.190.194 port 53880 ssh2
Sep 29 22:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Received disconnect from 200.44.190.194 port 53880:11: Bye Bye [preauth]
Sep 29 22:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31386]: Disconnected from 200.44.190.194 port 53880 [preauth]
Sep 29 22:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31169]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Failed password for root from 162.144.236.216 port 37740 ssh2
Sep 29 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Connection closed by 162.144.236.216 port 37740 [preauth]
Sep 29 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Invalid user vahid from 12.189.234.28
Sep 29 22:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: input_userauth_request: invalid user vahid [preauth]
Sep 29 22:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for invalid user vahid from 12.189.234.28 port 43821 ssh2
Sep 29 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Received disconnect from 12.189.234.28 port 43821:11: Bye Bye [preauth]
Sep 29 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Disconnected from 12.189.234.28 port 43821 [preauth]
Sep 29 22:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Failed password for root from 162.144.236.216 port 44710 ssh2
Sep 29 22:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Connection closed by 162.144.236.216 port 44710 [preauth]
Sep 29 22:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: Failed password for root from 198.199.68.33 port 41920 ssh2
Sep 29 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: Received disconnect from 198.199.68.33 port 41920:11: Bye Bye [preauth]
Sep 29 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31565]: Disconnected from 198.199.68.33 port 41920 [preauth]
Sep 29 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 162.144.236.216 port 51980 ssh2
Sep 29 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 162.144.236.216 port 51980 [preauth]
Sep 29 22:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session closed for user root
Sep 29 22:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31577]: Failed password for root from 162.144.236.216 port 58714 ssh2
Sep 29 22:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31577]: Connection closed by 162.144.236.216 port 58714 [preauth]
Sep 29 22:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Failed password for root from 162.144.236.216 port 36418 ssh2
Sep 29 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Connection closed by 162.144.236.216 port 36418 [preauth]
Sep 29 22:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Failed password for root from 162.144.236.216 port 42594 ssh2
Sep 29 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Connection closed by 162.144.236.216 port 42594 [preauth]
Sep 29 22:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31733]: Successful su for rubyman by root
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31733]: + ??? root:rubyman
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317537 of user rubyman.
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31733]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317537.
Sep 29 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for root from 162.144.236.216 port 49478 ssh2
Sep 29 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Connection closed by 162.144.236.216 port 49478 [preauth]
Sep 29 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session closed for user root
Sep 29 22:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31897]: Failed password for root from 162.144.236.216 port 56030 ssh2
Sep 29 22:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31897]: Connection closed by 162.144.236.216 port 56030 [preauth]
Sep 29 22:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Invalid user newuser1 from 200.44.190.194
Sep 29 22:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: input_userauth_request: invalid user newuser1 [preauth]
Sep 29 22:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Failed password for invalid user newuser1 from 200.44.190.194 port 45140 ssh2
Sep 29 22:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Received disconnect from 200.44.190.194 port 45140:11: Bye Bye [preauth]
Sep 29 22:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Disconnected from 200.44.190.194 port 45140 [preauth]
Sep 29 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Invalid user old from 12.189.234.28
Sep 29 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: input_userauth_request: invalid user old [preauth]
Sep 29 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203  user=root
Sep 29 22:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Failed password for invalid user old from 12.189.234.28 port 56187 ssh2
Sep 29 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Received disconnect from 12.189.234.28 port 56187:11: Bye Bye [preauth]
Sep 29 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31987]: Disconnected from 12.189.234.28 port 56187 [preauth]
Sep 29 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: Failed password for root from 167.126.16.203 port 36602 ssh2
Sep 29 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Failed password for root from 162.144.236.216 port 34204 ssh2
Sep 29 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: Received disconnect from 167.126.16.203 port 36602:11: Bye Bye [preauth]
Sep 29 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: Disconnected from 167.126.16.203 port 36602 [preauth]
Sep 29 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31965]: Connection closed by 162.144.236.216 port 34204 [preauth]
Sep 29 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Failed password for root from 162.144.236.216 port 41336 ssh2
Sep 29 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Connection closed by 162.144.236.216 port 41336 [preauth]
Sep 29 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: Failed password for root from 198.199.68.33 port 44728 ssh2
Sep 29 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: Received disconnect from 198.199.68.33 port 44728:11: Bye Bye [preauth]
Sep 29 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: Disconnected from 198.199.68.33 port 44728 [preauth]
Sep 29 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session closed for user root
Sep 29 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: Failed password for root from 162.144.236.216 port 47946 ssh2
Sep 29 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: Connection closed by 162.144.236.216 port 47946 [preauth]
Sep 29 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: Failed password for root from 162.144.236.216 port 56328 ssh2
Sep 29 22:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32074]: Connection closed by 162.144.236.216 port 56328 [preauth]
Sep 29 22:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Failed password for root from 162.144.236.216 port 33628 ssh2
Sep 29 22:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32110]: Connection closed by 162.144.236.216 port 33628 [preauth]
Sep 29 22:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: Invalid user admin1 from 93.152.230.176
Sep 29 22:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: input_userauth_request: invalid user admin1 [preauth]
Sep 29 22:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32140]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32141]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: Failed password for invalid user admin1 from 93.152.230.176 port 19049 ssh2
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: Successful su for rubyman by root
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: + ??? root:rubyman
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317541 of user rubyman.
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317541.
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: Received disconnect from 93.152.230.176 port 19049:11: Client disconnecting normally [preauth]
Sep 29 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32134]: Disconnected from 93.152.230.176 port 19049 [preauth]
Sep 29 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session closed for user root
Sep 29 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: Failed password for root from 162.144.236.216 port 40492 ssh2
Sep 29 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: Connection closed by 162.144.236.216 port 40492 [preauth]
Sep 29 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Invalid user angela from 12.189.234.28
Sep 29 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: input_userauth_request: invalid user angela [preauth]
Sep 29 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Invalid user examen from 200.44.190.194
Sep 29 22:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: input_userauth_request: invalid user examen [preauth]
Sep 29 22:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Failed password for invalid user angela from 12.189.234.28 port 40319 ssh2
Sep 29 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Received disconnect from 12.189.234.28 port 40319:11: Bye Bye [preauth]
Sep 29 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Disconnected from 12.189.234.28 port 40319 [preauth]
Sep 29 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Failed password for invalid user examen from 200.44.190.194 port 60176 ssh2
Sep 29 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Received disconnect from 200.44.190.194 port 60176:11: Bye Bye [preauth]
Sep 29 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Disconnected from 200.44.190.194 port 60176 [preauth]
Sep 29 22:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Failed password for root from 162.144.236.216 port 47884 ssh2
Sep 29 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Connection closed by 162.144.236.216 port 47884 [preauth]
Sep 29 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Invalid user composer from 198.199.68.33
Sep 29 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: input_userauth_request: invalid user composer [preauth]
Sep 29 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31171]: pam_unix(cron:session): session closed for user root
Sep 29 22:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Failed password for invalid user composer from 198.199.68.33 port 42888 ssh2
Sep 29 22:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Received disconnect from 198.199.68.33 port 42888:11: Bye Bye [preauth]
Sep 29 22:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Disconnected from 198.199.68.33 port 42888 [preauth]
Sep 29 22:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for root from 162.144.236.216 port 56672 ssh2
Sep 29 22:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 162.144.236.216 port 56672 [preauth]
Sep 29 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Failed password for root from 162.144.236.216 port 35130 ssh2
Sep 29 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Connection closed by 162.144.236.216 port 35130 [preauth]
Sep 29 22:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 22:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=r.ml500@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for root from 162.144.236.216 port 43412 ssh2
Sep 29 22:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Connection closed by 162.144.236.216 port 43412 [preauth]
Sep 29 22:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 22:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=r.ml500 rhost=::ffff:45.142.193.185
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32607]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32606]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session closed for user root
Sep 29 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32684]: Successful su for rubyman by root
Sep 29 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32684]: + ??? root:rubyman
Sep 29 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317548 of user rubyman.
Sep 29 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32684]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317548.
Sep 29 22:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32606]: pam_unix(cron:session): session closed for user root
Sep 29 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29530]: pam_unix(cron:session): session closed for user root
Sep 29 22:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32599]: Failed password for root from 162.144.236.216 port 50072 ssh2
Sep 29 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32599]: Connection closed by 162.144.236.216 port 50072 [preauth]
Sep 29 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[461]: Failed password for root from 162.144.236.216 port 58056 ssh2
Sep 29 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[461]: Connection closed by 162.144.236.216 port 58056 [preauth]
Sep 29 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Invalid user gitea from 167.126.16.203
Sep 29 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: input_userauth_request: invalid user gitea [preauth]
Sep 29 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Failed password for invalid user gitea from 167.126.16.203 port 56390 ssh2
Sep 29 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Received disconnect from 167.126.16.203 port 56390:11: Bye Bye [preauth]
Sep 29 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Disconnected from 167.126.16.203 port 56390 [preauth]
Sep 29 22:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[480]: Failed password for root from 162.144.236.216 port 34700 ssh2
Sep 29 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Invalid user whs from 12.189.234.28
Sep 29 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: input_userauth_request: invalid user whs [preauth]
Sep 29 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[480]: Connection closed by 162.144.236.216 port 34700 [preauth]
Sep 29 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Failed password for invalid user whs from 12.189.234.28 port 52675 ssh2
Sep 29 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Received disconnect from 12.189.234.28 port 52675:11: Bye Bye [preauth]
Sep 29 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Disconnected from 12.189.234.28 port 52675 [preauth]
Sep 29 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: Failed password for root from 200.44.190.194 port 57552 ssh2
Sep 29 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: Received disconnect from 200.44.190.194 port 57552:11: Bye Bye [preauth]
Sep 29 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: Disconnected from 200.44.190.194 port 57552 [preauth]
Sep 29 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user root
Sep 29 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Invalid user geoserver from 198.199.68.33
Sep 29 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Failed password for invalid user geoserver from 198.199.68.33 port 59532 ssh2
Sep 29 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Received disconnect from 198.199.68.33 port 59532:11: Bye Bye [preauth]
Sep 29 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Disconnected from 198.199.68.33 port 59532 [preauth]
Sep 29 22:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Failed password for root from 162.144.236.216 port 41914 ssh2
Sep 29 22:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Connection closed by 162.144.236.216 port 41914 [preauth]
Sep 29 22:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Failed password for root from 162.144.236.216 port 52218 ssh2
Sep 29 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[706]: Successful su for rubyman by root
Sep 29 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[706]: + ??? root:rubyman
Sep 29 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317551 of user rubyman.
Sep 29 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[706]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317551.
Sep 29 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[606]: Connection closed by 162.144.236.216 port 52218 [preauth]
Sep 29 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session closed for user root
Sep 29 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Failed password for root from 162.144.236.216 port 60040 ssh2
Sep 29 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Connection closed by 162.144.236.216 port 60040 [preauth]
Sep 29 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Invalid user teste from 194.0.234.19
Sep 29 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: input_userauth_request: invalid user teste [preauth]
Sep 29 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Sep 29 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user teste from 194.0.234.19 port 36466 ssh2
Sep 29 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Connection closed by 194.0.234.19 port 36466 [preauth]
Sep 29 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Invalid user user-backup from 167.126.16.203
Sep 29 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: input_userauth_request: invalid user user-backup [preauth]
Sep 29 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Failed password for invalid user user-backup from 167.126.16.203 port 33690 ssh2
Sep 29 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Received disconnect from 167.126.16.203 port 33690:11: Bye Bye [preauth]
Sep 29 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Disconnected from 167.126.16.203 port 33690 [preauth]
Sep 29 22:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Failed password for root from 162.144.236.216 port 38256 ssh2
Sep 29 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1030]: Connection closed by 162.144.236.216 port 38256 [preauth]
Sep 29 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Invalid user gianluca from 12.189.234.28
Sep 29 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: input_userauth_request: invalid user gianluca [preauth]
Sep 29 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Failed password for root from 162.144.236.216 port 45476 ssh2
Sep 29 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user gianluca from 12.189.234.28 port 36809 ssh2
Sep 29 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Connection closed by 162.144.236.216 port 45476 [preauth]
Sep 29 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Received disconnect from 12.189.234.28 port 36809:11: Bye Bye [preauth]
Sep 29 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Disconnected from 12.189.234.28 port 36809 [preauth]
Sep 29 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32141]: pam_unix(cron:session): session closed for user root
Sep 29 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Invalid user franz from 198.199.68.33
Sep 29 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: input_userauth_request: invalid user franz [preauth]
Sep 29 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Failed password for invalid user franz from 198.199.68.33 port 50106 ssh2
Sep 29 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Received disconnect from 198.199.68.33 port 50106:11: Bye Bye [preauth]
Sep 29 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Disconnected from 198.199.68.33 port 50106 [preauth]
Sep 29 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: Failed password for root from 162.144.236.216 port 52186 ssh2
Sep 29 22:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: Connection closed by 162.144.236.216 port 52186 [preauth]
Sep 29 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Invalid user geo from 200.44.190.194
Sep 29 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: input_userauth_request: invalid user geo [preauth]
Sep 29 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Failed password for invalid user geo from 200.44.190.194 port 50378 ssh2
Sep 29 22:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Received disconnect from 200.44.190.194 port 50378:11: Bye Bye [preauth]
Sep 29 22:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Disconnected from 200.44.190.194 port 50378 [preauth]
Sep 29 22:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for root from 162.144.236.216 port 58550 ssh2
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1273]: Successful su for rubyman by root
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1273]: + ??? root:rubyman
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317555 of user rubyman.
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1273]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317555.
Sep 29 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Connection closed by 162.144.236.216 port 58550 [preauth]
Sep 29 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session closed for user root
Sep 29 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1196]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Failed password for root from 162.144.236.216 port 37676 ssh2
Sep 29 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Connection closed by 162.144.236.216 port 37676 [preauth]
Sep 29 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1544]: Failed password for root from 162.144.236.216 port 45174 ssh2
Sep 29 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203  user=root
Sep 29 22:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1544]: Connection closed by 162.144.236.216 port 45174 [preauth]
Sep 29 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for root from 167.126.16.203 port 39064 ssh2
Sep 29 22:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Received disconnect from 167.126.16.203 port 39064:11: Bye Bye [preauth]
Sep 29 22:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Disconnected from 167.126.16.203 port 39064 [preauth]
Sep 29 22:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Failed password for root from 162.144.236.216 port 50198 ssh2
Sep 29 22:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Connection closed by 162.144.236.216 port 50198 [preauth]
Sep 29 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Invalid user franz from 12.189.234.28
Sep 29 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: input_userauth_request: invalid user franz [preauth]
Sep 29 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32608]: pam_unix(cron:session): session closed for user root
Sep 29 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Failed password for invalid user franz from 12.189.234.28 port 49171 ssh2
Sep 29 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Received disconnect from 12.189.234.28 port 49171:11: Bye Bye [preauth]
Sep 29 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Disconnected from 12.189.234.28 port 49171 [preauth]
Sep 29 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Failed password for root from 162.144.236.216 port 57212 ssh2
Sep 29 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Connection closed by 162.144.236.216 port 57212 [preauth]
Sep 29 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Invalid user store from 198.199.68.33
Sep 29 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: input_userauth_request: invalid user store [preauth]
Sep 29 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Failed password for invalid user store from 198.199.68.33 port 32996 ssh2
Sep 29 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Received disconnect from 198.199.68.33 port 32996:11: Bye Bye [preauth]
Sep 29 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Disconnected from 198.199.68.33 port 32996 [preauth]
Sep 29 22:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Failed password for root from 162.144.236.216 port 36902 ssh2
Sep 29 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Connection closed by 162.144.236.216 port 36902 [preauth]
Sep 29 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Failed password for root from 162.144.236.216 port 43206 ssh2
Sep 29 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Connection closed by 162.144.236.216 port 43206 [preauth]
Sep 29 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Invalid user user002 from 200.44.190.194
Sep 29 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: input_userauth_request: invalid user user002 [preauth]
Sep 29 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Failed password for invalid user user002 from 200.44.190.194 port 34928 ssh2
Sep 29 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Received disconnect from 200.44.190.194 port 34928:11: Bye Bye [preauth]
Sep 29 22:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1697]: Disconnected from 200.44.190.194 port 34928 [preauth]
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1714]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1777]: Successful su for rubyman by root
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1777]: + ??? root:rubyman
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317560 of user rubyman.
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1777]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317560.
Sep 29 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Failed password for root from 162.144.236.216 port 48536 ssh2
Sep 29 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Connection closed by 162.144.236.216 port 48536 [preauth]
Sep 29 22:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31170]: pam_unix(cron:session): session closed for user root
Sep 29 22:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Failed password for root from 162.144.236.216 port 55214 ssh2
Sep 29 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Connection closed by 162.144.236.216 port 55214 [preauth]
Sep 29 22:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: Failed password for root from 162.144.236.216 port 34030 ssh2
Sep 29 22:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1998]: Connection closed by 162.144.236.216 port 34030 [preauth]
Sep 29 22:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Failed password for root from 162.144.236.216 port 39928 ssh2
Sep 29 22:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Connection closed by 162.144.236.216 port 39928 [preauth]
Sep 29 22:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2058]: Failed password for root from 162.144.236.216 port 46560 ssh2
Sep 29 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2058]: Connection closed by 162.144.236.216 port 46560 [preauth]
Sep 29 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session closed for user root
Sep 29 22:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: Failed password for root from 162.144.236.216 port 52814 ssh2
Sep 29 22:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Invalid user acct from 12.189.234.28
Sep 29 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: input_userauth_request: invalid user acct [preauth]
Sep 29 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2081]: Connection closed by 162.144.236.216 port 52814 [preauth]
Sep 29 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Failed password for invalid user acct from 12.189.234.28 port 33301 ssh2
Sep 29 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Received disconnect from 12.189.234.28 port 33301:11: Bye Bye [preauth]
Sep 29 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Disconnected from 12.189.234.28 port 33301 [preauth]
Sep 29 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Invalid user old from 198.199.68.33
Sep 29 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: input_userauth_request: invalid user old [preauth]
Sep 29 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Failed password for invalid user old from 198.199.68.33 port 36556 ssh2
Sep 29 22:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Received disconnect from 198.199.68.33 port 36556:11: Bye Bye [preauth]
Sep 29 22:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2144]: Disconnected from 198.199.68.33 port 36556 [preauth]
Sep 29 22:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Failed password for root from 162.144.236.216 port 59608 ssh2
Sep 29 22:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Connection closed by 162.144.236.216 port 59608 [preauth]
Sep 29 22:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Failed password for root from 162.144.236.216 port 37214 ssh2
Sep 29 22:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2146]: Connection closed by 162.144.236.216 port 37214 [preauth]
Sep 29 22:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session closed for user p13x
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: Successful su for rubyman by root
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: + ??? root:rubyman
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317563 of user rubyman.
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: pam_unix(su:session): session closed for user rubyman
Sep 29 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317563.
Sep 29 22:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user root
Sep 29 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Failed password for root from 162.144.236.216 port 44740 ssh2
Sep 29 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Connection closed by 162.144.236.216 port 44740 [preauth]
Sep 29 22:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session closed for user samftp
Sep 29 22:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Failed password for root from 200.44.190.194 port 46760 ssh2
Sep 29 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Received disconnect from 200.44.190.194 port 46760:11: Bye Bye [preauth]
Sep 29 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Disconnected from 200.44.190.194 port 46760 [preauth]
Sep 29 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Failed password for root from 162.144.236.216 port 50094 ssh2
Sep 29 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Connection closed by 162.144.236.216 port 50094 [preauth]
Sep 29 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203  user=root
Sep 29 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Failed password for root from 162.144.236.216 port 57176 ssh2
Sep 29 22:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Connection closed by 162.144.236.216 port 57176 [preauth]
Sep 29 22:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Failed password for root from 167.126.16.203 port 36530 ssh2
Sep 29 22:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Received disconnect from 167.126.16.203 port 36530:11: Bye Bye [preauth]
Sep 29 22:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2498]: Disconnected from 167.126.16.203 port 36530 [preauth]
Sep 29 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user root
Sep 29 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Failed password for root from 162.144.236.216 port 37952 ssh2
Sep 29 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2527]: Connection closed by 162.144.236.216 port 37952 [preauth]
Sep 29 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Invalid user harry from 12.189.234.28
Sep 29 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: input_userauth_request: invalid user harry [preauth]
Sep 29 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Failed password for invalid user harry from 12.189.234.28 port 45673 ssh2
Sep 29 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Received disconnect from 12.189.234.28 port 45673:11: Bye Bye [preauth]
Sep 29 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Disconnected from 12.189.234.28 port 45673 [preauth]
Sep 29 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Invalid user ctl from 198.199.68.33
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: input_userauth_request: invalid user ctl [preauth]
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.220.176.69  user=root
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Failed password for root from 162.144.236.216 port 44708 ssh2
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for invalid user ctl from 198.199.68.33 port 34556 ssh2
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Failed password for root from 114.220.176.69 port 39035 ssh2
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Received disconnect from 198.199.68.33 port 34556:11: Bye Bye [preauth]
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Disconnected from 198.199.68.33 port 34556 [preauth]
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Received disconnect from 114.220.176.69 port 39035:11: Bye Bye [preauth]
Sep 29 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Disconnected from 114.220.176.69 port 39035 [preauth]
Sep 29 22:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Connection closed by 162.144.236.216 port 44708 [preauth]
Sep 29 22:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session closed for user root
Sep 29 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2633]: pam_unix(cron:session): session closed for user root
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2631]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: Successful su for rubyman by root
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: + ??? root:rubyman
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317567 of user rubyman.
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317567.
Sep 29 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2634]: pam_unix(cron:session): session closed for user root
Sep 29 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32140]: pam_unix(cron:session): session closed for user root
Sep 29 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Failed password for root from 162.144.236.216 port 51762 ssh2
Sep 29 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2632]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2619]: Connection closed by 162.144.236.216 port 51762 [preauth]
Sep 29 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for root from 162.144.236.216 port 58692 ssh2
Sep 29 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Connection closed by 162.144.236.216 port 58692 [preauth]
Sep 29 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Invalid user guest from 200.44.190.194
Sep 29 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: input_userauth_request: invalid user guest [preauth]
Sep 29 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 23:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Failed password for invalid user guest from 200.44.190.194 port 52714 ssh2
Sep 29 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Received disconnect from 200.44.190.194 port 52714:11: Bye Bye [preauth]
Sep 29 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Disconnected from 200.44.190.194 port 52714 [preauth]
Sep 29 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Invalid user dennis from 167.126.16.203
Sep 29 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: input_userauth_request: invalid user dennis [preauth]
Sep 29 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for invalid user dennis from 167.126.16.203 port 38954 ssh2
Sep 29 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Received disconnect from 167.126.16.203 port 38954:11: Bye Bye [preauth]
Sep 29 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Disconnected from 167.126.16.203 port 38954 [preauth]
Sep 29 23:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Failed password for root from 190.103.202.7 port 37748 ssh2
Sep 29 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3012]: Connection closed by 190.103.202.7 port 37748 [preauth]
Sep 29 23:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Failed password for root from 162.144.236.216 port 38626 ssh2
Sep 29 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Connection closed by 162.144.236.216 port 38626 [preauth]
Sep 29 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1714]: pam_unix(cron:session): session closed for user root
Sep 29 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for root from 162.144.236.216 port 45806 ssh2
Sep 29 23:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 162.144.236.216 port 45806 [preauth]
Sep 29 23:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Failed password for root from 162.144.236.216 port 52178 ssh2
Sep 29 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3118]: Connection closed by 162.144.236.216 port 52178 [preauth]
Sep 29 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 23:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Failed password for root from 162.144.236.216 port 59286 ssh2
Sep 29 23:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for root from 198.199.68.33 port 44154 ssh2
Sep 29 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Received disconnect from 198.199.68.33 port 44154:11: Bye Bye [preauth]
Sep 29 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Disconnected from 198.199.68.33 port 44154 [preauth]
Sep 29 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Connection closed by 162.144.236.216 port 59286 [preauth]
Sep 29 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Failed password for root from 12.189.234.28 port 58044 ssh2
Sep 29 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Received disconnect from 12.189.234.28 port 58044:11: Bye Bye [preauth]
Sep 29 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Disconnected from 12.189.234.28 port 58044 [preauth]
Sep 29 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3250]: Successful su for rubyman by root
Sep 29 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3250]: + ??? root:rubyman
Sep 29 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317573 of user rubyman.
Sep 29 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3250]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317573.
Sep 29 23:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Failed password for root from 162.144.236.216 port 37880 ssh2
Sep 29 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32607]: pam_unix(cron:session): session closed for user root
Sep 29 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3165]: Connection closed by 162.144.236.216 port 37880 [preauth]
Sep 29 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3178]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Failed password for root from 162.144.236.216 port 45242 ssh2
Sep 29 23:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3453]: Connection closed by 162.144.236.216 port 45242 [preauth]
Sep 29 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Invalid user erp from 167.126.16.203
Sep 29 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: input_userauth_request: invalid user erp [preauth]
Sep 29 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Invalid user stas from 200.44.190.194
Sep 29 23:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: input_userauth_request: invalid user stas [preauth]
Sep 29 23:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 23:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Failed password for invalid user erp from 167.126.16.203 port 42620 ssh2
Sep 29 23:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Received disconnect from 167.126.16.203 port 42620:11: Bye Bye [preauth]
Sep 29 23:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Disconnected from 167.126.16.203 port 42620 [preauth]
Sep 29 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Failed password for invalid user stas from 200.44.190.194 port 47206 ssh2
Sep 29 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Received disconnect from 200.44.190.194 port 47206:11: Bye Bye [preauth]
Sep 29 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Disconnected from 200.44.190.194 port 47206 [preauth]
Sep 29 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session closed for user root
Sep 29 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Failed password for root from 162.144.236.216 port 51294 ssh2
Sep 29 23:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Connection closed by 162.144.236.216 port 51294 [preauth]
Sep 29 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: Failed password for root from 162.144.236.216 port 58548 ssh2
Sep 29 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3565]: Connection closed by 162.144.236.216 port 58548 [preauth]
Sep 29 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 23:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Failed password for root from 162.144.236.216 port 38442 ssh2
Sep 29 23:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Invalid user student from 93.152.230.176
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: input_userauth_request: invalid user student [preauth]
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Connection closed by 162.144.236.216 port 38442 [preauth]
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: Invalid user titu from 12.189.234.28
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: input_userauth_request: invalid user titu [preauth]
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Failed password for root from 198.199.68.33 port 41326 ssh2
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Received disconnect from 198.199.68.33 port 41326:11: Bye Bye [preauth]
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Disconnected from 198.199.68.33 port 41326 [preauth]
Sep 29 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Failed password for invalid user student from 93.152.230.176 port 24314 ssh2
Sep 29 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: Failed password for invalid user titu from 12.189.234.28 port 42188 ssh2
Sep 29 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Received disconnect from 93.152.230.176 port 24314:11: Client disconnecting normally [preauth]
Sep 29 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Disconnected from 93.152.230.176 port 24314 [preauth]
Sep 29 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: Received disconnect from 12.189.234.28 port 42188:11: Bye Bye [preauth]
Sep 29 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3617]: Disconnected from 12.189.234.28 port 42188 [preauth]
Sep 29 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: Successful su for rubyman by root
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: + ??? root:rubyman
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317577 of user rubyman.
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317577.
Sep 29 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Failed password for root from 162.144.236.216 port 44476 ssh2
Sep 29 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Connection closed by 162.144.236.216 port 44476 [preauth]
Sep 29 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session closed for user root
Sep 29 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3877]: Failed password for root from 162.144.236.216 port 51292 ssh2
Sep 29 23:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3877]: Connection closed by 162.144.236.216 port 51292 [preauth]
Sep 29 23:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: Failed password for root from 162.144.236.216 port 58676 ssh2
Sep 29 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: Connection closed by 162.144.236.216 port 58676 [preauth]
Sep 29 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: Failed password for root from 162.144.236.216 port 38484 ssh2
Sep 29 23:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3953]: Connection closed by 162.144.236.216 port 38484 [preauth]
Sep 29 23:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session closed for user root
Sep 29 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Failed password for root from 200.44.190.194 port 48578 ssh2
Sep 29 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Received disconnect from 200.44.190.194 port 48578:11: Bye Bye [preauth]
Sep 29 23:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: Disconnected from 200.44.190.194 port 48578 [preauth]
Sep 29 23:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Failed password for root from 162.144.236.216 port 44896 ssh2
Sep 29 23:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Connection closed by 162.144.236.216 port 44896 [preauth]
Sep 29 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4034]: Failed password for root from 162.144.236.216 port 53998 ssh2
Sep 29 23:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4034]: Connection closed by 162.144.236.216 port 53998 [preauth]
Sep 29 23:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Invalid user admin9 from 198.199.68.33
Sep 29 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: input_userauth_request: invalid user admin9 [preauth]
Sep 29 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Failed password for invalid user admin9 from 198.199.68.33 port 34392 ssh2
Sep 29 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Received disconnect from 198.199.68.33 port 34392:11: Bye Bye [preauth]
Sep 29 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Disconnected from 198.199.68.33 port 34392 [preauth]
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4088]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: Successful su for rubyman by root
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: + ??? root:rubyman
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317583 of user rubyman.
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4164]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317583.
Sep 29 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: Failed password for root from 162.144.236.216 port 60908 ssh2
Sep 29 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: Connection closed by 162.144.236.216 port 60908 [preauth]
Sep 29 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Failed password for root from 12.189.234.28 port 54559 ssh2
Sep 29 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Received disconnect from 12.189.234.28 port 54559:11: Bye Bye [preauth]
Sep 29 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Disconnected from 12.189.234.28 port 54559 [preauth]
Sep 29 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session closed for user root
Sep 29 23:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Failed password for root from 162.144.236.216 port 40864 ssh2
Sep 29 23:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4241]: Connection closed by 162.144.236.216 port 40864 [preauth]
Sep 29 23:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Failed password for root from 162.144.236.216 port 48374 ssh2
Sep 29 23:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Connection closed by 162.144.236.216 port 48374 [preauth]
Sep 29 23:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: Failed password for root from 162.144.236.216 port 54662 ssh2
Sep 29 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4404]: Connection closed by 162.144.236.216 port 54662 [preauth]
Sep 29 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Invalid user chat from 167.126.16.203
Sep 29 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: input_userauth_request: invalid user chat [preauth]
Sep 29 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Failed password for invalid user chat from 167.126.16.203 port 55636 ssh2
Sep 29 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Received disconnect from 167.126.16.203 port 55636:11: Bye Bye [preauth]
Sep 29 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Disconnected from 167.126.16.203 port 55636 [preauth]
Sep 29 23:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session closed for user root
Sep 29 23:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Failed password for root from 162.144.236.216 port 33664 ssh2
Sep 29 23:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4442]: Connection closed by 162.144.236.216 port 33664 [preauth]
Sep 29 23:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Failed password for root from 162.144.236.216 port 39962 ssh2
Sep 29 23:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Connection closed by 162.144.236.216 port 39962 [preauth]
Sep 29 23:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194  user=root
Sep 29 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Failed password for root from 200.44.190.194 port 35182 ssh2
Sep 29 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Received disconnect from 200.44.190.194 port 35182:11: Bye Bye [preauth]
Sep 29 23:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Disconnected from 200.44.190.194 port 35182 [preauth]
Sep 29 23:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for root from 162.144.236.216 port 46744 ssh2
Sep 29 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Connection closed by 162.144.236.216 port 46744 [preauth]
Sep 29 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Failed password for root from 162.144.236.216 port 52996 ssh2
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4545]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: Successful su for rubyman by root
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: + ??? root:rubyman
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317585 of user rubyman.
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4616]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317585.
Sep 29 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4531]: Connection closed by 162.144.236.216 port 52996 [preauth]
Sep 29 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Invalid user angela from 198.199.68.33
Sep 29 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: input_userauth_request: invalid user angela [preauth]
Sep 29 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session closed for user root
Sep 29 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Failed password for invalid user angela from 198.199.68.33 port 40274 ssh2
Sep 29 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Received disconnect from 198.199.68.33 port 40274:11: Bye Bye [preauth]
Sep 29 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Disconnected from 198.199.68.33 port 40274 [preauth]
Sep 29 23:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Failed password for root from 162.144.236.216 port 59872 ssh2
Sep 29 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Failed password for root from 12.189.234.28 port 38693 ssh2
Sep 29 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Received disconnect from 12.189.234.28 port 38693:11: Bye Bye [preauth]
Sep 29 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Disconnected from 12.189.234.28 port 38693 [preauth]
Sep 29 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Connection closed by 162.144.236.216 port 59872 [preauth]
Sep 29 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Invalid user geoserver from 167.126.16.203
Sep 29 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: input_userauth_request: invalid user geoserver [preauth]
Sep 29 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for invalid user geoserver from 167.126.16.203 port 36548 ssh2
Sep 29 23:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Received disconnect from 167.126.16.203 port 36548:11: Bye Bye [preauth]
Sep 29 23:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Disconnected from 167.126.16.203 port 36548 [preauth]
Sep 29 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for root from 162.144.236.216 port 37488 ssh2
Sep 29 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Connection closed by 162.144.236.216 port 37488 [preauth]
Sep 29 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user root
Sep 29 23:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: Failed password for root from 162.144.236.216 port 45534 ssh2
Sep 29 23:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4912]: Connection closed by 162.144.236.216 port 45534 [preauth]
Sep 29 23:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Failed password for root from 162.144.236.216 port 53596 ssh2
Sep 29 23:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4983]: Connection closed by 162.144.236.216 port 53596 [preauth]
Sep 29 23:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Invalid user harry from 200.44.190.194
Sep 29 23:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: input_userauth_request: invalid user harry [preauth]
Sep 29 23:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Failed password for root from 162.144.236.216 port 59824 ssh2
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5016]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5013]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5015]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5014]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5016]: pam_unix(cron:session): session closed for user root
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5011]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for invalid user harry from 200.44.190.194 port 38778 ssh2
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4995]: Connection closed by 162.144.236.216 port 59824 [preauth]
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Received disconnect from 200.44.190.194 port 38778:11: Bye Bye [preauth]
Sep 29 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Disconnected from 200.44.190.194 port 38778 [preauth]
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: Successful su for rubyman by root
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: + ??? root:rubyman
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317589 of user rubyman.
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5098]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317589.
Sep 29 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5013]: pam_unix(cron:session): session closed for user root
Sep 29 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session closed for user root
Sep 29 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Invalid user csuser from 198.199.68.33
Sep 29 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: input_userauth_request: invalid user csuser [preauth]
Sep 29 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5012]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Failed password for invalid user csuser from 198.199.68.33 port 47816 ssh2
Sep 29 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Failed password for root from 162.144.236.216 port 37518 ssh2
Sep 29 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Received disconnect from 198.199.68.33 port 47816:11: Bye Bye [preauth]
Sep 29 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5312]: Disconnected from 198.199.68.33 port 47816 [preauth]
Sep 29 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5126]: Connection closed by 162.144.236.216 port 37518 [preauth]
Sep 29 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Invalid user vin from 12.189.234.28
Sep 29 23:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: input_userauth_request: invalid user vin [preauth]
Sep 29 23:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 23:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: Failed password for root from 162.144.236.216 port 44274 ssh2
Sep 29 23:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Failed password for invalid user vin from 12.189.234.28 port 51060 ssh2
Sep 29 23:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Received disconnect from 12.189.234.28 port 51060:11: Bye Bye [preauth]
Sep 29 23:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Disconnected from 12.189.234.28 port 51060 [preauth]
Sep 29 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5429]: Connection closed by 162.144.236.216 port 44274 [preauth]
Sep 29 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: Failed password for root from 162.144.236.216 port 51828 ssh2
Sep 29 23:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5458]: Connection closed by 162.144.236.216 port 51828 [preauth]
Sep 29 23:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: Invalid user vms from 167.126.16.203
Sep 29 23:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: input_userauth_request: invalid user vms [preauth]
Sep 29 23:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: Failed password for invalid user vms from 167.126.16.203 port 43148 ssh2
Sep 29 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: Received disconnect from 167.126.16.203 port 43148:11: Bye Bye [preauth]
Sep 29 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5496]: Disconnected from 167.126.16.203 port 43148 [preauth]
Sep 29 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4088]: pam_unix(cron:session): session closed for user root
Sep 29 23:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for root from 162.144.236.216 port 58014 ssh2
Sep 29 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Connection closed by 162.144.236.216 port 58014 [preauth]
Sep 29 23:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5542]: Failed password for root from 162.144.236.216 port 37520 ssh2
Sep 29 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5542]: Connection closed by 162.144.236.216 port 37520 [preauth]
Sep 29 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Failed password for root from 162.144.236.216 port 43298 ssh2
Sep 29 23:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5568]: Connection closed by 162.144.236.216 port 43298 [preauth]
Sep 29 23:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5675]: Successful su for rubyman by root
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5675]: + ??? root:rubyman
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317597 of user rubyman.
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5675]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317597.
Sep 29 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: Failed password for root from 162.144.236.216 port 52072 ssh2
Sep 29 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: Connection closed by 162.144.236.216 port 52072 [preauth]
Sep 29 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session closed for user root
Sep 29 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Failed password for root from 162.144.236.216 port 56984 ssh2
Sep 29 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Invalid user dennis from 200.44.190.194
Sep 29 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: input_userauth_request: invalid user dennis [preauth]
Sep 29 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 23:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Connection closed by 162.144.236.216 port 56984 [preauth]
Sep 29 23:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Invalid user flectra from 198.199.68.33
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: input_userauth_request: invalid user flectra [preauth]
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Failed password for invalid user dennis from 200.44.190.194 port 38714 ssh2
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Received disconnect from 200.44.190.194 port 38714:11: Bye Bye [preauth]
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5896]: Disconnected from 200.44.190.194 port 38714 [preauth]
Sep 29 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user flectra from 198.199.68.33 port 52244 ssh2
Sep 29 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Received disconnect from 198.199.68.33 port 52244:11: Bye Bye [preauth]
Sep 29 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Disconnected from 198.199.68.33 port 52244 [preauth]
Sep 29 23:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for root from 162.144.236.216 port 35492 ssh2
Sep 29 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Connection closed by 162.144.236.216 port 35492 [preauth]
Sep 29 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Failed password for root from 12.189.234.28 port 35195 ssh2
Sep 29 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Received disconnect from 12.189.234.28 port 35195:11: Bye Bye [preauth]
Sep 29 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Disconnected from 12.189.234.28 port 35195 [preauth]
Sep 29 23:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Failed password for root from 162.144.236.216 port 42108 ssh2
Sep 29 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Connection closed by 162.144.236.216 port 42108 [preauth]
Sep 29 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5974]: Failed password for root from 162.144.236.216 port 48294 ssh2
Sep 29 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session closed for user root
Sep 29 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5974]: Connection closed by 162.144.236.216 port 48294 [preauth]
Sep 29 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Failed password for root from 162.144.236.216 port 53960 ssh2
Sep 29 23:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Connection closed by 162.144.236.216 port 53960 [preauth]
Sep 29 23:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for root from 162.144.236.216 port 33256 ssh2
Sep 29 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Connection closed by 162.144.236.216 port 33256 [preauth]
Sep 29 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Failed password for root from 162.144.236.216 port 39866 ssh2
Sep 29 23:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Connection closed by 162.144.236.216 port 39866 [preauth]
Sep 29 23:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6077]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6145]: Successful su for rubyman by root
Sep 29 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6145]: + ??? root:rubyman
Sep 29 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317600 of user rubyman.
Sep 29 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6145]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317600.
Sep 29 23:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for root from 162.144.236.216 port 46248 ssh2
Sep 29 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session closed for user root
Sep 29 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Connection closed by 162.144.236.216 port 46248 [preauth]
Sep 29 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6078]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 23:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Failed password for root from 162.144.236.216 port 52034 ssh2
Sep 29 23:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Connection closed by 162.144.236.216 port 52034 [preauth]
Sep 29 23:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Failed password for root from 198.199.68.33 port 48042 ssh2
Sep 29 23:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Received disconnect from 198.199.68.33 port 48042:11: Bye Bye [preauth]
Sep 29 23:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Disconnected from 198.199.68.33 port 48042 [preauth]
Sep 29 23:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Invalid user abbas from 200.44.190.194
Sep 29 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: input_userauth_request: invalid user abbas [preauth]
Sep 29 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.44.190.194
Sep 29 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Failed password for invalid user abbas from 200.44.190.194 port 33102 ssh2
Sep 29 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Received disconnect from 200.44.190.194 port 33102:11: Bye Bye [preauth]
Sep 29 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Disconnected from 200.44.190.194 port 33102 [preauth]
Sep 29 23:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: Failed password for root from 162.144.236.216 port 57336 ssh2
Sep 29 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: Connection closed by 162.144.236.216 port 57336 [preauth]
Sep 29 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28  user=root
Sep 29 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Failed password for root from 12.189.234.28 port 47560 ssh2
Sep 29 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Received disconnect from 12.189.234.28 port 47560:11: Bye Bye [preauth]
Sep 29 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Disconnected from 12.189.234.28 port 47560 [preauth]
Sep 29 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Failed password for root from 162.144.236.216 port 36276 ssh2
Sep 29 23:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6398]: Connection closed by 162.144.236.216 port 36276 [preauth]
Sep 29 23:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5015]: pam_unix(cron:session): session closed for user root
Sep 29 23:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Failed password for root from 162.144.236.216 port 41744 ssh2
Sep 29 23:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Connection closed by 162.144.236.216 port 41744 [preauth]
Sep 29 23:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Failed password for root from 162.144.236.216 port 48884 ssh2
Sep 29 23:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection closed by 162.144.236.216 port 48884 [preauth]
Sep 29 23:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6497]: Failed password for root from 162.144.236.216 port 55384 ssh2
Sep 29 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6497]: Connection closed by 162.144.236.216 port 55384 [preauth]
Sep 29 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Failed password for root from 162.144.236.216 port 60226 ssh2
Sep 29 23:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Connection closed by 162.144.236.216 port 60226 [preauth]
Sep 29 23:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6547]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6545]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: Successful su for rubyman by root
Sep 29 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: + ??? root:rubyman
Sep 29 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317603 of user rubyman.
Sep 29 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6704]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317603.
Sep 29 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session closed for user root
Sep 29 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Failed password for root from 162.144.236.216 port 39328 ssh2
Sep 29 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6542]: Connection closed by 162.144.236.216 port 39328 [preauth]
Sep 29 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6546]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Invalid user whs from 198.199.68.33
Sep 29 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: input_userauth_request: invalid user whs [preauth]
Sep 29 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33
Sep 29 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Failed password for invalid user whs from 198.199.68.33 port 40698 ssh2
Sep 29 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Received disconnect from 198.199.68.33 port 40698:11: Bye Bye [preauth]
Sep 29 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6923]: Disconnected from 198.199.68.33 port 40698 [preauth]
Sep 29 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Failed password for root from 162.144.236.216 port 44672 ssh2
Sep 29 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Connection closed by 162.144.236.216 port 44672 [preauth]
Sep 29 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Failed password for root from 162.144.236.216 port 53310 ssh2
Sep 29 23:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6947]: Connection closed by 162.144.236.216 port 53310 [preauth]
Sep 29 23:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.137.255.140  user=root
Sep 29 23:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203  user=root
Sep 29 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Invalid user composer from 12.189.234.28
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: input_userauth_request: invalid user composer [preauth]
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Failed password for root from 23.137.255.140 port 34072 ssh2
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Received disconnect from 23.137.255.140 port 34072:11: Bye Bye [preauth]
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Disconnected from 23.137.255.140 port 34072 [preauth]
Sep 29 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6987]: Connection closed by 200.44.190.194 port 47588 [preauth]
Sep 29 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Failed password for root from 167.126.16.203 port 49560 ssh2
Sep 29 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Received disconnect from 167.126.16.203 port 49560:11: Bye Bye [preauth]
Sep 29 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6984]: Disconnected from 167.126.16.203 port 49560 [preauth]
Sep 29 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user root
Sep 29 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user composer from 12.189.234.28 port 59928 ssh2
Sep 29 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Received disconnect from 12.189.234.28 port 59928:11: Bye Bye [preauth]
Sep 29 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Disconnected from 12.189.234.28 port 59928 [preauth]
Sep 29 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: Failed password for root from 162.144.236.216 port 33700 ssh2
Sep 29 23:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6980]: Connection closed by 162.144.236.216 port 33700 [preauth]
Sep 29 23:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Failed password for root from 162.144.236.216 port 41794 ssh2
Sep 29 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Connection closed by 162.144.236.216 port 41794 [preauth]
Sep 29 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.220.176.69  user=root
Sep 29 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Failed password for root from 114.220.176.69 port 38883 ssh2
Sep 29 23:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Received disconnect from 114.220.176.69 port 38883:11: Bye Bye [preauth]
Sep 29 23:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Disconnected from 114.220.176.69 port 38883 [preauth]
Sep 29 23:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Failed password for root from 162.144.236.216 port 48582 ssh2
Sep 29 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Connection closed by 162.144.236.216 port 48582 [preauth]
Sep 29 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Invalid user user from 62.60.131.157
Sep 29 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: input_userauth_request: invalid user user [preauth]
Sep 29 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: Successful su for rubyman by root
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: + ??? root:rubyman
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317608 of user rubyman.
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7350]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317608.
Sep 29 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session closed for user root
Sep 29 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for invalid user user from 62.60.131.157 port 13365 ssh2
Sep 29 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for invalid user user from 62.60.131.157 port 13365 ssh2
Sep 29 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session closed for user root
Sep 29 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for invalid user user from 62.60.131.157 port 13365 ssh2
Sep 29 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for invalid user user from 62.60.131.157 port 13365 ssh2
Sep 29 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for invalid user user from 62.60.131.157 port 13365 ssh2
Sep 29 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Received disconnect from 62.60.131.157 port 13365:11: Bye [preauth]
Sep 29 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Disconnected from 62.60.131.157 port 13365 [preauth]
Sep 29 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Failed password for root from 162.144.236.216 port 54772 ssh2
Sep 29 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Connection closed by 162.144.236.216 port 54772 [preauth]
Sep 29 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.68.33  user=root
Sep 29 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Failed password for root from 198.199.68.33 port 55008 ssh2
Sep 29 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Received disconnect from 198.199.68.33 port 55008:11: Bye Bye [preauth]
Sep 29 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Disconnected from 198.199.68.33 port 55008 [preauth]
Sep 29 23:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7619]: Failed password for root from 162.144.236.216 port 36696 ssh2
Sep 29 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session closed for user root
Sep 29 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: Invalid user geo from 167.126.16.203
Sep 29 23:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: input_userauth_request: invalid user geo [preauth]
Sep 29 23:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7619]: Connection closed by 162.144.236.216 port 36696 [preauth]
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: Invalid user agent from 12.189.234.28
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: input_userauth_request: invalid user agent [preauth]
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.189.234.28
Sep 29 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: Failed password for invalid user agent from 12.189.234.28 port 44063 ssh2
Sep 29 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: Received disconnect from 12.189.234.28 port 44063:11: Bye Bye [preauth]
Sep 29 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7692]: Disconnected from 12.189.234.28 port 44063 [preauth]
Sep 29 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: Failed password for invalid user geo from 167.126.16.203 port 54022 ssh2
Sep 29 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: Received disconnect from 167.126.16.203 port 54022:11: Bye Bye [preauth]
Sep 29 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7677]: Disconnected from 167.126.16.203 port 54022 [preauth]
Sep 29 23:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: Failed password for root from 162.144.236.216 port 44358 ssh2
Sep 29 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7694]: Connection closed by 162.144.236.216 port 44358 [preauth]
Sep 29 23:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7764]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session closed for user root
Sep 29 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7760]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7849]: Successful su for rubyman by root
Sep 29 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7849]: + ??? root:rubyman
Sep 29 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317615 of user rubyman.
Sep 29 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7849]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317615.
Sep 29 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session closed for user root
Sep 29 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session closed for user root
Sep 29 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7733]: Connection closed by 200.44.190.194 port 47158 [preauth]
Sep 29 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: Failed password for root from 162.144.236.216 port 51962 ssh2
Sep 29 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7745]: Connection closed by 162.144.236.216 port 51962 [preauth]
Sep 29 23:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Failed password for root from 162.144.236.216 port 60124 ssh2
Sep 29 23:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8132]: Connection closed by 162.144.236.216 port 60124 [preauth]
Sep 29 23:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Failed password for root from 162.144.236.216 port 39502 ssh2
Sep 29 23:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Connection closed by 162.144.236.216 port 39502 [preauth]
Sep 29 23:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6548]: pam_unix(cron:session): session closed for user root
Sep 29 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Failed password for root from 162.144.236.216 port 47334 ssh2
Sep 29 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8203]: Connection closed by 162.144.236.216 port 47334 [preauth]
Sep 29 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Failed password for root from 162.144.236.216 port 55070 ssh2
Sep 29 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Connection closed by 162.144.236.216 port 55070 [preauth]
Sep 29 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Failed password for root from 162.144.236.216 port 59970 ssh2
Sep 29 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Connection closed by 162.144.236.216 port 59970 [preauth]
Sep 29 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Invalid user Administrator from 80.94.95.116
Sep 29 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: input_userauth_request: invalid user Administrator [preauth]
Sep 29 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Failed none for invalid user Administrator from 80.94.95.116 port 48500 ssh2
Sep 29 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Connection closed by 80.94.95.116 port 48500 [preauth]
Sep 29 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: Failed password for root from 162.144.236.216 port 37834 ssh2
Sep 29 23:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8294]: Connection closed by 162.144.236.216 port 37834 [preauth]
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8402]: Successful su for rubyman by root
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8402]: + ??? root:rubyman
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317619 of user rubyman.
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8402]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317619.
Sep 29 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5014]: pam_unix(cron:session): session closed for user root
Sep 29 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Failed password for root from 162.144.236.216 port 42232 ssh2
Sep 29 23:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Connection closed by 162.144.236.216 port 42232 [preauth]
Sep 29 23:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Connection closed by 200.44.190.194 port 36780 [preauth]
Sep 29 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session closed for user root
Sep 29 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.34.144.227
Sep 29 23:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Failed password for root from 162.144.236.216 port 53028 ssh2
Sep 29 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Connection closed by 162.144.236.216 port 53028 [preauth]
Sep 29 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for root from 162.144.236.216 port 33668 ssh2
Sep 29 23:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Connection closed by 162.144.236.216 port 33668 [preauth]
Sep 29 23:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: User bin from 93.152.230.176 not allowed because not listed in AllowUsers
Sep 29 23:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: input_userauth_request: invalid user bin [preauth]
Sep 29 23:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=bin
Sep 29 23:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Failed password for invalid user bin from 93.152.230.176 port 22721 ssh2
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Received disconnect from 93.152.230.176 port 22721:11: Client disconnecting normally [preauth]
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Disconnected from 93.152.230.176 port 22721 [preauth]
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8918]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: Successful su for rubyman by root
Sep 29 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: + ??? root:rubyman
Sep 29 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317622 of user rubyman.
Sep 29 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8989]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317622.
Sep 29 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user root
Sep 29 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Failed password for root from 162.144.236.216 port 39118 ssh2
Sep 29 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Connection closed by 162.144.236.216 port 39118 [preauth]
Sep 29 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: Failed password for root from 162.144.236.216 port 45736 ssh2
Sep 29 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: Connection closed by 162.144.236.216 port 45736 [preauth]
Sep 29 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for root from 162.144.236.216 port 50972 ssh2
Sep 29 23:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Connection closed by 162.144.236.216 port 50972 [preauth]
Sep 29 23:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Failed password for root from 162.144.236.216 port 57500 ssh2
Sep 29 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: Connection closed by 162.144.236.216 port 57500 [preauth]
Sep 29 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session closed for user root
Sep 29 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203  user=root
Sep 29 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: Failed password for root from 167.126.16.203 port 57858 ssh2
Sep 29 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9417]: Failed password for root from 162.144.236.216 port 36566 ssh2
Sep 29 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: Received disconnect from 167.126.16.203 port 57858:11: Bye Bye [preauth]
Sep 29 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9410]: Disconnected from 167.126.16.203 port 57858 [preauth]
Sep 29 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9417]: Connection closed by 162.144.236.216 port 36566 [preauth]
Sep 29 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Failed password for root from 162.144.236.216 port 43082 ssh2
Sep 29 23:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9440]: Connection closed by 162.144.236.216 port 43082 [preauth]
Sep 29 23:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Failed password for root from 162.144.236.216 port 51536 ssh2
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9485]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9483]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: Successful su for rubyman by root
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: + ??? root:rubyman
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317626 of user rubyman.
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317626.
Sep 29 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Connection closed by 162.144.236.216 port 51536 [preauth]
Sep 29 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session closed for user root
Sep 29 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9484]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Failed password for root from 162.144.236.216 port 58950 ssh2
Sep 29 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Connection closed by 162.144.236.216 port 58950 [preauth]
Sep 29 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Failed password for root from 162.144.236.216 port 36288 ssh2
Sep 29 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Connection closed by 162.144.236.216 port 36288 [preauth]
Sep 29 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: Failed password for root from 162.144.236.216 port 43262 ssh2
Sep 29 23:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: Connection closed by 162.144.236.216 port 43262 [preauth]
Sep 29 23:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Failed password for root from 162.144.236.216 port 49882 ssh2
Sep 29 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session closed for user root
Sep 29 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Connection closed by 162.144.236.216 port 49882 [preauth]
Sep 29 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Invalid user stas from 167.126.16.203
Sep 29 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: input_userauth_request: invalid user stas [preauth]
Sep 29 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: Failed password for root from 162.144.236.216 port 56732 ssh2
Sep 29 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Failed password for invalid user stas from 167.126.16.203 port 47334 ssh2
Sep 29 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Received disconnect from 167.126.16.203 port 47334:11: Bye Bye [preauth]
Sep 29 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Disconnected from 167.126.16.203 port 47334 [preauth]
Sep 29 23:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: Connection closed by 162.144.236.216 port 56732 [preauth]
Sep 29 23:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: Failed password for root from 162.144.236.216 port 35652 ssh2
Sep 29 23:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: Connection closed by 162.144.236.216 port 35652 [preauth]
Sep 29 23:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10061]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: Successful su for rubyman by root
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: + ??? root:rubyman
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317630 of user rubyman.
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10133]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317630.
Sep 29 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Failed password for root from 162.144.236.216 port 44474 ssh2
Sep 29 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Connection closed by 162.144.236.216 port 44474 [preauth]
Sep 29 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6547]: pam_unix(cron:session): session closed for user root
Sep 29 23:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10062]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Failed password for root from 162.144.236.216 port 52422 ssh2
Sep 29 23:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Connection closed by 162.144.236.216 port 52422 [preauth]
Sep 29 23:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Failed password for root from 162.144.236.216 port 60408 ssh2
Sep 29 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Connection closed by 162.144.236.216 port 60408 [preauth]
Sep 29 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Failed password for root from 162.144.236.216 port 37672 ssh2
Sep 29 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Connection closed by 162.144.236.216 port 37672 [preauth]
Sep 29 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session closed for user root
Sep 29 23:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: Failed password for root from 162.144.236.216 port 45820 ssh2
Sep 29 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10467]: Connection closed by 162.144.236.216 port 45820 [preauth]
Sep 29 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session closed for user root
Sep 29 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10536]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10612]: Successful su for rubyman by root
Sep 29 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10612]: + ??? root:rubyman
Sep 29 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317634 of user rubyman.
Sep 29 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10612]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317634.
Sep 29 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Failed password for root from 162.144.236.216 port 54552 ssh2
Sep 29 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session closed for user root
Sep 29 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session closed for user root
Sep 29 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10521]: Connection closed by 162.144.236.216 port 54552 [preauth]
Sep 29 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10537]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for root from 162.144.236.216 port 60870 ssh2
Sep 29 23:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Connection closed by 162.144.236.216 port 60870 [preauth]
Sep 29 23:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Failed password for root from 162.144.236.216 port 38410 ssh2
Sep 29 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Connection closed by 162.144.236.216 port 38410 [preauth]
Sep 29 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Failed password for root from 162.144.236.216 port 46262 ssh2
Sep 29 23:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Connection closed by 162.144.236.216 port 46262 [preauth]
Sep 29 23:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9486]: pam_unix(cron:session): session closed for user root
Sep 29 23:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Failed password for root from 162.144.236.216 port 52922 ssh2
Sep 29 23:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Connection closed by 162.144.236.216 port 52922 [preauth]
Sep 29 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Failed password for root from 162.144.236.216 port 58030 ssh2
Sep 29 23:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Connection closed by 162.144.236.216 port 58030 [preauth]
Sep 29 23:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Failed password for root from 162.144.236.216 port 36490 ssh2
Sep 29 23:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Connection closed by 162.144.236.216 port 36490 [preauth]
Sep 29 23:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Failed password for root from 162.144.236.216 port 41802 ssh2
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Connection closed by 162.144.236.216 port 41802 [preauth]
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11026]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11095]: Successful su for rubyman by root
Sep 29 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11095]: + ??? root:rubyman
Sep 29 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317641 of user rubyman.
Sep 29 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11095]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317641.
Sep 29 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7764]: pam_unix(cron:session): session closed for user root
Sep 29 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Failed password for root from 162.144.236.216 port 48364 ssh2
Sep 29 23:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Connection closed by 162.144.236.216 port 48364 [preauth]
Sep 29 23:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Failed password for root from 162.144.236.216 port 56804 ssh2
Sep 29 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Connection closed by 162.144.236.216 port 56804 [preauth]
Sep 29 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Failed password for root from 162.144.236.216 port 36852 ssh2
Sep 29 23:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11341]: Connection closed by 162.144.236.216 port 36852 [preauth]
Sep 29 23:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session closed for user root
Sep 29 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Failed password for root from 162.144.236.216 port 43504 ssh2
Sep 29 23:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Connection closed by 162.144.236.216 port 43504 [preauth]
Sep 29 23:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Invalid user examen from 167.126.16.203
Sep 29 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: input_userauth_request: invalid user examen [preauth]
Sep 29 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Failed password for invalid user examen from 167.126.16.203 port 43288 ssh2
Sep 29 23:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: Failed password for root from 162.144.236.216 port 51322 ssh2
Sep 29 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Received disconnect from 167.126.16.203 port 43288:11: Bye Bye [preauth]
Sep 29 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Disconnected from 167.126.16.203 port 43288 [preauth]
Sep 29 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: Connection closed by 162.144.236.216 port 51322 [preauth]
Sep 29 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Failed password for root from 162.144.236.216 port 57598 ssh2
Sep 29 23:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Connection closed by 162.144.236.216 port 57598 [preauth]
Sep 29 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11470]: pam_unix(cron:session): session closed for user root
Sep 29 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11472]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11539]: Successful su for rubyman by root
Sep 29 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11539]: + ??? root:rubyman
Sep 29 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317644 of user rubyman.
Sep 29 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11539]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317644.
Sep 29 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Failed password for root from 162.144.236.216 port 36450 ssh2
Sep 29 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Connection closed by 162.144.236.216 port 36450 [preauth]
Sep 29 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
Sep 29 23:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11474]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Failed password for root from 162.144.236.216 port 43440 ssh2
Sep 29 23:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Connection closed by 162.144.236.216 port 43440 [preauth]
Sep 29 23:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: Connection closed by 190.103.202.7 port 38296 [preauth]
Sep 29 23:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Sep 29 23:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Failed password for root from 162.144.236.216 port 50238 ssh2
Sep 29 23:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11855]: Connection closed by 162.144.236.216 port 50238 [preauth]
Sep 29 23:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for root from 190.103.202.7 port 38742 ssh2
Sep 29 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Connection closed by 190.103.202.7 port 38742 [preauth]
Sep 29 23:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 162.144.236.216 port 56948 ssh2
Sep 29 23:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Connection closed by 162.144.236.216 port 56948 [preauth]
Sep 29 23:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Invalid user user1 from 167.126.16.203
Sep 29 23:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: input_userauth_request: invalid user user1 [preauth]
Sep 29 23:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.126.16.203
Sep 29 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Failed password for invalid user user1 from 167.126.16.203 port 60252 ssh2
Sep 29 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Failed password for root from 162.144.236.216 port 34850 ssh2
Sep 29 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Received disconnect from 167.126.16.203 port 60252:11: Bye Bye [preauth]
Sep 29 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Disconnected from 167.126.16.203 port 60252 [preauth]
Sep 29 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session closed for user root
Sep 29 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11917]: Connection closed by 162.144.236.216 port 34850 [preauth]
Sep 29 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11953]: Failed password for root from 162.144.236.216 port 40582 ssh2
Sep 29 23:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11953]: Connection closed by 162.144.236.216 port 40582 [preauth]
Sep 29 23:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Failed password for root from 162.144.236.216 port 47770 ssh2
Sep 29 23:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Connection closed by 162.144.236.216 port 47770 [preauth]
Sep 29 23:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Failed password for root from 162.144.236.216 port 55336 ssh2
Sep 29 23:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Connection closed by 162.144.236.216 port 55336 [preauth]
Sep 29 23:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: Successful su for rubyman by root
Sep 29 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: + ??? root:rubyman
Sep 29 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317650 of user rubyman.
Sep 29 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317650.
Sep 29 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for root from 162.144.236.216 port 59154 ssh2
Sep 29 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session closed for user root
Sep 29 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Connection closed by 162.144.236.216 port 59154 [preauth]
Sep 29 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12271]: Failed password for root from 162.144.236.216 port 37076 ssh2
Sep 29 23:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12271]: Connection closed by 162.144.236.216 port 37076 [preauth]
Sep 29 23:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Failed password for root from 162.144.236.216 port 44978 ssh2
Sep 29 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Connection closed by 162.144.236.216 port 44978 [preauth]
Sep 29 23:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for root from 162.144.236.216 port 52128 ssh2
Sep 29 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Connection closed by 162.144.236.216 port 52128 [preauth]
Sep 29 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11026]: pam_unix(cron:session): session closed for user root
Sep 29 23:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Failed password for root from 162.144.236.216 port 57508 ssh2
Sep 29 23:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Connection closed by 162.144.236.216 port 57508 [preauth]
Sep 29 23:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Failed password for root from 162.144.236.216 port 36022 ssh2
Sep 29 23:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Connection closed by 162.144.236.216 port 36022 [preauth]
Sep 29 23:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12445]: Failed password for root from 162.144.236.216 port 44052 ssh2
Sep 29 23:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12445]: Connection closed by 162.144.236.216 port 44052 [preauth]
Sep 29 23:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: Successful su for rubyman by root
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: + ??? root:rubyman
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317653 of user rubyman.
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12534]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317653.
Sep 29 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for root from 162.144.236.216 port 49194 ssh2
Sep 29 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 162.144.236.216 port 49194 [preauth]
Sep 29 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9485]: pam_unix(cron:session): session closed for user root
Sep 29 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Failed password for root from 162.144.236.216 port 56080 ssh2
Sep 29 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Connection closed by 162.144.236.216 port 56080 [preauth]
Sep 29 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Invalid user admin from 80.94.95.115
Sep 29 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user admin [preauth]
Sep 29 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Failed password for root from 162.144.236.216 port 60632 ssh2
Sep 29 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 29 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Connection closed by 162.144.236.216 port 60632 [preauth]
Sep 29 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user admin from 80.94.95.115 port 18382 ssh2
Sep 29 23:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Connection closed by 80.94.95.115 port 18382 [preauth]
Sep 29 23:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: Failed password for root from 162.144.236.216 port 39564 ssh2
Sep 29 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11476]: pam_unix(cron:session): session closed for user root
Sep 29 23:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: Connection closed by 162.144.236.216 port 39564 [preauth]
Sep 29 23:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: Failed password for root from 162.144.236.216 port 46640 ssh2
Sep 29 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Invalid user dhis from 93.152.230.176
Sep 29 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: input_userauth_request: invalid user dhis [preauth]
Sep 29 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: Connection closed by 162.144.236.216 port 46640 [preauth]
Sep 29 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Failed password for invalid user dhis from 93.152.230.176 port 25857 ssh2
Sep 29 23:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Received disconnect from 93.152.230.176 port 25857:11: Client disconnecting normally [preauth]
Sep 29 23:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Disconnected from 93.152.230.176 port 25857 [preauth]
Sep 29 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user root
Sep 29 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: Successful su for rubyman by root
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: + ??? root:rubyman
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317658 of user rubyman.
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317658.
Sep 29 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Failed password for root from 162.144.236.216 port 54108 ssh2
Sep 29 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Connection closed by 162.144.236.216 port 54108 [preauth]
Sep 29 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user root
Sep 29 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10063]: pam_unix(cron:session): session closed for user root
Sep 29 23:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Failed password for root from 162.144.236.216 port 60938 ssh2
Sep 29 23:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13109]: Connection closed by 162.144.236.216 port 60938 [preauth]
Sep 29 23:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: Failed password for root from 162.144.236.216 port 41158 ssh2
Sep 29 23:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: Connection closed by 162.144.236.216 port 41158 [preauth]
Sep 29 23:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13295]: Failed password for root from 162.144.236.216 port 48408 ssh2
Sep 29 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13295]: Connection closed by 162.144.236.216 port 48408 [preauth]
Sep 29 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user root
Sep 29 23:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Failed password for root from 162.144.236.216 port 55866 ssh2
Sep 29 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Connection closed by 162.144.236.216 port 55866 [preauth]
Sep 29 23:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Failed password for root from 162.144.236.216 port 34156 ssh2
Sep 29 23:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Connection closed by 162.144.236.216 port 34156 [preauth]
Sep 29 23:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Failed password for root from 162.144.236.216 port 42636 ssh2
Sep 29 23:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Connection closed by 162.144.236.216 port 42636 [preauth]
Sep 29 23:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13436]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13435]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: Successful su for rubyman by root
Sep 29 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: + ??? root:rubyman
Sep 29 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317663 of user rubyman.
Sep 29 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13500]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317663.
Sep 29 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session closed for user root
Sep 29 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: Failed password for root from 162.144.236.216 port 48574 ssh2
Sep 29 23:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13429]: Connection closed by 162.144.236.216 port 48574 [preauth]
Sep 29 23:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: Failed password for root from 162.144.236.216 port 56328 ssh2
Sep 29 23:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: Connection closed by 162.144.236.216 port 56328 [preauth]
Sep 29 23:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Failed password for root from 162.144.236.216 port 35730 ssh2
Sep 29 23:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Connection closed by 162.144.236.216 port 35730 [preauth]
Sep 29 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session closed for user root
Sep 29 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13766]: Failed password for root from 162.144.236.216 port 43664 ssh2
Sep 29 23:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13766]: Connection closed by 162.144.236.216 port 43664 [preauth]
Sep 29 23:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for root from 162.144.236.216 port 52162 ssh2
Sep 29 23:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Connection closed by 162.144.236.216 port 52162 [preauth]
Sep 29 23:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Failed password for root from 162.144.236.216 port 58914 ssh2
Sep 29 23:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Connection closed by 162.144.236.216 port 58914 [preauth]
Sep 29 23:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13880]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13877]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: Successful su for rubyman by root
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: + ??? root:rubyman
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317668 of user rubyman.
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13940]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317668.
Sep 29 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session closed for user root
Sep 29 23:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: Failed password for root from 162.144.236.216 port 38220 ssh2
Sep 29 23:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13878]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: Connection closed by 162.144.236.216 port 38220 [preauth]
Sep 29 23:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Failed password for root from 162.144.236.216 port 45632 ssh2
Sep 29 23:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Connection closed by 162.144.236.216 port 45632 [preauth]
Sep 29 23:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Failed password for root from 162.144.236.216 port 52674 ssh2
Sep 29 23:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Connection closed by 162.144.236.216 port 52674 [preauth]
Sep 29 23:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for root from 162.144.236.216 port 58324 ssh2
Sep 29 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Connection closed by 162.144.236.216 port 58324 [preauth]
Sep 29 23:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user root
Sep 29 23:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Failed password for root from 162.144.236.216 port 40138 ssh2
Sep 29 23:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Connection closed by 162.144.236.216 port 40138 [preauth]
Sep 29 23:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Failed password for root from 162.144.236.216 port 45912 ssh2
Sep 29 23:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Connection closed by 162.144.236.216 port 45912 [preauth]
Sep 29 23:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: Failed password for root from 162.144.236.216 port 51390 ssh2
Sep 29 23:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: Connection closed by 162.144.236.216 port 51390 [preauth]
Sep 29 23:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14392]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14450]: Successful su for rubyman by root
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14450]: + ??? root:rubyman
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317671 of user rubyman.
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14450]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317671.
Sep 29 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Failed password for root from 162.144.236.216 port 57430 ssh2
Sep 29 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Connection closed by 162.144.236.216 port 57430 [preauth]
Sep 29 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session closed for user root
Sep 29 23:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Failed password for root from 162.144.236.216 port 34168 ssh2
Sep 29 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14593]: Connection closed by 162.144.236.216 port 34168 [preauth]
Sep 29 23:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: Failed password for root from 162.144.236.216 port 41874 ssh2
Sep 29 23:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: Connection closed by 162.144.236.216 port 41874 [preauth]
Sep 29 23:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for root from 162.144.236.216 port 48516 ssh2
Sep 29 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Connection closed by 162.144.236.216 port 48516 [preauth]
Sep 29 23:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13436]: pam_unix(cron:session): session closed for user root
Sep 29 23:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: Failed password for root from 162.144.236.216 port 55638 ssh2
Sep 29 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14723]: Connection closed by 162.144.236.216 port 55638 [preauth]
Sep 29 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14818]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14816]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: Failed password for root from 162.144.236.216 port 33628 ssh2
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14884]: Successful su for rubyman by root
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14884]: + ??? root:rubyman
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317675 of user rubyman.
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14884]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317675.
Sep 29 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: Connection closed by 162.144.236.216 port 33628 [preauth]
Sep 29 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user root
Sep 29 23:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14817]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: Invalid user ipadmin from 164.68.105.9
Sep 29 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: input_userauth_request: invalid user ipadmin [preauth]
Sep 29 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 29 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: Failed password for invalid user ipadmin from 164.68.105.9 port 34352 ssh2
Sep 29 23:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15078]: Connection closed by 164.68.105.9 port 34352 [preauth]
Sep 29 23:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Failed password for root from 162.144.236.216 port 42420 ssh2
Sep 29 23:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Connection closed by 162.144.236.216 port 42420 [preauth]
Sep 29 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: Failed password for root from 162.144.236.216 port 48408 ssh2
Sep 29 23:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15092]: Connection closed by 162.144.236.216 port 48408 [preauth]
Sep 29 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Failed password for root from 162.144.236.216 port 55084 ssh2
Sep 29 23:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Connection closed by 162.144.236.216 port 55084 [preauth]
Sep 29 23:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13880]: pam_unix(cron:session): session closed for user root
Sep 29 23:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Failed password for root from 162.144.236.216 port 34538 ssh2
Sep 29 23:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Connection closed by 162.144.236.216 port 34538 [preauth]
Sep 29 23:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: Failed password for root from 162.144.236.216 port 42406 ssh2
Sep 29 23:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: Connection closed by 162.144.236.216 port 42406 [preauth]
Sep 29 23:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15246]: pam_unix(cron:session): session closed for user root
Sep 29 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: Successful su for rubyman by root
Sep 29 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: + ??? root:rubyman
Sep 29 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317681 of user rubyman.
Sep 29 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317681.
Sep 29 23:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user root
Sep 29 23:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session closed for user root
Sep 29 23:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: Failed password for root from 162.144.236.216 port 46486 ssh2
Sep 29 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: Connection closed by 162.144.236.216 port 46486 [preauth]
Sep 29 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: Failed password for root from 162.144.236.216 port 53686 ssh2
Sep 29 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15519]: Connection closed by 162.144.236.216 port 53686 [preauth]
Sep 29 23:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Failed password for root from 162.144.236.216 port 33274 ssh2
Sep 29 23:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Connection closed by 162.144.236.216 port 33274 [preauth]
Sep 29 23:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session closed for user root
Sep 29 23:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15604]: Failed password for root from 162.144.236.216 port 38998 ssh2
Sep 29 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15604]: Connection closed by 162.144.236.216 port 38998 [preauth]
Sep 29 23:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: Failed password for root from 162.144.236.216 port 47046 ssh2
Sep 29 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: Connection closed by 162.144.236.216 port 47046 [preauth]
Sep 29 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Failed password for root from 162.144.236.216 port 53054 ssh2
Sep 29 23:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Connection closed by 162.144.236.216 port 53054 [preauth]
Sep 29 23:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: Failed password for root from 162.144.236.216 port 58084 ssh2
Sep 29 23:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: Connection closed by 162.144.236.216 port 58084 [preauth]
Sep 29 23:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: Successful su for rubyman by root
Sep 29 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: + ??? root:rubyman
Sep 29 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317686 of user rubyman.
Sep 29 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15782]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317686.
Sep 29 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session closed for user root
Sep 29 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for root from 162.144.236.216 port 35386 ssh2
Sep 29 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Connection closed by 162.144.236.216 port 35386 [preauth]
Sep 29 23:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Failed password for root from 162.144.236.216 port 43762 ssh2
Sep 29 23:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Connection closed by 162.144.236.216 port 43762 [preauth]
Sep 29 23:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Failed password for root from 162.144.236.216 port 50000 ssh2
Sep 29 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16013]: Connection closed by 162.144.236.216 port 50000 [preauth]
Sep 29 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session closed for user root
Sep 29 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16037]: Failed password for root from 162.144.236.216 port 56642 ssh2
Sep 29 23:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16037]: Connection closed by 162.144.236.216 port 56642 [preauth]
Sep 29 23:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for root from 162.144.236.216 port 36040 ssh2
Sep 29 23:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Connection closed by 162.144.236.216 port 36040 [preauth]
Sep 29 23:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for root from 162.144.236.216 port 42812 ssh2
Sep 29 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Connection closed by 162.144.236.216 port 42812 [preauth]
Sep 29 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16144]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16214]: Successful su for rubyman by root
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16214]: + ??? root:rubyman
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317689 of user rubyman.
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16214]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317689.
Sep 29 23:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Failed password for root from 162.144.236.216 port 50854 ssh2
Sep 29 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Connection closed by 162.144.236.216 port 50854 [preauth]
Sep 29 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13435]: pam_unix(cron:session): session closed for user root
Sep 29 23:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16145]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Failed password for root from 162.144.236.216 port 58448 ssh2
Sep 29 23:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16354]: Connection closed by 162.144.236.216 port 58448 [preauth]
Sep 29 23:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Failed password for root from 162.144.236.216 port 37628 ssh2
Sep 29 23:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Connection closed by 162.144.236.216 port 37628 [preauth]
Sep 29 23:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Failed password for root from 162.144.236.216 port 45378 ssh2
Sep 29 23:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: Connection closed by 162.144.236.216 port 45378 [preauth]
Sep 29 23:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Invalid user miguel from 93.152.230.176
Sep 29 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: input_userauth_request: invalid user miguel [preauth]
Sep 29 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Failed password for invalid user miguel from 93.152.230.176 port 36427 ssh2
Sep 29 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Received disconnect from 93.152.230.176 port 36427:11: Client disconnecting normally [preauth]
Sep 29 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Disconnected from 93.152.230.176 port 36427 [preauth]
Sep 29 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Failed password for root from 162.144.236.216 port 51928 ssh2
Sep 29 23:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16495]: Connection closed by 162.144.236.216 port 51928 [preauth]
Sep 29 23:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session closed for user root
Sep 29 23:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Failed password for root from 162.144.236.216 port 60412 ssh2
Sep 29 23:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Connection closed by 162.144.236.216 port 60412 [preauth]
Sep 29 23:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Failed password for root from 162.144.236.216 port 38252 ssh2
Sep 29 23:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Connection closed by 162.144.236.216 port 38252 [preauth]
Sep 29 23:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16612]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16608]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: Successful su for rubyman by root
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: + ??? root:rubyman
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317694 of user rubyman.
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317694.
Sep 29 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Failed password for root from 162.144.236.216 port 45050 ssh2
Sep 29 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Connection closed by 162.144.236.216 port 45050 [preauth]
Sep 29 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13879]: pam_unix(cron:session): session closed for user root
Sep 29 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16609]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for root from 162.144.236.216 port 50868 ssh2
Sep 29 23:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 162.144.236.216 port 50868 [preauth]
Sep 29 23:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: Failed password for root from 162.144.236.216 port 57688 ssh2
Sep 29 23:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16891]: Connection closed by 162.144.236.216 port 57688 [preauth]
Sep 29 23:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Failed password for root from 162.144.236.216 port 35510 ssh2
Sep 29 23:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16917]: Connection closed by 162.144.236.216 port 35510 [preauth]
Sep 29 23:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15714]: pam_unix(cron:session): session closed for user root
Sep 29 23:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: Failed password for root from 162.144.236.216 port 42672 ssh2
Sep 29 23:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16948]: Connection closed by 162.144.236.216 port 42672 [preauth]
Sep 29 23:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Invalid user admin from 185.156.73.233
Sep 29 23:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: input_userauth_request: invalid user admin [preauth]
Sep 29 23:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 23:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Failed password for invalid user admin from 185.156.73.233 port 62274 ssh2
Sep 29 23:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Connection closed by 185.156.73.233 port 62274 [preauth]
Sep 29 23:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16983]: Failed password for root from 162.144.236.216 port 48732 ssh2
Sep 29 23:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16983]: Connection closed by 162.144.236.216 port 48732 [preauth]
Sep 29 23:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Failed password for root from 162.144.236.216 port 55978 ssh2
Sep 29 23:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Connection closed by 162.144.236.216 port 55978 [preauth]
Sep 29 23:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: Failed password for root from 162.144.236.216 port 33938 ssh2
Sep 29 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17047]: Connection closed by 162.144.236.216 port 33938 [preauth]
Sep 29 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: Successful su for rubyman by root
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: + ??? root:rubyman
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317699 of user rubyman.
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317699.
Sep 29 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session closed for user root
Sep 29 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Failed password for root from 162.144.236.216 port 40490 ssh2
Sep 29 23:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Connection closed by 162.144.236.216 port 40490 [preauth]
Sep 29 23:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Failed password for root from 162.144.236.216 port 47392 ssh2
Sep 29 23:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Connection closed by 162.144.236.216 port 47392 [preauth]
Sep 29 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Failed password for root from 162.144.236.216 port 53456 ssh2
Sep 29 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Connection closed by 162.144.236.216 port 53456 [preauth]
Sep 29 23:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Failed password for root from 162.144.236.216 port 59618 ssh2
Sep 29 23:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Connection closed by 162.144.236.216 port 59618 [preauth]
Sep 29 23:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session closed for user root
Sep 29 23:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Failed password for root from 162.144.236.216 port 37506 ssh2
Sep 29 23:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Connection closed by 162.144.236.216 port 37506 [preauth]
Sep 29 23:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Failed password for root from 162.144.236.216 port 44786 ssh2
Sep 29 23:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Connection closed by 162.144.236.216 port 44786 [preauth]
Sep 29 23:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 162.144.236.216 port 52424 ssh2
Sep 29 23:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 162.144.236.216 port 52424 [preauth]
Sep 29 23:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session closed for user root
Sep 29 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17520]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: Successful su for rubyman by root
Sep 29 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: + ??? root:rubyman
Sep 29 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317704 of user rubyman.
Sep 29 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17601]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317704.
Sep 29 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session closed for user root
Sep 29 23:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14818]: pam_unix(cron:session): session closed for user root
Sep 29 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Failed password for root from 162.144.236.216 port 60158 ssh2
Sep 29 23:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17521]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Connection closed by 162.144.236.216 port 60158 [preauth]
Sep 29 23:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Failed password for root from 162.144.236.216 port 39776 ssh2
Sep 29 23:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Connection closed by 162.144.236.216 port 39776 [preauth]
Sep 29 23:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17963]: Failed password for root from 162.144.236.216 port 45810 ssh2
Sep 29 23:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17963]: Connection closed by 162.144.236.216 port 45810 [preauth]
Sep 29 23:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16612]: pam_unix(cron:session): session closed for user root
Sep 29 23:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for root from 162.144.236.216 port 55724 ssh2
Sep 29 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Connection closed by 162.144.236.216 port 55724 [preauth]
Sep 29 23:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Failed password for root from 162.144.236.216 port 60854 ssh2
Sep 29 23:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Connection closed by 162.144.236.216 port 60854 [preauth]
Sep 29 23:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: Failed password for root from 162.144.236.216 port 37778 ssh2
Sep 29 23:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18079]: Connection closed by 162.144.236.216 port 37778 [preauth]
Sep 29 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: Successful su for rubyman by root
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: + ??? root:rubyman
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317707 of user rubyman.
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317707.
Sep 29 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18474]: Invalid user admin from 139.19.117.131
Sep 29 23:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18474]: input_userauth_request: invalid user admin [preauth]
Sep 29 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18111]: Failed password for root from 162.144.236.216 port 42460 ssh2
Sep 29 23:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18111]: Connection closed by 162.144.236.216 port 42460 [preauth]
Sep 29 23:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session closed for user root
Sep 29 23:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18474]: Connection closed by 139.19.117.131 port 53146 [preauth]
Sep 29 23:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Failed password for root from 162.144.236.216 port 48384 ssh2
Sep 29 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18639]: Connection closed by 162.144.236.216 port 48384 [preauth]
Sep 29 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Invalid user thayne from 80.94.95.112
Sep 29 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: input_userauth_request: invalid user thayne [preauth]
Sep 29 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 23:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for invalid user thayne from 80.94.95.112 port 63664 ssh2
Sep 29 23:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for invalid user thayne from 80.94.95.112 port 63664 ssh2
Sep 29 23:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for invalid user thayne from 80.94.95.112 port 63664 ssh2
Sep 29 23:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for invalid user thayne from 80.94.95.112 port 63664 ssh2
Sep 29 23:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Failed password for root from 162.144.236.216 port 53264 ssh2
Sep 29 23:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Connection closed by 162.144.236.216 port 53264 [preauth]
Sep 29 23:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Failed password for invalid user thayne from 80.94.95.112 port 63664 ssh2
Sep 29 23:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Received disconnect from 80.94.95.112 port 63664:11: Bye [preauth]
Sep 29 23:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: Disconnected from 80.94.95.112 port 63664 [preauth]
Sep 29 23:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 23:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18691]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session closed for user root
Sep 29 23:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18732]: Failed password for root from 162.144.236.216 port 60924 ssh2
Sep 29 23:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18732]: Connection closed by 162.144.236.216 port 60924 [preauth]
Sep 29 23:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Failed password for root from 162.144.236.216 port 39760 ssh2
Sep 29 23:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18770]: Connection closed by 162.144.236.216 port 39760 [preauth]
Sep 29 23:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: Failed password for root from 162.144.236.216 port 46720 ssh2
Sep 29 23:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: Connection closed by 162.144.236.216 port 46720 [preauth]
Sep 29 23:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Failed password for root from 162.144.236.216 port 53348 ssh2
Sep 29 23:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Connection closed by 162.144.236.216 port 53348 [preauth]
Sep 29 23:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: Successful su for rubyman by root
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: + ??? root:rubyman
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317711 of user rubyman.
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317711.
Sep 29 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session closed for user root
Sep 29 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Failed password for root from 162.144.236.216 port 59304 ssh2
Sep 29 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Connection closed by 162.144.236.216 port 59304 [preauth]
Sep 29 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Failed password for root from 162.144.236.216 port 37976 ssh2
Sep 29 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Connection closed by 162.144.236.216 port 37976 [preauth]
Sep 29 23:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Failed password for root from 162.144.236.216 port 44008 ssh2
Sep 29 23:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Connection closed by 162.144.236.216 port 44008 [preauth]
Sep 29 23:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Failed password for root from 162.144.236.216 port 50382 ssh2
Sep 29 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Connection closed by 162.144.236.216 port 50382 [preauth]
Sep 29 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session closed for user root
Sep 29 23:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: Failed password for root from 162.144.236.216 port 57454 ssh2
Sep 29 23:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: Connection closed by 162.144.236.216 port 57454 [preauth]
Sep 29 23:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for root from 162.144.236.216 port 34976 ssh2
Sep 29 23:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Connection closed by 162.144.236.216 port 34976 [preauth]
Sep 29 23:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19343]: Failed password for root from 162.144.236.216 port 40372 ssh2
Sep 29 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19343]: Connection closed by 162.144.236.216 port 40372 [preauth]
Sep 29 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: Failed password for root from 162.144.236.216 port 46540 ssh2
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19378]: Connection closed by 162.144.236.216 port 46540 [preauth]
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19609]: Successful su for rubyman by root
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19609]: + ??? root:rubyman
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317715 of user rubyman.
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19609]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317715.
Sep 29 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session closed for user root
Sep 29 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: Failed password for root from 162.144.236.216 port 53100 ssh2
Sep 29 23:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19591]: Connection closed by 162.144.236.216 port 53100 [preauth]
Sep 29 23:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: Failed password for root from 162.144.236.216 port 60708 ssh2
Sep 29 23:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: Connection closed by 162.144.236.216 port 60708 [preauth]
Sep 29 23:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Failed password for root from 162.144.236.216 port 40022 ssh2
Sep 29 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20018]: Connection closed by 162.144.236.216 port 40022 [preauth]
Sep 29 23:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session closed for user root
Sep 29 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Failed password for root from 162.144.236.216 port 45952 ssh2
Sep 29 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Connection closed by 162.144.236.216 port 45952 [preauth]
Sep 29 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Failed password for root from 162.144.236.216 port 52908 ssh2
Sep 29 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Connection closed by 162.144.236.216 port 52908 [preauth]
Sep 29 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for root from 162.144.236.216 port 58566 ssh2
Sep 29 23:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 162.144.236.216 port 58566 [preauth]
Sep 29 23:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Invalid user default from 62.60.131.157
Sep 29 23:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: input_userauth_request: invalid user default [preauth]
Sep 29 23:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 23:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for invalid user default from 62.60.131.157 port 61329 ssh2
Sep 29 23:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Failed password for root from 162.144.236.216 port 38568 ssh2
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Connection closed by 162.144.236.216 port 38568 [preauth]
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for invalid user default from 62.60.131.157 port 61329 ssh2
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20167]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: Successful su for rubyman by root
Sep 29 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: + ??? root:rubyman
Sep 29 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317720 of user rubyman.
Sep 29 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317720.
Sep 29 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for invalid user default from 62.60.131.157 port 61329 ssh2
Sep 29 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16610]: pam_unix(cron:session): session closed for user root
Sep 29 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for invalid user default from 62.60.131.157 port 61329 ssh2
Sep 29 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for invalid user default from 62.60.131.157 port 61329 ssh2
Sep 29 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Received disconnect from 62.60.131.157 port 61329:11: Bye [preauth]
Sep 29 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Disconnected from 62.60.131.157 port 61329 [preauth]
Sep 29 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: Failed password for root from 162.144.236.216 port 44466 ssh2
Sep 29 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20164]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: Connection closed by 162.144.236.216 port 44466 [preauth]
Sep 29 23:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: Failed password for root from 162.144.236.216 port 50720 ssh2
Sep 29 23:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20471]: Connection closed by 162.144.236.216 port 50720 [preauth]
Sep 29 23:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Failed password for root from 162.144.236.216 port 55496 ssh2
Sep 29 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Connection closed by 162.144.236.216 port 55496 [preauth]
Sep 29 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Failed password for root from 162.144.236.216 port 33074 ssh2
Sep 29 23:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Connection closed by 162.144.236.216 port 33074 [preauth]
Sep 29 23:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session closed for user root
Sep 29 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Failed password for root from 162.144.236.216 port 38526 ssh2
Sep 29 23:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Connection closed by 162.144.236.216 port 38526 [preauth]
Sep 29 23:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Failed password for root from 162.144.236.216 port 42826 ssh2
Sep 29 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20578]: Connection closed by 162.144.236.216 port 42826 [preauth]
Sep 29 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Failed password for root from 162.144.236.216 port 48892 ssh2
Sep 29 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Connection closed by 162.144.236.216 port 48892 [preauth]
Sep 29 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Failed password for root from 162.144.236.216 port 54564 ssh2
Sep 29 23:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Connection closed by 162.144.236.216 port 54564 [preauth]
Sep 29 23:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session closed for user root
Sep 29 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20737]: Successful su for rubyman by root
Sep 29 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20737]: + ??? root:rubyman
Sep 29 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317723 of user rubyman.
Sep 29 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20737]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317723.
Sep 29 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Failed password for root from 162.144.236.216 port 59880 ssh2
Sep 29 23:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Connection closed by 162.144.236.216 port 59880 [preauth]
Sep 29 23:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session closed for user root
Sep 29 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20654]: pam_unix(cron:session): session closed for user root
Sep 29 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Invalid user ftpuser from 93.152.230.176
Sep 29 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: input_userauth_request: invalid user ftpuser [preauth]
Sep 29 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Failed password for invalid user ftpuser from 93.152.230.176 port 55529 ssh2
Sep 29 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Received disconnect from 93.152.230.176 port 55529:11: Client disconnecting normally [preauth]
Sep 29 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Disconnected from 93.152.230.176 port 55529 [preauth]
Sep 29 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Failed password for root from 162.144.236.216 port 38654 ssh2
Sep 29 23:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Connection closed by 162.144.236.216 port 38654 [preauth]
Sep 29 23:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Failed password for root from 162.144.236.216 port 45424 ssh2
Sep 29 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Connection closed by 162.144.236.216 port 45424 [preauth]
Sep 29 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user root
Sep 29 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Failed password for root from 162.144.236.216 port 51290 ssh2
Sep 29 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Connection closed by 162.144.236.216 port 51290 [preauth]
Sep 29 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Failed password for root from 162.144.236.216 port 56640 ssh2
Sep 29 23:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21095]: Connection closed by 162.144.236.216 port 56640 [preauth]
Sep 29 23:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: Failed password for root from 162.144.236.216 port 35444 ssh2
Sep 29 23:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21129]: Connection closed by 162.144.236.216 port 35444 [preauth]
Sep 29 23:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: Successful su for rubyman by root
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: + ??? root:rubyman
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317730 of user rubyman.
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317730.
Sep 29 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Failed password for root from 162.144.236.216 port 40054 ssh2
Sep 29 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session closed for user root
Sep 29 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21149]: Connection closed by 162.144.236.216 port 40054 [preauth]
Sep 29 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Failed password for root from 162.144.236.216 port 46020 ssh2
Sep 29 23:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Connection closed by 162.144.236.216 port 46020 [preauth]
Sep 29 23:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: Failed password for root from 162.144.236.216 port 53436 ssh2
Sep 29 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 23:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius3@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 29 23:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: Connection closed by 162.144.236.216 port 53436 [preauth]
Sep 29 23:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 29 23:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius3 rhost=::ffff:45.142.193.185
Sep 29 23:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21488]: Failed password for root from 162.144.236.216 port 60098 ssh2
Sep 29 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21488]: Connection closed by 162.144.236.216 port 60098 [preauth]
Sep 29 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20167]: pam_unix(cron:session): session closed for user root
Sep 29 23:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Failed password for root from 162.144.236.216 port 37690 ssh2
Sep 29 23:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Connection closed by 162.144.236.216 port 37690 [preauth]
Sep 29 23:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Failed password for root from 162.144.236.216 port 45658 ssh2
Sep 29 23:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Connection closed by 162.144.236.216 port 45658 [preauth]
Sep 29 23:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Failed password for root from 162.144.236.216 port 53922 ssh2
Sep 29 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Connection closed by 162.144.236.216 port 53922 [preauth]
Sep 29 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: Successful su for rubyman by root
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: + ??? root:rubyman
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317733 of user rubyman.
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317733.
Sep 29 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user root
Sep 29 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: Failed password for root from 162.144.236.216 port 60426 ssh2
Sep 29 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21610]: Connection closed by 162.144.236.216 port 60426 [preauth]
Sep 29 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: Failed password for root from 162.144.236.216 port 38200 ssh2
Sep 29 23:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: Connection closed by 162.144.236.216 port 38200 [preauth]
Sep 29 23:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Failed password for root from 162.144.236.216 port 44834 ssh2
Sep 29 23:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Connection closed by 162.144.236.216 port 44834 [preauth]
Sep 29 23:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21935]: Failed password for root from 162.144.236.216 port 50562 ssh2
Sep 29 23:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21935]: Connection closed by 162.144.236.216 port 50562 [preauth]
Sep 29 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session closed for user root
Sep 29 23:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: Failed password for root from 162.144.236.216 port 57288 ssh2
Sep 29 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21962]: Connection closed by 162.144.236.216 port 57288 [preauth]
Sep 29 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: Failed password for root from 162.144.236.216 port 34926 ssh2
Sep 29 23:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22006]: Connection closed by 162.144.236.216 port 34926 [preauth]
Sep 29 23:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Failed password for root from 162.144.236.216 port 43098 ssh2
Sep 29 23:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Connection closed by 162.144.236.216 port 43098 [preauth]
Sep 29 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: Successful su for rubyman by root
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: + ??? root:rubyman
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317739 of user rubyman.
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22142]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317739.
Sep 29 23:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session closed for user root
Sep 29 23:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: Failed password for root from 162.144.236.216 port 51428 ssh2
Sep 29 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22058]: Connection closed by 162.144.236.216 port 51428 [preauth]
Sep 29 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22070]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Failed password for root from 162.144.236.216 port 57538 ssh2
Sep 29 23:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Connection closed by 162.144.236.216 port 57538 [preauth]
Sep 29 23:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Failed password for root from 162.144.236.216 port 36050 ssh2
Sep 29 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Connection closed by 162.144.236.216 port 36050 [preauth]
Sep 29 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for root from 162.144.236.216 port 41120 ssh2
Sep 29 23:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Connection closed by 162.144.236.216 port 41120 [preauth]
Sep 29 23:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22419]: Failed password for root from 162.144.236.216 port 46040 ssh2
Sep 29 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session closed for user root
Sep 29 23:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22419]: Connection closed by 162.144.236.216 port 46040 [preauth]
Sep 29 23:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Failed password for root from 162.144.236.216 port 52566 ssh2
Sep 29 23:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Connection closed by 162.144.236.216 port 52566 [preauth]
Sep 29 23:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Invalid user admin from 80.94.95.116
Sep 29 23:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: input_userauth_request: invalid user admin [preauth]
Sep 29 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 23:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Failed password for invalid user admin from 80.94.95.116 port 57514 ssh2
Sep 29 23:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Connection closed by 80.94.95.116 port 57514 [preauth]
Sep 29 23:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: Failed password for root from 162.144.236.216 port 58692 ssh2
Sep 29 23:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22475]: Connection closed by 162.144.236.216 port 58692 [preauth]
Sep 29 23:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for root from 162.144.236.216 port 37526 ssh2
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22534]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22710]: Successful su for rubyman by root
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22710]: + ??? root:rubyman
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317743 of user rubyman.
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22710]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317743.
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Connection closed by 162.144.236.216 port 37526 [preauth]
Sep 29 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session closed for user root
Sep 29 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user root
Sep 29 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Failed password for root from 162.144.236.216 port 46558 ssh2
Sep 29 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22533]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Connection closed by 162.144.236.216 port 46558 [preauth]
Sep 29 23:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Invalid user user from 80.94.95.112
Sep 29 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: input_userauth_request: invalid user user [preauth]
Sep 29 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for root from 162.144.236.216 port 51942 ssh2
Sep 29 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Connection closed by 162.144.236.216 port 51942 [preauth]
Sep 29 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user user from 80.94.95.112 port 63318 ssh2
Sep 29 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user user from 80.94.95.112 port 63318 ssh2
Sep 29 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user user from 80.94.95.112 port 63318 ssh2
Sep 29 23:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: Failed password for root from 162.144.236.216 port 57522 ssh2
Sep 29 23:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23208]: Connection closed by 162.144.236.216 port 57522 [preauth]
Sep 29 23:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user user from 80.94.95.112 port 63318 ssh2
Sep 29 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user user from 80.94.95.112 port 63318 ssh2
Sep 29 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Received disconnect from 80.94.95.112 port 63318:11: Bye [preauth]
Sep 29 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Disconnected from 80.94.95.112 port 63318 [preauth]
Sep 29 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 29 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 23:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: Failed password for root from 162.144.236.216 port 35620 ssh2
Sep 29 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user root
Sep 29 23:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23228]: Connection closed by 162.144.236.216 port 35620 [preauth]
Sep 29 23:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Failed password for root from 162.144.236.216 port 44048 ssh2
Sep 29 23:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Connection closed by 162.144.236.216 port 44048 [preauth]
Sep 29 23:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Failed password for root from 162.144.236.216 port 50610 ssh2
Sep 29 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23306]: Connection closed by 162.144.236.216 port 50610 [preauth]
Sep 29 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: Failed password for root from 162.144.236.216 port 58432 ssh2
Sep 29 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: Connection closed by 162.144.236.216 port 58432 [preauth]
Sep 29 23:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23378]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23379]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23381]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23376]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23381]: pam_unix(cron:session): session closed for user root
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23374]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23456]: Successful su for rubyman by root
Sep 29 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23456]: + ??? root:rubyman
Sep 29 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317750 of user rubyman.
Sep 29 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23456]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317750.
Sep 29 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23361]: Failed password for root from 162.144.236.216 port 34386 ssh2
Sep 29 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23361]: Connection closed by 162.144.236.216 port 34386 [preauth]
Sep 29 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23376]: pam_unix(cron:session): session closed for user root
Sep 29 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session closed for user root
Sep 29 23:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23375]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Failed password for root from 162.144.236.216 port 40318 ssh2
Sep 29 23:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23783]: Connection closed by 162.144.236.216 port 40318 [preauth]
Sep 29 23:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Failed password for root from 162.144.236.216 port 46584 ssh2
Sep 29 23:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Connection closed by 162.144.236.216 port 46584 [preauth]
Sep 29 23:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: Failed password for root from 162.144.236.216 port 52548 ssh2
Sep 29 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23935]: Connection closed by 162.144.236.216 port 52548 [preauth]
Sep 29 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: Failed password for root from 162.144.236.216 port 59260 ssh2
Sep 29 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22073]: pam_unix(cron:session): session closed for user root
Sep 29 23:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: Connection closed by 162.144.236.216 port 59260 [preauth]
Sep 29 23:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for root from 162.144.236.216 port 38164 ssh2
Sep 29 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 162.144.236.216 port 38164 [preauth]
Sep 29 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Failed password for root from 162.144.236.216 port 46060 ssh2
Sep 29 23:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Connection closed by 162.144.236.216 port 46060 [preauth]
Sep 29 23:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Failed password for root from 162.144.236.216 port 52046 ssh2
Sep 29 23:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Connection closed by 162.144.236.216 port 52046 [preauth]
Sep 29 23:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24105]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24106]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: Successful su for rubyman by root
Sep 29 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: + ??? root:rubyman
Sep 29 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317754 of user rubyman.
Sep 29 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24193]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317754.
Sep 29 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session closed for user root
Sep 29 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24104]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Failed password for root from 162.144.236.216 port 57848 ssh2
Sep 29 23:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24095]: Connection closed by 162.144.236.216 port 57848 [preauth]
Sep 29 23:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for root from 162.144.236.216 port 37532 ssh2
Sep 29 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Connection closed by 162.144.236.216 port 37532 [preauth]
Sep 29 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Failed password for root from 162.144.236.216 port 42880 ssh2
Sep 29 23:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Connection closed by 162.144.236.216 port 42880 [preauth]
Sep 29 23:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: Failed password for root from 162.144.236.216 port 48422 ssh2
Sep 29 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24468]: Connection closed by 162.144.236.216 port 48422 [preauth]
Sep 29 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22535]: pam_unix(cron:session): session closed for user root
Sep 29 23:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: Failed password for root from 162.144.236.216 port 56096 ssh2
Sep 29 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24505]: Connection closed by 162.144.236.216 port 56096 [preauth]
Sep 29 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: Failed password for root from 162.144.236.216 port 33512 ssh2
Sep 29 23:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24546]: Connection closed by 162.144.236.216 port 33512 [preauth]
Sep 29 23:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 29 23:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Failed password for root from 20.163.71.109 port 34000 ssh2
Sep 29 23:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24594]: Connection closed by 20.163.71.109 port 34000 [preauth]
Sep 29 23:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Invalid user sammy from 62.60.131.157
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: input_userauth_request: invalid user sammy [preauth]
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: Successful su for rubyman by root
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: + ??? root:rubyman
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317756 of user rubyman.
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317756.
Sep 29 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user sammy from 62.60.131.157 port 61665 ssh2
Sep 29 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user sammy from 62.60.131.157 port 61665 ssh2
Sep 29 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session closed for user root
Sep 29 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user sammy from 62.60.131.157 port 61665 ssh2
Sep 29 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user sammy from 62.60.131.157 port 61665 ssh2
Sep 29 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user sammy from 62.60.131.157 port 61665 ssh2
Sep 29 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Received disconnect from 62.60.131.157 port 61665:11: Bye [preauth]
Sep 29 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Disconnected from 62.60.131.157 port 61665 [preauth]
Sep 29 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 29 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 29 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Failed password for root from 162.144.236.216 port 40940 ssh2
Sep 29 23:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Connection closed by 162.144.236.216 port 40940 [preauth]
Sep 29 23:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Failed password for root from 162.144.236.216 port 49312 ssh2
Sep 29 23:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Connection closed by 162.144.236.216 port 49312 [preauth]
Sep 29 23:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Failed password for root from 162.144.236.216 port 56946 ssh2
Sep 29 23:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23379]: pam_unix(cron:session): session closed for user root
Sep 29 23:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Connection closed by 162.144.236.216 port 56946 [preauth]
Sep 29 23:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 29 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Failed password for root from 93.152.230.176 port 2464 ssh2
Sep 29 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Received disconnect from 93.152.230.176 port 2464:11: Client disconnecting normally [preauth]
Sep 29 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Disconnected from 93.152.230.176 port 2464 [preauth]
Sep 29 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Failed password for root from 162.144.236.216 port 36152 ssh2
Sep 29 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Connection closed by 162.144.236.216 port 36152 [preauth]
Sep 29 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Failed password for root from 162.144.236.216 port 42096 ssh2
Sep 29 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Connection closed by 162.144.236.216 port 42096 [preauth]
Sep 29 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Failed password for root from 162.144.236.216 port 48676 ssh2
Sep 29 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Connection closed by 162.144.236.216 port 48676 [preauth]
Sep 29 23:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25069]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25067]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: Successful su for rubyman by root
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: + ??? root:rubyman
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317760 of user rubyman.
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317760.
Sep 29 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user root
Sep 29 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Failed password for root from 162.144.236.216 port 54512 ssh2
Sep 29 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25068]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Connection closed by 162.144.236.216 port 54512 [preauth]
Sep 29 23:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25589]: Failed password for root from 162.144.236.216 port 33612 ssh2
Sep 29 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25589]: Connection closed by 162.144.236.216 port 33612 [preauth]
Sep 29 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for root from 162.144.236.216 port 40604 ssh2
Sep 29 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Connection closed by 162.144.236.216 port 40604 [preauth]
Sep 29 23:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Failed password for root from 162.144.236.216 port 46104 ssh2
Sep 29 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25638]: Connection closed by 162.144.236.216 port 46104 [preauth]
Sep 29 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24106]: pam_unix(cron:session): session closed for user root
Sep 29 23:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Failed password for root from 162.144.236.216 port 52192 ssh2
Sep 29 23:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Connection closed by 162.144.236.216 port 52192 [preauth]
Sep 29 23:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Failed password for root from 162.144.236.216 port 58824 ssh2
Sep 29 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Connection closed by 162.144.236.216 port 58824 [preauth]
Sep 29 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: Failed password for root from 162.144.236.216 port 36868 ssh2
Sep 29 23:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: Connection closed by 162.144.236.216 port 36868 [preauth]
Sep 29 23:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: Successful su for rubyman by root
Sep 29 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: + ??? root:rubyman
Sep 29 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317766 of user rubyman.
Sep 29 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25941]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317766.
Sep 29 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for root from 162.144.236.216 port 43612 ssh2
Sep 29 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Connection closed by 162.144.236.216 port 43612 [preauth]
Sep 29 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session closed for user root
Sep 29 23:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26099]: Failed password for root from 162.144.236.216 port 50498 ssh2
Sep 29 23:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26099]: Connection closed by 162.144.236.216 port 50498 [preauth]
Sep 29 23:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Failed password for root from 162.144.236.216 port 56416 ssh2
Sep 29 23:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Connection closed by 162.144.236.216 port 56416 [preauth]
Sep 29 23:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for root from 162.144.236.216 port 34280 ssh2
Sep 29 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Connection closed by 162.144.236.216 port 34280 [preauth]
Sep 29 23:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session closed for user root
Sep 29 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26239]: Failed password for root from 162.144.236.216 port 40808 ssh2
Sep 29 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26239]: Connection closed by 162.144.236.216 port 40808 [preauth]
Sep 29 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Failed password for root from 162.144.236.216 port 49484 ssh2
Sep 29 23:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Connection closed by 162.144.236.216 port 49484 [preauth]
Sep 29 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Failed password for root from 162.144.236.216 port 56768 ssh2
Sep 29 23:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Connection closed by 162.144.236.216 port 56768 [preauth]
Sep 29 23:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26361]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26362]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26362]: pam_unix(cron:session): session closed for user root
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: Successful su for rubyman by root
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: + ??? root:rubyman
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317769 of user rubyman.
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26531]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317769.
Sep 29 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: Failed password for root from 162.144.236.216 port 36022 ssh2
Sep 29 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: Connection closed by 162.144.236.216 port 36022 [preauth]
Sep 29 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user root
Sep 29 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22534]: pam_unix(cron:session): session closed for user root
Sep 29 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: Failed password for root from 162.144.236.216 port 41994 ssh2
Sep 29 23:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: Connection closed by 162.144.236.216 port 41994 [preauth]
Sep 29 23:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Failed password for root from 162.144.236.216 port 48412 ssh2
Sep 29 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Connection closed by 162.144.236.216 port 48412 [preauth]
Sep 29 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Failed password for root from 162.144.236.216 port 52874 ssh2
Sep 29 23:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Connection closed by 162.144.236.216 port 52874 [preauth]
Sep 29 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Failed password for root from 162.144.236.216 port 59868 ssh2
Sep 29 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Connection closed by 162.144.236.216 port 59868 [preauth]
Sep 29 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25070]: pam_unix(cron:session): session closed for user root
Sep 29 23:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: Failed password for root from 162.144.236.216 port 37512 ssh2
Sep 29 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: Connection closed by 162.144.236.216 port 37512 [preauth]
Sep 29 23:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27007]: Failed password for root from 162.144.236.216 port 44134 ssh2
Sep 29 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27007]: Connection closed by 162.144.236.216 port 44134 [preauth]
Sep 29 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Failed password for root from 162.144.236.216 port 50858 ssh2
Sep 29 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Connection closed by 162.144.236.216 port 50858 [preauth]
Sep 29 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27063]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: Successful su for rubyman by root
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: + ??? root:rubyman
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317775 of user rubyman.
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27139]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317775.
Sep 29 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Failed password for root from 162.144.236.216 port 58192 ssh2
Sep 29 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27052]: Connection closed by 162.144.236.216 port 58192 [preauth]
Sep 29 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23378]: pam_unix(cron:session): session closed for user root
Sep 29 23:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27064]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Failed password for root from 162.144.236.216 port 36546 ssh2
Sep 29 23:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Connection closed by 162.144.236.216 port 36546 [preauth]
Sep 29 23:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: Failed password for root from 162.144.236.216 port 42948 ssh2
Sep 29 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: Connection closed by 162.144.236.216 port 42948 [preauth]
Sep 29 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Failed password for root from 162.144.236.216 port 49968 ssh2
Sep 29 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27418]: Connection closed by 162.144.236.216 port 49968 [preauth]
Sep 29 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session closed for user root
Sep 29 23:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for root from 162.144.236.216 port 56104 ssh2
Sep 29 23:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Connection closed by 162.144.236.216 port 56104 [preauth]
Sep 29 23:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Invalid user test from 181.143.226.68
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: input_userauth_request: invalid user test [preauth]
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: Invalid user gerrit from 103.189.234.85
Sep 29 23:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: input_userauth_request: invalid user gerrit [preauth]
Sep 29 23:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Failed password for root from 162.144.236.216 port 37240 ssh2
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: Failed password for invalid user gerrit from 103.189.234.85 port 42700 ssh2
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Connection closed by 162.144.236.216 port 37240 [preauth]
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: Received disconnect from 103.189.234.85 port 42700:11: Bye Bye [preauth]
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: Disconnected from 103.189.234.85 port 42700 [preauth]
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Failed password for invalid user test from 181.143.226.68 port 46614 ssh2
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Received disconnect from 181.143.226.68 port 46614:11: Bye Bye [preauth]
Sep 29 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Disconnected from 181.143.226.68 port 46614 [preauth]
Sep 29 23:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Failed password for root from 162.144.236.216 port 45128 ssh2
Sep 29 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Connection closed by 162.144.236.216 port 45128 [preauth]
Sep 29 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27800]: Successful su for rubyman by root
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27800]: + ??? root:rubyman
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317778 of user rubyman.
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27800]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317778.
Sep 29 23:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Failed password for root from 162.144.236.216 port 51558 ssh2
Sep 29 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24105]: pam_unix(cron:session): session closed for user root
Sep 29 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Connection closed by 162.144.236.216 port 51558 [preauth]
Sep 29 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Failed password for root from 162.144.236.216 port 56956 ssh2
Sep 29 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Connection closed by 162.144.236.216 port 56956 [preauth]
Sep 29 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Failed password for root from 162.144.236.216 port 37674 ssh2
Sep 29 23:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Connection closed by 162.144.236.216 port 37674 [preauth]
Sep 29 23:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Invalid user admin from 80.94.95.116
Sep 29 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: input_userauth_request: invalid user admin [preauth]
Sep 29 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 29 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Failed password for invalid user admin from 80.94.95.116 port 54892 ssh2
Sep 29 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28092]: Connection closed by 80.94.95.116 port 54892 [preauth]
Sep 29 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26361]: pam_unix(cron:session): session closed for user root
Sep 29 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for root from 162.144.236.216 port 45546 ssh2
Sep 29 23:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 162.144.236.216 port 45546 [preauth]
Sep 29 23:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28136]: Failed password for root from 162.144.236.216 port 53310 ssh2
Sep 29 23:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28136]: Connection closed by 162.144.236.216 port 53310 [preauth]
Sep 29 23:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Failed password for root from 162.144.236.216 port 32962 ssh2
Sep 29 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Connection closed by 162.144.236.216 port 32962 [preauth]
Sep 29 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Failed password for root from 162.144.236.216 port 38354 ssh2
Sep 29 23:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Connection closed by 162.144.236.216 port 38354 [preauth]
Sep 29 23:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28209]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28208]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28206]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28271]: Successful su for rubyman by root
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28271]: + ??? root:rubyman
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317783 of user rubyman.
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28271]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317783.
Sep 29 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24614]: pam_unix(cron:session): session closed for user root
Sep 29 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: Failed password for root from 162.144.236.216 port 44142 ssh2
Sep 29 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28207]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28203]: Connection closed by 162.144.236.216 port 44142 [preauth]
Sep 29 23:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: Failed password for root from 162.144.236.216 port 51728 ssh2
Sep 29 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28497]: Connection closed by 162.144.236.216 port 51728 [preauth]
Sep 29 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Failed password for root from 162.144.236.216 port 58446 ssh2
Sep 29 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28640]: Connection closed by 162.144.236.216 port 58446 [preauth]
Sep 29 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Invalid user dreambox from 192.227.153.63
Sep 29 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: input_userauth_request: invalid user dreambox [preauth]
Sep 29 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 29 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Failed password for invalid user dreambox from 192.227.153.63 port 41256 ssh2
Sep 29 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Received disconnect from 192.227.153.63 port 41256:11: Bye Bye [preauth]
Sep 29 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Disconnected from 192.227.153.63 port 41256 [preauth]
Sep 29 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Failed password for root from 162.144.236.216 port 35978 ssh2
Sep 29 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Connection closed by 162.144.236.216 port 35978 [preauth]
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27066]: pam_unix(cron:session): session closed for user root
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Invalid user jupyter from 181.143.226.68
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: input_userauth_request: invalid user jupyter [preauth]
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Failed password for invalid user jupyter from 181.143.226.68 port 54384 ssh2
Sep 29 23:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Received disconnect from 181.143.226.68 port 54384:11: Bye Bye [preauth]
Sep 29 23:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28694]: Disconnected from 181.143.226.68 port 54384 [preauth]
Sep 29 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 29 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Failed password for root from 103.189.234.85 port 47280 ssh2
Sep 29 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Received disconnect from 103.189.234.85 port 47280:11: Bye Bye [preauth]
Sep 29 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Disconnected from 103.189.234.85 port 47280 [preauth]
Sep 29 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Failed password for root from 162.144.236.216 port 43142 ssh2
Sep 29 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Connection closed by 162.144.236.216 port 43142 [preauth]
Sep 29 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: Failed password for root from 162.144.236.216 port 49790 ssh2
Sep 29 23:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28741]: Connection closed by 162.144.236.216 port 49790 [preauth]
Sep 29 23:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Failed password for root from 162.144.236.216 port 55178 ssh2
Sep 29 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Connection closed by 162.144.236.216 port 55178 [preauth]
Sep 29 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28880]: Successful su for rubyman by root
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28880]: + ??? root:rubyman
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317786 of user rubyman.
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28880]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317786.
Sep 29 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28787]: Failed password for root from 162.144.236.216 port 33236 ssh2
Sep 29 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28787]: Connection closed by 162.144.236.216 port 33236 [preauth]
Sep 29 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25069]: pam_unix(cron:session): session closed for user root
Sep 29 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28801]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Failed password for root from 162.144.236.216 port 38260 ssh2
Sep 29 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29069]: Connection closed by 162.144.236.216 port 38260 [preauth]
Sep 29 23:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: Failed password for root from 162.144.236.216 port 44516 ssh2
Sep 29 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: Connection closed by 162.144.236.216 port 44516 [preauth]
Sep 29 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: Failed password for root from 162.144.236.216 port 50060 ssh2
Sep 29 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: Connection closed by 162.144.236.216 port 50060 [preauth]
Sep 29 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: Failed password for root from 162.144.236.216 port 55802 ssh2
Sep 29 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29261]: Connection closed by 162.144.236.216 port 55802 [preauth]
Sep 29 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user root
Sep 29 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: Failed password for root from 162.144.236.216 port 33974 ssh2
Sep 29 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29316]: Connection closed by 162.144.236.216 port 33974 [preauth]
Sep 29 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Invalid user roman from 181.143.226.68
Sep 29 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: input_userauth_request: invalid user roman [preauth]
Sep 29 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Invalid user developer from 103.189.234.85
Sep 29 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: input_userauth_request: invalid user developer [preauth]
Sep 29 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: Failed password for root from 162.144.236.216 port 41014 ssh2
Sep 29 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Failed password for invalid user roman from 181.143.226.68 port 38244 ssh2
Sep 29 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Received disconnect from 181.143.226.68 port 38244:11: Bye Bye [preauth]
Sep 29 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Disconnected from 181.143.226.68 port 38244 [preauth]
Sep 29 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for invalid user developer from 103.189.234.85 port 34506 ssh2
Sep 29 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29330]: Connection closed by 162.144.236.216 port 41014 [preauth]
Sep 29 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Received disconnect from 103.189.234.85 port 34506:11: Bye Bye [preauth]
Sep 29 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Disconnected from 103.189.234.85 port 34506 [preauth]
Sep 29 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Failed password for root from 162.144.236.216 port 47346 ssh2
Sep 29 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Invalid user zabbix from 93.152.230.176
Sep 29 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: input_userauth_request: invalid user zabbix [preauth]
Sep 29 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Failed password for invalid user zabbix from 93.152.230.176 port 59693 ssh2
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Received disconnect from 93.152.230.176 port 59693:11: Client disconnecting normally [preauth]
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Disconnected from 93.152.230.176 port 59693 [preauth]
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29400]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session closed for user root
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29398]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Connection closed by 162.144.236.216 port 47346 [preauth]
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29485]: Successful su for rubyman by root
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29485]: + ??? root:rubyman
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317793 of user rubyman.
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29485]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317793.
Sep 29 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29400]: pam_unix(cron:session): session closed for user root
Sep 29 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session closed for user root
Sep 29 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Failed password for root from 162.144.236.216 port 56512 ssh2
Sep 29 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29399]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Connection closed by 162.144.236.216 port 56512 [preauth]
Sep 29 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Failed password for root from 162.144.236.216 port 33564 ssh2
Sep 29 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Connection closed by 162.144.236.216 port 33564 [preauth]
Sep 29 23:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Failed password for root from 162.144.236.216 port 39882 ssh2
Sep 29 23:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Connection closed by 162.144.236.216 port 39882 [preauth]
Sep 29 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Failed password for root from 162.144.236.216 port 47568 ssh2
Sep 29 23:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Connection closed by 162.144.236.216 port 47568 [preauth]
Sep 29 23:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28209]: pam_unix(cron:session): session closed for user root
Sep 29 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Failed password for root from 162.144.236.216 port 53302 ssh2
Sep 29 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Connection closed by 162.144.236.216 port 53302 [preauth]
Sep 29 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Failed password for root from 162.144.236.216 port 59828 ssh2
Sep 29 23:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Connection closed by 162.144.236.216 port 59828 [preauth]
Sep 29 23:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Invalid user dreambox from 103.189.234.85
Sep 29 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: input_userauth_request: invalid user dreambox [preauth]
Sep 29 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 29 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Failed password for invalid user dreambox from 103.189.234.85 port 40012 ssh2
Sep 29 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Received disconnect from 103.189.234.85 port 40012:11: Bye Bye [preauth]
Sep 29 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Disconnected from 103.189.234.85 port 40012 [preauth]
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Failed password for root from 181.143.226.68 port 42380 ssh2
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Received disconnect from 181.143.226.68 port 42380:11: Bye Bye [preauth]
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Disconnected from 181.143.226.68 port 42380 [preauth]
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: Invalid user maya from 192.227.153.63
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: input_userauth_request: invalid user maya [preauth]
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 29 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Failed password for root from 162.144.236.216 port 36922 ssh2
Sep 29 23:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Connection closed by 162.144.236.216 port 36922 [preauth]
Sep 29 23:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: Failed password for invalid user maya from 192.227.153.63 port 36576 ssh2
Sep 29 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: Received disconnect from 192.227.153.63 port 36576:11: Bye Bye [preauth]
Sep 29 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29913]: Disconnected from 192.227.153.63 port 36576 [preauth]
Sep 29 23:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29935]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29933]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: Successful su for rubyman by root
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: + ??? root:rubyman
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317796 of user rubyman.
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317796.
Sep 29 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Failed password for root from 162.144.236.216 port 44282 ssh2
Sep 29 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Connection closed by 162.144.236.216 port 44282 [preauth]
Sep 29 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session closed for user root
Sep 29 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29934]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Failed password for root from 162.144.236.216 port 50958 ssh2
Sep 29 23:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Connection closed by 162.144.236.216 port 50958 [preauth]
Sep 29 23:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Failed password for root from 162.144.236.216 port 56730 ssh2
Sep 29 23:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Connection closed by 162.144.236.216 port 56730 [preauth]
Sep 29 23:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Failed password for root from 162.144.236.216 port 34372 ssh2
Sep 29 23:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Connection closed by 162.144.236.216 port 34372 [preauth]
Sep 29 23:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Failed password for root from 162.144.236.216 port 40336 ssh2
Sep 29 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session closed for user root
Sep 29 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Connection closed by 162.144.236.216 port 40336 [preauth]
Sep 29 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Failed password for root from 162.144.236.216 port 48502 ssh2
Sep 29 23:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Connection closed by 162.144.236.216 port 48502 [preauth]
Sep 29 23:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Failed password for root from 162.144.236.216 port 54930 ssh2
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Connection closed by 162.144.236.216 port 54930 [preauth]
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Invalid user edith from 192.227.153.63
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: input_userauth_request: invalid user edith [preauth]
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 29 23:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Failed password for invalid user edith from 192.227.153.63 port 36522 ssh2
Sep 29 23:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Received disconnect from 192.227.153.63 port 36522:11: Bye Bye [preauth]
Sep 29 23:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30442]: Disconnected from 192.227.153.63 port 36522 [preauth]
Sep 29 23:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 29 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Invalid user superadmin from 103.189.234.85
Sep 29 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Failed password for root from 162.144.236.216 port 33980 ssh2
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Failed password for root from 181.143.226.68 port 44440 ssh2
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Failed password for invalid user superadmin from 103.189.234.85 port 48554 ssh2
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Received disconnect from 181.143.226.68 port 44440:11: Bye Bye [preauth]
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Disconnected from 181.143.226.68 port 44440 [preauth]
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Connection closed by 162.144.236.216 port 33980 [preauth]
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Received disconnect from 103.189.234.85 port 48554:11: Bye Bye [preauth]
Sep 29 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Disconnected from 103.189.234.85 port 48554 [preauth]
Sep 29 23:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: Successful su for rubyman by root
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: + ??? root:rubyman
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317801 of user rubyman.
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30635]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317801.
Sep 29 23:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27065]: pam_unix(cron:session): session closed for user root
Sep 29 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Failed password for root from 162.144.236.216 port 39632 ssh2
Sep 29 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Connection closed by 162.144.236.216 port 39632 [preauth]
Sep 29 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Failed password for root from 162.144.236.216 port 47446 ssh2
Sep 29 23:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Connection closed by 162.144.236.216 port 47446 [preauth]
Sep 29 23:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Failed password for root from 162.144.236.216 port 50916 ssh2
Sep 29 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Connection closed by 162.144.236.216 port 50916 [preauth]
Sep 29 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: Failed password for root from 162.144.236.216 port 57128 ssh2
Sep 29 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30891]: Connection closed by 162.144.236.216 port 57128 [preauth]
Sep 29 23:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session closed for user root
Sep 29 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Failed password for root from 162.144.236.216 port 37010 ssh2
Sep 29 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Connection closed by 162.144.236.216 port 37010 [preauth]
Sep 29 23:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30974]: Failed password for root from 162.144.236.216 port 45696 ssh2
Sep 29 23:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30974]: Connection closed by 162.144.236.216 port 45696 [preauth]
Sep 29 23:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 29 23:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: Failed password for root from 162.144.236.216 port 51890 ssh2
Sep 29 23:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31002]: Connection closed by 162.144.236.216 port 51890 [preauth]
Sep 29 23:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Failed password for root from 192.227.153.63 port 36902 ssh2
Sep 29 23:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Received disconnect from 192.227.153.63 port 36902:11: Bye Bye [preauth]
Sep 29 23:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Disconnected from 192.227.153.63 port 36902 [preauth]
Sep 29 23:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Invalid user webmaster from 103.189.234.85
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: input_userauth_request: invalid user webmaster [preauth]
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31035]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31112]: Successful su for rubyman by root
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31112]: + ??? root:rubyman
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317804 of user rubyman.
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31112]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317804.
Sep 29 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Failed password for invalid user webmaster from 103.189.234.85 port 53278 ssh2
Sep 29 23:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Received disconnect from 103.189.234.85 port 53278:11: Bye Bye [preauth]
Sep 29 23:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Disconnected from 103.189.234.85 port 53278 [preauth]
Sep 29 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for root from 162.144.236.216 port 57226 ssh2
Sep 29 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Invalid user zimblyeat from 181.143.226.68
Sep 29 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: input_userauth_request: invalid user zimblyeat [preauth]
Sep 29 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
Sep 29 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Connection closed by 162.144.236.216 port 57226 [preauth]
Sep 29 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Failed password for invalid user zimblyeat from 181.143.226.68 port 59068 ssh2
Sep 29 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Received disconnect from 181.143.226.68 port 59068:11: Bye Bye [preauth]
Sep 29 23:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31202]: Disconnected from 181.143.226.68 port 59068 [preauth]
Sep 29 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31036]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Failed password for root from 162.144.236.216 port 36202 ssh2
Sep 29 23:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Connection closed by 162.144.236.216 port 36202 [preauth]
Sep 29 23:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Failed password for root from 162.144.236.216 port 42758 ssh2
Sep 29 23:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31340]: Connection closed by 162.144.236.216 port 42758 [preauth]
Sep 29 23:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: Failed password for root from 162.144.236.216 port 49728 ssh2
Sep 29 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: Connection closed by 162.144.236.216 port 49728 [preauth]
Sep 29 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29936]: pam_unix(cron:session): session closed for user root
Sep 29 23:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: Failed password for root from 162.144.236.216 port 56070 ssh2
Sep 29 23:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31384]: Connection closed by 162.144.236.216 port 56070 [preauth]
Sep 29 23:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31449]: Failed password for root from 162.144.236.216 port 34748 ssh2
Sep 29 23:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31449]: Connection closed by 162.144.236.216 port 34748 [preauth]
Sep 29 23:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Failed password for root from 162.144.236.216 port 43724 ssh2
Sep 29 23:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Connection closed by 162.144.236.216 port 43724 [preauth]
Sep 29 23:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Invalid user foundry from 192.227.153.63
Sep 29 23:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: input_userauth_request: invalid user foundry [preauth]
Sep 29 23:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31545]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31543]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Failed password for invalid user foundry from 192.227.153.63 port 37074 ssh2
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Received disconnect from 192.227.153.63 port 37074:11: Bye Bye [preauth]
Sep 29 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: Disconnected from 192.227.153.63 port 37074 [preauth]
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31618]: Successful su for rubyman by root
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31618]: + ??? root:rubyman
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317809 of user rubyman.
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31618]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317809.
Sep 29 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Failed password for root from 162.144.236.216 port 49520 ssh2
Sep 29 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Connection closed by 162.144.236.216 port 49520 [preauth]
Sep 29 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28208]: pam_unix(cron:session): session closed for user root
Sep 29 23:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 29 23:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31544]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: Failed password for root from 103.189.234.85 port 37648 ssh2
Sep 29 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: Received disconnect from 103.189.234.85 port 37648:11: Bye Bye [preauth]
Sep 29 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: Disconnected from 103.189.234.85 port 37648 [preauth]
Sep 29 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Failed password for root from 162.144.236.216 port 54908 ssh2
Sep 29 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31766]: Connection closed by 162.144.236.216 port 54908 [preauth]
Sep 29 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 29 23:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Failed password for root from 181.143.226.68 port 57470 ssh2
Sep 29 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Received disconnect from 181.143.226.68 port 57470:11: Bye Bye [preauth]
Sep 29 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Disconnected from 181.143.226.68 port 57470 [preauth]
Sep 29 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 162.144.236.216 port 59322 ssh2
Sep 29 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Connection closed by 162.144.236.216 port 59322 [preauth]
Sep 29 23:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Failed password for root from 162.144.236.216 port 40234 ssh2
Sep 29 23:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Connection closed by 162.144.236.216 port 40234 [preauth]
Sep 29 23:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user root
Sep 29 23:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Failed password for root from 162.144.236.216 port 47908 ssh2
Sep 29 23:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Connection closed by 162.144.236.216 port 47908 [preauth]
Sep 29 23:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for root from 162.144.236.216 port 55438 ssh2
Sep 29 23:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Connection closed by 162.144.236.216 port 55438 [preauth]
Sep 29 23:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Failed password for root from 162.144.236.216 port 33350 ssh2
Sep 29 23:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Connection closed by 162.144.236.216 port 33350 [preauth]
Sep 29 23:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32008]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32009]: pam_unix(cron:session): session closed for user root
Sep 29 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32004]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32080]: Successful su for rubyman by root
Sep 29 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32080]: + ??? root:rubyman
Sep 29 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317815 of user rubyman.
Sep 29 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32080]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317815.
Sep 29 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Invalid user testuser from 192.227.153.63
Sep 29 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: input_userauth_request: invalid user testuser [preauth]
Sep 29 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 29 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32006]: pam_unix(cron:session): session closed for user root
Sep 29 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user root
Sep 29 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Failed password for invalid user testuser from 192.227.153.63 port 37756 ssh2
Sep 29 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Received disconnect from 192.227.153.63 port 37756:11: Bye Bye [preauth]
Sep 29 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32176]: Disconnected from 192.227.153.63 port 37756 [preauth]
Sep 29 23:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32005]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Failed password for root from 162.144.236.216 port 40294 ssh2
Sep 29 23:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Invalid user VPN from 103.189.234.85
Sep 29 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: input_userauth_request: invalid user VPN [preauth]
Sep 29 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Connection closed by 162.144.236.216 port 40294 [preauth]
Sep 29 23:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user VPN from 103.189.234.85 port 53478 ssh2
Sep 29 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Received disconnect from 103.189.234.85 port 53478:11: Bye Bye [preauth]
Sep 29 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Disconnected from 103.189.234.85 port 53478 [preauth]
Sep 29 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Invalid user admin from 181.143.226.68
Sep 29 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: input_userauth_request: invalid user admin [preauth]
Sep 29 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Failed password for invalid user admin from 181.143.226.68 port 47660 ssh2
Sep 29 23:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Received disconnect from 181.143.226.68 port 47660:11: Bye Bye [preauth]
Sep 29 23:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: Disconnected from 181.143.226.68 port 47660 [preauth]
Sep 29 23:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Failed password for root from 162.144.236.216 port 45886 ssh2
Sep 29 23:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Connection closed by 162.144.236.216 port 45886 [preauth]
Sep 29 23:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session closed for user root
Sep 29 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: Failed password for root from 162.144.236.216 port 51920 ssh2
Sep 29 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: Connection closed by 162.144.236.216 port 51920 [preauth]
Sep 29 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Failed password for root from 162.144.236.216 port 57358 ssh2
Sep 29 23:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Connection closed by 162.144.236.216 port 57358 [preauth]
Sep 29 23:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Failed password for root from 162.144.236.216 port 36548 ssh2
Sep 29 23:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Connection closed by 162.144.236.216 port 36548 [preauth]
Sep 29 23:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Failed password for root from 162.144.236.216 port 41232 ssh2
Sep 29 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Connection closed by 162.144.236.216 port 41232 [preauth]
Sep 29 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32494]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: Successful su for rubyman by root
Sep 29 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: + ??? root:rubyman
Sep 29 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317819 of user rubyman.
Sep 29 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317819.
Sep 29 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: Failed password for root from 162.144.236.216 port 47414 ssh2
Sep 29 23:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: Connection closed by 162.144.236.216 port 47414 [preauth]
Sep 29 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session closed for user root
Sep 29 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Invalid user VPN from 192.227.153.63
Sep 29 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: input_userauth_request: invalid user VPN [preauth]
Sep 29 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 29 23:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user VPN from 192.227.153.63 port 38576 ssh2
Sep 29 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Received disconnect from 192.227.153.63 port 38576:11: Bye Bye [preauth]
Sep 29 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Disconnected from 192.227.153.63 port 38576 [preauth]
Sep 29 23:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Failed password for root from 162.144.236.216 port 53326 ssh2
Sep 29 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Connection closed by 162.144.236.216 port 53326 [preauth]
Sep 29 23:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Failed password for root from 162.144.236.216 port 60400 ssh2
Sep 29 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Connection closed by 162.144.236.216 port 60400 [preauth]
Sep 29 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 29 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Invalid user oo from 103.189.234.85
Sep 29 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: input_userauth_request: invalid user oo [preauth]
Sep 29 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: Failed password for root from 181.143.226.68 port 53124 ssh2
Sep 29 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: Received disconnect from 181.143.226.68 port 53124:11: Bye Bye [preauth]
Sep 29 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[375]: Disconnected from 181.143.226.68 port 53124 [preauth]
Sep 29 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for invalid user oo from 103.189.234.85 port 57720 ssh2
Sep 29 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Received disconnect from 103.189.234.85 port 57720:11: Bye Bye [preauth]
Sep 29 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Disconnected from 103.189.234.85 port 57720 [preauth]
Sep 29 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Failed password for root from 162.144.236.216 port 39674 ssh2
Sep 29 23:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[360]: Connection closed by 162.144.236.216 port 39674 [preauth]
Sep 29 23:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session closed for user root
Sep 29 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Failed password for root from 162.144.236.216 port 45222 ssh2
Sep 29 23:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Connection closed by 162.144.236.216 port 45222 [preauth]
Sep 29 23:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Failed password for root from 162.144.236.216 port 51692 ssh2
Sep 29 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Connection closed by 162.144.236.216 port 51692 [preauth]
Sep 29 23:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: Failed password for root from 162.144.236.216 port 57930 ssh2
Sep 29 23:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: Connection closed by 162.144.236.216 port 57930 [preauth]
Sep 29 23:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Failed password for root from 162.144.236.216 port 35910 ssh2
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Connection closed by 162.144.236.216 port 35910 [preauth]
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[514]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[512]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[510]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: Successful su for rubyman by root
Sep 29 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: + ??? root:rubyman
Sep 29 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317822 of user rubyman.
Sep 29 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[578]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317822.
Sep 29 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29935]: pam_unix(cron:session): session closed for user root
Sep 29 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Invalid user postgres from 185.156.73.233
Sep 29 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: input_userauth_request: invalid user postgres [preauth]
Sep 29 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 29 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Failed password for root from 162.144.236.216 port 42202 ssh2
Sep 29 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Failed password for invalid user postgres from 185.156.73.233 port 36968 ssh2
Sep 29 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: Connection closed by 185.156.73.233 port 36968 [preauth]
Sep 29 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Connection closed by 162.144.236.216 port 42202 [preauth]
Sep 29 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 29 23:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Failed password for root from 162.144.236.216 port 48518 ssh2
Sep 29 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Failed password for root from 192.227.153.63 port 39916 ssh2
Sep 29 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Received disconnect from 192.227.153.63 port 39916:11: Bye Bye [preauth]
Sep 29 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Disconnected from 192.227.153.63 port 39916 [preauth]
Sep 29 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[782]: Connection closed by 162.144.236.216 port 48518 [preauth]
Sep 29 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Invalid user linaro from 93.152.230.176
Sep 29 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: input_userauth_request: invalid user linaro [preauth]
Sep 29 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 29 23:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for invalid user linaro from 93.152.230.176 port 51057 ssh2
Sep 29 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Received disconnect from 93.152.230.176 port 51057:11: Client disconnecting normally [preauth]
Sep 29 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Disconnected from 93.152.230.176 port 51057 [preauth]
Sep 29 23:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: Failed password for root from 162.144.236.216 port 54438 ssh2
Sep 29 23:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[832]: Connection closed by 162.144.236.216 port 54438 [preauth]
Sep 29 23:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Failed password for root from 162.144.236.216 port 59178 ssh2
Sep 29 23:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Connection closed by 162.144.236.216 port 59178 [preauth]
Sep 29 23:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: Invalid user alireza from 181.143.226.68
Sep 29 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: input_userauth_request: invalid user alireza [preauth]
Sep 29 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 29 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: Failed password for invalid user alireza from 181.143.226.68 port 57992 ssh2
Sep 29 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: Received disconnect from 181.143.226.68 port 57992:11: Bye Bye [preauth]
Sep 29 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: Disconnected from 181.143.226.68 port 57992 [preauth]
Sep 29 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32008]: pam_unix(cron:session): session closed for user root
Sep 29 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Failed password for root from 103.189.234.85 port 44358 ssh2
Sep 29 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Received disconnect from 103.189.234.85 port 44358:11: Bye Bye [preauth]
Sep 29 23:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[923]: Disconnected from 103.189.234.85 port 44358 [preauth]
Sep 29 23:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Failed password for root from 162.144.236.216 port 37206 ssh2
Sep 29 23:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Connection closed by 162.144.236.216 port 37206 [preauth]
Sep 29 23:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Failed password for root from 162.144.236.216 port 44004 ssh2
Sep 29 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1000]: Connection closed by 162.144.236.216 port 44004 [preauth]
Sep 29 23:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: Failed password for root from 162.144.236.216 port 52982 ssh2
Sep 29 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: Connection closed by 162.144.236.216 port 52982 [preauth]
Sep 29 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1071]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1136]: Successful su for rubyman by root
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1136]: + ??? root:rubyman
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317827 of user rubyman.
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1136]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317827.
Sep 29 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Failed password for root from 162.144.236.216 port 59572 ssh2
Sep 29 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session closed for user root
Sep 29 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Connection closed by 162.144.236.216 port 59572 [preauth]
Sep 29 23:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1072]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Failed password for root from 162.144.236.216 port 37154 ssh2
Sep 29 23:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Connection closed by 162.144.236.216 port 37154 [preauth]
Sep 29 23:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 29 23:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Failed password for root from 162.144.236.216 port 43048 ssh2
Sep 29 23:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1366]: Connection closed by 162.144.236.216 port 43048 [preauth]
Sep 29 23:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for root from 192.227.153.63 port 40572 ssh2
Sep 29 23:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Received disconnect from 192.227.153.63 port 40572:11: Bye Bye [preauth]
Sep 29 23:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Disconnected from 192.227.153.63 port 40572 [preauth]
Sep 29 23:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Failed password for root from 162.144.236.216 port 49074 ssh2
Sep 29 23:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Connection closed by 162.144.236.216 port 49074 [preauth]
Sep 29 23:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Failed password for root from 162.144.236.216 port 54986 ssh2
Sep 29 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32497]: pam_unix(cron:session): session closed for user root
Sep 29 23:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Connection closed by 162.144.236.216 port 54986 [preauth]
Sep 29 23:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 29 23:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: Failed password for root from 162.144.236.216 port 33652 ssh2
Sep 29 23:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Failed password for root from 181.143.226.68 port 55386 ssh2
Sep 29 23:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Received disconnect from 181.143.226.68 port 55386:11: Bye Bye [preauth]
Sep 29 23:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Disconnected from 181.143.226.68 port 55386 [preauth]
Sep 29 23:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: Connection closed by 162.144.236.216 port 33652 [preauth]
Sep 29 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Invalid user superadmin from 103.189.234.85
Sep 29 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: input_userauth_request: invalid user superadmin [preauth]
Sep 29 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 29 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Failed password for invalid user superadmin from 103.189.234.85 port 37996 ssh2
Sep 29 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Received disconnect from 103.189.234.85 port 37996:11: Bye Bye [preauth]
Sep 29 23:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Disconnected from 103.189.234.85 port 37996 [preauth]
Sep 29 23:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Failed password for root from 162.144.236.216 port 40094 ssh2
Sep 29 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1565]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 29 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 29 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1563]: pam_unix(cron:session): session closed for user p13x
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1632]: Successful su for rubyman by root
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1632]: + ??? root:rubyman
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317831 of user rubyman.
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1632]: pam_unix(su:session): session closed for user rubyman
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317831.
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Connection closed by 162.144.236.216 port 40094 [preauth]
Sep 29 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user root
Sep 29 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1564]: pam_unix(cron:session): session closed for user samftp
Sep 29 23:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: Failed password for root from 162.144.236.216 port 47378 ssh2
Sep 29 23:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1674]: Connection closed by 162.144.236.216 port 47378 [preauth]
Sep 29 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 29 23:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1891]: Failed password for root from 192.227.153.63 port 41198 ssh2
Sep 29 23:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1891]: Received disconnect from 192.227.153.63 port 41198:11: Bye Bye [preauth]
Sep 29 23:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1891]: Disconnected from 192.227.153.63 port 41198 [preauth]
Sep 29 23:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1889]: Failed password for root from 162.144.236.216 port 55102 ssh2
Sep 29 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1889]: Connection closed by 162.144.236.216 port 55102 [preauth]
Sep 29 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[514]: pam_unix(cron:session): session closed for user root
Sep 29 23:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1931]: Did not receive identification string from 162.144.236.216
Sep 29 23:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 29 23:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1964]: Failed password for root from 162.144.236.216 port 35436 ssh2
Sep 29 23:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1964]: Connection closed by 162.144.236.216 port 35436 [preauth]
Sep 29 23:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Invalid user sdadmin from 181.143.226.68
Sep 29 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: input_userauth_request: invalid user sdadmin [preauth]
Sep 29 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): check pass; user unknown
Sep 29 23:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 29 23:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Failed password for invalid user sdadmin from 181.143.226.68 port 45102 ssh2
Sep 29 23:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Received disconnect from 181.143.226.68 port 45102:11: Bye Bye [preauth]
Sep 29 23:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Disconnected from 181.143.226.68 port 45102 [preauth]
Sep 29 23:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 29 23:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: Failed password for root from 103.189.234.85 port 48696 ssh2
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2030]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2030]: pam_unix(cron:session): session closed for user root
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user root
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2028]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: Received disconnect from 103.189.234.85 port 48696:11: Bye Bye [preauth]
Sep 30 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: Disconnected from 103.189.234.85 port 48696 [preauth]
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2141]: Successful su for rubyman by root
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2141]: + ??? root:rubyman
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317838 of user rubyman.
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2141]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317838.
Sep 30 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for root from 162.144.236.216 port 41692 ssh2
Sep 30 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Connection closed by 162.144.236.216 port 41692 [preauth]
Sep 30 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session closed for user root
Sep 30 00:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31545]: pam_unix(cron:session): session closed for user root
Sep 30 00:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2029]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Failed password for root from 162.144.236.216 port 48792 ssh2
Sep 30 00:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Connection closed by 162.144.236.216 port 48792 [preauth]
Sep 30 00:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for root from 162.144.236.216 port 56750 ssh2
Sep 30 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Connection closed by 162.144.236.216 port 56750 [preauth]
Sep 30 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Failed password for root from 162.144.236.216 port 34542 ssh2
Sep 30 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Connection closed by 162.144.236.216 port 34542 [preauth]
Sep 30 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: Invalid user oo from 192.227.153.63
Sep 30 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: input_userauth_request: invalid user oo [preauth]
Sep 30 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: Failed password for invalid user oo from 192.227.153.63 port 41888 ssh2
Sep 30 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: Received disconnect from 192.227.153.63 port 41888:11: Bye Bye [preauth]
Sep 30 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2443]: Disconnected from 192.227.153.63 port 41888 [preauth]
Sep 30 00:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1074]: pam_unix(cron:session): session closed for user root
Sep 30 00:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: Failed password for root from 162.144.236.216 port 39966 ssh2
Sep 30 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2441]: Connection closed by 162.144.236.216 port 39966 [preauth]
Sep 30 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Failed password for root from 162.144.236.216 port 48474 ssh2
Sep 30 00:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Connection closed by 162.144.236.216 port 48474 [preauth]
Sep 30 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Failed password for root from 162.144.236.216 port 56410 ssh2
Sep 30 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Connection closed by 162.144.236.216 port 56410 [preauth]
Sep 30 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session closed for user root
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2594]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: Successful su for rubyman by root
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: + ??? root:rubyman
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317842 of user rubyman.
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2667]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317842.
Sep 30 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Failed password for root from 162.144.236.216 port 34502 ssh2
Sep 30 00:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Connection closed by 162.144.236.216 port 34502 [preauth]
Sep 30 00:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session closed for user root
Sep 30 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2595]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Failed password for root from 162.144.236.216 port 40230 ssh2
Sep 30 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Connection closed by 162.144.236.216 port 40230 [preauth]
Sep 30 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Failed password for root from 181.143.226.68 port 53558 ssh2
Sep 30 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Received disconnect from 181.143.226.68 port 53558:11: Bye Bye [preauth]
Sep 30 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Disconnected from 181.143.226.68 port 53558 [preauth]
Sep 30 00:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Invalid user zzg from 103.189.234.85
Sep 30 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: input_userauth_request: invalid user zzg [preauth]
Sep 30 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: Failed password for root from 162.144.236.216 port 45258 ssh2
Sep 30 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Failed password for invalid user zzg from 103.189.234.85 port 49226 ssh2
Sep 30 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: Connection closed by 162.144.236.216 port 45258 [preauth]
Sep 30 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Received disconnect from 103.189.234.85 port 49226:11: Bye Bye [preauth]
Sep 30 00:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Disconnected from 103.189.234.85 port 49226 [preauth]
Sep 30 00:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Failed password for root from 162.144.236.216 port 49984 ssh2
Sep 30 00:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2907]: Connection closed by 162.144.236.216 port 49984 [preauth]
Sep 30 00:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: Failed password for root from 162.144.236.216 port 55812 ssh2
Sep 30 00:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2921]: Connection closed by 162.144.236.216 port 55812 [preauth]
Sep 30 00:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session closed for user root
Sep 30 00:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Invalid user superadmin from 192.227.153.63
Sep 30 00:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 00:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for root from 162.144.236.216 port 33632 ssh2
Sep 30 00:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Connection closed by 162.144.236.216 port 33632 [preauth]
Sep 30 00:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Failed password for invalid user superadmin from 192.227.153.63 port 42624 ssh2
Sep 30 00:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Received disconnect from 192.227.153.63 port 42624:11: Bye Bye [preauth]
Sep 30 00:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Disconnected from 192.227.153.63 port 42624 [preauth]
Sep 30 00:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Failed password for root from 162.144.236.216 port 40226 ssh2
Sep 30 00:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Connection closed by 162.144.236.216 port 40226 [preauth]
Sep 30 00:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Failed password for root from 162.144.236.216 port 47398 ssh2
Sep 30 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Connection closed by 162.144.236.216 port 47398 [preauth]
Sep 30 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Failed password for root from 162.144.236.216 port 51246 ssh2
Sep 30 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Connection closed by 162.144.236.216 port 51246 [preauth]
Sep 30 00:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3055]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3116]: Successful su for rubyman by root
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3116]: + ??? root:rubyman
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317846 of user rubyman.
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3116]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317846.
Sep 30 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session closed for user root
Sep 30 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Failed password for root from 162.144.236.216 port 56756 ssh2
Sep 30 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Connection closed by 162.144.236.216 port 56756 [preauth]
Sep 30 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3052]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Failed password for root from 162.144.236.216 port 33846 ssh2
Sep 30 00:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Connection closed by 162.144.236.216 port 33846 [preauth]
Sep 30 00:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for root from 162.144.236.216 port 40388 ssh2
Sep 30 00:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Connection closed by 162.144.236.216 port 40388 [preauth]
Sep 30 00:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Invalid user foundry from 181.143.226.68
Sep 30 00:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: input_userauth_request: invalid user foundry [preauth]
Sep 30 00:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for invalid user foundry from 181.143.226.68 port 51960 ssh2
Sep 30 00:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Received disconnect from 181.143.226.68 port 51960:11: Bye Bye [preauth]
Sep 30 00:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Disconnected from 181.143.226.68 port 51960 [preauth]
Sep 30 00:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Failed password for root from 162.144.236.216 port 46826 ssh2
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: Invalid user armin from 103.189.234.85
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: input_userauth_request: invalid user armin [preauth]
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Connection closed by 162.144.236.216 port 46826 [preauth]
Sep 30 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: Failed password for invalid user armin from 103.189.234.85 port 51370 ssh2
Sep 30 00:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: Received disconnect from 103.189.234.85 port 51370:11: Bye Bye [preauth]
Sep 30 00:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: Disconnected from 103.189.234.85 port 51370 [preauth]
Sep 30 00:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user root
Sep 30 00:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: Failed password for root from 162.144.236.216 port 52604 ssh2
Sep 30 00:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: Connection closed by 162.144.236.216 port 52604 [preauth]
Sep 30 00:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Invalid user design from 192.227.153.63
Sep 30 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: input_userauth_request: invalid user design [preauth]
Sep 30 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Failed password for invalid user design from 192.227.153.63 port 42718 ssh2
Sep 30 00:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Received disconnect from 192.227.153.63 port 42718:11: Bye Bye [preauth]
Sep 30 00:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3435]: Disconnected from 192.227.153.63 port 42718 [preauth]
Sep 30 00:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Failed password for root from 162.144.236.216 port 59184 ssh2
Sep 30 00:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Connection closed by 162.144.236.216 port 59184 [preauth]
Sep 30 00:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Invalid user admin from 80.94.95.112
Sep 30 00:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: input_userauth_request: invalid user admin [preauth]
Sep 30 00:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 00:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Failed password for root from 162.144.236.216 port 38648 ssh2
Sep 30 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3462]: Connection closed by 162.144.236.216 port 38648 [preauth]
Sep 30 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user admin from 80.94.95.112 port 15903 ssh2
Sep 30 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user admin from 80.94.95.112 port 15903 ssh2
Sep 30 00:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user admin from 80.94.95.112 port 15903 ssh2
Sep 30 00:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user admin from 80.94.95.112 port 15903 ssh2
Sep 30 00:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user admin from 80.94.95.112 port 15903 ssh2
Sep 30 00:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Received disconnect from 80.94.95.112 port 15903:11: Bye [preauth]
Sep 30 00:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Disconnected from 80.94.95.112 port 15903 [preauth]
Sep 30 00:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 00:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Failed password for root from 162.144.236.216 port 42562 ssh2
Sep 30 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3500]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3478]: Connection closed by 162.144.236.216 port 42562 [preauth]
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: Successful su for rubyman by root
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: + ??? root:rubyman
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317852 of user rubyman.
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3564]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317852.
Sep 30 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[512]: pam_unix(cron:session): session closed for user root
Sep 30 00:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3587]: Failed password for root from 162.144.236.216 port 50366 ssh2
Sep 30 00:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3587]: Connection closed by 162.144.236.216 port 50366 [preauth]
Sep 30 00:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Failed password for root from 162.144.236.216 port 57032 ssh2
Sep 30 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Connection closed by 162.144.236.216 port 57032 [preauth]
Sep 30 00:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for root from 162.144.236.216 port 33780 ssh2
Sep 30 00:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Connection closed by 162.144.236.216 port 33780 [preauth]
Sep 30 00:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for root from 162.144.236.216 port 39530 ssh2
Sep 30 00:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Connection closed by 162.144.236.216 port 39530 [preauth]
Sep 30 00:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Invalid user mac from 181.143.226.68
Sep 30 00:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: input_userauth_request: invalid user mac [preauth]
Sep 30 00:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session closed for user root
Sep 30 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Failed password for invalid user mac from 181.143.226.68 port 33838 ssh2
Sep 30 00:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Received disconnect from 181.143.226.68 port 33838:11: Bye Bye [preauth]
Sep 30 00:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Disconnected from 181.143.226.68 port 33838 [preauth]
Sep 30 00:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Failed password for root from 162.144.236.216 port 44144 ssh2
Sep 30 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3843]: Connection closed by 162.144.236.216 port 44144 [preauth]
Sep 30 00:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: Failed password for root from 103.189.234.85 port 58298 ssh2
Sep 30 00:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: Received disconnect from 103.189.234.85 port 58298:11: Bye Bye [preauth]
Sep 30 00:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: Disconnected from 103.189.234.85 port 58298 [preauth]
Sep 30 00:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: Failed password for root from 162.144.236.216 port 52384 ssh2
Sep 30 00:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: Connection closed by 162.144.236.216 port 52384 [preauth]
Sep 30 00:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Failed password for root from 162.144.236.216 port 59180 ssh2
Sep 30 00:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Connection closed by 162.144.236.216 port 59180 [preauth]
Sep 30 00:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Failed password for root from 192.227.153.63 port 44002 ssh2
Sep 30 00:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Received disconnect from 192.227.153.63 port 44002:11: Bye Bye [preauth]
Sep 30 00:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Disconnected from 192.227.153.63 port 44002 [preauth]
Sep 30 00:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: Failed password for root from 162.144.236.216 port 36570 ssh2
Sep 30 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4022]: Successful su for rubyman by root
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4022]: + ??? root:rubyman
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317856 of user rubyman.
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4022]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317856.
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: Connection closed by 162.144.236.216 port 36570 [preauth]
Sep 30 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1073]: pam_unix(cron:session): session closed for user root
Sep 30 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4051]: Failed password for root from 162.144.236.216 port 42806 ssh2
Sep 30 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4051]: Connection closed by 162.144.236.216 port 42806 [preauth]
Sep 30 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3955]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Failed password for root from 162.144.236.216 port 47566 ssh2
Sep 30 00:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4240]: Connection closed by 162.144.236.216 port 47566 [preauth]
Sep 30 00:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for root from 162.144.236.216 port 53950 ssh2
Sep 30 00:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Connection closed by 162.144.236.216 port 53950 [preauth]
Sep 30 00:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Failed password for root from 162.144.236.216 port 34212 ssh2
Sep 30 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3055]: pam_unix(cron:session): session closed for user root
Sep 30 00:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Connection closed by 162.144.236.216 port 34212 [preauth]
Sep 30 00:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Invalid user user from 93.152.230.176
Sep 30 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: input_userauth_request: invalid user user [preauth]
Sep 30 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Failed password for invalid user user from 93.152.230.176 port 48896 ssh2
Sep 30 00:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Received disconnect from 93.152.230.176 port 48896:11: Client disconnecting normally [preauth]
Sep 30 00:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Disconnected from 93.152.230.176 port 48896 [preauth]
Sep 30 00:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Failed password for root from 162.144.236.216 port 40096 ssh2
Sep 30 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Connection closed by 162.144.236.216 port 40096 [preauth]
Sep 30 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: Invalid user test4 from 181.143.226.68
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: input_userauth_request: invalid user test4 [preauth]
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Invalid user debian from 103.189.234.85
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: input_userauth_request: invalid user debian [preauth]
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: Failed password for invalid user test4 from 181.143.226.68 port 36300 ssh2
Sep 30 00:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user debian from 103.189.234.85 port 58532 ssh2
Sep 30 00:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: Received disconnect from 181.143.226.68 port 36300:11: Bye Bye [preauth]
Sep 30 00:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4360]: Disconnected from 181.143.226.68 port 36300 [preauth]
Sep 30 00:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Received disconnect from 103.189.234.85 port 58532:11: Bye Bye [preauth]
Sep 30 00:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Disconnected from 103.189.234.85 port 58532 [preauth]
Sep 30 00:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Failed password for root from 162.144.236.216 port 45726 ssh2
Sep 30 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Connection closed by 162.144.236.216 port 45726 [preauth]
Sep 30 00:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: Failed password for root from 162.144.236.216 port 52608 ssh2
Sep 30 00:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: Connection closed by 162.144.236.216 port 52608 [preauth]
Sep 30 00:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Invalid user test from 192.227.153.63
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: input_userauth_request: invalid user test [preauth]
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4429]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4429]: pam_unix(cron:session): session closed for user root
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4496]: Successful su for rubyman by root
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4496]: + ??? root:rubyman
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317861 of user rubyman.
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4496]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317861.
Sep 30 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Failed password for root from 162.144.236.216 port 58266 ssh2
Sep 30 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Failed password for invalid user test from 192.227.153.63 port 44866 ssh2
Sep 30 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Received disconnect from 192.227.153.63 port 44866:11: Bye Bye [preauth]
Sep 30 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4420]: Disconnected from 192.227.153.63 port 44866 [preauth]
Sep 30 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4406]: Connection closed by 162.144.236.216 port 58266 [preauth]
Sep 30 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1565]: pam_unix(cron:session): session closed for user root
Sep 30 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session closed for user root
Sep 30 00:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Failed password for root from 162.144.236.216 port 35090 ssh2
Sep 30 00:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Connection closed by 162.144.236.216 port 35090 [preauth]
Sep 30 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: Failed password for root from 162.144.236.216 port 41544 ssh2
Sep 30 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: Connection closed by 162.144.236.216 port 41544 [preauth]
Sep 30 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session closed for user root
Sep 30 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: Failed password for root from 162.144.236.216 port 47172 ssh2
Sep 30 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4804]: Connection closed by 162.144.236.216 port 47172 [preauth]
Sep 30 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: Failed password for root from 162.144.236.216 port 53458 ssh2
Sep 30 00:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4844]: Connection closed by 162.144.236.216 port 53458 [preauth]
Sep 30 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: User vncuser from 103.189.234.85 not allowed because not listed in AllowUsers
Sep 30 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: input_userauth_request: invalid user vncuser [preauth]
Sep 30 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=vncuser
Sep 30 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Failed password for invalid user vncuser from 103.189.234.85 port 53884 ssh2
Sep 30 00:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Received disconnect from 103.189.234.85 port 53884:11: Bye Bye [preauth]
Sep 30 00:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Disconnected from 103.189.234.85 port 53884 [preauth]
Sep 30 00:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Invalid user yassine from 181.143.226.68
Sep 30 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: input_userauth_request: invalid user yassine [preauth]
Sep 30 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4874]: Failed password for root from 162.144.236.216 port 60300 ssh2
Sep 30 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4874]: Connection closed by 162.144.236.216 port 60300 [preauth]
Sep 30 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Failed password for invalid user yassine from 181.143.226.68 port 44152 ssh2
Sep 30 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Received disconnect from 181.143.226.68 port 44152:11: Bye Bye [preauth]
Sep 30 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Disconnected from 181.143.226.68 port 44152 [preauth]
Sep 30 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4990]: Successful su for rubyman by root
Sep 30 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4990]: + ??? root:rubyman
Sep 30 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317865 of user rubyman.
Sep 30 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4990]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317865.
Sep 30 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Failed password for root from 162.144.236.216 port 37690 ssh2
Sep 30 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Connection closed by 162.144.236.216 port 37690 [preauth]
Sep 30 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session closed for user root
Sep 30 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for root from 192.227.153.63 port 45600 ssh2
Sep 30 00:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Received disconnect from 192.227.153.63 port 45600:11: Bye Bye [preauth]
Sep 30 00:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Disconnected from 192.227.153.63 port 45600 [preauth]
Sep 30 00:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Failed password for root from 162.144.236.216 port 45206 ssh2
Sep 30 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Connection closed by 162.144.236.216 port 45206 [preauth]
Sep 30 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Failed password for root from 162.144.236.216 port 50966 ssh2
Sep 30 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5242]: Connection closed by 162.144.236.216 port 50966 [preauth]
Sep 30 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3958]: pam_unix(cron:session): session closed for user root
Sep 30 00:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: Failed password for root from 162.144.236.216 port 58122 ssh2
Sep 30 00:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5288]: Connection closed by 162.144.236.216 port 58122 [preauth]
Sep 30 00:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Failed password for root from 103.189.234.85 port 37630 ssh2
Sep 30 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Received disconnect from 103.189.234.85 port 37630:11: Bye Bye [preauth]
Sep 30 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Disconnected from 103.189.234.85 port 37630 [preauth]
Sep 30 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: Failed password for root from 162.144.236.216 port 38420 ssh2
Sep 30 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: Connection closed by 162.144.236.216 port 38420 [preauth]
Sep 30 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Invalid user user from 62.60.131.157
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: input_userauth_request: invalid user user [preauth]
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Failed password for root from 162.144.236.216 port 45266 ssh2
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Connection closed by 162.144.236.216 port 45266 [preauth]
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: Successful su for rubyman by root
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: + ??? root:rubyman
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Invalid user adrian from 181.143.226.68
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: input_userauth_request: invalid user adrian [preauth]
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317869 of user rubyman.
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5546]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317869.
Sep 30 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Failed password for invalid user user from 62.60.131.157 port 59122 ssh2
Sep 30 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for invalid user adrian from 181.143.226.68 port 49468 ssh2
Sep 30 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Received disconnect from 181.143.226.68 port 49468:11: Bye Bye [preauth]
Sep 30 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Disconnected from 181.143.226.68 port 49468 [preauth]
Sep 30 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session closed for user root
Sep 30 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Failed password for invalid user user from 62.60.131.157 port 59122 ssh2
Sep 30 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Failed password for root from 162.144.236.216 port 49998 ssh2
Sep 30 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5544]: Connection closed by 162.144.236.216 port 49998 [preauth]
Sep 30 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5476]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Failed password for invalid user user from 62.60.131.157 port 59122 ssh2
Sep 30 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Failed password for invalid user user from 62.60.131.157 port 59122 ssh2
Sep 30 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Failed password for invalid user user from 62.60.131.157 port 59122 ssh2
Sep 30 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Received disconnect from 62.60.131.157 port 59122:11: Bye [preauth]
Sep 30 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: Disconnected from 62.60.131.157 port 59122 [preauth]
Sep 30 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5468]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 00:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Invalid user dvs from 192.227.153.63
Sep 30 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: input_userauth_request: invalid user dvs [preauth]
Sep 30 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Failed password for root from 162.144.236.216 port 54106 ssh2
Sep 30 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Connection closed by 162.144.236.216 port 54106 [preauth]
Sep 30 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Failed password for invalid user dvs from 192.227.153.63 port 46542 ssh2
Sep 30 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Received disconnect from 192.227.153.63 port 46542:11: Bye Bye [preauth]
Sep 30 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5788]: Disconnected from 192.227.153.63 port 46542 [preauth]
Sep 30 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Failed password for root from 162.144.236.216 port 34314 ssh2
Sep 30 00:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Connection closed by 162.144.236.216 port 34314 [preauth]
Sep 30 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: Failed password for root from 162.144.236.216 port 40404 ssh2
Sep 30 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: Connection closed by 162.144.236.216 port 40404 [preauth]
Sep 30 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session closed for user root
Sep 30 00:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Failed password for root from 162.144.236.216 port 46438 ssh2
Sep 30 00:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5849]: Connection closed by 162.144.236.216 port 46438 [preauth]
Sep 30 00:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Failed password for root from 162.144.236.216 port 52794 ssh2
Sep 30 00:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5883]: Connection closed by 162.144.236.216 port 52794 [preauth]
Sep 30 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Failed password for root from 162.144.236.216 port 57372 ssh2
Sep 30 00:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5913]: Connection closed by 162.144.236.216 port 57372 [preauth]
Sep 30 00:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5950]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6014]: Successful su for rubyman by root
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6014]: + ??? root:rubyman
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317872 of user rubyman.
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6014]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317872.
Sep 30 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Failed password for root from 103.189.234.85 port 48710 ssh2
Sep 30 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Received disconnect from 103.189.234.85 port 48710:11: Bye Bye [preauth]
Sep 30 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Disconnected from 103.189.234.85 port 48710 [preauth]
Sep 30 00:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3054]: pam_unix(cron:session): session closed for user root
Sep 30 00:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Failed password for root from 162.144.236.216 port 38874 ssh2
Sep 30 00:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Connection closed by 162.144.236.216 port 38874 [preauth]
Sep 30 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Invalid user admin from 181.143.226.68
Sep 30 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: input_userauth_request: invalid user admin [preauth]
Sep 30 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user admin from 181.143.226.68 port 37896 ssh2
Sep 30 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Received disconnect from 181.143.226.68 port 37896:11: Bye Bye [preauth]
Sep 30 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Disconnected from 181.143.226.68 port 37896 [preauth]
Sep 30 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6215]: Failed password for root from 162.144.236.216 port 46606 ssh2
Sep 30 00:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6215]: Connection closed by 162.144.236.216 port 46606 [preauth]
Sep 30 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Invalid user superadmin from 192.227.153.63
Sep 30 00:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 00:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Failed password for root from 162.144.236.216 port 56048 ssh2
Sep 30 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6254]: Connection closed by 162.144.236.216 port 56048 [preauth]
Sep 30 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Failed password for invalid user superadmin from 192.227.153.63 port 47844 ssh2
Sep 30 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Received disconnect from 192.227.153.63 port 47844:11: Bye Bye [preauth]
Sep 30 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6264]: Disconnected from 192.227.153.63 port 47844 [preauth]
Sep 30 00:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Failed password for root from 162.144.236.216 port 60852 ssh2
Sep 30 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session closed for user root
Sep 30 00:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Connection closed by 162.144.236.216 port 60852 [preauth]
Sep 30 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Failed password for root from 162.144.236.216 port 40758 ssh2
Sep 30 00:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Connection closed by 162.144.236.216 port 40758 [preauth]
Sep 30 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Failed password for root from 162.144.236.216 port 48264 ssh2
Sep 30 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Connection closed by 162.144.236.216 port 48264 [preauth]
Sep 30 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for root from 162.144.236.216 port 54770 ssh2
Sep 30 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Connection closed by 162.144.236.216 port 54770 [preauth]
Sep 30 00:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6394]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6564]: Successful su for rubyman by root
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6564]: + ??? root:rubyman
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317879 of user rubyman.
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6564]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317879.
Sep 30 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6394]: pam_unix(cron:session): session closed for user root
Sep 30 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session closed for user root
Sep 30 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Failed password for root from 162.144.236.216 port 60406 ssh2
Sep 30 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6392]: Connection closed by 162.144.236.216 port 60406 [preauth]
Sep 30 00:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Invalid user gitlab-runner from 103.189.234.85
Sep 30 00:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 30 00:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Failed password for invalid user gitlab-runner from 103.189.234.85 port 35702 ssh2
Sep 30 00:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Received disconnect from 103.189.234.85 port 35702:11: Bye Bye [preauth]
Sep 30 00:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Disconnected from 103.189.234.85 port 35702 [preauth]
Sep 30 00:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Failed password for root from 162.144.236.216 port 38074 ssh2
Sep 30 00:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Connection closed by 162.144.236.216 port 38074 [preauth]
Sep 30 00:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Invalid user test from 181.143.226.68
Sep 30 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: input_userauth_request: invalid user test [preauth]
Sep 30 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Failed password for root from 162.144.236.216 port 44400 ssh2
Sep 30 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Failed password for invalid user test from 181.143.226.68 port 47502 ssh2
Sep 30 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Connection closed by 162.144.236.216 port 44400 [preauth]
Sep 30 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Received disconnect from 181.143.226.68 port 47502:11: Bye Bye [preauth]
Sep 30 00:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6913]: Disconnected from 181.143.226.68 port 47502 [preauth]
Sep 30 00:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: Failed password for root from 162.144.236.216 port 50604 ssh2
Sep 30 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6925]: Connection closed by 162.144.236.216 port 50604 [preauth]
Sep 30 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Failed password for root from 192.227.153.63 port 48956 ssh2
Sep 30 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Received disconnect from 192.227.153.63 port 48956:11: Bye Bye [preauth]
Sep 30 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Disconnected from 192.227.153.63 port 48956 [preauth]
Sep 30 00:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user root
Sep 30 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Invalid user lab from 185.156.73.233
Sep 30 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: input_userauth_request: invalid user lab [preauth]
Sep 30 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 30 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Failed password for invalid user lab from 185.156.73.233 port 23358 ssh2
Sep 30 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Connection closed by 185.156.73.233 port 23358 [preauth]
Sep 30 00:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Failed password for root from 162.144.236.216 port 56430 ssh2
Sep 30 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6951]: Connection closed by 162.144.236.216 port 56430 [preauth]
Sep 30 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7000]: Failed password for root from 162.144.236.216 port 34316 ssh2
Sep 30 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7000]: Connection closed by 162.144.236.216 port 34316 [preauth]
Sep 30 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Failed password for root from 162.144.236.216 port 41252 ssh2
Sep 30 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Connection closed by 162.144.236.216 port 41252 [preauth]
Sep 30 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7082]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7079]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7081]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session closed for user root
Sep 30 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7076]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7232]: Successful su for rubyman by root
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7232]: + ??? root:rubyman
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317881 of user rubyman.
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7232]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317881.
Sep 30 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for root from 162.144.236.216 port 44750 ssh2
Sep 30 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Connection closed by 162.144.236.216 port 44750 [preauth]
Sep 30 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7079]: pam_unix(cron:session): session closed for user root
Sep 30 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3957]: pam_unix(cron:session): session closed for user root
Sep 30 00:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7077]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: Invalid user dvs from 103.189.234.85
Sep 30 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: input_userauth_request: invalid user dvs [preauth]
Sep 30 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: Failed password for root from 162.144.236.216 port 50988 ssh2
Sep 30 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: Failed password for invalid user dvs from 103.189.234.85 port 54796 ssh2
Sep 30 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: Received disconnect from 103.189.234.85 port 54796:11: Bye Bye [preauth]
Sep 30 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7501]: Disconnected from 103.189.234.85 port 54796 [preauth]
Sep 30 00:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7442]: Connection closed by 162.144.236.216 port 50988 [preauth]
Sep 30 00:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Failed password for root from 181.143.226.68 port 42776 ssh2
Sep 30 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Received disconnect from 181.143.226.68 port 42776:11: Bye Bye [preauth]
Sep 30 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Disconnected from 181.143.226.68 port 42776 [preauth]
Sep 30 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Invalid user debian from 192.227.153.63
Sep 30 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: input_userauth_request: invalid user debian [preauth]
Sep 30 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user root
Sep 30 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Failed password for invalid user debian from 192.227.153.63 port 49370 ssh2
Sep 30 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Received disconnect from 192.227.153.63 port 49370:11: Bye Bye [preauth]
Sep 30 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7540]: Disconnected from 192.227.153.63 port 49370 [preauth]
Sep 30 00:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: Failed password for root from 162.144.236.216 port 58266 ssh2
Sep 30 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7513]: Connection closed by 162.144.236.216 port 58266 [preauth]
Sep 30 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Failed password for root from 162.144.236.216 port 38148 ssh2
Sep 30 00:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Connection closed by 162.144.236.216 port 38148 [preauth]
Sep 30 00:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7601]: Failed password for root from 162.144.236.216 port 44600 ssh2
Sep 30 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7601]: Connection closed by 162.144.236.216 port 44600 [preauth]
Sep 30 00:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: Failed password for root from 162.144.236.216 port 50298 ssh2
Sep 30 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7627]: Connection closed by 162.144.236.216 port 50298 [preauth]
Sep 30 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7651]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7648]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: Successful su for rubyman by root
Sep 30 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: + ??? root:rubyman
Sep 30 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317887 of user rubyman.
Sep 30 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317887.
Sep 30 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4426]: pam_unix(cron:session): session closed for user root
Sep 30 00:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: Failed password for root from 162.144.236.216 port 56910 ssh2
Sep 30 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7649]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7646]: Connection closed by 162.144.236.216 port 56910 [preauth]
Sep 30 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Failed password for root from 162.144.236.216 port 35030 ssh2
Sep 30 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Connection closed by 162.144.236.216 port 35030 [preauth]
Sep 30 00:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Failed password for root from 162.144.236.216 port 41592 ssh2
Sep 30 00:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Connection closed by 162.144.236.216 port 41592 [preauth]
Sep 30 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Invalid user ubuntu from 103.189.234.85
Sep 30 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Failed password for invalid user ubuntu from 103.189.234.85 port 46628 ssh2
Sep 30 00:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Received disconnect from 103.189.234.85 port 46628:11: Bye Bye [preauth]
Sep 30 00:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Disconnected from 103.189.234.85 port 46628 [preauth]
Sep 30 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Failed password for root from 162.144.236.216 port 47366 ssh2
Sep 30 00:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Connection closed by 162.144.236.216 port 47366 [preauth]
Sep 30 00:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session closed for user root
Sep 30 00:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: Failed password for root from 162.144.236.216 port 53056 ssh2
Sep 30 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: Connection closed by 162.144.236.216 port 53056 [preauth]
Sep 30 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Invalid user minecraft from 181.143.226.68
Sep 30 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Failed password for invalid user minecraft from 181.143.226.68 port 57788 ssh2
Sep 30 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Received disconnect from 181.143.226.68 port 57788:11: Bye Bye [preauth]
Sep 30 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Disconnected from 181.143.226.68 port 57788 [preauth]
Sep 30 00:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Failed password for root from 192.227.153.63 port 50406 ssh2
Sep 30 00:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Received disconnect from 192.227.153.63 port 50406:11: Bye Bye [preauth]
Sep 30 00:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Disconnected from 192.227.153.63 port 50406 [preauth]
Sep 30 00:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Failed password for root from 162.144.236.216 port 60900 ssh2
Sep 30 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8100]: Connection closed by 162.144.236.216 port 60900 [preauth]
Sep 30 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Invalid user debian from 93.152.230.176
Sep 30 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: input_userauth_request: invalid user debian [preauth]
Sep 30 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Failed password for root from 162.144.236.216 port 37520 ssh2
Sep 30 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Connection closed by 162.144.236.216 port 37520 [preauth]
Sep 30 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Failed password for invalid user debian from 93.152.230.176 port 16129 ssh2
Sep 30 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Received disconnect from 93.152.230.176 port 16129:11: Client disconnecting normally [preauth]
Sep 30 00:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Disconnected from 93.152.230.176 port 16129 [preauth]
Sep 30 00:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Failed password for root from 162.144.236.216 port 44456 ssh2
Sep 30 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: Successful su for rubyman by root
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: + ??? root:rubyman
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317891 of user rubyman.
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8257]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317891.
Sep 30 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8170]: Connection closed by 162.144.236.216 port 44456 [preauth]
Sep 30 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user root
Sep 30 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Failed password for root from 162.144.236.216 port 50894 ssh2
Sep 30 00:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Connection closed by 162.144.236.216 port 50894 [preauth]
Sep 30 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Failed password for root from 162.144.236.216 port 57078 ssh2
Sep 30 00:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Connection closed by 162.144.236.216 port 57078 [preauth]
Sep 30 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Failed password for root from 162.144.236.216 port 34650 ssh2
Sep 30 00:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: Connection closed by 162.144.236.216 port 34650 [preauth]
Sep 30 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Invalid user test from 103.189.234.85
Sep 30 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: input_userauth_request: invalid user test [preauth]
Sep 30 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: Failed password for root from 162.144.236.216 port 40412 ssh2
Sep 30 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for invalid user test from 103.189.234.85 port 59036 ssh2
Sep 30 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Received disconnect from 103.189.234.85 port 59036:11: Bye Bye [preauth]
Sep 30 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Disconnected from 103.189.234.85 port 59036 [preauth]
Sep 30 00:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: Connection closed by 162.144.236.216 port 40412 [preauth]
Sep 30 00:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7082]: pam_unix(cron:session): session closed for user root
Sep 30 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: Failed password for root from 162.144.236.216 port 48308 ssh2
Sep 30 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: Connection closed by 162.144.236.216 port 48308 [preauth]
Sep 30 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Invalid user nagios from 46.101.170.54
Sep 30 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: input_userauth_request: invalid user nagios [preauth]
Sep 30 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 30 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Failed password for invalid user nagios from 46.101.170.54 port 37066 ssh2
Sep 30 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Connection closed by 46.101.170.54 port 37066 [preauth]
Sep 30 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Invalid user test from 192.227.153.63
Sep 30 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: input_userauth_request: invalid user test [preauth]
Sep 30 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Failed password for root from 162.144.236.216 port 54064 ssh2
Sep 30 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Failed password for invalid user test from 192.227.153.63 port 51360 ssh2
Sep 30 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Received disconnect from 192.227.153.63 port 51360:11: Bye Bye [preauth]
Sep 30 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Disconnected from 192.227.153.63 port 51360 [preauth]
Sep 30 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8607]: Connection closed by 162.144.236.216 port 54064 [preauth]
Sep 30 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Invalid user alex from 181.143.226.68
Sep 30 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: input_userauth_request: invalid user alex [preauth]
Sep 30 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Failed password for root from 162.144.236.216 port 60704 ssh2
Sep 30 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Failed password for invalid user alex from 181.143.226.68 port 38388 ssh2
Sep 30 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Received disconnect from 181.143.226.68 port 38388:11: Bye Bye [preauth]
Sep 30 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Disconnected from 181.143.226.68 port 38388 [preauth]
Sep 30 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8648]: Connection closed by 162.144.236.216 port 60704 [preauth]
Sep 30 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8680]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8681]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8677]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8746]: Successful su for rubyman by root
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8746]: + ??? root:rubyman
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317896 of user rubyman.
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8746]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317896.
Sep 30 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Failed password for root from 162.144.236.216 port 38188 ssh2
Sep 30 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session closed for user root
Sep 30 00:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8678]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Connection closed by 162.144.236.216 port 38188 [preauth]
Sep 30 00:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: Failed password for root from 162.144.236.216 port 46046 ssh2
Sep 30 00:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: Connection closed by 162.144.236.216 port 46046 [preauth]
Sep 30 00:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Failed password for root from 162.144.236.216 port 53324 ssh2
Sep 30 00:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9097]: Connection closed by 162.144.236.216 port 53324 [preauth]
Sep 30 00:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9120]: Failed password for root from 162.144.236.216 port 59324 ssh2
Sep 30 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7651]: pam_unix(cron:session): session closed for user root
Sep 30 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9120]: Connection closed by 162.144.236.216 port 59324 [preauth]
Sep 30 00:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Failed password for root from 162.144.236.216 port 38908 ssh2
Sep 30 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Connection closed by 162.144.236.216 port 38908 [preauth]
Sep 30 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: Invalid user maya from 103.189.234.85
Sep 30 00:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: input_userauth_request: invalid user maya [preauth]
Sep 30 00:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: Failed password for invalid user maya from 103.189.234.85 port 40230 ssh2
Sep 30 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: Received disconnect from 103.189.234.85 port 40230:11: Bye Bye [preauth]
Sep 30 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9304]: Disconnected from 103.189.234.85 port 40230 [preauth]
Sep 30 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Failed password for root from 162.144.236.216 port 45646 ssh2
Sep 30 00:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9287]: Connection closed by 162.144.236.216 port 45646 [preauth]
Sep 30 00:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Failed password for root from 192.227.153.63 port 52624 ssh2
Sep 30 00:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Received disconnect from 192.227.153.63 port 52624:11: Bye Bye [preauth]
Sep 30 00:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: Disconnected from 192.227.153.63 port 52624 [preauth]
Sep 30 00:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Failed password for root from 162.144.236.216 port 53466 ssh2
Sep 30 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9325]: Connection closed by 162.144.236.216 port 53466 [preauth]
Sep 30 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: Successful su for rubyman by root
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: + ??? root:rubyman
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317899 of user rubyman.
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317899.
Sep 30 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session closed for user root
Sep 30 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for root from 162.144.236.216 port 59272 ssh2
Sep 30 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Connection closed by 162.144.236.216 port 59272 [preauth]
Sep 30 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Invalid user superadmin from 181.143.226.68
Sep 30 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Failed password for invalid user superadmin from 181.143.226.68 port 51628 ssh2
Sep 30 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Received disconnect from 181.143.226.68 port 51628:11: Bye Bye [preauth]
Sep 30 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Disconnected from 181.143.226.68 port 51628 [preauth]
Sep 30 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: Failed password for root from 162.144.236.216 port 38370 ssh2
Sep 30 00:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9635]: Connection closed by 162.144.236.216 port 38370 [preauth]
Sep 30 00:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: Failed password for root from 162.144.236.216 port 45190 ssh2
Sep 30 00:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9714]: Connection closed by 162.144.236.216 port 45190 [preauth]
Sep 30 00:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Connection closed by 71.6.199.65 port 42954 [preauth]
Sep 30 00:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: Failed password for root from 162.144.236.216 port 51770 ssh2
Sep 30 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9805]: Connection closed by 162.144.236.216 port 51770 [preauth]
Sep 30 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session closed for user root
Sep 30 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: Failed password for root from 162.144.236.216 port 58028 ssh2
Sep 30 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: Connection closed by 162.144.236.216 port 58028 [preauth]
Sep 30 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Failed password for root from 162.144.236.216 port 36272 ssh2
Sep 30 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9866]: Connection closed by 162.144.236.216 port 36272 [preauth]
Sep 30 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for root from 162.144.236.216 port 41862 ssh2
Sep 30 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Connection closed by 162.144.236.216 port 41862 [preauth]
Sep 30 00:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Failed password for root from 103.189.234.85 port 39702 ssh2
Sep 30 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Received disconnect from 103.189.234.85 port 39702:11: Bye Bye [preauth]
Sep 30 00:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Disconnected from 103.189.234.85 port 39702 [preauth]
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9939]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9940]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9938]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9941]: pam_unix(cron:session): session closed for user root
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9936]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: Invalid user agent from 192.227.153.63
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: input_userauth_request: invalid user agent [preauth]
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: Successful su for rubyman by root
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: + ??? root:rubyman
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317907 of user rubyman.
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10014]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317907.
Sep 30 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: Failed password for invalid user agent from 192.227.153.63 port 53648 ssh2
Sep 30 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: Received disconnect from 192.227.153.63 port 53648:11: Bye Bye [preauth]
Sep 30 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9933]: Disconnected from 192.227.153.63 port 53648 [preauth]
Sep 30 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Failed password for root from 162.144.236.216 port 49298 ssh2
Sep 30 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9938]: pam_unix(cron:session): session closed for user root
Sep 30 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Connection closed by 162.144.236.216 port 49298 [preauth]
Sep 30 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session closed for user root
Sep 30 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9937]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10218]: Failed password for root from 162.144.236.216 port 55084 ssh2
Sep 30 00:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10218]: Connection closed by 162.144.236.216 port 55084 [preauth]
Sep 30 00:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: Failed password for root from 162.144.236.216 port 34822 ssh2
Sep 30 00:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10288]: Connection closed by 162.144.236.216 port 34822 [preauth]
Sep 30 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Invalid user hussain from 181.143.226.68
Sep 30 00:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: input_userauth_request: invalid user hussain [preauth]
Sep 30 00:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Failed password for invalid user hussain from 181.143.226.68 port 38448 ssh2
Sep 30 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Received disconnect from 181.143.226.68 port 38448:11: Bye Bye [preauth]
Sep 30 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Disconnected from 181.143.226.68 port 38448 [preauth]
Sep 30 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Failed password for root from 162.144.236.216 port 41602 ssh2
Sep 30 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Connection closed by 162.144.236.216 port 41602 [preauth]
Sep 30 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8681]: pam_unix(cron:session): session closed for user root
Sep 30 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: Failed password for root from 162.144.236.216 port 47062 ssh2
Sep 30 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10342]: Connection closed by 162.144.236.216 port 47062 [preauth]
Sep 30 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Failed password for root from 162.144.236.216 port 53782 ssh2
Sep 30 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Connection closed by 162.144.236.216 port 53782 [preauth]
Sep 30 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Failed password for root from 162.144.236.216 port 60270 ssh2
Sep 30 00:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Connection closed by 162.144.236.216 port 60270 [preauth]
Sep 30 00:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Failed password for root from 162.144.236.216 port 37956 ssh2
Sep 30 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Connection closed by 162.144.236.216 port 37956 [preauth]
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10456]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: Successful su for rubyman by root
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: + ??? root:rubyman
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317909 of user rubyman.
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317909.
Sep 30 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Invalid user test from 103.189.234.85
Sep 30 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: input_userauth_request: invalid user test [preauth]
Sep 30 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Failed password for invalid user test from 103.189.234.85 port 38360 ssh2
Sep 30 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Received disconnect from 103.189.234.85 port 38360:11: Bye Bye [preauth]
Sep 30 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Disconnected from 103.189.234.85 port 38360 [preauth]
Sep 30 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7081]: pam_unix(cron:session): session closed for user root
Sep 30 00:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Failed password for root from 192.227.153.63 port 53944 ssh2
Sep 30 00:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Received disconnect from 192.227.153.63 port 53944:11: Bye Bye [preauth]
Sep 30 00:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Disconnected from 192.227.153.63 port 53944 [preauth]
Sep 30 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Failed password for root from 162.144.236.216 port 43688 ssh2
Sep 30 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Connection closed by 162.144.236.216 port 43688 [preauth]
Sep 30 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Failed password for root from 162.144.236.216 port 52554 ssh2
Sep 30 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Connection closed by 162.144.236.216 port 52554 [preauth]
Sep 30 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10783]: Failed password for root from 162.144.236.216 port 58738 ssh2
Sep 30 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10783]: Connection closed by 162.144.236.216 port 58738 [preauth]
Sep 30 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Invalid user s3 from 181.143.226.68
Sep 30 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: input_userauth_request: invalid user s3 [preauth]
Sep 30 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Failed password for invalid user s3 from 181.143.226.68 port 37602 ssh2
Sep 30 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 162.144.236.216 port 35930 ssh2
Sep 30 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Received disconnect from 181.143.226.68 port 37602:11: Bye Bye [preauth]
Sep 30 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Disconnected from 181.143.226.68 port 37602 [preauth]
Sep 30 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 162.144.236.216 port 35930 [preauth]
Sep 30 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9354]: pam_unix(cron:session): session closed for user root
Sep 30 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 162.144.236.216 port 41656 ssh2
Sep 30 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Connection closed by 162.144.236.216 port 41656 [preauth]
Sep 30 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Failed password for root from 162.144.236.216 port 47516 ssh2
Sep 30 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Connection closed by 162.144.236.216 port 47516 [preauth]
Sep 30 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10902]: Failed password for root from 162.144.236.216 port 55668 ssh2
Sep 30 00:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10902]: Connection closed by 162.144.236.216 port 55668 [preauth]
Sep 30 00:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10924]: pam_unix(cron:session): session closed for user root
Sep 30 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10927]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10997]: Successful su for rubyman by root
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10997]: + ??? root:rubyman
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317915 of user rubyman.
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10997]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317915.
Sep 30 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Failed password for root from 162.144.236.216 port 33492 ssh2
Sep 30 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session closed for user root
Sep 30 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Connection closed by 162.144.236.216 port 33492 [preauth]
Sep 30 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10928]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user minecraft from 192.227.153.63
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Failed password for root from 103.189.234.85 port 40790 ssh2
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Received disconnect from 103.189.234.85 port 40790:11: Bye Bye [preauth]
Sep 30 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Disconnected from 103.189.234.85 port 40790 [preauth]
Sep 30 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user minecraft from 192.227.153.63 port 54396 ssh2
Sep 30 00:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Received disconnect from 192.227.153.63 port 54396:11: Bye Bye [preauth]
Sep 30 00:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Disconnected from 192.227.153.63 port 54396 [preauth]
Sep 30 00:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Failed password for root from 162.144.236.216 port 39028 ssh2
Sep 30 00:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11164]: Connection closed by 162.144.236.216 port 39028 [preauth]
Sep 30 00:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Failed password for root from 162.144.236.216 port 45984 ssh2
Sep 30 00:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11218]: Connection closed by 162.144.236.216 port 45984 [preauth]
Sep 30 00:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Failed password for root from 162.144.236.216 port 52182 ssh2
Sep 30 00:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Connection closed by 162.144.236.216 port 52182 [preauth]
Sep 30 00:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9940]: pam_unix(cron:session): session closed for user root
Sep 30 00:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for root from 162.144.236.216 port 57434 ssh2
Sep 30 00:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Connection closed by 162.144.236.216 port 57434 [preauth]
Sep 30 00:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Invalid user hdoop from 181.143.226.68
Sep 30 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: input_userauth_request: invalid user hdoop [preauth]
Sep 30 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Failed password for invalid user hdoop from 181.143.226.68 port 57466 ssh2
Sep 30 00:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Received disconnect from 181.143.226.68 port 57466:11: Bye Bye [preauth]
Sep 30 00:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Disconnected from 181.143.226.68 port 57466 [preauth]
Sep 30 00:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Failed password for root from 162.144.236.216 port 34468 ssh2
Sep 30 00:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Connection closed by 162.144.236.216 port 34468 [preauth]
Sep 30 00:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: Failed password for root from 162.144.236.216 port 40698 ssh2
Sep 30 00:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11331]: Connection closed by 162.144.236.216 port 40698 [preauth]
Sep 30 00:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11355]: Failed password for root from 162.144.236.216 port 48030 ssh2
Sep 30 00:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11355]: Connection closed by 162.144.236.216 port 48030 [preauth]
Sep 30 00:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: Successful su for rubyman by root
Sep 30 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: + ??? root:rubyman
Sep 30 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317918 of user rubyman.
Sep 30 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11445]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317918.
Sep 30 00:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8186]: pam_unix(cron:session): session closed for user root
Sep 30 00:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Failed password for root from 162.144.236.216 port 54892 ssh2
Sep 30 00:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Connection closed by 162.144.236.216 port 54892 [preauth]
Sep 30 00:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11386]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Invalid user edith from 103.189.234.85
Sep 30 00:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: input_userauth_request: invalid user edith [preauth]
Sep 30 00:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Failed password for invalid user edith from 103.189.234.85 port 37906 ssh2
Sep 30 00:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Received disconnect from 103.189.234.85 port 37906:11: Bye Bye [preauth]
Sep 30 00:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Disconnected from 103.189.234.85 port 37906 [preauth]
Sep 30 00:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: User vncuser from 192.227.153.63 not allowed because not listed in AllowUsers
Sep 30 00:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: input_userauth_request: invalid user vncuser [preauth]
Sep 30 00:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=vncuser
Sep 30 00:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for root from 162.144.236.216 port 60700 ssh2
Sep 30 00:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Failed password for invalid user vncuser from 192.227.153.63 port 54728 ssh2
Sep 30 00:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Received disconnect from 192.227.153.63 port 54728:11: Bye Bye [preauth]
Sep 30 00:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Disconnected from 192.227.153.63 port 54728 [preauth]
Sep 30 00:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Connection closed by 162.144.236.216 port 60700 [preauth]
Sep 30 00:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Failed password for root from 162.144.236.216 port 40696 ssh2
Sep 30 00:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11777]: Connection closed by 162.144.236.216 port 40696 [preauth]
Sep 30 00:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Failed password for root from 162.144.236.216 port 45374 ssh2
Sep 30 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11793]: Connection closed by 162.144.236.216 port 45374 [preauth]
Sep 30 00:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user root
Sep 30 00:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Failed password for root from 162.144.236.216 port 52666 ssh2
Sep 30 00:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Connection closed by 162.144.236.216 port 52666 [preauth]
Sep 30 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Invalid user chrism from 181.143.226.68
Sep 30 00:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: input_userauth_request: invalid user chrism [preauth]
Sep 30 00:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Failed password for invalid user chrism from 181.143.226.68 port 39900 ssh2
Sep 30 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Received disconnect from 181.143.226.68 port 39900:11: Bye Bye [preauth]
Sep 30 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Disconnected from 181.143.226.68 port 39900 [preauth]
Sep 30 00:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11878]: Failed password for root from 162.144.236.216 port 60560 ssh2
Sep 30 00:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11878]: Connection closed by 162.144.236.216 port 60560 [preauth]
Sep 30 00:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Failed password for root from 162.144.236.216 port 39610 ssh2
Sep 30 00:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Connection closed by 162.144.236.216 port 39610 [preauth]
Sep 30 00:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: Successful su for rubyman by root
Sep 30 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: + ??? root:rubyman
Sep 30 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317924 of user rubyman.
Sep 30 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317924.
Sep 30 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8680]: pam_unix(cron:session): session closed for user root
Sep 30 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: Failed password for root from 162.144.236.216 port 45746 ssh2
Sep 30 00:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: Connection closed by 162.144.236.216 port 45746 [preauth]
Sep 30 00:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Invalid user martin from 93.152.230.176
Sep 30 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: input_userauth_request: invalid user martin [preauth]
Sep 30 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Failed password for invalid user martin from 93.152.230.176 port 46229 ssh2
Sep 30 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Received disconnect from 93.152.230.176 port 46229:11: Client disconnecting normally [preauth]
Sep 30 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Disconnected from 93.152.230.176 port 46229 [preauth]
Sep 30 00:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Failed password for root from 162.144.236.216 port 53488 ssh2
Sep 30 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Connection closed by 162.144.236.216 port 53488 [preauth]
Sep 30 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12231]: Failed password for root from 103.189.234.85 port 35498 ssh2
Sep 30 00:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12231]: Received disconnect from 103.189.234.85 port 35498:11: Bye Bye [preauth]
Sep 30 00:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12231]: Disconnected from 103.189.234.85 port 35498 [preauth]
Sep 30 00:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: Invalid user ubuntu from 192.227.153.63
Sep 30 00:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 00:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: Failed password for invalid user ubuntu from 192.227.153.63 port 55534 ssh2
Sep 30 00:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: Received disconnect from 192.227.153.63 port 55534:11: Bye Bye [preauth]
Sep 30 00:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: Disconnected from 192.227.153.63 port 55534 [preauth]
Sep 30 00:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Failed password for root from 162.144.236.216 port 58756 ssh2
Sep 30 00:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Connection closed by 162.144.236.216 port 58756 [preauth]
Sep 30 00:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: Failed password for root from 162.144.236.216 port 37114 ssh2
Sep 30 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: Connection closed by 162.144.236.216 port 37114 [preauth]
Sep 30 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10930]: pam_unix(cron:session): session closed for user root
Sep 30 00:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Failed password for root from 162.144.236.216 port 42772 ssh2
Sep 30 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Connection closed by 162.144.236.216 port 42772 [preauth]
Sep 30 00:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Invalid user test from 185.156.73.233
Sep 30 00:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: input_userauth_request: invalid user test [preauth]
Sep 30 00:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 30 00:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Failed password for root from 162.144.236.216 port 49538 ssh2
Sep 30 00:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Failed password for invalid user test from 185.156.73.233 port 16336 ssh2
Sep 30 00:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Connection closed by 185.156.73.233 port 16336 [preauth]
Sep 30 00:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Connection closed by 162.144.236.216 port 49538 [preauth]
Sep 30 00:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for root from 162.144.236.216 port 54552 ssh2
Sep 30 00:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Invalid user kishan from 181.143.226.68
Sep 30 00:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: input_userauth_request: invalid user kishan [preauth]
Sep 30 00:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Connection closed by 162.144.236.216 port 54552 [preauth]
Sep 30 00:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Failed password for invalid user kishan from 181.143.226.68 port 48040 ssh2
Sep 30 00:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Received disconnect from 181.143.226.68 port 48040:11: Bye Bye [preauth]
Sep 30 00:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Disconnected from 181.143.226.68 port 48040 [preauth]
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session closed for user root
Sep 30 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: Successful su for rubyman by root
Sep 30 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: + ??? root:rubyman
Sep 30 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317929 of user rubyman.
Sep 30 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12456]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317929.
Sep 30 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Failed password for root from 162.144.236.216 port 34452 ssh2
Sep 30 00:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session closed for user root
Sep 30 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session closed for user root
Sep 30 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Connection closed by 162.144.236.216 port 34452 [preauth]
Sep 30 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Failed password for root from 162.144.236.216 port 41006 ssh2
Sep 30 00:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Connection closed by 162.144.236.216 port 41006 [preauth]
Sep 30 00:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Did not receive identification string from 39.100.183.60
Sep 30 00:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: Failed password for root from 162.144.236.216 port 47740 ssh2
Sep 30 00:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: Connection closed by 162.144.236.216 port 47740 [preauth]
Sep 30 00:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Invalid user foundry from 103.189.234.85
Sep 30 00:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: input_userauth_request: invalid user foundry [preauth]
Sep 30 00:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Failed password for invalid user foundry from 103.189.234.85 port 34414 ssh2
Sep 30 00:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Received disconnect from 103.189.234.85 port 34414:11: Bye Bye [preauth]
Sep 30 00:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Disconnected from 103.189.234.85 port 34414 [preauth]
Sep 30 00:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Invalid user gerrit from 192.227.153.63
Sep 30 00:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: input_userauth_request: invalid user gerrit [preauth]
Sep 30 00:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: Failed password for root from 162.144.236.216 port 55264 ssh2
Sep 30 00:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Failed password for invalid user gerrit from 192.227.153.63 port 57056 ssh2
Sep 30 00:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Received disconnect from 192.227.153.63 port 57056:11: Bye Bye [preauth]
Sep 30 00:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Disconnected from 192.227.153.63 port 57056 [preauth]
Sep 30 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: Connection closed by 162.144.236.216 port 55264 [preauth]
Sep 30 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11388]: pam_unix(cron:session): session closed for user root
Sep 30 00:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Failed password for root from 162.144.236.216 port 33678 ssh2
Sep 30 00:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12784]: Connection closed by 162.144.236.216 port 33678 [preauth]
Sep 30 00:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Failed password for root from 162.144.236.216 port 42222 ssh2
Sep 30 00:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Connection closed by 162.144.236.216 port 42222 [preauth]
Sep 30 00:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12858]: Failed password for root from 162.144.236.216 port 49220 ssh2
Sep 30 00:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12858]: Connection closed by 162.144.236.216 port 49220 [preauth]
Sep 30 00:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12966]: Successful su for rubyman by root
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12966]: + ??? root:rubyman
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317934 of user rubyman.
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12966]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317934.
Sep 30 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Failed password for root from 162.144.236.216 port 53674 ssh2
Sep 30 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Connection closed by 162.144.236.216 port 53674 [preauth]
Sep 30 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9939]: pam_unix(cron:session): session closed for user root
Sep 30 00:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for root from 181.143.226.68 port 55490 ssh2
Sep 30 00:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Received disconnect from 181.143.226.68 port 55490:11: Bye Bye [preauth]
Sep 30 00:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Disconnected from 181.143.226.68 port 55490 [preauth]
Sep 30 00:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: Failed password for root from 162.144.236.216 port 33006 ssh2
Sep 30 00:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13134]: Connection closed by 162.144.236.216 port 33006 [preauth]
Sep 30 00:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: Failed password for root from 162.144.236.216 port 37816 ssh2
Sep 30 00:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13181]: Connection closed by 162.144.236.216 port 37816 [preauth]
Sep 30 00:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Failed password for root from 162.144.236.216 port 44366 ssh2
Sep 30 00:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Connection closed by 162.144.236.216 port 44366 [preauth]
Sep 30 00:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Failed password for root from 103.189.234.85 port 57996 ssh2
Sep 30 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session closed for user root
Sep 30 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Failed password for root from 162.144.236.216 port 52098 ssh2
Sep 30 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Received disconnect from 103.189.234.85 port 57996:11: Bye Bye [preauth]
Sep 30 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13243]: Disconnected from 103.189.234.85 port 57996 [preauth]
Sep 30 00:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Failed password for root from 192.227.153.63 port 57518 ssh2
Sep 30 00:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Received disconnect from 192.227.153.63 port 57518:11: Bye Bye [preauth]
Sep 30 00:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Disconnected from 192.227.153.63 port 57518 [preauth]
Sep 30 00:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Connection closed by 162.144.236.216 port 52098 [preauth]
Sep 30 00:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: Failed password for root from 162.144.236.216 port 56474 ssh2
Sep 30 00:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: Connection closed by 162.144.236.216 port 56474 [preauth]
Sep 30 00:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Failed password for root from 162.144.236.216 port 37052 ssh2
Sep 30 00:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13332]: Connection closed by 162.144.236.216 port 37052 [preauth]
Sep 30 00:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Failed password for root from 162.144.236.216 port 41210 ssh2
Sep 30 00:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Connection closed by 162.144.236.216 port 41210 [preauth]
Sep 30 00:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Invalid user nasha from 164.68.105.9
Sep 30 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: input_userauth_request: invalid user nasha [preauth]
Sep 30 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Failed password for invalid user nasha from 164.68.105.9 port 46856 ssh2
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Connection closed by 164.68.105.9 port 46856 [preauth]
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13370]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13438]: Successful su for rubyman by root
Sep 30 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13438]: + ??? root:rubyman
Sep 30 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317938 of user rubyman.
Sep 30 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13438]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317938.
Sep 30 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user root
Sep 30 00:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Failed password for root from 162.144.236.216 port 47096 ssh2
Sep 30 00:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Connection closed by 162.144.236.216 port 47096 [preauth]
Sep 30 00:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Failed password for root from 181.143.226.68 port 48168 ssh2
Sep 30 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Received disconnect from 181.143.226.68 port 48168:11: Bye Bye [preauth]
Sep 30 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Disconnected from 181.143.226.68 port 48168 [preauth]
Sep 30 00:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Failed password for root from 162.144.236.216 port 57546 ssh2
Sep 30 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13633]: Connection closed by 162.144.236.216 port 57546 [preauth]
Sep 30 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Failed password for root from 162.144.236.216 port 35698 ssh2
Sep 30 00:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Connection closed by 162.144.236.216 port 35698 [preauth]
Sep 30 00:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session closed for user root
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Invalid user webmaster from 192.227.153.63
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: input_userauth_request: invalid user webmaster [preauth]
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: Failed password for root from 162.144.236.216 port 42806 ssh2
Sep 30 00:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Invalid user design from 103.189.234.85
Sep 30 00:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: input_userauth_request: invalid user design [preauth]
Sep 30 00:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Failed password for invalid user webmaster from 192.227.153.63 port 57942 ssh2
Sep 30 00:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Received disconnect from 192.227.153.63 port 57942:11: Bye Bye [preauth]
Sep 30 00:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13734]: Disconnected from 192.227.153.63 port 57942 [preauth]
Sep 30 00:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Failed password for invalid user design from 103.189.234.85 port 47280 ssh2
Sep 30 00:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: Connection closed by 162.144.236.216 port 42806 [preauth]
Sep 30 00:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Received disconnect from 103.189.234.85 port 47280:11: Bye Bye [preauth]
Sep 30 00:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13732]: Disconnected from 103.189.234.85 port 47280 [preauth]
Sep 30 00:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Failed password for root from 162.144.236.216 port 50914 ssh2
Sep 30 00:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Connection closed by 162.144.236.216 port 50914 [preauth]
Sep 30 00:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Failed password for root from 162.144.236.216 port 55384 ssh2
Sep 30 00:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13779]: Connection closed by 162.144.236.216 port 55384 [preauth]
Sep 30 00:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Failed password for root from 162.144.236.216 port 34084 ssh2
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13790]: Connection closed by 162.144.236.216 port 34084 [preauth]
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: Successful su for rubyman by root
Sep 30 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: + ??? root:rubyman
Sep 30 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317940 of user rubyman.
Sep 30 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13884]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317940.
Sep 30 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10929]: pam_unix(cron:session): session closed for user root
Sep 30 00:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Failed password for root from 162.144.236.216 port 41150 ssh2
Sep 30 00:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Connection closed by 162.144.236.216 port 41150 [preauth]
Sep 30 00:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Failed password for root from 162.144.236.216 port 48378 ssh2
Sep 30 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Connection closed by 162.144.236.216 port 48378 [preauth]
Sep 30 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Failed password for root from 181.143.226.68 port 35234 ssh2
Sep 30 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Received disconnect from 181.143.226.68 port 35234:11: Bye Bye [preauth]
Sep 30 00:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14215]: Disconnected from 181.143.226.68 port 35234 [preauth]
Sep 30 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: Failed password for root from 162.144.236.216 port 55426 ssh2
Sep 30 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: Connection closed by 162.144.236.216 port 55426 [preauth]
Sep 30 00:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Failed password for root from 162.144.236.216 port 33208 ssh2
Sep 30 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Connection closed by 162.144.236.216 port 33208 [preauth]
Sep 30 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session closed for user root
Sep 30 00:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Invalid user gitlab-runner from 192.227.153.63
Sep 30 00:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: input_userauth_request: invalid user gitlab-runner [preauth]
Sep 30 00:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Failed password for invalid user gitlab-runner from 192.227.153.63 port 58236 ssh2
Sep 30 00:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Received disconnect from 192.227.153.63 port 58236:11: Bye Bye [preauth]
Sep 30 00:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Disconnected from 192.227.153.63 port 58236 [preauth]
Sep 30 00:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Failed password for root from 162.144.236.216 port 38902 ssh2
Sep 30 00:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Connection closed by 162.144.236.216 port 38902 [preauth]
Sep 30 00:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Invalid user minecraft from 103.189.234.85
Sep 30 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Failed password for root from 162.144.236.216 port 46338 ssh2
Sep 30 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Connection closed by 162.144.236.216 port 46338 [preauth]
Sep 30 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Failed password for invalid user minecraft from 103.189.234.85 port 39822 ssh2
Sep 30 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Received disconnect from 103.189.234.85 port 39822:11: Bye Bye [preauth]
Sep 30 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Disconnected from 103.189.234.85 port 39822 [preauth]
Sep 30 00:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for root from 162.144.236.216 port 50938 ssh2
Sep 30 00:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Connection closed by 162.144.236.216 port 50938 [preauth]
Sep 30 00:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: Successful su for rubyman by root
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: + ??? root:rubyman
Sep 30 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317946 of user rubyman.
Sep 30 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317946.
Sep 30 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11387]: pam_unix(cron:session): session closed for user root
Sep 30 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for root from 162.144.236.216 port 58118 ssh2
Sep 30 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Connection closed by 162.144.236.216 port 58118 [preauth]
Sep 30 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14346]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: Failed password for root from 162.144.236.216 port 37698 ssh2
Sep 30 00:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14589]: Connection closed by 162.144.236.216 port 37698 [preauth]
Sep 30 00:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14625]: Failed password for root from 162.144.236.216 port 43396 ssh2
Sep 30 00:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14625]: Connection closed by 162.144.236.216 port 43396 [preauth]
Sep 30 00:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Failed password for root from 162.144.236.216 port 49016 ssh2
Sep 30 00:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Connection closed by 162.144.236.216 port 49016 [preauth]
Sep 30 00:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for root from 162.144.236.216 port 53922 ssh2
Sep 30 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session closed for user root
Sep 30 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Connection closed by 162.144.236.216 port 53922 [preauth]
Sep 30 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Failed password for root from 181.143.226.68 port 45484 ssh2
Sep 30 00:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Received disconnect from 181.143.226.68 port 45484:11: Bye Bye [preauth]
Sep 30 00:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Disconnected from 181.143.226.68 port 45484 [preauth]
Sep 30 00:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Failed password for root from 162.144.236.216 port 60040 ssh2
Sep 30 00:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Connection closed by 162.144.236.216 port 60040 [preauth]
Sep 30 00:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Invalid user zzg from 192.227.153.63
Sep 30 00:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: input_userauth_request: invalid user zzg [preauth]
Sep 30 00:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Failed password for invalid user zzg from 192.227.153.63 port 59100 ssh2
Sep 30 00:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Received disconnect from 192.227.153.63 port 59100:11: Bye Bye [preauth]
Sep 30 00:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14735]: Disconnected from 192.227.153.63 port 59100 [preauth]
Sep 30 00:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Failed password for root from 162.144.236.216 port 38384 ssh2
Sep 30 00:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Connection closed by 162.144.236.216 port 38384 [preauth]
Sep 30 00:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: Failed password for root from 162.144.236.216 port 45092 ssh2
Sep 30 00:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: Connection closed by 162.144.236.216 port 45092 [preauth]
Sep 30 00:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Invalid user agent from 103.189.234.85
Sep 30 00:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: input_userauth_request: invalid user agent [preauth]
Sep 30 00:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session closed for user root
Sep 30 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14779]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Failed password for invalid user agent from 103.189.234.85 port 49656 ssh2
Sep 30 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Received disconnect from 103.189.234.85 port 49656:11: Bye Bye [preauth]
Sep 30 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Disconnected from 103.189.234.85 port 49656 [preauth]
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14854]: Successful su for rubyman by root
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14854]: + ??? root:rubyman
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317950 of user rubyman.
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14854]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317950.
Sep 30 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Failed password for root from 162.144.236.216 port 50184 ssh2
Sep 30 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Connection closed by 162.144.236.216 port 50184 [preauth]
Sep 30 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11930]: pam_unix(cron:session): session closed for user root
Sep 30 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session closed for user root
Sep 30 00:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14780]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Failed password for root from 162.144.236.216 port 55646 ssh2
Sep 30 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Connection closed by 162.144.236.216 port 55646 [preauth]
Sep 30 00:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Failed password for root from 162.144.236.216 port 60712 ssh2
Sep 30 00:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15075]: Connection closed by 162.144.236.216 port 60712 [preauth]
Sep 30 00:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Failed password for root from 162.144.236.216 port 39658 ssh2
Sep 30 00:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15110]: Connection closed by 162.144.236.216 port 39658 [preauth]
Sep 30 00:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session closed for user root
Sep 30 00:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for root from 162.144.236.216 port 47206 ssh2
Sep 30 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Connection closed by 162.144.236.216 port 47206 [preauth]
Sep 30 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 162.144.236.216 port 54096 ssh2
Sep 30 00:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Connection closed by 162.144.236.216 port 54096 [preauth]
Sep 30 00:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Failed password for root from 181.143.226.68 port 49806 ssh2
Sep 30 00:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Received disconnect from 181.143.226.68 port 49806:11: Bye Bye [preauth]
Sep 30 00:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15207]: Disconnected from 181.143.226.68 port 49806 [preauth]
Sep 30 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Invalid user armin from 192.227.153.63
Sep 30 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: input_userauth_request: invalid user armin [preauth]
Sep 30 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Failed password for root from 162.144.236.216 port 33458 ssh2
Sep 30 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Connection closed by 162.144.236.216 port 33458 [preauth]
Sep 30 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Failed password for invalid user armin from 192.227.153.63 port 60286 ssh2
Sep 30 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Received disconnect from 192.227.153.63 port 60286:11: Bye Bye [preauth]
Sep 30 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Disconnected from 192.227.153.63 port 60286 [preauth]
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: Successful su for rubyman by root
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: + ??? root:rubyman
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317954 of user rubyman.
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15325]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317954.
Sep 30 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Failed password for root from 162.144.236.216 port 39266 ssh2
Sep 30 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Connection closed by 162.144.236.216 port 39266 [preauth]
Sep 30 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session closed for user root
Sep 30 00:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Invalid user testuser from 103.189.234.85
Sep 30 00:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: input_userauth_request: invalid user testuser [preauth]
Sep 30 00:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Failed password for root from 162.144.236.216 port 47344 ssh2
Sep 30 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Connection closed by 162.144.236.216 port 47344 [preauth]
Sep 30 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Failed password for invalid user testuser from 103.189.234.85 port 45976 ssh2
Sep 30 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Received disconnect from 103.189.234.85 port 45976:11: Bye Bye [preauth]
Sep 30 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15525]: Disconnected from 103.189.234.85 port 45976 [preauth]
Sep 30 00:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Failed password for root from 162.144.236.216 port 54774 ssh2
Sep 30 00:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Connection closed by 162.144.236.216 port 54774 [preauth]
Sep 30 00:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 30 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Failed password for root from 162.144.236.216 port 34124 ssh2
Sep 30 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Connection closed by 162.144.236.216 port 34124 [preauth]
Sep 30 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session closed for user root
Sep 30 00:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: Failed password for root from 93.152.230.176 port 22004 ssh2
Sep 30 00:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: Received disconnect from 93.152.230.176 port 22004:11: Client disconnecting normally [preauth]
Sep 30 00:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15592]: Disconnected from 93.152.230.176 port 22004 [preauth]
Sep 30 00:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Failed password for root from 162.144.236.216 port 40656 ssh2
Sep 30 00:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Connection closed by 162.144.236.216 port 40656 [preauth]
Sep 30 00:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Invalid user developer from 192.227.153.63
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: input_userauth_request: invalid user developer [preauth]
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15696]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: Successful su for rubyman by root
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: + ??? root:rubyman
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317958 of user rubyman.
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317958.
Sep 30 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Failed password for invalid user developer from 192.227.153.63 port 33116 ssh2
Sep 30 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Received disconnect from 192.227.153.63 port 33116:11: Bye Bye [preauth]
Sep 30 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Disconnected from 192.227.153.63 port 33116 [preauth]
Sep 30 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: Failed password for root from 162.144.236.216 port 50280 ssh2
Sep 30 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session closed for user root
Sep 30 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15678]: Connection closed by 162.144.236.216 port 50280 [preauth]
Sep 30 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Failed password for root from 181.143.226.68 port 43706 ssh2
Sep 30 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Received disconnect from 181.143.226.68 port 43706:11: Bye Bye [preauth]
Sep 30 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Disconnected from 181.143.226.68 port 43706 [preauth]
Sep 30 00:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: Invalid user admin from 78.128.112.74
Sep 30 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: input_userauth_request: invalid user admin [preauth]
Sep 30 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 30 00:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: Failed password for invalid user admin from 78.128.112.74 port 34188 ssh2
Sep 30 00:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15943]: Connection closed by 78.128.112.74 port 34188 [preauth]
Sep 30 00:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Failed password for root from 162.144.236.216 port 55554 ssh2
Sep 30 00:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15933]: Connection closed by 162.144.236.216 port 55554 [preauth]
Sep 30 00:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: Invalid user anand from 103.189.234.85
Sep 30 00:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: input_userauth_request: invalid user anand [preauth]
Sep 30 00:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85
Sep 30 00:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: Failed password for invalid user anand from 103.189.234.85 port 55094 ssh2
Sep 30 00:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: Received disconnect from 103.189.234.85 port 55094:11: Bye Bye [preauth]
Sep 30 00:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15999]: Disconnected from 103.189.234.85 port 55094 [preauth]
Sep 30 00:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Failed password for root from 162.144.236.216 port 33584 ssh2
Sep 30 00:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Connection closed by 162.144.236.216 port 33584 [preauth]
Sep 30 00:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Failed password for root from 162.144.236.216 port 43962 ssh2
Sep 30 00:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Connection closed by 162.144.236.216 port 43962 [preauth]
Sep 30 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session closed for user root
Sep 30 00:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Failed password for root from 162.144.236.216 port 49516 ssh2
Sep 30 00:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Connection closed by 162.144.236.216 port 49516 [preauth]
Sep 30 00:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Failed password for root from 162.144.236.216 port 56796 ssh2
Sep 30 00:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Connection closed by 162.144.236.216 port 56796 [preauth]
Sep 30 00:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for root from 162.144.236.216 port 34582 ssh2
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16130]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Connection closed by 162.144.236.216 port 34582 [preauth]
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: Successful su for rubyman by root
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: + ??? root:rubyman
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317963 of user rubyman.
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16199]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317963.
Sep 30 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63  user=root
Sep 30 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session closed for user root
Sep 30 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16129]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Failed password for root from 192.227.153.63 port 33558 ssh2
Sep 30 00:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Received disconnect from 192.227.153.63 port 33558:11: Bye Bye [preauth]
Sep 30 00:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Disconnected from 192.227.153.63 port 33558 [preauth]
Sep 30 00:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: Failed password for root from 162.144.236.216 port 41756 ssh2
Sep 30 00:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: Connection closed by 162.144.236.216 port 41756 [preauth]
Sep 30 00:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16410]: Failed password for root from 162.144.236.216 port 47602 ssh2
Sep 30 00:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16410]: Connection closed by 162.144.236.216 port 47602 [preauth]
Sep 30 00:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68  user=root
Sep 30 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Failed password for root from 181.143.226.68 port 51970 ssh2
Sep 30 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Received disconnect from 181.143.226.68 port 51970:11: Bye Bye [preauth]
Sep 30 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Disconnected from 181.143.226.68 port 51970 [preauth]
Sep 30 00:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Failed password for root from 162.144.236.216 port 54836 ssh2
Sep 30 00:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Connection closed by 162.144.236.216 port 54836 [preauth]
Sep 30 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.234.85  user=root
Sep 30 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for root from 103.189.234.85 port 53528 ssh2
Sep 30 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Received disconnect from 103.189.234.85 port 53528:11: Bye Bye [preauth]
Sep 30 00:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Disconnected from 103.189.234.85 port 53528 [preauth]
Sep 30 00:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16481]: Failed password for root from 162.144.236.216 port 32918 ssh2
Sep 30 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16481]: Connection closed by 162.144.236.216 port 32918 [preauth]
Sep 30 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session closed for user root
Sep 30 00:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16521]: Failed password for root from 162.144.236.216 port 39098 ssh2
Sep 30 00:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16521]: Connection closed by 162.144.236.216 port 39098 [preauth]
Sep 30 00:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Failed password for root from 162.144.236.216 port 45714 ssh2
Sep 30 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Connection closed by 162.144.236.216 port 45714 [preauth]
Sep 30 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Failed password for root from 162.144.236.216 port 52788 ssh2
Sep 30 00:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Connection closed by 162.144.236.216 port 52788 [preauth]
Sep 30 00:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: Invalid user user from 80.94.95.115
Sep 30 00:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: input_userauth_request: invalid user user [preauth]
Sep 30 00:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: Failed password for invalid user user from 80.94.95.115 port 16262 ssh2
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: Connection closed by 80.94.95.115 port 16262 [preauth]
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16610]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: Successful su for rubyman by root
Sep 30 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: + ??? root:rubyman
Sep 30 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317966 of user rubyman.
Sep 30 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317966.
Sep 30 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Failed password for root from 162.144.236.216 port 58670 ssh2
Sep 30 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Connection closed by 162.144.236.216 port 58670 [preauth]
Sep 30 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user root
Sep 30 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16612]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: Invalid user anand from 192.227.153.63
Sep 30 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: input_userauth_request: invalid user anand [preauth]
Sep 30 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.153.63
Sep 30 00:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: Failed password for invalid user anand from 192.227.153.63 port 34168 ssh2
Sep 30 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: Received disconnect from 192.227.153.63 port 34168:11: Bye Bye [preauth]
Sep 30 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16884]: Disconnected from 192.227.153.63 port 34168 [preauth]
Sep 30 00:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: Failed password for root from 162.144.236.216 port 36392 ssh2
Sep 30 00:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16840]: Connection closed by 162.144.236.216 port 36392 [preauth]
Sep 30 00:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Failed password for root from 162.144.236.216 port 44088 ssh2
Sep 30 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Connection closed by 162.144.236.216 port 44088 [preauth]
Sep 30 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Invalid user informatica from 181.143.226.68
Sep 30 00:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: input_userauth_request: invalid user informatica [preauth]
Sep 30 00:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.143.226.68
Sep 30 00:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Failed password for invalid user informatica from 181.143.226.68 port 39782 ssh2
Sep 30 00:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Received disconnect from 181.143.226.68 port 39782:11: Bye Bye [preauth]
Sep 30 00:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Disconnected from 181.143.226.68 port 39782 [preauth]
Sep 30 00:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: Failed password for root from 162.144.236.216 port 48542 ssh2
Sep 30 00:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: Connection closed by 162.144.236.216 port 48542 [preauth]
Sep 30 00:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15696]: pam_unix(cron:session): session closed for user root
Sep 30 00:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Failed password for root from 162.144.236.216 port 57184 ssh2
Sep 30 00:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Connection closed by 162.144.236.216 port 57184 [preauth]
Sep 30 00:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: Failed password for root from 162.144.236.216 port 35616 ssh2
Sep 30 00:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: Connection closed by 162.144.236.216 port 35616 [preauth]
Sep 30 00:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 162.144.236.216 port 41492 ssh2
Sep 30 00:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Connection closed by 162.144.236.216 port 41492 [preauth]
Sep 30 00:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17067]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17068]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17068]: pam_unix(cron:session): session closed for user root
Sep 30 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: Successful su for rubyman by root
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: + ??? root:rubyman
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317970 of user rubyman.
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317970.
Sep 30 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: Failed password for root from 162.144.236.216 port 47602 ssh2
Sep 30 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17051]: Connection closed by 162.144.236.216 port 47602 [preauth]
Sep 30 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session closed for user root
Sep 30 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session closed for user root
Sep 30 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: Failed password for root from 162.144.236.216 port 55696 ssh2
Sep 30 00:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17267]: Connection closed by 162.144.236.216 port 55696 [preauth]
Sep 30 00:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Failed password for root from 162.144.236.216 port 33712 ssh2
Sep 30 00:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Connection closed by 162.144.236.216 port 33712 [preauth]
Sep 30 00:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Failed password for root from 162.144.236.216 port 41826 ssh2
Sep 30 00:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Connection closed by 162.144.236.216 port 41826 [preauth]
Sep 30 00:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session closed for user root
Sep 30 00:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for root from 162.144.236.216 port 49110 ssh2
Sep 30 00:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Connection closed by 162.144.236.216 port 49110 [preauth]
Sep 30 00:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Sep 30 00:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Failed password for root from 164.68.105.9 port 36190 ssh2
Sep 30 00:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Connection closed by 164.68.105.9 port 36190 [preauth]
Sep 30 00:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17498]: Failed password for root from 162.144.236.216 port 56080 ssh2
Sep 30 00:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205  user=root
Sep 30 00:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Invalid user admin from 139.19.117.131
Sep 30 00:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: input_userauth_request: invalid user admin [preauth]
Sep 30 00:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17498]: Connection closed by 162.144.236.216 port 56080 [preauth]
Sep 30 00:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Failed password for root from 34.81.94.205 port 42768 ssh2
Sep 30 00:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Received disconnect from 34.81.94.205 port 42768:11: Bye Bye [preauth]
Sep 30 00:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Disconnected from 34.81.94.205 port 42768 [preauth]
Sep 30 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Failed password for root from 162.144.236.216 port 34814 ssh2
Sep 30 00:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Connection closed by 162.144.236.216 port 34814 [preauth]
Sep 30 00:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Connection closed by 139.19.117.131 port 53632 [preauth]
Sep 30 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: Successful su for rubyman by root
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: + ??? root:rubyman
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317977 of user rubyman.
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317977.
Sep 30 00:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Failed password for root from 162.144.236.216 port 41138 ssh2
Sep 30 00:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Connection closed by 162.144.236.216 port 41138 [preauth]
Sep 30 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session closed for user root
Sep 30 00:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: Failed password for root from 162.144.236.216 port 47152 ssh2
Sep 30 00:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17886]: Connection closed by 162.144.236.216 port 47152 [preauth]
Sep 30 00:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Failed password for root from 162.144.236.216 port 53304 ssh2
Sep 30 00:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Connection closed by 162.144.236.216 port 53304 [preauth]
Sep 30 00:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Failed password for root from 162.144.236.216 port 32850 ssh2
Sep 30 00:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Connection closed by 162.144.236.216 port 32850 [preauth]
Sep 30 00:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session closed for user root
Sep 30 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for root from 162.144.236.216 port 38298 ssh2
Sep 30 00:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Connection closed by 162.144.236.216 port 38298 [preauth]
Sep 30 00:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Failed password for root from 162.144.236.216 port 44718 ssh2
Sep 30 00:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18073]: Connection closed by 162.144.236.216 port 44718 [preauth]
Sep 30 00:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Failed password for root from 162.144.236.216 port 52616 ssh2
Sep 30 00:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Connection closed by 162.144.236.216 port 52616 [preauth]
Sep 30 00:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: Successful su for rubyman by root
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: + ??? root:rubyman
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317982 of user rubyman.
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18432]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317982.
Sep 30 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18242]: Failed password for root from 162.144.236.216 port 58678 ssh2
Sep 30 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18242]: Connection closed by 162.144.236.216 port 58678 [preauth]
Sep 30 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session closed for user root
Sep 30 00:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Failed password for root from 162.144.236.216 port 37134 ssh2
Sep 30 00:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18559]: Connection closed by 162.144.236.216 port 37134 [preauth]
Sep 30 00:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18683]: Failed password for root from 162.144.236.216 port 45448 ssh2
Sep 30 00:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18683]: Connection closed by 162.144.236.216 port 45448 [preauth]
Sep 30 00:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18714]: Failed password for root from 162.144.236.216 port 51440 ssh2
Sep 30 00:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18714]: Connection closed by 162.144.236.216 port 51440 [preauth]
Sep 30 00:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17067]: pam_unix(cron:session): session closed for user root
Sep 30 00:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: Failed password for root from 162.144.236.216 port 57712 ssh2
Sep 30 00:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: Connection closed by 162.144.236.216 port 57712 [preauth]
Sep 30 00:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Failed password for root from 162.144.236.216 port 37880 ssh2
Sep 30 00:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Connection closed by 162.144.236.216 port 37880 [preauth]
Sep 30 00:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Failed password for root from 162.144.236.216 port 43564 ssh2
Sep 30 00:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Connection closed by 162.144.236.216 port 43564 [preauth]
Sep 30 00:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Failed password for root from 162.144.236.216 port 49520 ssh2
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18841]: Connection closed by 162.144.236.216 port 49520 [preauth]
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: Successful su for rubyman by root
Sep 30 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: + ??? root:rubyman
Sep 30 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317985 of user rubyman.
Sep 30 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317985.
Sep 30 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session closed for user root
Sep 30 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Failed password for root from 162.144.236.216 port 54982 ssh2
Sep 30 00:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Connection closed by 162.144.236.216 port 54982 [preauth]
Sep 30 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: Failed password for root from 162.144.236.216 port 32966 ssh2
Sep 30 00:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: Connection closed by 162.144.236.216 port 32966 [preauth]
Sep 30 00:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Failed password for root from 162.144.236.216 port 39922 ssh2
Sep 30 00:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Connection closed by 162.144.236.216 port 39922 [preauth]
Sep 30 00:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: Failed password for root from 162.144.236.216 port 47028 ssh2
Sep 30 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session closed for user root
Sep 30 00:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19228]: Connection closed by 162.144.236.216 port 47028 [preauth]
Sep 30 00:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: Failed password for root from 162.144.236.216 port 54332 ssh2
Sep 30 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: Connection closed by 162.144.236.216 port 54332 [preauth]
Sep 30 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Invalid user monitor from 93.152.230.176
Sep 30 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: input_userauth_request: invalid user monitor [preauth]
Sep 30 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for root from 162.144.236.216 port 32854 ssh2
Sep 30 00:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Connection closed by 162.144.236.216 port 32854 [preauth]
Sep 30 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for invalid user monitor from 93.152.230.176 port 27303 ssh2
Sep 30 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Received disconnect from 93.152.230.176 port 27303:11: Client disconnecting normally [preauth]
Sep 30 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Disconnected from 93.152.230.176 port 27303 [preauth]
Sep 30 00:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19434]: Failed password for root from 162.144.236.216 port 40690 ssh2
Sep 30 00:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19434]: Connection closed by 162.144.236.216 port 40690 [preauth]
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19623]: Successful su for rubyman by root
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19623]: + ??? root:rubyman
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317988 of user rubyman.
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19623]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317988.
Sep 30 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16130]: pam_unix(cron:session): session closed for user root
Sep 30 00:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Failed password for root from 162.144.236.216 port 45722 ssh2
Sep 30 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: Connection closed by 162.144.236.216 port 45722 [preauth]
Sep 30 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: Failed password for root from 162.144.236.216 port 51744 ssh2
Sep 30 00:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19958]: Connection closed by 162.144.236.216 port 51744 [preauth]
Sep 30 00:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20020]: Failed password for root from 162.144.236.216 port 57848 ssh2
Sep 30 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20020]: Connection closed by 162.144.236.216 port 57848 [preauth]
Sep 30 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Failed password for root from 162.144.236.216 port 37678 ssh2
Sep 30 00:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205  user=root
Sep 30 00:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Connection closed by 162.144.236.216 port 37678 [preauth]
Sep 30 00:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session closed for user root
Sep 30 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Failed password for root from 34.81.94.205 port 51664 ssh2
Sep 30 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Received disconnect from 34.81.94.205 port 51664:11: Bye Bye [preauth]
Sep 30 00:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Disconnected from 34.81.94.205 port 51664 [preauth]
Sep 30 00:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Failed password for root from 162.144.236.216 port 44132 ssh2
Sep 30 00:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Connection closed by 162.144.236.216 port 44132 [preauth]
Sep 30 00:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Failed password for root from 162.144.236.216 port 50074 ssh2
Sep 30 00:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Connection closed by 162.144.236.216 port 50074 [preauth]
Sep 30 00:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: Failed password for root from 162.144.236.216 port 56118 ssh2
Sep 30 00:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: Connection closed by 162.144.236.216 port 56118 [preauth]
Sep 30 00:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session closed for user root
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: Successful su for rubyman by root
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: + ??? root:rubyman
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317996 of user rubyman.
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317996.
Sep 30 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20180]: pam_unix(cron:session): session closed for user root
Sep 30 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: Failed password for root from 162.144.236.216 port 34542 ssh2
Sep 30 00:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20162]: Connection closed by 162.144.236.216 port 34542 [preauth]
Sep 30 00:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session closed for user root
Sep 30 00:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Failed password for root from 162.144.236.216 port 42470 ssh2
Sep 30 00:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20488]: Connection closed by 162.144.236.216 port 42470 [preauth]
Sep 30 00:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Failed password for root from 162.144.236.216 port 49098 ssh2
Sep 30 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Connection closed by 162.144.236.216 port 49098 [preauth]
Sep 30 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Failed password for root from 162.144.236.216 port 56024 ssh2
Sep 30 00:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Connection closed by 162.144.236.216 port 56024 [preauth]
Sep 30 00:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
Sep 30 00:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Failed password for root from 162.144.236.216 port 34084 ssh2
Sep 30 00:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20589]: Connection closed by 162.144.236.216 port 34084 [preauth]
Sep 30 00:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: Failed password for root from 162.144.236.216 port 43362 ssh2
Sep 30 00:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20635]: Connection closed by 162.144.236.216 port 43362 [preauth]
Sep 30 00:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Failed password for root from 162.144.236.216 port 52556 ssh2
Sep 30 00:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Connection closed by 162.144.236.216 port 52556 [preauth]
Sep 30 00:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20705]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20785]: Successful su for rubyman by root
Sep 30 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20785]: + ??? root:rubyman
Sep 30 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 317998 of user rubyman.
Sep 30 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20785]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 317998.
Sep 30 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session closed for user root
Sep 30 00:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: Failed password for root from 162.144.236.216 port 58396 ssh2
Sep 30 00:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20699]: Connection closed by 162.144.236.216 port 58396 [preauth]
Sep 30 00:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Failed password for root from 162.144.236.216 port 36994 ssh2
Sep 30 00:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20988]: Connection closed by 162.144.236.216 port 36994 [preauth]
Sep 30 00:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Failed password for root from 162.144.236.216 port 43880 ssh2
Sep 30 00:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21021]: Connection closed by 162.144.236.216 port 43880 [preauth]
Sep 30 00:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205  user=root
Sep 30 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session closed for user root
Sep 30 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: Failed password for root from 162.144.236.216 port 50912 ssh2
Sep 30 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Failed password for root from 34.81.94.205 port 44302 ssh2
Sep 30 00:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21056]: Connection closed by 162.144.236.216 port 50912 [preauth]
Sep 30 00:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Received disconnect from 34.81.94.205 port 44302:11: Bye Bye [preauth]
Sep 30 00:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21068]: Disconnected from 34.81.94.205 port 44302 [preauth]
Sep 30 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Failed password for root from 162.144.236.216 port 58432 ssh2
Sep 30 00:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21101]: Connection closed by 162.144.236.216 port 58432 [preauth]
Sep 30 00:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Failed password for root from 162.144.236.216 port 36724 ssh2
Sep 30 00:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Connection closed by 162.144.236.216 port 36724 [preauth]
Sep 30 00:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Failed password for root from 162.144.236.216 port 43688 ssh2
Sep 30 00:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Connection closed by 162.144.236.216 port 43688 [preauth]
Sep 30 00:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21171]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: Successful su for rubyman by root
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: + ??? root:rubyman
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318003 of user rubyman.
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21234]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318003.
Sep 30 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session closed for user root
Sep 30 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Failed password for root from 162.144.236.216 port 49838 ssh2
Sep 30 00:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21168]: Connection closed by 162.144.236.216 port 49838 [preauth]
Sep 30 00:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Failed password for root from 162.144.236.216 port 55530 ssh2
Sep 30 00:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21410]: Connection closed by 162.144.236.216 port 55530 [preauth]
Sep 30 00:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21451]: Failed password for root from 162.144.236.216 port 32902 ssh2
Sep 30 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21451]: Connection closed by 162.144.236.216 port 32902 [preauth]
Sep 30 00:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Failed password for root from 162.144.236.216 port 39742 ssh2
Sep 30 00:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Connection closed by 162.144.236.216 port 39742 [preauth]
Sep 30 00:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session closed for user root
Sep 30 00:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Failed password for root from 162.144.236.216 port 45474 ssh2
Sep 30 00:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Connection closed by 162.144.236.216 port 45474 [preauth]
Sep 30 00:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Failed password for root from 162.144.236.216 port 53132 ssh2
Sep 30 00:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Connection closed by 162.144.236.216 port 53132 [preauth]
Sep 30 00:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Failed password for root from 162.144.236.216 port 33454 ssh2
Sep 30 00:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Connection closed by 162.144.236.216 port 33454 [preauth]
Sep 30 00:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Invalid user hadoop from 190.103.202.7
Sep 30 00:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: input_userauth_request: invalid user hadoop [preauth]
Sep 30 00:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 30 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for invalid user hadoop from 190.103.202.7 port 53830 ssh2
Sep 30 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Connection closed by 190.103.202.7 port 53830 [preauth]
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: Successful su for rubyman by root
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: + ??? root:rubyman
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318006 of user rubyman.
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318006.
Sep 30 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user root
Sep 30 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Failed password for root from 162.144.236.216 port 39568 ssh2
Sep 30 00:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21599]: Connection closed by 162.144.236.216 port 39568 [preauth]
Sep 30 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Invalid user seekcy from 34.81.94.205
Sep 30 00:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: input_userauth_request: invalid user seekcy [preauth]
Sep 30 00:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205
Sep 30 00:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Failed password for invalid user seekcy from 34.81.94.205 port 42248 ssh2
Sep 30 00:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Received disconnect from 34.81.94.205 port 42248:11: Bye Bye [preauth]
Sep 30 00:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Disconnected from 34.81.94.205 port 42248 [preauth]
Sep 30 00:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: Failed password for root from 162.144.236.216 port 47388 ssh2
Sep 30 00:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21893]: Connection closed by 162.144.236.216 port 47388 [preauth]
Sep 30 00:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20706]: pam_unix(cron:session): session closed for user root
Sep 30 00:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21937]: Failed password for root from 162.144.236.216 port 55090 ssh2
Sep 30 00:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21937]: Connection closed by 162.144.236.216 port 55090 [preauth]
Sep 30 00:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 30 00:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22019]: Failed password for root from 185.156.73.233 port 52950 ssh2
Sep 30 00:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22019]: Connection closed by 185.156.73.233 port 52950 [preauth]
Sep 30 00:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: Failed password for root from 162.144.236.216 port 33270 ssh2
Sep 30 00:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22004]: Connection closed by 162.144.236.216 port 33270 [preauth]
Sep 30 00:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Failed password for root from 162.144.236.216 port 40398 ssh2
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22070]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22066]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22068]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Connection closed by 162.144.236.216 port 40398 [preauth]
Sep 30 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22229]: Successful su for rubyman by root
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22229]: + ??? root:rubyman
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318011 of user rubyman.
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22229]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318011.
Sep 30 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22066]: pam_unix(cron:session): session closed for user root
Sep 30 00:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user root
Sep 30 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22069]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22168]: Failed password for root from 162.144.236.216 port 47612 ssh2
Sep 30 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22168]: Connection closed by 162.144.236.216 port 47612 [preauth]
Sep 30 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: Failed password for root from 162.144.236.216 port 54448 ssh2
Sep 30 00:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: Connection closed by 162.144.236.216 port 54448 [preauth]
Sep 30 00:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Failed password for root from 162.144.236.216 port 59900 ssh2
Sep 30 00:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Connection closed by 162.144.236.216 port 59900 [preauth]
Sep 30 00:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session closed for user root
Sep 30 00:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for root from 162.144.236.216 port 40622 ssh2
Sep 30 00:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Connection closed by 162.144.236.216 port 40622 [preauth]
Sep 30 00:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Failed password for root from 162.144.236.216 port 46450 ssh2
Sep 30 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Connection closed by 162.144.236.216 port 46450 [preauth]
Sep 30 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: Failed password for root from 162.144.236.216 port 52228 ssh2
Sep 30 00:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22576]: Connection closed by 162.144.236.216 port 52228 [preauth]
Sep 30 00:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Failed password for root from 162.144.236.216 port 60758 ssh2
Sep 30 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Invalid user erfan from 34.81.94.205
Sep 30 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: input_userauth_request: invalid user erfan [preauth]
Sep 30 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205
Sep 30 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Connection closed by 162.144.236.216 port 60758 [preauth]
Sep 30 00:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22640]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session closed for user root
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22907]: Successful su for rubyman by root
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22907]: + ??? root:rubyman
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318018 of user rubyman.
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22907]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318018.
Sep 30 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Failed password for invalid user erfan from 34.81.94.205 port 52918 ssh2
Sep 30 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Received disconnect from 34.81.94.205 port 52918:11: Bye Bye [preauth]
Sep 30 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Disconnected from 34.81.94.205 port 52918 [preauth]
Sep 30 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session closed for user root
Sep 30 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session closed for user root
Sep 30 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Failed password for root from 162.144.236.216 port 37898 ssh2
Sep 30 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Connection closed by 162.144.236.216 port 37898 [preauth]
Sep 30 00:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22626]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Failed password for root from 162.144.236.216 port 43406 ssh2
Sep 30 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Connection closed by 162.144.236.216 port 43406 [preauth]
Sep 30 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: Failed password for root from 162.144.236.216 port 51288 ssh2
Sep 30 00:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: Connection closed by 162.144.236.216 port 51288 [preauth]
Sep 30 00:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: Failed password for root from 162.144.236.216 port 58356 ssh2
Sep 30 00:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user root
Sep 30 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: Connection closed by 162.144.236.216 port 58356 [preauth]
Sep 30 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: Failed password for root from 162.144.236.216 port 36296 ssh2
Sep 30 00:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23313]: Connection closed by 162.144.236.216 port 36296 [preauth]
Sep 30 00:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Failed password for root from 162.144.236.216 port 42042 ssh2
Sep 30 00:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23343]: Connection closed by 162.144.236.216 port 42042 [preauth]
Sep 30 00:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: Failed password for root from 162.144.236.216 port 50008 ssh2
Sep 30 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23381]: Connection closed by 162.144.236.216 port 50008 [preauth]
Sep 30 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23413]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23412]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23496]: Successful su for rubyman by root
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23496]: + ??? root:rubyman
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318021 of user rubyman.
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23496]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318021.
Sep 30 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Failed password for root from 162.144.236.216 port 56250 ssh2
Sep 30 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23405]: Connection closed by 162.144.236.216 port 56250 [preauth]
Sep 30 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session closed for user root
Sep 30 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23410]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: Failed password for root from 162.144.236.216 port 60760 ssh2
Sep 30 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: Connection closed by 162.144.236.216 port 60760 [preauth]
Sep 30 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: Invalid user ubnt from 93.152.230.176
Sep 30 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: input_userauth_request: invalid user ubnt [preauth]
Sep 30 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: Failed password for invalid user ubnt from 93.152.230.176 port 33265 ssh2
Sep 30 00:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: Received disconnect from 93.152.230.176 port 33265:11: Client disconnecting normally [preauth]
Sep 30 00:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: Disconnected from 93.152.230.176 port 33265 [preauth]
Sep 30 00:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Failed password for root from 162.144.236.216 port 39090 ssh2
Sep 30 00:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Connection closed by 162.144.236.216 port 39090 [preauth]
Sep 30 00:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Failed password for root from 162.144.236.216 port 45710 ssh2
Sep 30 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Connection closed by 162.144.236.216 port 45710 [preauth]
Sep 30 00:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22072]: pam_unix(cron:session): session closed for user root
Sep 30 00:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: Failed password for root from 162.144.236.216 port 52468 ssh2
Sep 30 00:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: Connection closed by 162.144.236.216 port 52468 [preauth]
Sep 30 00:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: Failed password for root from 162.144.236.216 port 58298 ssh2
Sep 30 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24028]: Connection closed by 162.144.236.216 port 58298 [preauth]
Sep 30 00:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Failed password for root from 162.144.236.216 port 37374 ssh2
Sep 30 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Connection closed by 162.144.236.216 port 37374 [preauth]
Sep 30 00:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Invalid user mati from 34.81.94.205
Sep 30 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: input_userauth_request: invalid user mati [preauth]
Sep 30 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205
Sep 30 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Failed password for invalid user mati from 34.81.94.205 port 59394 ssh2
Sep 30 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Received disconnect from 34.81.94.205 port 59394:11: Bye Bye [preauth]
Sep 30 00:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Disconnected from 34.81.94.205 port 59394 [preauth]
Sep 30 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24109]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24191]: Successful su for rubyman by root
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24191]: + ??? root:rubyman
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318025 of user rubyman.
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24191]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318025.
Sep 30 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Failed password for root from 162.144.236.216 port 45082 ssh2
Sep 30 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Connection closed by 162.144.236.216 port 45082 [preauth]
Sep 30 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20705]: pam_unix(cron:session): session closed for user root
Sep 30 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24110]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Failed password for root from 162.144.236.216 port 52000 ssh2
Sep 30 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Connection closed by 162.144.236.216 port 52000 [preauth]
Sep 30 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for root from 162.144.236.216 port 56442 ssh2
Sep 30 00:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Connection closed by 162.144.236.216 port 56442 [preauth]
Sep 30 00:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: Failed password for root from 162.144.236.216 port 36994 ssh2
Sep 30 00:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24465]: Connection closed by 162.144.236.216 port 36994 [preauth]
Sep 30 00:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22640]: pam_unix(cron:session): session closed for user root
Sep 30 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for root from 162.144.236.216 port 43016 ssh2
Sep 30 00:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Connection closed by 162.144.236.216 port 43016 [preauth]
Sep 30 00:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Failed password for root from 162.144.236.216 port 49638 ssh2
Sep 30 00:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Connection closed by 162.144.236.216 port 49638 [preauth]
Sep 30 00:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24574]: Failed password for root from 162.144.236.216 port 57022 ssh2
Sep 30 00:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24574]: Connection closed by 162.144.236.216 port 57022 [preauth]
Sep 30 00:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24607]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24676]: Successful su for rubyman by root
Sep 30 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24676]: + ??? root:rubyman
Sep 30 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318030 of user rubyman.
Sep 30 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24676]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318030.
Sep 30 00:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session closed for user root
Sep 30 00:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Failed password for root from 162.144.236.216 port 34820 ssh2
Sep 30 00:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Connection closed by 162.144.236.216 port 34820 [preauth]
Sep 30 00:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Failed password for root from 162.144.236.216 port 42758 ssh2
Sep 30 00:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Connection closed by 162.144.236.216 port 42758 [preauth]
Sep 30 00:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23413]: pam_unix(cron:session): session closed for user root
Sep 30 00:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Failed password for root from 162.144.236.216 port 49902 ssh2
Sep 30 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Connection closed by 162.144.236.216 port 49902 [preauth]
Sep 30 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Failed password for root from 162.144.236.216 port 56830 ssh2
Sep 30 00:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Connection closed by 162.144.236.216 port 56830 [preauth]
Sep 30 00:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Invalid user cad from 213.209.157.9
Sep 30 00:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: input_userauth_request: invalid user cad [preauth]
Sep 30 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.209.157.9
Sep 30 00:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205  user=root
Sep 30 00:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Failed password for invalid user cad from 213.209.157.9 port 32990 ssh2
Sep 30 00:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Failed password for root from 34.81.94.205 port 55860 ssh2
Sep 30 00:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25012]: Connection closed by 213.209.157.9 port 32990 [preauth]
Sep 30 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Received disconnect from 34.81.94.205 port 55860:11: Bye Bye [preauth]
Sep 30 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25013]: Disconnected from 34.81.94.205 port 55860 [preauth]
Sep 30 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: Failed password for root from 162.144.236.216 port 33744 ssh2
Sep 30 00:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25031]: Connection closed by 162.144.236.216 port 33744 [preauth]
Sep 30 00:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25065]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25138]: Successful su for rubyman by root
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25138]: + ??? root:rubyman
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318033 of user rubyman.
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25138]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318033.
Sep 30 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user root
Sep 30 00:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Failed password for root from 162.144.236.216 port 41956 ssh2
Sep 30 00:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Connection closed by 162.144.236.216 port 41956 [preauth]
Sep 30 00:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: Failed password for root from 162.144.236.216 port 49380 ssh2
Sep 30 00:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25615]: Connection closed by 162.144.236.216 port 49380 [preauth]
Sep 30 00:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session closed for user root
Sep 30 00:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25659]: Failed password for root from 162.144.236.216 port 56250 ssh2
Sep 30 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25659]: Connection closed by 162.144.236.216 port 56250 [preauth]
Sep 30 00:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Failed password for root from 162.144.236.216 port 33650 ssh2
Sep 30 00:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Invalid user ubnt from 62.60.131.157
Sep 30 00:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: input_userauth_request: invalid user ubnt [preauth]
Sep 30 00:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 00:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25692]: Connection closed by 162.144.236.216 port 33650 [preauth]
Sep 30 00:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Failed password for invalid user ubnt from 62.60.131.157 port 62544 ssh2
Sep 30 00:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Failed password for invalid user ubnt from 62.60.131.157 port 62544 ssh2
Sep 30 00:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Failed password for invalid user ubnt from 62.60.131.157 port 62544 ssh2
Sep 30 00:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: Failed password for root from 162.144.236.216 port 41368 ssh2
Sep 30 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Failed password for invalid user ubnt from 62.60.131.157 port 62544 ssh2
Sep 30 00:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25732]: Connection closed by 162.144.236.216 port 41368 [preauth]
Sep 30 00:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Failed password for invalid user ubnt from 62.60.131.157 port 62544 ssh2
Sep 30 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Received disconnect from 62.60.131.157 port 62544:11: Bye [preauth]
Sep 30 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: Disconnected from 62.60.131.157 port 62544 [preauth]
Sep 30 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 00:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25721]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user root
Sep 30 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25759]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25945]: Successful su for rubyman by root
Sep 30 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25945]: + ??? root:rubyman
Sep 30 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318040 of user rubyman.
Sep 30 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25945]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318040.
Sep 30 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Failed password for root from 162.144.236.216 port 48324 ssh2
Sep 30 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Connection closed by 162.144.236.216 port 48324 [preauth]
Sep 30 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user root
Sep 30 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22070]: pam_unix(cron:session): session closed for user root
Sep 30 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Failed password for root from 162.144.236.216 port 53996 ssh2
Sep 30 00:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Connection closed by 162.144.236.216 port 53996 [preauth]
Sep 30 00:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: Failed password for root from 162.144.236.216 port 58888 ssh2
Sep 30 00:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26204]: Connection closed by 162.144.236.216 port 58888 [preauth]
Sep 30 00:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Failed password for root from 162.144.236.216 port 37988 ssh2
Sep 30 00:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Connection closed by 162.144.236.216 port 37988 [preauth]
Sep 30 00:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: Failed password for root from 162.144.236.216 port 44854 ssh2
Sep 30 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session closed for user root
Sep 30 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: Connection closed by 162.144.236.216 port 44854 [preauth]
Sep 30 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: Invalid user pzuser from 34.81.94.205
Sep 30 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: input_userauth_request: invalid user pzuser [preauth]
Sep 30 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205
Sep 30 00:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: Failed password for invalid user pzuser from 34.81.94.205 port 48636 ssh2
Sep 30 00:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: Received disconnect from 34.81.94.205 port 48636:11: Bye Bye [preauth]
Sep 30 00:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26302]: Disconnected from 34.81.94.205 port 48636 [preauth]
Sep 30 00:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: Failed password for root from 162.144.236.216 port 50110 ssh2
Sep 30 00:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: Connection closed by 162.144.236.216 port 50110 [preauth]
Sep 30 00:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: Successful su for rubyman by root
Sep 30 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: + ??? root:rubyman
Sep 30 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318043 of user rubyman.
Sep 30 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26557]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318043.
Sep 30 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Failed password for root from 162.144.236.216 port 56758 ssh2
Sep 30 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26360]: Connection closed by 162.144.236.216 port 56758 [preauth]
Sep 30 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session closed for user root
Sep 30 00:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Failed password for root from 162.144.236.216 port 36806 ssh2
Sep 30 00:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Connection closed by 162.144.236.216 port 36806 [preauth]
Sep 30 00:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Failed password for root from 162.144.236.216 port 43050 ssh2
Sep 30 00:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Connection closed by 162.144.236.216 port 43050 [preauth]
Sep 30 00:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25065]: pam_unix(cron:session): session closed for user root
Sep 30 00:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: Failed password for root from 162.144.236.216 port 51262 ssh2
Sep 30 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: Connection closed by 162.144.236.216 port 51262 [preauth]
Sep 30 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26996]: Failed password for root from 162.144.236.216 port 56880 ssh2
Sep 30 00:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26996]: Connection closed by 162.144.236.216 port 56880 [preauth]
Sep 30 00:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27026]: Failed password for root from 162.144.236.216 port 35216 ssh2
Sep 30 00:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27026]: Connection closed by 162.144.236.216 port 35216 [preauth]
Sep 30 00:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: Failed password for root from 162.144.236.216 port 41496 ssh2
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27046]: Connection closed by 162.144.236.216 port 41496 [preauth]
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27064]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27063]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27061]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27130]: Successful su for rubyman by root
Sep 30 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27130]: + ??? root:rubyman
Sep 30 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318047 of user rubyman.
Sep 30 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27130]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318047.
Sep 30 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23412]: pam_unix(cron:session): session closed for user root
Sep 30 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Failed password for root from 162.144.236.216 port 48064 ssh2
Sep 30 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27062]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27058]: Connection closed by 162.144.236.216 port 48064 [preauth]
Sep 30 00:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: Failed password for root from 162.144.236.216 port 53166 ssh2
Sep 30 00:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27354]: Connection closed by 162.144.236.216 port 53166 [preauth]
Sep 30 00:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Failed password for root from 162.144.236.216 port 59472 ssh2
Sep 30 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Connection closed by 162.144.236.216 port 59472 [preauth]
Sep 30 00:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.81.94.205  user=root
Sep 30 00:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Failed password for root from 162.144.236.216 port 37654 ssh2
Sep 30 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Failed password for root from 34.81.94.205 port 37926 ssh2
Sep 30 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Connection closed by 162.144.236.216 port 37654 [preauth]
Sep 30 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Received disconnect from 34.81.94.205 port 37926:11: Bye Bye [preauth]
Sep 30 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Disconnected from 34.81.94.205 port 37926 [preauth]
Sep 30 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user root
Sep 30 00:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Failed password for root from 162.144.236.216 port 43644 ssh2
Sep 30 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Connection closed by 162.144.236.216 port 43644 [preauth]
Sep 30 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: Failed password for root from 162.144.236.216 port 50100 ssh2
Sep 30 00:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: Connection closed by 162.144.236.216 port 50100 [preauth]
Sep 30 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Failed password for root from 162.144.236.216 port 56554 ssh2
Sep 30 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Connection closed by 162.144.236.216 port 56554 [preauth]
Sep 30 00:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Failed password for root from 162.144.236.216 port 33786 ssh2
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27726]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27723]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Connection closed by 162.144.236.216 port 33786 [preauth]
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: Successful su for rubyman by root
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: + ??? root:rubyman
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318053 of user rubyman.
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27790]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318053.
Sep 30 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session closed for user root
Sep 30 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27800]: Failed password for root from 162.144.236.216 port 39548 ssh2
Sep 30 00:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27724]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27800]: Connection closed by 162.144.236.216 port 39548 [preauth]
Sep 30 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Failed password for root from 162.144.236.216 port 45982 ssh2
Sep 30 00:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28015]: Connection closed by 162.144.236.216 port 45982 [preauth]
Sep 30 00:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Invalid user prueba from 80.94.95.116
Sep 30 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: input_userauth_request: invalid user prueba [preauth]
Sep 30 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 30 00:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28044]: Failed password for root from 162.144.236.216 port 54026 ssh2
Sep 30 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Invalid user admin from 93.152.230.176
Sep 30 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: input_userauth_request: invalid user admin [preauth]
Sep 30 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28044]: Connection closed by 162.144.236.216 port 54026 [preauth]
Sep 30 00:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Failed password for invalid user prueba from 80.94.95.116 port 54388 ssh2
Sep 30 00:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Connection closed by 80.94.95.116 port 54388 [preauth]
Sep 30 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Failed password for invalid user admin from 93.152.230.176 port 41908 ssh2
Sep 30 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Received disconnect from 93.152.230.176 port 41908:11: Client disconnecting normally [preauth]
Sep 30 00:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28082]: Disconnected from 93.152.230.176 port 41908 [preauth]
Sep 30 00:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Failed password for root from 162.144.236.216 port 60204 ssh2
Sep 30 00:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session closed for user root
Sep 30 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Connection closed by 162.144.236.216 port 60204 [preauth]
Sep 30 00:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Failed password for root from 162.144.236.216 port 39038 ssh2
Sep 30 00:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28120]: Connection closed by 162.144.236.216 port 39038 [preauth]
Sep 30 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28160]: Failed password for root from 162.144.236.216 port 46438 ssh2
Sep 30 00:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28160]: Connection closed by 162.144.236.216 port 46438 [preauth]
Sep 30 00:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Failed password for root from 162.144.236.216 port 52414 ssh2
Sep 30 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28186]: Connection closed by 162.144.236.216 port 52414 [preauth]
Sep 30 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28203]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: Successful su for rubyman by root
Sep 30 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: + ??? root:rubyman
Sep 30 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318055 of user rubyman.
Sep 30 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318055.
Sep 30 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session closed for user root
Sep 30 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: Failed password for root from 162.144.236.216 port 58510 ssh2
Sep 30 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28196]: Connection closed by 162.144.236.216 port 58510 [preauth]
Sep 30 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Failed password for root from 162.144.236.216 port 34920 ssh2
Sep 30 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Connection closed by 162.144.236.216 port 34920 [preauth]
Sep 30 00:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Failed password for root from 162.144.236.216 port 42682 ssh2
Sep 30 00:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Connection closed by 162.144.236.216 port 42682 [preauth]
Sep 30 00:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: Failed password for root from 162.144.236.216 port 49802 ssh2
Sep 30 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27064]: pam_unix(cron:session): session closed for user root
Sep 30 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28662]: Connection closed by 162.144.236.216 port 49802 [preauth]
Sep 30 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Failed password for root from 162.144.236.216 port 57526 ssh2
Sep 30 00:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28706]: Connection closed by 162.144.236.216 port 57526 [preauth]
Sep 30 00:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Failed password for root from 162.144.236.216 port 37124 ssh2
Sep 30 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Connection closed by 162.144.236.216 port 37124 [preauth]
Sep 30 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Failed password for root from 162.144.236.216 port 44110 ssh2
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Connection closed by 162.144.236.216 port 44110 [preauth]
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28790]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28787]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28789]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28790]: pam_unix(cron:session): session closed for user root
Sep 30 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28876]: Successful su for rubyman by root
Sep 30 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28876]: + ??? root:rubyman
Sep 30 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318064 of user rubyman.
Sep 30 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28876]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318064.
Sep 30 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28787]: pam_unix(cron:session): session closed for user root
Sep 30 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session closed for user root
Sep 30 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Failed password for root from 162.144.236.216 port 50538 ssh2
Sep 30 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Connection closed by 162.144.236.216 port 50538 [preauth]
Sep 30 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28785]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: Failed password for root from 162.144.236.216 port 55690 ssh2
Sep 30 00:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29201]: Connection closed by 162.144.236.216 port 55690 [preauth]
Sep 30 00:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Failed password for root from 162.144.236.216 port 33836 ssh2
Sep 30 00:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Connection closed by 162.144.236.216 port 33836 [preauth]
Sep 30 00:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: Failed password for root from 162.144.236.216 port 40046 ssh2
Sep 30 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: Connection closed by 162.144.236.216 port 40046 [preauth]
Sep 30 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27726]: pam_unix(cron:session): session closed for user root
Sep 30 00:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Failed password for root from 162.144.236.216 port 46336 ssh2
Sep 30 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Connection closed by 162.144.236.216 port 46336 [preauth]
Sep 30 00:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Failed password for root from 162.144.236.216 port 51848 ssh2
Sep 30 00:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Connection closed by 162.144.236.216 port 51848 [preauth]
Sep 30 00:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Failed password for root from 162.144.236.216 port 60134 ssh2
Sep 30 00:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Connection closed by 162.144.236.216 port 60134 [preauth]
Sep 30 00:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Failed password for root from 162.144.236.216 port 37462 ssh2
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29417]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29399]: Connection closed by 162.144.236.216 port 37462 [preauth]
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: Successful su for rubyman by root
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: + ??? root:rubyman
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318066 of user rubyman.
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318066.
Sep 30 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Invalid user wy from 206.217.131.233
Sep 30 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: input_userauth_request: invalid user wy [preauth]
Sep 30 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session closed for user root
Sep 30 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29414]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Failed password for invalid user wy from 206.217.131.233 port 36248 ssh2
Sep 30 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Received disconnect from 206.217.131.233 port 36248:11: Bye Bye [preauth]
Sep 30 00:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29675]: Disconnected from 206.217.131.233 port 36248 [preauth]
Sep 30 00:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Failed password for root from 162.144.236.216 port 43120 ssh2
Sep 30 00:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Connection closed by 162.144.236.216 port 43120 [preauth]
Sep 30 00:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Failed password for root from 162.144.236.216 port 50456 ssh2
Sep 30 00:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Connection closed by 162.144.236.216 port 50456 [preauth]
Sep 30 00:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Failed password for root from 162.144.236.216 port 56680 ssh2
Sep 30 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Connection closed by 162.144.236.216 port 56680 [preauth]
Sep 30 00:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28203]: pam_unix(cron:session): session closed for user root
Sep 30 00:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for root from 162.144.236.216 port 37062 ssh2
Sep 30 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 162.144.236.216 port 37062 [preauth]
Sep 30 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 30 00:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=drml500@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 30 00:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for root from 162.144.236.216 port 43996 ssh2
Sep 30 00:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Connection closed by 162.144.236.216 port 43996 [preauth]
Sep 30 00:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 30 00:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=drml500 rhost=::ffff:79.124.49.146
Sep 30 00:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Failed password for root from 162.144.236.216 port 51834 ssh2
Sep 30 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Connection closed by 162.144.236.216 port 51834 [preauth]
Sep 30 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29929]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: Successful su for rubyman by root
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: + ??? root:rubyman
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318070 of user rubyman.
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29997]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318070.
Sep 30 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Failed password for root from 162.144.236.216 port 60190 ssh2
Sep 30 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session closed for user root
Sep 30 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Connection closed by 162.144.236.216 port 60190 [preauth]
Sep 30 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 00:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Failed password for root from 216.172.190.206 port 34520 ssh2
Sep 30 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Received disconnect from 216.172.190.206 port 34520:11: Bye Bye [preauth]
Sep 30 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Disconnected from 216.172.190.206 port 34520 [preauth]
Sep 30 00:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: Failed password for root from 162.144.236.216 port 38066 ssh2
Sep 30 00:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30211]: Connection closed by 162.144.236.216 port 38066 [preauth]
Sep 30 00:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Failed password for root from 162.144.236.216 port 42920 ssh2
Sep 30 00:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Connection closed by 162.144.236.216 port 42920 [preauth]
Sep 30 00:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Failed password for root from 162.144.236.216 port 48350 ssh2
Sep 30 00:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Connection closed by 162.144.236.216 port 48350 [preauth]
Sep 30 00:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: Failed password for root from 162.144.236.216 port 53438 ssh2
Sep 30 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28789]: pam_unix(cron:session): session closed for user root
Sep 30 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: Connection closed by 162.144.236.216 port 53438 [preauth]
Sep 30 00:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: Failed password for root from 162.144.236.216 port 60614 ssh2
Sep 30 00:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: Connection closed by 162.144.236.216 port 60614 [preauth]
Sep 30 00:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: Failed password for root from 162.144.236.216 port 39276 ssh2
Sep 30 00:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: Connection closed by 162.144.236.216 port 39276 [preauth]
Sep 30 00:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30425]: Failed password for root from 162.144.236.216 port 45166 ssh2
Sep 30 00:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30425]: Connection closed by 162.144.236.216 port 45166 [preauth]
Sep 30 00:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Invalid user gogs from 103.139.192.17
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: input_userauth_request: invalid user gogs [preauth]
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: Successful su for rubyman by root
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: + ??? root:rubyman
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318074 of user rubyman.
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318074.
Sep 30 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Failed password for invalid user gogs from 103.139.192.17 port 50178 ssh2
Sep 30 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Received disconnect from 103.139.192.17 port 50178:11: Bye Bye [preauth]
Sep 30 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Disconnected from 103.139.192.17 port 50178 [preauth]
Sep 30 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27063]: pam_unix(cron:session): session closed for user root
Sep 30 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Failed password for root from 162.144.236.216 port 51818 ssh2
Sep 30 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30464]: Connection closed by 162.144.236.216 port 51818 [preauth]
Sep 30 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Failed password for root from 162.144.236.216 port 59650 ssh2
Sep 30 00:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Connection closed by 162.144.236.216 port 59650 [preauth]
Sep 30 00:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Failed password for root from 162.144.236.216 port 39390 ssh2
Sep 30 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30864]: Connection closed by 162.144.236.216 port 39390 [preauth]
Sep 30 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Failed password for root from 162.144.236.216 port 45456 ssh2
Sep 30 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29417]: pam_unix(cron:session): session closed for user root
Sep 30 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Connection closed by 162.144.236.216 port 45456 [preauth]
Sep 30 00:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: Failed password for root from 162.144.236.216 port 51474 ssh2
Sep 30 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: Connection closed by 162.144.236.216 port 51474 [preauth]
Sep 30 00:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for root from 162.144.236.216 port 57080 ssh2
Sep 30 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Connection closed by 162.144.236.216 port 57080 [preauth]
Sep 30 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Failed password for root from 162.144.236.216 port 33738 ssh2
Sep 30 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Connection closed by 162.144.236.216 port 33738 [preauth]
Sep 30 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Failed password for root from 162.144.236.216 port 40006 ssh2
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31016]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: Successful su for rubyman by root
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: + ??? root:rubyman
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318079 of user rubyman.
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318079.
Sep 30 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Connection closed by 162.144.236.216 port 40006 [preauth]
Sep 30 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session closed for user root
Sep 30 00:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31017]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for root from 162.144.236.216 port 46614 ssh2
Sep 30 00:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Connection closed by 162.144.236.216 port 46614 [preauth]
Sep 30 00:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: Failed password for root from 162.144.236.216 port 53684 ssh2
Sep 30 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31306]: Connection closed by 162.144.236.216 port 53684 [preauth]
Sep 30 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Failed password for root from 162.144.236.216 port 60596 ssh2
Sep 30 00:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Connection closed by 162.144.236.216 port 60596 [preauth]
Sep 30 00:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Failed password for root from 162.144.236.216 port 38830 ssh2
Sep 30 00:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session closed for user root
Sep 30 00:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Connection closed by 162.144.236.216 port 38830 [preauth]
Sep 30 00:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: Failed password for root from 162.144.236.216 port 44996 ssh2
Sep 30 00:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: Connection closed by 162.144.236.216 port 44996 [preauth]
Sep 30 00:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Failed password for root from 162.144.236.216 port 53034 ssh2
Sep 30 00:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Connection closed by 162.144.236.216 port 53034 [preauth]
Sep 30 00:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 00:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Failed password for root from 216.172.190.206 port 50722 ssh2
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Received disconnect from 216.172.190.206 port 50722:11: Bye Bye [preauth]
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Disconnected from 216.172.190.206 port 50722 [preauth]
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Invalid user pop from 206.217.131.233
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: input_userauth_request: invalid user pop [preauth]
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 00:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Failed password for invalid user pop from 206.217.131.233 port 35050 ssh2
Sep 30 00:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Received disconnect from 206.217.131.233 port 35050:11: Bye Bye [preauth]
Sep 30 00:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Disconnected from 206.217.131.233 port 35050 [preauth]
Sep 30 00:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Failed password for root from 162.144.236.216 port 59598 ssh2
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31523]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31523]: pam_unix(cron:session): session closed for user root
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Connection closed by 162.144.236.216 port 59598 [preauth]
Sep 30 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31607]: Successful su for rubyman by root
Sep 30 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31607]: + ??? root:rubyman
Sep 30 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318082 of user rubyman.
Sep 30 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31607]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318082.
Sep 30 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user root
Sep 30 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session closed for user root
Sep 30 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Failed password for root from 162.144.236.216 port 37680 ssh2
Sep 30 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Connection closed by 162.144.236.216 port 37680 [preauth]
Sep 30 00:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Failed password for root from 162.144.236.216 port 45412 ssh2
Sep 30 00:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Connection closed by 162.144.236.216 port 45412 [preauth]
Sep 30 00:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Failed password for root from 162.144.236.216 port 52608 ssh2
Sep 30 00:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31866]: Connection closed by 162.144.236.216 port 52608 [preauth]
Sep 30 00:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30501]: pam_unix(cron:session): session closed for user root
Sep 30 00:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Failed password for root from 162.144.236.216 port 57546 ssh2
Sep 30 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Connection closed by 162.144.236.216 port 57546 [preauth]
Sep 30 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Invalid user 1234 from 93.152.230.176
Sep 30 00:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: input_userauth_request: invalid user 1234 [preauth]
Sep 30 00:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Failed password for invalid user 1234 from 93.152.230.176 port 49753 ssh2
Sep 30 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Received disconnect from 93.152.230.176 port 49753:11: Client disconnecting normally [preauth]
Sep 30 00:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Disconnected from 93.152.230.176 port 49753 [preauth]
Sep 30 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: Invalid user dixi from 206.217.131.233
Sep 30 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: input_userauth_request: invalid user dixi [preauth]
Sep 30 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: Failed password for invalid user dixi from 206.217.131.233 port 58364 ssh2
Sep 30 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: Received disconnect from 206.217.131.233 port 58364:11: Bye Bye [preauth]
Sep 30 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31994]: Disconnected from 206.217.131.233 port 58364 [preauth]
Sep 30 00:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Invalid user tom from 216.172.190.206
Sep 30 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: input_userauth_request: invalid user tom [preauth]
Sep 30 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 00:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: Failed password for root from 162.144.236.216 port 35184 ssh2
Sep 30 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Failed password for invalid user tom from 216.172.190.206 port 47264 ssh2
Sep 30 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Received disconnect from 216.172.190.206 port 47264:11: Bye Bye [preauth]
Sep 30 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32005]: Disconnected from 216.172.190.206 port 47264 [preauth]
Sep 30 00:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: Connection closed by 162.144.236.216 port 35184 [preauth]
Sep 30 00:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32024]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32098]: Successful su for rubyman by root
Sep 30 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32098]: + ??? root:rubyman
Sep 30 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318089 of user rubyman.
Sep 30 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32098]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318089.
Sep 30 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session closed for user root
Sep 30 00:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Failed password for root from 162.144.236.216 port 44260 ssh2
Sep 30 00:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Connection closed by 162.144.236.216 port 44260 [preauth]
Sep 30 00:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Invalid user admin from 62.60.131.157
Sep 30 00:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: input_userauth_request: invalid user admin [preauth]
Sep 30 00:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 00:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user admin from 62.60.131.157 port 62025 ssh2
Sep 30 00:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user admin from 62.60.131.157 port 62025 ssh2
Sep 30 00:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Failed password for root from 162.144.236.216 port 49252 ssh2
Sep 30 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Connection closed by 162.144.236.216 port 49252 [preauth]
Sep 30 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user admin from 62.60.131.157 port 62025 ssh2
Sep 30 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user admin from 62.60.131.157 port 62025 ssh2
Sep 30 00:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user admin from 62.60.131.157 port 62025 ssh2
Sep 30 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Received disconnect from 62.60.131.157 port 62025:11: Bye [preauth]
Sep 30 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Disconnected from 62.60.131.157 port 62025 [preauth]
Sep 30 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 00:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Failed password for root from 162.144.236.216 port 54172 ssh2
Sep 30 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Connection closed by 162.144.236.216 port 54172 [preauth]
Sep 30 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32352]: Failed password for root from 162.144.236.216 port 60606 ssh2
Sep 30 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32352]: Connection closed by 162.144.236.216 port 60606 [preauth]
Sep 30 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session closed for user root
Sep 30 00:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Failed password for root from 162.144.236.216 port 39460 ssh2
Sep 30 00:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Invalid user track from 103.139.192.17
Sep 30 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: input_userauth_request: invalid user track [preauth]
Sep 30 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Connection closed by 162.144.236.216 port 39460 [preauth]
Sep 30 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Failed password for invalid user track from 103.139.192.17 port 56918 ssh2
Sep 30 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Received disconnect from 103.139.192.17 port 56918:11: Bye Bye [preauth]
Sep 30 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Disconnected from 103.139.192.17 port 56918 [preauth]
Sep 30 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Invalid user goga from 206.217.131.233
Sep 30 00:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: input_userauth_request: invalid user goga [preauth]
Sep 30 00:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Failed password for invalid user goga from 206.217.131.233 port 53432 ssh2
Sep 30 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Received disconnect from 206.217.131.233 port 53432:11: Bye Bye [preauth]
Sep 30 00:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32458]: Disconnected from 206.217.131.233 port 53432 [preauth]
Sep 30 00:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Failed password for root from 162.144.236.216 port 46014 ssh2
Sep 30 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for root from 216.172.190.206 port 43810 ssh2
Sep 30 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Received disconnect from 216.172.190.206 port 43810:11: Bye Bye [preauth]
Sep 30 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Disconnected from 216.172.190.206 port 43810 [preauth]
Sep 30 00:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Connection closed by 162.144.236.216 port 46014 [preauth]
Sep 30 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: Successful su for rubyman by root
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: + ??? root:rubyman
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318094 of user rubyman.
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318094.
Sep 30 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29416]: pam_unix(cron:session): session closed for user root
Sep 30 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Failed password for root from 162.144.236.216 port 51134 ssh2
Sep 30 00:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Connection closed by 162.144.236.216 port 51134 [preauth]
Sep 30 00:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: Failed password for root from 162.144.236.216 port 56628 ssh2
Sep 30 00:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[306]: Connection closed by 162.144.236.216 port 56628 [preauth]
Sep 30 00:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: Failed password for root from 162.144.236.216 port 35008 ssh2
Sep 30 00:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: Connection closed by 162.144.236.216 port 35008 [preauth]
Sep 30 00:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
Sep 30 00:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Failed password for root from 162.144.236.216 port 42252 ssh2
Sep 30 00:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Connection closed by 162.144.236.216 port 42252 [preauth]
Sep 30 00:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 30 00:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Failed password for root from 185.156.73.233 port 54670 ssh2
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Failed password for root from 162.144.236.216 port 48646 ssh2
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Connection closed by 185.156.73.233 port 54670 [preauth]
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Invalid user roberto from 206.217.131.233
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: input_userauth_request: invalid user roberto [preauth]
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 00:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Connection closed by 162.144.236.216 port 48646 [preauth]
Sep 30 00:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Failed password for invalid user roberto from 206.217.131.233 port 48510 ssh2
Sep 30 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Received disconnect from 206.217.131.233 port 48510:11: Bye Bye [preauth]
Sep 30 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Disconnected from 206.217.131.233 port 48510 [preauth]
Sep 30 00:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: Failed password for root from 162.144.236.216 port 54952 ssh2
Sep 30 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: Connection closed by 162.144.236.216 port 54952 [preauth]
Sep 30 00:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Invalid user administrator from 216.172.190.206
Sep 30 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: input_userauth_request: invalid user administrator [preauth]
Sep 30 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Failed password for invalid user administrator from 216.172.190.206 port 40352 ssh2
Sep 30 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Received disconnect from 216.172.190.206 port 40352:11: Bye Bye [preauth]
Sep 30 00:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Disconnected from 216.172.190.206 port 40352 [preauth]
Sep 30 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[494]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[489]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[558]: Successful su for rubyman by root
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[558]: + ??? root:rubyman
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318097 of user rubyman.
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[558]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318097.
Sep 30 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: Failed password for root from 162.144.236.216 port 35140 ssh2
Sep 30 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29929]: pam_unix(cron:session): session closed for user root
Sep 30 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[474]: Connection closed by 162.144.236.216 port 35140 [preauth]
Sep 30 00:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for root from 162.144.236.216 port 42570 ssh2
Sep 30 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 162.144.236.216 port 42570 [preauth]
Sep 30 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Failed password for root from 162.144.236.216 port 50620 ssh2
Sep 30 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[798]: Connection closed by 162.144.236.216 port 50620 [preauth]
Sep 30 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: Invalid user goga from 103.139.192.17
Sep 30 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: input_userauth_request: invalid user goga [preauth]
Sep 30 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: Failed password for invalid user goga from 103.139.192.17 port 39730 ssh2
Sep 30 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: Received disconnect from 103.139.192.17 port 39730:11: Bye Bye [preauth]
Sep 30 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: Disconnected from 103.139.192.17 port 39730 [preauth]
Sep 30 00:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Failed password for root from 162.144.236.216 port 56436 ssh2
Sep 30 00:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: Connection closed by 162.144.236.216 port 56436 [preauth]
Sep 30 00:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32024]: pam_unix(cron:session): session closed for user root
Sep 30 00:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Invalid user toney from 80.94.95.112
Sep 30 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: input_userauth_request: invalid user toney [preauth]
Sep 30 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 00:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Failed password for root from 162.144.236.216 port 35830 ssh2
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[876]: Connection closed by 162.144.236.216 port 35830 [preauth]
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: Invalid user gogs from 206.217.131.233
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: input_userauth_request: invalid user gogs [preauth]
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for invalid user toney from 80.94.95.112 port 63481 ssh2
Sep 30 00:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: Failed password for invalid user gogs from 206.217.131.233 port 43580 ssh2
Sep 30 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: Received disconnect from 206.217.131.233 port 43580:11: Bye Bye [preauth]
Sep 30 00:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[931]: Disconnected from 206.217.131.233 port 43580 [preauth]
Sep 30 00:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for invalid user toney from 80.94.95.112 port 63481 ssh2
Sep 30 00:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for invalid user toney from 80.94.95.112 port 63481 ssh2
Sep 30 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Failed password for root from 162.144.236.216 port 41432 ssh2
Sep 30 00:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Connection closed by 162.144.236.216 port 41432 [preauth]
Sep 30 00:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for invalid user toney from 80.94.95.112 port 63481 ssh2
Sep 30 00:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for invalid user toney from 80.94.95.112 port 63481 ssh2
Sep 30 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Received disconnect from 80.94.95.112 port 63481:11: Bye [preauth]
Sep 30 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Disconnected from 80.94.95.112 port 63481 [preauth]
Sep 30 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 00:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 00:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1008]: Failed password for root from 162.144.236.216 port 47730 ssh2
Sep 30 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: Invalid user mel from 216.172.190.206
Sep 30 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: input_userauth_request: invalid user mel [preauth]
Sep 30 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 00:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1008]: Connection closed by 162.144.236.216 port 47730 [preauth]
Sep 30 00:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: Failed password for invalid user mel from 216.172.190.206 port 36894 ssh2
Sep 30 00:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: Received disconnect from 216.172.190.206 port 36894:11: Bye Bye [preauth]
Sep 30 00:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1029]: Disconnected from 216.172.190.206 port 36894 [preauth]
Sep 30 00:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1049]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1048]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1046]: pam_unix(cron:session): session closed for user p13x
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Failed password for root from 162.144.236.216 port 53992 ssh2
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1114]: Successful su for rubyman by root
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1114]: + ??? root:rubyman
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318099 of user rubyman.
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1114]: pam_unix(su:session): session closed for user rubyman
Sep 30 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318099.
Sep 30 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Connection closed by 162.144.236.216 port 53992 [preauth]
Sep 30 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session closed for user root
Sep 30 00:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1047]: pam_unix(cron:session): session closed for user samftp
Sep 30 00:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Failed password for root from 162.144.236.216 port 59998 ssh2
Sep 30 00:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1146]: Connection closed by 162.144.236.216 port 59998 [preauth]
Sep 30 00:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: Failed password for root from 162.144.236.216 port 40098 ssh2
Sep 30 00:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1335]: Connection closed by 162.144.236.216 port 40098 [preauth]
Sep 30 00:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Failed password for root from 162.144.236.216 port 48174 ssh2
Sep 30 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Connection closed by 162.144.236.216 port 48174 [preauth]
Sep 30 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user root
Sep 30 00:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for root from 206.217.131.233 port 38646 ssh2
Sep 30 00:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Received disconnect from 206.217.131.233 port 38646:11: Bye Bye [preauth]
Sep 30 00:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Disconnected from 206.217.131.233 port 38646 [preauth]
Sep 30 00:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Failed password for root from 162.144.236.216 port 56176 ssh2
Sep 30 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Connection closed by 162.144.236.216 port 56176 [preauth]
Sep 30 00:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: Failed password for root from 162.144.236.216 port 33742 ssh2
Sep 30 00:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1477]: Connection closed by 162.144.236.216 port 33742 [preauth]
Sep 30 00:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 30 00:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=r.ml500@198.199.94.12 rhost=::ffff:79.124.49.146
Sep 30 00:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: Invalid user etluser from 216.172.190.206
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: input_userauth_request: invalid user etluser [preauth]
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=r.ml500 rhost=::ffff:79.124.49.146
Sep 30 00:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: Failed password for invalid user etluser from 216.172.190.206 port 33436 ssh2
Sep 30 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: Received disconnect from 216.172.190.206 port 33436:11: Bye Bye [preauth]
Sep 30 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1517]: Disconnected from 216.172.190.206 port 33436 [preauth]
Sep 30 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Failed password for root from 162.144.236.216 port 39310 ssh2
Sep 30 00:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Connection closed by 162.144.236.216 port 39310 [preauth]
Sep 30 00:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: Invalid user dixi from 103.139.192.17
Sep 30 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: input_userauth_request: invalid user dixi [preauth]
Sep 30 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 00:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: Failed password for invalid user dixi from 103.139.192.17 port 36520 ssh2
Sep 30 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: Received disconnect from 103.139.192.17 port 36520:11: Bye Bye [preauth]
Sep 30 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1540]: Disconnected from 103.139.192.17 port 36520 [preauth]
Sep 30 01:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: Failed password for root from 162.144.236.216 port 46082 ssh2
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1562]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1558]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1561]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1560]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1562]: pam_unix(cron:session): session closed for user root
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1558]: pam_unix(cron:session): session closed for user root
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: Connection closed by 162.144.236.216 port 46082 [preauth]
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: Successful su for rubyman by root
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: + ??? root:rubyman
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318107 of user rubyman.
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318107.
Sep 30 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session closed for user root
Sep 30 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session closed for user root
Sep 30 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1557]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Failed password for root from 162.144.236.216 port 52070 ssh2
Sep 30 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Connection closed by 162.144.236.216 port 52070 [preauth]
Sep 30 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Failed password for root from 162.144.236.216 port 59020 ssh2
Sep 30 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1924]: Connection closed by 162.144.236.216 port 59020 [preauth]
Sep 30 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1950]: Failed password for root from 162.144.236.216 port 36610 ssh2
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1950]: Connection closed by 162.144.236.216 port 36610 [preauth]
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Invalid user minecraft from 206.217.131.233
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Failed password for invalid user minecraft from 206.217.131.233 port 33740 ssh2
Sep 30 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Received disconnect from 206.217.131.233 port 33740:11: Bye Bye [preauth]
Sep 30 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1963]: Disconnected from 206.217.131.233 port 33740 [preauth]
Sep 30 01:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: Failed password for root from 162.144.236.216 port 42820 ssh2
Sep 30 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1965]: Connection closed by 162.144.236.216 port 42820 [preauth]
Sep 30 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[494]: pam_unix(cron:session): session closed for user root
Sep 30 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Failed password for root from 162.144.236.216 port 48852 ssh2
Sep 30 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Connection closed by 162.144.236.216 port 48852 [preauth]
Sep 30 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2070]: Failed password for root from 162.144.236.216 port 55594 ssh2
Sep 30 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Invalid user test from 216.172.190.206
Sep 30 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: input_userauth_request: invalid user test [preauth]
Sep 30 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2070]: Connection closed by 162.144.236.216 port 55594 [preauth]
Sep 30 01:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Failed password for invalid user test from 216.172.190.206 port 58214 ssh2
Sep 30 01:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Received disconnect from 216.172.190.206 port 58214:11: Bye Bye [preauth]
Sep 30 01:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2106]: Disconnected from 216.172.190.206 port 58214 [preauth]
Sep 30 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2109]: Failed password for root from 162.144.236.216 port 35246 ssh2
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2109]: Connection closed by 162.144.236.216 port 35246 [preauth]
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2214]: Successful su for rubyman by root
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2214]: + ??? root:rubyman
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318110 of user rubyman.
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2214]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318110.
Sep 30 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user root
Sep 30 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Failed password for root from 162.144.236.216 port 43260 ssh2
Sep 30 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Connection closed by 162.144.236.216 port 43260 [preauth]
Sep 30 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2136]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: Failed password for root from 162.144.236.216 port 48252 ssh2
Sep 30 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: Connection closed by 162.144.236.216 port 48252 [preauth]
Sep 30 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Failed password for root from 162.144.236.216 port 53670 ssh2
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Invalid user landi from 206.217.131.233
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: input_userauth_request: invalid user landi [preauth]
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Connection closed by 162.144.236.216 port 53670 [preauth]
Sep 30 01:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Failed password for invalid user landi from 206.217.131.233 port 57056 ssh2
Sep 30 01:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Received disconnect from 206.217.131.233 port 57056:11: Bye Bye [preauth]
Sep 30 01:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2445]: Disconnected from 206.217.131.233 port 57056 [preauth]
Sep 30 01:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Failed password for root from 162.144.236.216 port 57700 ssh2
Sep 30 01:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Connection closed by 162.144.236.216 port 57700 [preauth]
Sep 30 01:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Failed password for root from 103.139.192.17 port 33322 ssh2
Sep 30 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Received disconnect from 103.139.192.17 port 33322:11: Bye Bye [preauth]
Sep 30 01:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2480]: Disconnected from 103.139.192.17 port 33322 [preauth]
Sep 30 01:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Failed password for root from 162.144.236.216 port 35258 ssh2
Sep 30 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Connection closed by 162.144.236.216 port 35258 [preauth]
Sep 30 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1049]: pam_unix(cron:session): session closed for user root
Sep 30 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Failed password for root from 162.144.236.216 port 41638 ssh2
Sep 30 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Connection closed by 162.144.236.216 port 41638 [preauth]
Sep 30 01:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2552]: Failed password for root from 162.144.236.216 port 48328 ssh2
Sep 30 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Invalid user minecraft from 216.172.190.206
Sep 30 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Failed password for invalid user minecraft from 216.172.190.206 port 54756 ssh2
Sep 30 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Received disconnect from 216.172.190.206 port 54756:11: Bye Bye [preauth]
Sep 30 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Disconnected from 216.172.190.206 port 54756 [preauth]
Sep 30 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2552]: Connection closed by 162.144.236.216 port 48328 [preauth]
Sep 30 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Invalid user cs from 20.163.71.109
Sep 30 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: input_userauth_request: invalid user cs [preauth]
Sep 30 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 30 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Failed password for invalid user cs from 20.163.71.109 port 50970 ssh2
Sep 30 01:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Failed password for root from 162.144.236.216 port 55968 ssh2
Sep 30 01:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2592]: Connection closed by 20.163.71.109 port 50970 [preauth]
Sep 30 01:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Connection closed by 162.144.236.216 port 55968 [preauth]
Sep 30 01:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2671]: Successful su for rubyman by root
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2671]: + ??? root:rubyman
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318114 of user rubyman.
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2671]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318114.
Sep 30 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session closed for user root
Sep 30 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Failed password for root from 162.144.236.216 port 33412 ssh2
Sep 30 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2603]: Connection closed by 162.144.236.216 port 33412 [preauth]
Sep 30 01:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Failed password for root from 206.217.131.233 port 52134 ssh2
Sep 30 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Received disconnect from 206.217.131.233 port 52134:11: Bye Bye [preauth]
Sep 30 01:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Disconnected from 206.217.131.233 port 52134 [preauth]
Sep 30 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Failed password for root from 162.144.236.216 port 39832 ssh2
Sep 30 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Connection closed by 162.144.236.216 port 39832 [preauth]
Sep 30 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Failed password for root from 162.144.236.216 port 46888 ssh2
Sep 30 01:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2906]: Connection closed by 162.144.236.216 port 46888 [preauth]
Sep 30 01:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Failed password for root from 162.144.236.216 port 52204 ssh2
Sep 30 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2920]: Connection closed by 162.144.236.216 port 52204 [preauth]
Sep 30 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1561]: pam_unix(cron:session): session closed for user root
Sep 30 01:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Failed password for root from 162.144.236.216 port 59326 ssh2
Sep 30 01:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Connection closed by 162.144.236.216 port 59326 [preauth]
Sep 30 01:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for root from 162.144.236.216 port 39044 ssh2
Sep 30 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 162.144.236.216 port 39044 [preauth]
Sep 30 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Invalid user scan1 from 216.172.190.206
Sep 30 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: input_userauth_request: invalid user scan1 [preauth]
Sep 30 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 30 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Failed password for invalid user scan1 from 216.172.190.206 port 51302 ssh2
Sep 30 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Failed password for root from 93.152.230.176 port 37870 ssh2
Sep 30 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Received disconnect from 216.172.190.206 port 51302:11: Bye Bye [preauth]
Sep 30 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Disconnected from 216.172.190.206 port 51302 [preauth]
Sep 30 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Received disconnect from 93.152.230.176 port 37870:11: Client disconnecting normally [preauth]
Sep 30 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Disconnected from 93.152.230.176 port 37870 [preauth]
Sep 30 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Invalid user sistema from 103.139.192.17
Sep 30 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: input_userauth_request: invalid user sistema [preauth]
Sep 30 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Failed password for root from 162.144.236.216 port 46176 ssh2
Sep 30 01:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Connection closed by 162.144.236.216 port 46176 [preauth]
Sep 30 01:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Failed password for invalid user sistema from 103.139.192.17 port 38102 ssh2
Sep 30 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 30 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Received disconnect from 103.139.192.17 port 38102:11: Bye Bye [preauth]
Sep 30 01:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Disconnected from 103.139.192.17 port 38102 [preauth]
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3057]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3055]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Failed password for root from 185.156.73.233 port 53682 ssh2
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Connection closed by 185.156.73.233 port 53682 [preauth]
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: Successful su for rubyman by root
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: + ??? root:rubyman
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318120 of user rubyman.
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3119]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318120.
Sep 30 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user root
Sep 30 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Failed password for root from 162.144.236.216 port 52198 ssh2
Sep 30 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Connection closed by 162.144.236.216 port 52198 [preauth]
Sep 30 01:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3056]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 206.217.131.233 port 47212 ssh2
Sep 30 01:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Received disconnect from 206.217.131.233 port 47212:11: Bye Bye [preauth]
Sep 30 01:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Disconnected from 206.217.131.233 port 47212 [preauth]
Sep 30 01:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Failed password for root from 162.144.236.216 port 57838 ssh2
Sep 30 01:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3271]: Connection closed by 162.144.236.216 port 57838 [preauth]
Sep 30 01:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Failed password for root from 162.144.236.216 port 34748 ssh2
Sep 30 01:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Connection closed by 162.144.236.216 port 34748 [preauth]
Sep 30 01:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Failed password for root from 162.144.236.216 port 41164 ssh2
Sep 30 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Connection closed by 162.144.236.216 port 41164 [preauth]
Sep 30 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Invalid user user from 80.94.95.112
Sep 30 01:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: input_userauth_request: invalid user user [preauth]
Sep 30 01:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: Failed password for root from 162.144.236.216 port 47276 ssh2
Sep 30 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user user from 80.94.95.112 port 63288 ssh2
Sep 30 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3395]: Connection closed by 162.144.236.216 port 47276 [preauth]
Sep 30 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session closed for user root
Sep 30 01:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user user from 80.94.95.112 port 63288 ssh2
Sep 30 01:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user user from 80.94.95.112 port 63288 ssh2
Sep 30 01:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user user from 80.94.95.112 port 63288 ssh2
Sep 30 01:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user user from 80.94.95.112 port 63288 ssh2
Sep 30 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Received disconnect from 80.94.95.112 port 63288:11: Bye [preauth]
Sep 30 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Disconnected from 80.94.95.112 port 63288 [preauth]
Sep 30 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 01:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 01:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Failed password for root from 162.144.236.216 port 52808 ssh2
Sep 30 01:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Connection closed by 162.144.236.216 port 52808 [preauth]
Sep 30 01:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Failed password for root from 162.144.236.216 port 33486 ssh2
Sep 30 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Connection closed by 162.144.236.216 port 33486 [preauth]
Sep 30 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Failed password for root from 216.172.190.206 port 47852 ssh2
Sep 30 01:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Received disconnect from 216.172.190.206 port 47852:11: Bye Bye [preauth]
Sep 30 01:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3487]: Disconnected from 216.172.190.206 port 47852 [preauth]
Sep 30 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: Successful su for rubyman by root
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: + ??? root:rubyman
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318123 of user rubyman.
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3566]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318123.
Sep 30 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Invalid user bigdata from 206.217.131.233
Sep 30 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: input_userauth_request: invalid user bigdata [preauth]
Sep 30 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Failed password for root from 162.144.236.216 port 41292 ssh2
Sep 30 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session closed for user root
Sep 30 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Failed password for invalid user bigdata from 206.217.131.233 port 42290 ssh2
Sep 30 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Received disconnect from 206.217.131.233 port 42290:11: Bye Bye [preauth]
Sep 30 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3624]: Disconnected from 206.217.131.233 port 42290 [preauth]
Sep 30 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Connection closed by 162.144.236.216 port 41292 [preauth]
Sep 30 01:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Failed password for root from 162.144.236.216 port 47900 ssh2
Sep 30 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Connection closed by 162.144.236.216 port 47900 [preauth]
Sep 30 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Invalid user kiran from 103.139.192.17
Sep 30 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: input_userauth_request: invalid user kiran [preauth]
Sep 30 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Failed password for invalid user kiran from 103.139.192.17 port 34106 ssh2
Sep 30 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Invalid user user from 62.60.131.157
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: input_userauth_request: invalid user user [preauth]
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Failed password for root from 162.144.236.216 port 55594 ssh2
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Received disconnect from 103.139.192.17 port 34106:11: Bye Bye [preauth]
Sep 30 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Disconnected from 103.139.192.17 port 34106 [preauth]
Sep 30 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for invalid user user from 62.60.131.157 port 18346 ssh2
Sep 30 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2611]: pam_unix(cron:session): session closed for user root
Sep 30 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Connection closed by 162.144.236.216 port 55594 [preauth]
Sep 30 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for invalid user user from 62.60.131.157 port 18346 ssh2
Sep 30 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for invalid user user from 62.60.131.157 port 18346 ssh2
Sep 30 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for invalid user user from 62.60.131.157 port 18346 ssh2
Sep 30 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for invalid user user from 62.60.131.157 port 18346 ssh2
Sep 30 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Received disconnect from 62.60.131.157 port 18346:11: Bye [preauth]
Sep 30 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Disconnected from 62.60.131.157 port 18346 [preauth]
Sep 30 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Failed password for root from 162.144.236.216 port 59918 ssh2
Sep 30 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Connection closed by 162.144.236.216 port 59918 [preauth]
Sep 30 01:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Failed password for root from 162.144.236.216 port 39948 ssh2
Sep 30 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Connection closed by 162.144.236.216 port 39948 [preauth]
Sep 30 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Invalid user rock from 206.217.131.233
Sep 30 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: input_userauth_request: invalid user rock [preauth]
Sep 30 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Invalid user sdtdserver from 216.172.190.206
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: input_userauth_request: invalid user sdtdserver [preauth]
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Failed password for invalid user rock from 206.217.131.233 port 37368 ssh2
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Received disconnect from 206.217.131.233 port 37368:11: Bye Bye [preauth]
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Disconnected from 206.217.131.233 port 37368 [preauth]
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3959]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3958]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3955]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3959]: pam_unix(cron:session): session closed for user root
Sep 30 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Failed password for root from 162.144.236.216 port 46854 ssh2
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4029]: Successful su for rubyman by root
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4029]: + ??? root:rubyman
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318128 of user rubyman.
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4029]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318128.
Sep 30 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Failed password for invalid user sdtdserver from 216.172.190.206 port 44398 ssh2
Sep 30 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Received disconnect from 216.172.190.206 port 44398:11: Bye Bye [preauth]
Sep 30 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3950]: Disconnected from 216.172.190.206 port 44398 [preauth]
Sep 30 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3937]: Connection closed by 162.144.236.216 port 46854 [preauth]
Sep 30 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3955]: pam_unix(cron:session): session closed for user root
Sep 30 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1048]: pam_unix(cron:session): session closed for user root
Sep 30 01:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: Failed password for root from 162.144.236.216 port 53092 ssh2
Sep 30 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4101]: Connection closed by 162.144.236.216 port 53092 [preauth]
Sep 30 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Failed password for root from 162.144.236.216 port 60608 ssh2
Sep 30 01:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Connection closed by 162.144.236.216 port 60608 [preauth]
Sep 30 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Failed password for root from 162.144.236.216 port 38808 ssh2
Sep 30 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4309]: Connection closed by 162.144.236.216 port 38808 [preauth]
Sep 30 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session closed for user root
Sep 30 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Failed password for root from 162.144.236.216 port 45608 ssh2
Sep 30 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Connection closed by 162.144.236.216 port 45608 [preauth]
Sep 30 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: Failed password for root from 162.144.236.216 port 53008 ssh2
Sep 30 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4383]: Connection closed by 162.144.236.216 port 53008 [preauth]
Sep 30 01:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Invalid user track from 206.217.131.233
Sep 30 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: input_userauth_request: invalid user track [preauth]
Sep 30 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Failed password for root from 162.144.236.216 port 60932 ssh2
Sep 30 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Failed password for invalid user track from 206.217.131.233 port 60690 ssh2
Sep 30 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Received disconnect from 206.217.131.233 port 60690:11: Bye Bye [preauth]
Sep 30 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Disconnected from 206.217.131.233 port 60690 [preauth]
Sep 30 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Connection closed by 162.144.236.216 port 60932 [preauth]
Sep 30 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4520]: Successful su for rubyman by root
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4520]: + ??? root:rubyman
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318132 of user rubyman.
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4520]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318132.
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Invalid user roberto from 103.139.192.17
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: input_userauth_request: invalid user roberto [preauth]
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Invalid user system from 216.172.190.206
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: input_userauth_request: invalid user system [preauth]
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Failed password for invalid user roberto from 103.139.192.17 port 40028 ssh2
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Received disconnect from 103.139.192.17 port 40028:11: Bye Bye [preauth]
Sep 30 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Disconnected from 103.139.192.17 port 40028 [preauth]
Sep 30 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Failed password for invalid user system from 216.172.190.206 port 40944 ssh2
Sep 30 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Received disconnect from 216.172.190.206 port 40944:11: Bye Bye [preauth]
Sep 30 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Disconnected from 216.172.190.206 port 40944 [preauth]
Sep 30 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1560]: pam_unix(cron:session): session closed for user root
Sep 30 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Failed password for root from 162.144.236.216 port 38734 ssh2
Sep 30 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4436]: Connection closed by 162.144.236.216 port 38734 [preauth]
Sep 30 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: Failed password for root from 162.144.236.216 port 48238 ssh2
Sep 30 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: Connection closed by 162.144.236.216 port 48238 [preauth]
Sep 30 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session closed for user root
Sep 30 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for root from 162.144.236.216 port 52782 ssh2
Sep 30 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Connection closed by 162.144.236.216 port 52782 [preauth]
Sep 30 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Invalid user admin from 80.94.95.25
Sep 30 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 30 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for invalid user admin from 80.94.95.25 port 52770 ssh2
Sep 30 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for invalid user admin from 80.94.95.25 port 52770 ssh2
Sep 30 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for invalid user admin from 80.94.95.25 port 52770 ssh2
Sep 30 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for invalid user admin from 80.94.95.25 port 52770 ssh2
Sep 30 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for root from 162.144.236.216 port 34700 ssh2
Sep 30 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: Failed password for root from 206.217.131.233 port 55776 ssh2
Sep 30 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: Received disconnect from 206.217.131.233 port 55776:11: Bye Bye [preauth]
Sep 30 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4883]: Disconnected from 206.217.131.233 port 55776 [preauth]
Sep 30 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Connection closed by 162.144.236.216 port 34700 [preauth]
Sep 30 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for invalid user admin from 80.94.95.25 port 52770 ssh2
Sep 30 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Received disconnect from 80.94.95.25 port 52770:11: Bye [preauth]
Sep 30 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Disconnected from 80.94.95.25 port 52770 [preauth]
Sep 30 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 30 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4910]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4908]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: Successful su for rubyman by root
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: + ??? root:rubyman
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318137 of user rubyman.
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4978]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318137.
Sep 30 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4895]: Failed password for root from 162.144.236.216 port 41932 ssh2
Sep 30 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4895]: Connection closed by 162.144.236.216 port 41932 [preauth]
Sep 30 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session closed for user root
Sep 30 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Invalid user rahul from 216.172.190.206
Sep 30 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: input_userauth_request: invalid user rahul [preauth]
Sep 30 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Failed password for invalid user rahul from 216.172.190.206 port 37490 ssh2
Sep 30 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Received disconnect from 216.172.190.206 port 37490:11: Bye Bye [preauth]
Sep 30 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5149]: Disconnected from 216.172.190.206 port 37490 [preauth]
Sep 30 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Failed password for root from 162.144.236.216 port 47556 ssh2
Sep 30 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5040]: Connection closed by 162.144.236.216 port 47556 [preauth]
Sep 30 01:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Failed password for root from 162.144.236.216 port 55846 ssh2
Sep 30 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Connection closed by 162.144.236.216 port 55846 [preauth]
Sep 30 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3958]: pam_unix(cron:session): session closed for user root
Sep 30 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Failed password for root from 103.139.192.17 port 53966 ssh2
Sep 30 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Received disconnect from 103.139.192.17 port 53966:11: Bye Bye [preauth]
Sep 30 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Disconnected from 103.139.192.17 port 53966 [preauth]
Sep 30 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: Failed password for root from 162.144.236.216 port 34696 ssh2
Sep 30 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5302]: Connection closed by 162.144.236.216 port 34696 [preauth]
Sep 30 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Invalid user debian from 206.217.131.233
Sep 30 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: input_userauth_request: invalid user debian [preauth]
Sep 30 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Failed password for invalid user debian from 206.217.131.233 port 50858 ssh2
Sep 30 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Received disconnect from 206.217.131.233 port 50858:11: Bye Bye [preauth]
Sep 30 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Disconnected from 206.217.131.233 port 50858 [preauth]
Sep 30 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: Failed password for root from 162.144.236.216 port 40130 ssh2
Sep 30 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5428]: Connection closed by 162.144.236.216 port 40130 [preauth]
Sep 30 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: Failed password for root from 162.144.236.216 port 47834 ssh2
Sep 30 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5463]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5464]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5461]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5528]: Successful su for rubyman by root
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5528]: + ??? root:rubyman
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318140 of user rubyman.
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5528]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318140.
Sep 30 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5450]: Connection closed by 162.144.236.216 port 47834 [preauth]
Sep 30 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session closed for user root
Sep 30 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5462]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Failed password for root from 162.144.236.216 port 54616 ssh2
Sep 30 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Connection closed by 162.144.236.216 port 54616 [preauth]
Sep 30 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Failed password for root from 216.172.190.206 port 34040 ssh2
Sep 30 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Received disconnect from 216.172.190.206 port 34040:11: Bye Bye [preauth]
Sep 30 01:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Disconnected from 216.172.190.206 port 34040 [preauth]
Sep 30 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Failed password for root from 162.144.236.216 port 59068 ssh2
Sep 30 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Connection closed by 162.144.236.216 port 59068 [preauth]
Sep 30 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Failed password for root from 162.144.236.216 port 35836 ssh2
Sep 30 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5770]: Connection closed by 162.144.236.216 port 35836 [preauth]
Sep 30 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Failed password for root from 162.144.236.216 port 41804 ssh2
Sep 30 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Connection closed by 162.144.236.216 port 41804 [preauth]
Sep 30 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session closed for user root
Sep 30 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5823]: Failed password for root from 162.144.236.216 port 48758 ssh2
Sep 30 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Invalid user test from 220.247.224.226
Sep 30 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: input_userauth_request: invalid user test [preauth]
Sep 30 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5823]: Connection closed by 162.144.236.216 port 48758 [preauth]
Sep 30 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Failed password for invalid user test from 220.247.224.226 port 62703 ssh2
Sep 30 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Received disconnect from 220.247.224.226 port 62703:11: Bye Bye [preauth]
Sep 30 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5871]: Disconnected from 220.247.224.226 port 62703 [preauth]
Sep 30 01:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: Failed password for root from 162.144.236.216 port 56118 ssh2
Sep 30 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Invalid user admin1 from 206.217.131.233
Sep 30 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: input_userauth_request: invalid user admin1 [preauth]
Sep 30 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5873]: Connection closed by 162.144.236.216 port 56118 [preauth]
Sep 30 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for invalid user admin1 from 206.217.131.233 port 45938 ssh2
Sep 30 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Received disconnect from 206.217.131.233 port 45938:11: Bye Bye [preauth]
Sep 30 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Disconnected from 206.217.131.233 port 45938 [preauth]
Sep 30 01:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Failed password for root from 162.144.236.216 port 34558 ssh2
Sep 30 01:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Connection closed by 162.144.236.216 port 34558 [preauth]
Sep 30 01:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Failed password for root from 162.144.236.216 port 42102 ssh2
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: Successful su for rubyman by root
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: + ??? root:rubyman
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318145 of user rubyman.
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6081]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318145.
Sep 30 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session closed for user root
Sep 30 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Connection closed by 162.144.236.216 port 42102 [preauth]
Sep 30 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3057]: pam_unix(cron:session): session closed for user root
Sep 30 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for root from 162.144.236.216 port 46820 ssh2
Sep 30 01:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 162.144.236.216 port 46820 [preauth]
Sep 30 01:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Invalid user mass from 216.172.190.206
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: input_userauth_request: invalid user mass [preauth]
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Invalid user wy from 103.139.192.17
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: input_userauth_request: invalid user wy [preauth]
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Failed password for invalid user mass from 216.172.190.206 port 58814 ssh2
Sep 30 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Received disconnect from 216.172.190.206 port 58814:11: Bye Bye [preauth]
Sep 30 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Disconnected from 216.172.190.206 port 58814 [preauth]
Sep 30 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Failed password for invalid user wy from 103.139.192.17 port 35136 ssh2
Sep 30 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Received disconnect from 103.139.192.17 port 35136:11: Bye Bye [preauth]
Sep 30 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6314]: Disconnected from 103.139.192.17 port 35136 [preauth]
Sep 30 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: Failed password for root from 162.144.236.216 port 54074 ssh2
Sep 30 01:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6313]: Connection closed by 162.144.236.216 port 54074 [preauth]
Sep 30 01:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Failed password for root from 162.144.236.216 port 60968 ssh2
Sep 30 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Connection closed by 162.144.236.216 port 60968 [preauth]
Sep 30 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4912]: pam_unix(cron:session): session closed for user root
Sep 30 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for root from 162.144.236.216 port 38766 ssh2
Sep 30 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Connection closed by 162.144.236.216 port 38766 [preauth]
Sep 30 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: Failed password for root from 59.98.83.57 port 57760 ssh2
Sep 30 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: Received disconnect from 59.98.83.57 port 57760:11: Bye Bye [preauth]
Sep 30 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6413]: Disconnected from 59.98.83.57 port 57760 [preauth]
Sep 30 01:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Invalid user foundry from 206.217.131.233
Sep 30 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Failed password for root from 162.144.236.216 port 45362 ssh2
Sep 30 01:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6415]: Connection closed by 162.144.236.216 port 45362 [preauth]
Sep 30 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user foundry from 206.217.131.233 port 41014 ssh2
Sep 30 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Received disconnect from 206.217.131.233 port 41014:11: Bye Bye [preauth]
Sep 30 01:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Disconnected from 206.217.131.233 port 41014 [preauth]
Sep 30 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Failed password for root from 162.144.236.216 port 51412 ssh2
Sep 30 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6438]: Connection closed by 162.144.236.216 port 51412 [preauth]
Sep 30 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Invalid user mminchenok from 40.115.18.231
Sep 30 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: input_userauth_request: invalid user mminchenok [preauth]
Sep 30 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for invalid user mminchenok from 40.115.18.231 port 37266 ssh2
Sep 30 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Received disconnect from 40.115.18.231 port 37266:11: Bye Bye [preauth]
Sep 30 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Disconnected from 40.115.18.231 port 37266 [preauth]
Sep 30 01:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Failed password for root from 162.144.236.216 port 58178 ssh2
Sep 30 01:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Connection closed by 162.144.236.216 port 58178 [preauth]
Sep 30 01:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6500]: pam_unix(cron:session): session closed for user root
Sep 30 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: Successful su for rubyman by root
Sep 30 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: + ??? root:rubyman
Sep 30 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318149 of user rubyman.
Sep 30 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6593]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318149.
Sep 30 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session closed for user root
Sep 30 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session closed for user root
Sep 30 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Invalid user admin from 93.152.230.176
Sep 30 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Failed password for root from 162.144.236.216 port 36368 ssh2
Sep 30 01:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Connection closed by 162.144.236.216 port 36368 [preauth]
Sep 30 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Failed password for invalid user admin from 93.152.230.176 port 7498 ssh2
Sep 30 01:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Received disconnect from 93.152.230.176 port 7498:11: Client disconnecting normally [preauth]
Sep 30 01:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6894]: Disconnected from 93.152.230.176 port 7498 [preauth]
Sep 30 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Failed password for root from 162.144.236.216 port 44334 ssh2
Sep 30 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Connection closed by 162.144.236.216 port 44334 [preauth]
Sep 30 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6946]: Failed password for root from 216.172.190.206 port 55364 ssh2
Sep 30 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6946]: Received disconnect from 216.172.190.206 port 55364:11: Bye Bye [preauth]
Sep 30 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6946]: Disconnected from 216.172.190.206 port 55364 [preauth]
Sep 30 01:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: Failed password for root from 162.144.236.216 port 49800 ssh2
Sep 30 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: Connection closed by 162.144.236.216 port 49800 [preauth]
Sep 30 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Failed password for root from 217.154.42.86 port 54818 ssh2
Sep 30 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Received disconnect from 217.154.42.86 port 54818:11: Bye Bye [preauth]
Sep 30 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Disconnected from 217.154.42.86 port 54818 [preauth]
Sep 30 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5464]: pam_unix(cron:session): session closed for user root
Sep 30 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6957]: Failed password for root from 162.144.236.216 port 55554 ssh2
Sep 30 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6957]: Connection closed by 162.144.236.216 port 55554 [preauth]
Sep 30 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Failed password for root from 206.217.131.233 port 36108 ssh2
Sep 30 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Received disconnect from 206.217.131.233 port 36108:11: Bye Bye [preauth]
Sep 30 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Disconnected from 206.217.131.233 port 36108 [preauth]
Sep 30 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Invalid user superadmin from 103.139.192.17
Sep 30 01:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Failed password for invalid user superadmin from 103.139.192.17 port 52648 ssh2
Sep 30 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Received disconnect from 103.139.192.17 port 52648:11: Bye Bye [preauth]
Sep 30 01:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Disconnected from 103.139.192.17 port 52648 [preauth]
Sep 30 01:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7128]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7131]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7258]: Successful su for rubyman by root
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7258]: + ??? root:rubyman
Sep 30 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318157 of user rubyman.
Sep 30 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7258]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318157.
Sep 30 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: Failed password for root from 162.144.236.216 port 34500 ssh2
Sep 30 01:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7031]: Connection closed by 162.144.236.216 port 34500 [preauth]
Sep 30 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3957]: pam_unix(cron:session): session closed for user root
Sep 30 01:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7124]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Failed password for root from 162.144.236.216 port 45164 ssh2
Sep 30 01:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: Invalid user owner from 216.172.190.206
Sep 30 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: input_userauth_request: invalid user owner [preauth]
Sep 30 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: Failed password for invalid user owner from 216.172.190.206 port 51906 ssh2
Sep 30 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: Received disconnect from 216.172.190.206 port 51906:11: Bye Bye [preauth]
Sep 30 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7510]: Disconnected from 216.172.190.206 port 51906 [preauth]
Sep 30 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Connection closed by 162.144.236.216 port 45164 [preauth]
Sep 30 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Invalid user alvin from 117.216.211.19
Sep 30 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: input_userauth_request: invalid user alvin [preauth]
Sep 30 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session closed for user root
Sep 30 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Failed password for invalid user alvin from 117.216.211.19 port 46762 ssh2
Sep 30 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Received disconnect from 117.216.211.19 port 46762:11: Bye Bye [preauth]
Sep 30 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Disconnected from 117.216.211.19 port 46762 [preauth]
Sep 30 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7556]: Failed password for root from 206.217.131.233 port 59408 ssh2
Sep 30 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7556]: Received disconnect from 206.217.131.233 port 59408:11: Bye Bye [preauth]
Sep 30 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7556]: Disconnected from 206.217.131.233 port 59408 [preauth]
Sep 30 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Failed password for root from 162.144.236.216 port 53656 ssh2
Sep 30 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Connection closed by 162.144.236.216 port 53656 [preauth]
Sep 30 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Failed password for root from 162.144.236.216 port 60498 ssh2
Sep 30 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Invalid user depot from 220.247.224.226
Sep 30 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: input_userauth_request: invalid user depot [preauth]
Sep 30 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Connection closed by 162.144.236.216 port 60498 [preauth]
Sep 30 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for invalid user depot from 220.247.224.226 port 11789 ssh2
Sep 30 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Received disconnect from 220.247.224.226 port 11789:11: Bye Bye [preauth]
Sep 30 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Disconnected from 220.247.224.226 port 11789 [preauth]
Sep 30 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: Invalid user superadmin from 217.154.42.86
Sep 30 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: Failed password for invalid user superadmin from 217.154.42.86 port 39526 ssh2
Sep 30 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: Received disconnect from 217.154.42.86 port 39526:11: Bye Bye [preauth]
Sep 30 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7639]: Disconnected from 217.154.42.86 port 39526 [preauth]
Sep 30 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7725]: Successful su for rubyman by root
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7725]: + ??? root:rubyman
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318160 of user rubyman.
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7725]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318160.
Sep 30 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Failed password for root from 162.144.236.216 port 37504 ssh2
Sep 30 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Connection closed by 162.144.236.216 port 37504 [preauth]
Sep 30 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user root
Sep 30 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7651]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Failed password for root from 162.144.236.216 port 42982 ssh2
Sep 30 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Failed password for root from 59.98.83.57 port 37810 ssh2
Sep 30 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Received disconnect from 59.98.83.57 port 37810:11: Bye Bye [preauth]
Sep 30 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Disconnected from 59.98.83.57 port 37810 [preauth]
Sep 30 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7896]: Connection closed by 162.144.236.216 port 42982 [preauth]
Sep 30 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Failed password for root from 162.144.236.216 port 49164 ssh2
Sep 30 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Connection closed by 162.144.236.216 port 49164 [preauth]
Sep 30 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Failed password for root from 216.172.190.206 port 48456 ssh2
Sep 30 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Received disconnect from 216.172.190.206 port 48456:11: Bye Bye [preauth]
Sep 30 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Disconnected from 216.172.190.206 port 48456 [preauth]
Sep 30 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Invalid user sistema from 206.217.131.233
Sep 30 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: input_userauth_request: invalid user sistema [preauth]
Sep 30 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Failed password for invalid user sistema from 206.217.131.233 port 54488 ssh2
Sep 30 01:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Received disconnect from 206.217.131.233 port 54488:11: Bye Bye [preauth]
Sep 30 01:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Disconnected from 206.217.131.233 port 54488 [preauth]
Sep 30 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Invalid user ansible from 103.139.192.17
Sep 30 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: input_userauth_request: invalid user ansible [preauth]
Sep 30 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: Invalid user katie from 40.115.18.231
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: input_userauth_request: invalid user katie [preauth]
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6499]: pam_unix(cron:session): session closed for user root
Sep 30 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Failed password for invalid user ansible from 103.139.192.17 port 54828 ssh2
Sep 30 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Received disconnect from 103.139.192.17 port 54828:11: Bye Bye [preauth]
Sep 30 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8057]: Disconnected from 103.139.192.17 port 54828 [preauth]
Sep 30 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: Failed password for invalid user katie from 40.115.18.231 port 53016 ssh2
Sep 30 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8004]: Failed password for root from 162.144.236.216 port 56320 ssh2
Sep 30 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: Received disconnect from 40.115.18.231 port 53016:11: Bye Bye [preauth]
Sep 30 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8062]: Disconnected from 40.115.18.231 port 53016 [preauth]
Sep 30 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8004]: Connection closed by 162.144.236.216 port 56320 [preauth]
Sep 30 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: Invalid user satis from 217.154.42.86
Sep 30 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: input_userauth_request: invalid user satis [preauth]
Sep 30 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: Failed password for invalid user satis from 217.154.42.86 port 53842 ssh2
Sep 30 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: Received disconnect from 217.154.42.86 port 53842:11: Bye Bye [preauth]
Sep 30 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8153]: Disconnected from 217.154.42.86 port 53842 [preauth]
Sep 30 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Failed password for root from 162.144.236.216 port 34082 ssh2
Sep 30 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8099]: Connection closed by 162.144.236.216 port 34082 [preauth]
Sep 30 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8180]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8178]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: Successful su for rubyman by root
Sep 30 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: + ??? root:rubyman
Sep 30 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318163 of user rubyman.
Sep 30 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318163.
Sep 30 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4910]: pam_unix(cron:session): session closed for user root
Sep 30 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Failed password for root from 220.247.224.226 port 8229 ssh2
Sep 30 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Received disconnect from 220.247.224.226 port 8229:11: Bye Bye [preauth]
Sep 30 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Disconnected from 220.247.224.226 port 8229 [preauth]
Sep 30 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8177]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: Failed password for root from 162.144.236.216 port 42412 ssh2
Sep 30 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8173]: Connection closed by 162.144.236.216 port 42412 [preauth]
Sep 30 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Failed password for root from 162.144.236.216 port 49532 ssh2
Sep 30 01:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Failed password for root from 206.217.131.233 port 49554 ssh2
Sep 30 01:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Received disconnect from 206.217.131.233 port 49554:11: Bye Bye [preauth]
Sep 30 01:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8506]: Disconnected from 206.217.131.233 port 49554 [preauth]
Sep 30 01:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Connection closed by 162.144.236.216 port 49532 [preauth]
Sep 30 01:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: Invalid user admin from 80.94.95.116
Sep 30 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 30 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Failed password for root from 216.172.190.206 port 44998 ssh2
Sep 30 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Received disconnect from 216.172.190.206 port 44998:11: Bye Bye [preauth]
Sep 30 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8538]: Disconnected from 216.172.190.206 port 44998 [preauth]
Sep 30 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: Failed password for invalid user admin from 80.94.95.116 port 31386 ssh2
Sep 30 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8521]: Connection closed by 80.94.95.116 port 31386 [preauth]
Sep 30 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: Invalid user admins from 59.98.83.57
Sep 30 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: input_userauth_request: invalid user admins [preauth]
Sep 30 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: Failed password for invalid user admins from 59.98.83.57 port 33280 ssh2
Sep 30 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: Received disconnect from 59.98.83.57 port 33280:11: Bye Bye [preauth]
Sep 30 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8550]: Disconnected from 59.98.83.57 port 33280 [preauth]
Sep 30 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7131]: pam_unix(cron:session): session closed for user root
Sep 30 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Failed password for root from 40.115.18.231 port 50062 ssh2
Sep 30 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Received disconnect from 40.115.18.231 port 50062:11: Bye Bye [preauth]
Sep 30 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Disconnected from 40.115.18.231 port 50062 [preauth]
Sep 30 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: Failed password for root from 162.144.236.216 port 55616 ssh2
Sep 30 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Invalid user bkp from 217.154.42.86
Sep 30 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: input_userauth_request: invalid user bkp [preauth]
Sep 30 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8519]: Connection closed by 162.144.236.216 port 55616 [preauth]
Sep 30 01:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Failed password for invalid user bkp from 217.154.42.86 port 34400 ssh2
Sep 30 01:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Received disconnect from 217.154.42.86 port 34400:11: Bye Bye [preauth]
Sep 30 01:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Disconnected from 217.154.42.86 port 34400 [preauth]
Sep 30 01:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8673]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Failed password for root from 117.216.211.19 port 52402 ssh2
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8739]: Successful su for rubyman by root
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8739]: + ??? root:rubyman
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318169 of user rubyman.
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8739]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Received disconnect from 117.216.211.19 port 52402:11: Bye Bye [preauth]
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8666]: Disconnected from 117.216.211.19 port 52402 [preauth]
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318169.
Sep 30 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Failed password for root from 162.144.236.216 port 37868 ssh2
Sep 30 01:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Connection closed by 162.144.236.216 port 37868 [preauth]
Sep 30 01:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5463]: pam_unix(cron:session): session closed for user root
Sep 30 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Failed password for root from 162.144.236.216 port 44888 ssh2
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Invalid user adam from 206.217.131.233
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: input_userauth_request: invalid user adam [preauth]
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8924]: Connection closed by 162.144.236.216 port 44888 [preauth]
Sep 30 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Invalid user xy from 220.247.224.226
Sep 30 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: input_userauth_request: invalid user xy [preauth]
Sep 30 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Invalid user admin1 from 103.139.192.17
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: input_userauth_request: invalid user admin1 [preauth]
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Failed password for invalid user adam from 206.217.131.233 port 44626 ssh2
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Received disconnect from 206.217.131.233 port 44626:11: Bye Bye [preauth]
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Disconnected from 206.217.131.233 port 44626 [preauth]
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for invalid user xy from 220.247.224.226 port 51337 ssh2
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Received disconnect from 220.247.224.226 port 51337:11: Bye Bye [preauth]
Sep 30 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Disconnected from 220.247.224.226 port 51337 [preauth]
Sep 30 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Failed password for invalid user admin1 from 103.139.192.17 port 47372 ssh2
Sep 30 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Received disconnect from 103.139.192.17 port 47372:11: Bye Bye [preauth]
Sep 30 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9070]: Disconnected from 103.139.192.17 port 47372 [preauth]
Sep 30 01:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Failed password for root from 162.144.236.216 port 52462 ssh2
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9079]: Connection closed by 162.144.236.216 port 52462 [preauth]
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Invalid user boris from 216.172.190.206
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: input_userauth_request: invalid user boris [preauth]
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Failed password for invalid user boris from 216.172.190.206 port 41536 ssh2
Sep 30 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Received disconnect from 216.172.190.206 port 41536:11: Bye Bye [preauth]
Sep 30 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9128]: Disconnected from 216.172.190.206 port 41536 [preauth]
Sep 30 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session closed for user root
Sep 30 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Invalid user admin from 40.115.18.231
Sep 30 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for invalid user admin from 40.115.18.231 port 47114 ssh2
Sep 30 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Received disconnect from 40.115.18.231 port 47114:11: Bye Bye [preauth]
Sep 30 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Disconnected from 40.115.18.231 port 47114 [preauth]
Sep 30 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Failed password for root from 162.144.236.216 port 58630 ssh2
Sep 30 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Connection closed by 162.144.236.216 port 58630 [preauth]
Sep 30 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Invalid user client from 217.154.42.86
Sep 30 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: input_userauth_request: invalid user client [preauth]
Sep 30 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Failed password for invalid user client from 217.154.42.86 port 47074 ssh2
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Received disconnect from 217.154.42.86 port 47074:11: Bye Bye [preauth]
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9289]: Disconnected from 217.154.42.86 port 47074 [preauth]
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Invalid user sg from 59.98.83.57
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: input_userauth_request: invalid user sg [preauth]
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Failed password for invalid user sg from 59.98.83.57 port 56980 ssh2
Sep 30 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Received disconnect from 59.98.83.57 port 56980:11: Bye Bye [preauth]
Sep 30 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Disconnected from 59.98.83.57 port 56980 [preauth]
Sep 30 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Failed password for root from 162.144.236.216 port 37468 ssh2
Sep 30 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Connection closed by 162.144.236.216 port 37468 [preauth]
Sep 30 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9355]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9354]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9355]: pam_unix(cron:session): session closed for user root
Sep 30 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9348]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9434]: Successful su for rubyman by root
Sep 30 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9434]: + ??? root:rubyman
Sep 30 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318174 of user rubyman.
Sep 30 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9434]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318174.
Sep 30 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session closed for user root
Sep 30 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session closed for user root
Sep 30 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Invalid user kiran from 206.217.131.233
Sep 30 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: input_userauth_request: invalid user kiran [preauth]
Sep 30 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Failed password for root from 162.144.236.216 port 45464 ssh2
Sep 30 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Connection closed by 162.144.236.216 port 45464 [preauth]
Sep 30 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Failed password for invalid user kiran from 206.217.131.233 port 39718 ssh2
Sep 30 01:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Received disconnect from 206.217.131.233 port 39718:11: Bye Bye [preauth]
Sep 30 01:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9642]: Disconnected from 206.217.131.233 port 39718 [preauth]
Sep 30 01:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for root from 162.144.236.216 port 51214 ssh2
Sep 30 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Connection closed by 162.144.236.216 port 51214 [preauth]
Sep 30 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Invalid user ubuntu from 117.216.211.19
Sep 30 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Failed password for invalid user ubuntu from 117.216.211.19 port 46972 ssh2
Sep 30 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Received disconnect from 117.216.211.19 port 46972:11: Bye Bye [preauth]
Sep 30 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Disconnected from 117.216.211.19 port 46972 [preauth]
Sep 30 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Invalid user lucjan from 220.247.224.226
Sep 30 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: input_userauth_request: invalid user lucjan [preauth]
Sep 30 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user lucjan from 220.247.224.226 port 6989 ssh2
Sep 30 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Received disconnect from 220.247.224.226 port 6989:11: Bye Bye [preauth]
Sep 30 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Disconnected from 220.247.224.226 port 6989 [preauth]
Sep 30 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for root from 162.144.236.216 port 56530 ssh2
Sep 30 01:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Connection closed by 162.144.236.216 port 56530 [preauth]
Sep 30 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8180]: pam_unix(cron:session): session closed for user root
Sep 30 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Failed password for root from 216.172.190.206 port 38086 ssh2
Sep 30 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Received disconnect from 216.172.190.206 port 38086:11: Bye Bye [preauth]
Sep 30 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Disconnected from 216.172.190.206 port 38086 [preauth]
Sep 30 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Invalid user tomcat from 40.115.18.231
Sep 30 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: input_userauth_request: invalid user tomcat [preauth]
Sep 30 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: Invalid user user1 from 217.154.42.86
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: input_userauth_request: invalid user user1 [preauth]
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Failed password for invalid user tomcat from 40.115.18.231 port 44176 ssh2
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Received disconnect from 40.115.18.231 port 44176:11: Bye Bye [preauth]
Sep 30 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Disconnected from 40.115.18.231 port 44176 [preauth]
Sep 30 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: Failed password for invalid user user1 from 217.154.42.86 port 50866 ssh2
Sep 30 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: Received disconnect from 217.154.42.86 port 50866:11: Bye Bye [preauth]
Sep 30 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9906]: Disconnected from 217.154.42.86 port 50866 [preauth]
Sep 30 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Failed password for root from 162.144.236.216 port 35166 ssh2
Sep 30 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Connection closed by 162.144.236.216 port 35166 [preauth]
Sep 30 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Invalid user biz from 103.139.192.17
Sep 30 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: input_userauth_request: invalid user biz [preauth]
Sep 30 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Failed password for invalid user biz from 103.139.192.17 port 47468 ssh2
Sep 30 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Received disconnect from 103.139.192.17 port 47468:11: Bye Bye [preauth]
Sep 30 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Disconnected from 103.139.192.17 port 47468 [preauth]
Sep 30 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Failed password for root from 162.144.236.216 port 43016 ssh2
Sep 30 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Invalid user minecraft from 206.217.131.233
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Connection closed by 162.144.236.216 port 43016 [preauth]
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9976]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9974]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10055]: Successful su for rubyman by root
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10055]: + ??? root:rubyman
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318177 of user rubyman.
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10055]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318177.
Sep 30 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Failed password for invalid user minecraft from 206.217.131.233 port 34786 ssh2
Sep 30 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Received disconnect from 206.217.131.233 port 34786:11: Bye Bye [preauth]
Sep 30 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Disconnected from 206.217.131.233 port 34786 [preauth]
Sep 30 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6498]: pam_unix(cron:session): session closed for user root
Sep 30 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Invalid user lucjan from 59.98.83.57
Sep 30 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: input_userauth_request: invalid user lucjan [preauth]
Sep 30 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9975]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Failed password for invalid user lucjan from 59.98.83.57 port 52466 ssh2
Sep 30 01:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Received disconnect from 59.98.83.57 port 52466:11: Bye Bye [preauth]
Sep 30 01:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Disconnected from 59.98.83.57 port 52466 [preauth]
Sep 30 01:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9971]: Failed password for root from 162.144.236.216 port 49114 ssh2
Sep 30 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9971]: Connection closed by 162.144.236.216 port 49114 [preauth]
Sep 30 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: Failed password for root from 162.144.236.216 port 55208 ssh2
Sep 30 01:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: Connection closed by 162.144.236.216 port 55208 [preauth]
Sep 30 01:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Invalid user alessio from 220.247.224.226
Sep 30 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: input_userauth_request: invalid user alessio [preauth]
Sep 30 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Failed password for root from 162.144.236.216 port 34574 ssh2
Sep 30 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Connection closed by 162.144.236.216 port 34574 [preauth]
Sep 30 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Failed password for invalid user alessio from 220.247.224.226 port 33679 ssh2
Sep 30 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Received disconnect from 220.247.224.226 port 33679:11: Bye Bye [preauth]
Sep 30 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10355]: Disconnected from 220.247.224.226 port 33679 [preauth]
Sep 30 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Invalid user support from 117.216.211.19
Sep 30 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: input_userauth_request: invalid user support [preauth]
Sep 30 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8673]: pam_unix(cron:session): session closed for user root
Sep 30 01:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Failed password for invalid user support from 117.216.211.19 port 41536 ssh2
Sep 30 01:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Received disconnect from 117.216.211.19 port 41536:11: Bye Bye [preauth]
Sep 30 01:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10369]: Disconnected from 117.216.211.19 port 41536 [preauth]
Sep 30 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Invalid user test from 217.154.42.86
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: input_userauth_request: invalid user test [preauth]
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for root from 216.172.190.206 port 34632 ssh2
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Received disconnect from 216.172.190.206 port 34632:11: Bye Bye [preauth]
Sep 30 01:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Disconnected from 216.172.190.206 port 34632 [preauth]
Sep 30 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Failed password for invalid user test from 217.154.42.86 port 51580 ssh2
Sep 30 01:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Received disconnect from 217.154.42.86 port 51580:11: Bye Bye [preauth]
Sep 30 01:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10407]: Disconnected from 217.154.42.86 port 51580 [preauth]
Sep 30 01:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Failed password for root from 162.144.236.216 port 39238 ssh2
Sep 30 01:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Connection closed by 162.144.236.216 port 39238 [preauth]
Sep 30 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Invalid user station from 40.115.18.231
Sep 30 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: input_userauth_request: invalid user station [preauth]
Sep 30 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Failed password for invalid user station from 40.115.18.231 port 41234 ssh2
Sep 30 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Received disconnect from 40.115.18.231 port 41234:11: Bye Bye [preauth]
Sep 30 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10442]: Disconnected from 40.115.18.231 port 41234 [preauth]
Sep 30 01:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Failed password for root from 162.144.236.216 port 44790 ssh2
Sep 30 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10448]: Connection closed by 162.144.236.216 port 44790 [preauth]
Sep 30 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10469]: Failed password for root from 206.217.131.233 port 58100 ssh2
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10469]: Received disconnect from 206.217.131.233 port 58100:11: Bye Bye [preauth]
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10469]: Disconnected from 206.217.131.233 port 58100 [preauth]
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10476]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10476]: pam_unix(cron:session): session closed for user root
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10550]: Successful su for rubyman by root
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10550]: + ??? root:rubyman
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318184 of user rubyman.
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10550]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318184.
Sep 30 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7128]: pam_unix(cron:session): session closed for user root
Sep 30 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for root from 162.144.236.216 port 49646 ssh2
Sep 30 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Connection closed by 162.144.236.216 port 49646 [preauth]
Sep 30 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10479]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Failed password for root from 162.144.236.216 port 54816 ssh2
Sep 30 01:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Connection closed by 162.144.236.216 port 54816 [preauth]
Sep 30 01:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Failed password for root from 162.144.236.216 port 60348 ssh2
Sep 30 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: Invalid user postgres from 93.152.230.176
Sep 30 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: input_userauth_request: invalid user postgres [preauth]
Sep 30 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Invalid user shreya from 59.98.83.57
Sep 30 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: input_userauth_request: invalid user shreya [preauth]
Sep 30 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: Failed password for invalid user postgres from 93.152.230.176 port 51942 ssh2
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: Received disconnect from 93.152.230.176 port 51942:11: Client disconnecting normally [preauth]
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10804]: Disconnected from 93.152.230.176 port 51942 [preauth]
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Failed password for invalid user shreya from 59.98.83.57 port 47948 ssh2
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Connection closed by 162.144.236.216 port 60348 [preauth]
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Received disconnect from 59.98.83.57 port 47948:11: Bye Bye [preauth]
Sep 30 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Disconnected from 59.98.83.57 port 47948 [preauth]
Sep 30 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Invalid user adam from 103.139.192.17
Sep 30 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: input_userauth_request: invalid user adam [preauth]
Sep 30 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user adam from 103.139.192.17 port 43836 ssh2
Sep 30 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Received disconnect from 103.139.192.17 port 43836:11: Bye Bye [preauth]
Sep 30 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Disconnected from 103.139.192.17 port 43836 [preauth]
Sep 30 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9354]: pam_unix(cron:session): session closed for user root
Sep 30 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: Failed password for root from 162.144.236.216 port 38376 ssh2
Sep 30 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Invalid user superadmin from 220.247.224.226
Sep 30 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10831]: Connection closed by 162.144.236.216 port 38376 [preauth]
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Failed password for invalid user superadmin from 220.247.224.226 port 43616 ssh2
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10880]: Failed password for root from 217.154.42.86 port 45432 ssh2
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Received disconnect from 220.247.224.226 port 43616:11: Bye Bye [preauth]
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10878]: Disconnected from 220.247.224.226 port 43616 [preauth]
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10880]: Received disconnect from 217.154.42.86 port 45432:11: Bye Bye [preauth]
Sep 30 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10880]: Disconnected from 217.154.42.86 port 45432 [preauth]
Sep 30 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: Invalid user superadmin from 216.172.190.206
Sep 30 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: Failed password for invalid user superadmin from 216.172.190.206 port 59410 ssh2
Sep 30 01:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: Received disconnect from 216.172.190.206 port 59410:11: Bye Bye [preauth]
Sep 30 01:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10893]: Disconnected from 216.172.190.206 port 59410 [preauth]
Sep 30 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Invalid user james from 117.216.211.19
Sep 30 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: input_userauth_request: invalid user james [preauth]
Sep 30 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Failed password for invalid user james from 117.216.211.19 port 36096 ssh2
Sep 30 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Received disconnect from 117.216.211.19 port 36096:11: Bye Bye [preauth]
Sep 30 01:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Disconnected from 117.216.211.19 port 36096 [preauth]
Sep 30 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Invalid user superadmin from 206.217.131.233
Sep 30 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Failed password for root from 162.144.236.216 port 44550 ssh2
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Failed password for invalid user superadmin from 206.217.131.233 port 53178 ssh2
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Received disconnect from 206.217.131.233 port 53178:11: Bye Bye [preauth]
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10931]: Disconnected from 206.217.131.233 port 53178 [preauth]
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Invalid user client from 40.115.18.231
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: input_userauth_request: invalid user client [preauth]
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Failed password for invalid user client from 40.115.18.231 port 38306 ssh2
Sep 30 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Received disconnect from 40.115.18.231 port 38306:11: Bye Bye [preauth]
Sep 30 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10934]: Disconnected from 40.115.18.231 port 38306 [preauth]
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10949]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10947]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11014]: Successful su for rubyman by root
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11014]: + ??? root:rubyman
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318186 of user rubyman.
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11014]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318186.
Sep 30 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Connection closed by 162.144.236.216 port 44550 [preauth]
Sep 30 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session closed for user root
Sep 30 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10948]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Failed password for root from 162.144.236.216 port 53444 ssh2
Sep 30 01:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Connection closed by 162.144.236.216 port 53444 [preauth]
Sep 30 01:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for root from 162.144.236.216 port 59716 ssh2
Sep 30 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 162.144.236.216 port 59716 [preauth]
Sep 30 01:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for root from 162.144.236.216 port 37882 ssh2
Sep 30 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 30 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab10@198.199.94.12 rhost=::ffff:45.142.193.185
Sep 30 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Sep 30 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab10 rhost=::ffff:45.142.193.185
Sep 30 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session closed for user root
Sep 30 01:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Invalid user sfserver from 217.154.42.86
Sep 30 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: input_userauth_request: invalid user sfserver [preauth]
Sep 30 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Connection closed by 162.144.236.216 port 37882 [preauth]
Sep 30 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Failed password for invalid user sfserver from 217.154.42.86 port 45424 ssh2
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Received disconnect from 217.154.42.86 port 45424:11: Bye Bye [preauth]
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Disconnected from 217.154.42.86 port 45424 [preauth]
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Invalid user console from 59.98.83.57
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: input_userauth_request: invalid user console [preauth]
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Failed password for invalid user console from 59.98.83.57 port 43428 ssh2
Sep 30 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Received disconnect from 59.98.83.57 port 43428:11: Bye Bye [preauth]
Sep 30 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Disconnected from 59.98.83.57 port 43428 [preauth]
Sep 30 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Invalid user tania from 216.172.190.206
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: input_userauth_request: invalid user tania [preauth]
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Invalid user sg from 220.247.224.226
Sep 30 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: input_userauth_request: invalid user sg [preauth]
Sep 30 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Failed password for invalid user tania from 216.172.190.206 port 55960 ssh2
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Received disconnect from 216.172.190.206 port 55960:11: Bye Bye [preauth]
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Disconnected from 216.172.190.206 port 55960 [preauth]
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for root from 206.217.131.233 port 48248 ssh2
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Received disconnect from 206.217.131.233 port 48248:11: Bye Bye [preauth]
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Disconnected from 206.217.131.233 port 48248 [preauth]
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Failed password for invalid user sg from 220.247.224.226 port 37905 ssh2
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Received disconnect from 220.247.224.226 port 37905:11: Bye Bye [preauth]
Sep 30 01:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Disconnected from 220.247.224.226 port 37905 [preauth]
Sep 30 01:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Failed password for root from 162.144.236.216 port 47606 ssh2
Sep 30 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Connection closed by 162.144.236.216 port 47606 [preauth]
Sep 30 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: Invalid user bayu from 117.216.211.19
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: input_userauth_request: invalid user bayu [preauth]
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11416]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11413]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11477]: Successful su for rubyman by root
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11477]: + ??? root:rubyman
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318190 of user rubyman.
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11477]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318190.
Sep 30 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: Failed password for invalid user bayu from 117.216.211.19 port 58888 ssh2
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: Received disconnect from 117.216.211.19 port 58888:11: Bye Bye [preauth]
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11410]: Disconnected from 117.216.211.19 port 58888 [preauth]
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Invalid user minecraft from 103.139.192.17
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Failed password for root from 162.144.236.216 port 54780 ssh2
Sep 30 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8178]: pam_unix(cron:session): session closed for user root
Sep 30 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user minecraft from 103.139.192.17 port 41670 ssh2
Sep 30 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Received disconnect from 103.139.192.17 port 41670:11: Bye Bye [preauth]
Sep 30 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Disconnected from 103.139.192.17 port 41670 [preauth]
Sep 30 01:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Connection closed by 162.144.236.216 port 54780 [preauth]
Sep 30 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Invalid user rr from 40.115.18.231
Sep 30 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: input_userauth_request: invalid user rr [preauth]
Sep 30 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11414]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Failed password for invalid user rr from 40.115.18.231 port 35372 ssh2
Sep 30 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Received disconnect from 40.115.18.231 port 35372:11: Bye Bye [preauth]
Sep 30 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Disconnected from 40.115.18.231 port 35372 [preauth]
Sep 30 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Failed password for root from 162.144.236.216 port 60002 ssh2
Sep 30 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Connection closed by 162.144.236.216 port 60002 [preauth]
Sep 30 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Failed password for root from 162.144.236.216 port 38874 ssh2
Sep 30 01:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11813]: Connection closed by 162.144.236.216 port 38874 [preauth]
Sep 30 01:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session closed for user root
Sep 30 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11865]: Failed password for root from 217.154.42.86 port 40906 ssh2
Sep 30 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11865]: Received disconnect from 217.154.42.86 port 40906:11: Bye Bye [preauth]
Sep 30 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11865]: Disconnected from 217.154.42.86 port 40906 [preauth]
Sep 30 01:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Invalid user test from 206.217.131.233
Sep 30 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: input_userauth_request: invalid user test [preauth]
Sep 30 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Failed password for root from 162.144.236.216 port 44516 ssh2
Sep 30 01:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Failed password for invalid user test from 206.217.131.233 port 43336 ssh2
Sep 30 01:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Received disconnect from 206.217.131.233 port 43336:11: Bye Bye [preauth]
Sep 30 01:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Disconnected from 206.217.131.233 port 43336 [preauth]
Sep 30 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11863]: Connection closed by 162.144.236.216 port 44516 [preauth]
Sep 30 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Invalid user admin2 from 216.172.190.206
Sep 30 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: input_userauth_request: invalid user admin2 [preauth]
Sep 30 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Failed password for invalid user admin2 from 216.172.190.206 port 52506 ssh2
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Received disconnect from 216.172.190.206 port 52506:11: Bye Bye [preauth]
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Disconnected from 216.172.190.206 port 52506 [preauth]
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Invalid user game from 59.98.83.57
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: input_userauth_request: invalid user game [preauth]
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Failed password for invalid user game from 59.98.83.57 port 38896 ssh2
Sep 30 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Received disconnect from 59.98.83.57 port 38896:11: Bye Bye [preauth]
Sep 30 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Disconnected from 59.98.83.57 port 38896 [preauth]
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session closed for user root
Sep 30 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: Successful su for rubyman by root
Sep 30 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: + ??? root:rubyman
Sep 30 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318194 of user rubyman.
Sep 30 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318194.
Sep 30 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11960]: pam_unix(cron:session): session closed for user root
Sep 30 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session closed for user root
Sep 30 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Failed password for root from 162.144.236.216 port 52026 ssh2
Sep 30 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Failed password for root from 220.247.224.226 port 46807 ssh2
Sep 30 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Received disconnect from 220.247.224.226 port 46807:11: Bye Bye [preauth]
Sep 30 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Disconnected from 220.247.224.226 port 46807 [preauth]
Sep 30 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Connection closed by 162.144.236.216 port 52026 [preauth]
Sep 30 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11958]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Invalid user user from 117.216.211.19
Sep 30 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: input_userauth_request: invalid user user [preauth]
Sep 30 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Failed password for invalid user user from 117.216.211.19 port 53454 ssh2
Sep 30 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Received disconnect from 117.216.211.19 port 53454:11: Bye Bye [preauth]
Sep 30 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Disconnected from 117.216.211.19 port 53454 [preauth]
Sep 30 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12254]: Failed password for root from 162.144.236.216 port 60430 ssh2
Sep 30 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12254]: Connection closed by 162.144.236.216 port 60430 [preauth]
Sep 30 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Failed password for root from 40.115.18.231 port 60676 ssh2
Sep 30 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Received disconnect from 40.115.18.231 port 60676:11: Bye Bye [preauth]
Sep 30 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Disconnected from 40.115.18.231 port 60676 [preauth]
Sep 30 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Invalid user estest from 217.154.42.86
Sep 30 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: input_userauth_request: invalid user estest [preauth]
Sep 30 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for invalid user estest from 217.154.42.86 port 54558 ssh2
Sep 30 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Failed password for root from 162.144.236.216 port 37900 ssh2
Sep 30 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Received disconnect from 217.154.42.86 port 54558:11: Bye Bye [preauth]
Sep 30 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Disconnected from 217.154.42.86 port 54558 [preauth]
Sep 30 01:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Connection closed by 162.144.236.216 port 37900 [preauth]
Sep 30 01:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session closed for user root
Sep 30 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Failed password for root from 162.144.236.216 port 43464 ssh2
Sep 30 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Connection closed by 162.144.236.216 port 43464 [preauth]
Sep 30 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Invalid user ansible from 206.217.131.233
Sep 30 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: input_userauth_request: invalid user ansible [preauth]
Sep 30 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Failed password for invalid user ansible from 206.217.131.233 port 38436 ssh2
Sep 30 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Received disconnect from 206.217.131.233 port 38436:11: Bye Bye [preauth]
Sep 30 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Disconnected from 206.217.131.233 port 38436 [preauth]
Sep 30 01:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Failed password for root from 162.144.236.216 port 47596 ssh2
Sep 30 01:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Failed password for root from 216.172.190.206 port 49056 ssh2
Sep 30 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Received disconnect from 216.172.190.206 port 49056:11: Bye Bye [preauth]
Sep 30 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12431]: Disconnected from 216.172.190.206 port 49056 [preauth]
Sep 30 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Connection closed by 162.144.236.216 port 47596 [preauth]
Sep 30 01:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: Successful su for rubyman by root
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: + ??? root:rubyman
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318200 of user rubyman.
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318200.
Sep 30 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session closed for user root
Sep 30 01:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Failed password for root from 162.144.236.216 port 55474 ssh2
Sep 30 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Connection closed by 162.144.236.216 port 55474 [preauth]
Sep 30 01:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: Invalid user dbuser from 59.98.83.57
Sep 30 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: input_userauth_request: invalid user dbuser [preauth]
Sep 30 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: Failed password for invalid user dbuser from 59.98.83.57 port 34376 ssh2
Sep 30 01:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: Received disconnect from 59.98.83.57 port 34376:11: Bye Bye [preauth]
Sep 30 01:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12735]: Disconnected from 59.98.83.57 port 34376 [preauth]
Sep 30 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Failed password for root from 220.247.224.226 port 39792 ssh2
Sep 30 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Received disconnect from 220.247.224.226 port 39792:11: Bye Bye [preauth]
Sep 30 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Disconnected from 220.247.224.226 port 39792 [preauth]
Sep 30 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Failed password for root from 162.144.236.216 port 34154 ssh2
Sep 30 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Connection closed by 162.144.236.216 port 34154 [preauth]
Sep 30 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Invalid user foundry from 217.154.42.86
Sep 30 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for root from 162.144.236.216 port 39484 ssh2
Sep 30 01:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user foundry from 217.154.42.86 port 44704 ssh2
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Received disconnect from 217.154.42.86 port 44704:11: Bye Bye [preauth]
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Disconnected from 217.154.42.86 port 44704 [preauth]
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Invalid user userone from 117.216.211.19
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: input_userauth_request: invalid user userone [preauth]
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Invalid user pivpn from 40.115.18.231
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: input_userauth_request: invalid user pivpn [preauth]
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Connection closed by 162.144.236.216 port 39484 [preauth]
Sep 30 01:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Failed password for invalid user userone from 117.216.211.19 port 48014 ssh2
Sep 30 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Failed password for invalid user pivpn from 40.115.18.231 port 57748 ssh2
Sep 30 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Received disconnect from 117.216.211.19 port 48014:11: Bye Bye [preauth]
Sep 30 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Disconnected from 117.216.211.19 port 48014 [preauth]
Sep 30 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Received disconnect from 40.115.18.231 port 57748:11: Bye Bye [preauth]
Sep 30 01:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Disconnected from 40.115.18.231 port 57748 [preauth]
Sep 30 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11416]: pam_unix(cron:session): session closed for user root
Sep 30 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: Invalid user ali from 206.217.131.233
Sep 30 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: input_userauth_request: invalid user ali [preauth]
Sep 30 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: Failed password for invalid user ali from 206.217.131.233 port 33512 ssh2
Sep 30 01:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: Received disconnect from 206.217.131.233 port 33512:11: Bye Bye [preauth]
Sep 30 01:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12863]: Disconnected from 206.217.131.233 port 33512 [preauth]
Sep 30 01:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: Failed password for root from 162.144.236.216 port 46776 ssh2
Sep 30 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12821]: Connection closed by 162.144.236.216 port 46776 [preauth]
Sep 30 01:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13009]: Successful su for rubyman by root
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13009]: + ??? root:rubyman
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318204 of user rubyman.
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13009]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318204.
Sep 30 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Failed password for root from 216.172.190.206 port 45602 ssh2
Sep 30 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Received disconnect from 216.172.190.206 port 45602:11: Bye Bye [preauth]
Sep 30 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Disconnected from 216.172.190.206 port 45602 [preauth]
Sep 30 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9976]: pam_unix(cron:session): session closed for user root
Sep 30 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Failed password for root from 162.144.236.216 port 57974 ssh2
Sep 30 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Connection closed by 162.144.236.216 port 57974 [preauth]
Sep 30 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: Invalid user teste from 80.94.95.116
Sep 30 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: input_userauth_request: invalid user teste [preauth]
Sep 30 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 30 01:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: Failed password for invalid user teste from 80.94.95.116 port 26364 ssh2
Sep 30 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13201]: Connection closed by 80.94.95.116 port 26364 [preauth]
Sep 30 01:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Failed password for root from 162.144.236.216 port 37540 ssh2
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Invalid user wcs from 220.247.224.226
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: input_userauth_request: invalid user wcs [preauth]
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Invalid user pop from 103.139.192.17
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: input_userauth_request: invalid user pop [preauth]
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Invalid user xy from 59.98.83.57
Sep 30 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: input_userauth_request: invalid user xy [preauth]
Sep 30 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Invalid user elastic from 217.154.42.86
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: input_userauth_request: invalid user elastic [preauth]
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Failed password for invalid user wcs from 220.247.224.226 port 52820 ssh2
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Received disconnect from 220.247.224.226 port 52820:11: Bye Bye [preauth]
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Disconnected from 220.247.224.226 port 52820 [preauth]
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Failed password for invalid user pop from 103.139.192.17 port 54220 ssh2
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Failed password for invalid user xy from 59.98.83.57 port 58078 ssh2
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Received disconnect from 103.139.192.17 port 54220:11: Bye Bye [preauth]
Sep 30 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Disconnected from 103.139.192.17 port 54220 [preauth]
Sep 30 01:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Received disconnect from 59.98.83.57 port 58078:11: Bye Bye [preauth]
Sep 30 01:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Disconnected from 59.98.83.57 port 58078 [preauth]
Sep 30 01:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Failed password for invalid user elastic from 217.154.42.86 port 40106 ssh2
Sep 30 01:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Connection closed by 162.144.236.216 port 37540 [preauth]
Sep 30 01:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Received disconnect from 217.154.42.86 port 40106:11: Bye Bye [preauth]
Sep 30 01:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Disconnected from 217.154.42.86 port 40106 [preauth]
Sep 30 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session closed for user root
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Invalid user test from 40.115.18.231
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: input_userauth_request: invalid user test [preauth]
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Failed password for root from 162.144.236.216 port 47210 ssh2
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: Failed password for root from 117.216.211.19 port 42568 ssh2
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: Received disconnect from 117.216.211.19 port 42568:11: Bye Bye [preauth]
Sep 30 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: Disconnected from 117.216.211.19 port 42568 [preauth]
Sep 30 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Connection closed by 162.144.236.216 port 47210 [preauth]
Sep 30 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Failed password for invalid user test from 40.115.18.231 port 54820 ssh2
Sep 30 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Received disconnect from 40.115.18.231 port 54820:11: Bye Bye [preauth]
Sep 30 01:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13327]: Disconnected from 40.115.18.231 port 54820 [preauth]
Sep 30 01:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Failed password for root from 206.217.131.233 port 56822 ssh2
Sep 30 01:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Received disconnect from 206.217.131.233 port 56822:11: Bye Bye [preauth]
Sep 30 01:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: Disconnected from 206.217.131.233 port 56822 [preauth]
Sep 30 01:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for root from 162.144.236.216 port 52416 ssh2
Sep 30 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Connection closed by 162.144.236.216 port 52416 [preauth]
Sep 30 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13468]: Successful su for rubyman by root
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13468]: + ??? root:rubyman
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318209 of user rubyman.
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13468]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318209.
Sep 30 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Failed password for root from 162.144.236.216 port 59942 ssh2
Sep 30 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Connection closed by 162.144.236.216 port 59942 [preauth]
Sep 30 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10480]: pam_unix(cron:session): session closed for user root
Sep 30 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: Invalid user slave from 216.172.190.206
Sep 30 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: input_userauth_request: invalid user slave [preauth]
Sep 30 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: Failed password for invalid user slave from 216.172.190.206 port 42144 ssh2
Sep 30 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: Received disconnect from 216.172.190.206 port 42144:11: Bye Bye [preauth]
Sep 30 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13650]: Disconnected from 216.172.190.206 port 42144 [preauth]
Sep 30 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: Failed password for root from 162.144.236.216 port 37650 ssh2
Sep 30 01:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13628]: Connection closed by 162.144.236.216 port 37650 [preauth]
Sep 30 01:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: Invalid user karimi from 217.154.42.86
Sep 30 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: input_userauth_request: invalid user karimi [preauth]
Sep 30 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: Failed password for invalid user karimi from 217.154.42.86 port 57728 ssh2
Sep 30 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: Received disconnect from 217.154.42.86 port 57728:11: Bye Bye [preauth]
Sep 30 01:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13693]: Disconnected from 217.154.42.86 port 57728 [preauth]
Sep 30 01:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Failed password for root from 162.144.236.216 port 45152 ssh2
Sep 30 01:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Invalid user toby from 220.247.224.226
Sep 30 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: input_userauth_request: invalid user toby [preauth]
Sep 30 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13680]: Connection closed by 162.144.236.216 port 45152 [preauth]
Sep 30 01:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Failed password for invalid user toby from 220.247.224.226 port 32643 ssh2
Sep 30 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Received disconnect from 220.247.224.226 port 32643:11: Bye Bye [preauth]
Sep 30 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Disconnected from 220.247.224.226 port 32643 [preauth]
Sep 30 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Invalid user web1 from 59.98.83.57
Sep 30 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: input_userauth_request: invalid user web1 [preauth]
Sep 30 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session closed for user root
Sep 30 01:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Invalid user biz from 206.217.131.233
Sep 30 01:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: input_userauth_request: invalid user biz [preauth]
Sep 30 01:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Failed password for invalid user web1 from 59.98.83.57 port 53556 ssh2
Sep 30 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Received disconnect from 59.98.83.57 port 53556:11: Bye Bye [preauth]
Sep 30 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Disconnected from 59.98.83.57 port 53556 [preauth]
Sep 30 01:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Failed password for invalid user biz from 206.217.131.233 port 51894 ssh2
Sep 30 01:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Received disconnect from 206.217.131.233 port 51894:11: Bye Bye [preauth]
Sep 30 01:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Disconnected from 206.217.131.233 port 51894 [preauth]
Sep 30 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13735]: Failed password for root from 162.144.236.216 port 53024 ssh2
Sep 30 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Invalid user superadmin from 40.115.18.231
Sep 30 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13735]: Connection closed by 162.144.236.216 port 53024 [preauth]
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Failed password for root from 117.216.211.19 port 37130 ssh2
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Received disconnect from 117.216.211.19 port 37130:11: Bye Bye [preauth]
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13819]: Disconnected from 117.216.211.19 port 37130 [preauth]
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Failed password for invalid user superadmin from 40.115.18.231 port 51892 ssh2
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Received disconnect from 40.115.18.231 port 51892:11: Bye Bye [preauth]
Sep 30 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Disconnected from 40.115.18.231 port 51892 [preauth]
Sep 30 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13832]: Failed password for root from 162.144.236.216 port 60548 ssh2
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Invalid user ali from 103.139.192.17
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: input_userauth_request: invalid user ali [preauth]
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13856]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13857]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13854]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13917]: Successful su for rubyman by root
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13917]: + ??? root:rubyman
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318214 of user rubyman.
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13917]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318214.
Sep 30 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Failed password for invalid user ali from 103.139.192.17 port 40724 ssh2
Sep 30 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Received disconnect from 103.139.192.17 port 40724:11: Bye Bye [preauth]
Sep 30 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Disconnected from 103.139.192.17 port 40724 [preauth]
Sep 30 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13832]: Connection closed by 162.144.236.216 port 60548 [preauth]
Sep 30 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10949]: pam_unix(cron:session): session closed for user root
Sep 30 01:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13855]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Failed password for root from 162.144.236.216 port 38074 ssh2
Sep 30 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13984]: Connection closed by 162.144.236.216 port 38074 [preauth]
Sep 30 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14217]: Failed password for root from 216.172.190.206 port 38694 ssh2
Sep 30 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14217]: Received disconnect from 216.172.190.206 port 38694:11: Bye Bye [preauth]
Sep 30 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14217]: Disconnected from 216.172.190.206 port 38694 [preauth]
Sep 30 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Invalid user npm from 217.154.42.86
Sep 30 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: input_userauth_request: invalid user npm [preauth]
Sep 30 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Failed password for invalid user npm from 217.154.42.86 port 56398 ssh2
Sep 30 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Received disconnect from 217.154.42.86 port 56398:11: Bye Bye [preauth]
Sep 30 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14257]: Disconnected from 217.154.42.86 port 56398 [preauth]
Sep 30 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Invalid user tech from 93.152.230.176
Sep 30 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: input_userauth_request: invalid user tech [preauth]
Sep 30 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Failed password for invalid user tech from 93.152.230.176 port 27478 ssh2
Sep 30 01:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Received disconnect from 93.152.230.176 port 27478:11: Client disconnecting normally [preauth]
Sep 30 01:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14259]: Disconnected from 93.152.230.176 port 27478 [preauth]
Sep 30 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Failed password for root from 162.144.236.216 port 45112 ssh2
Sep 30 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Invalid user ftptest from 206.217.131.233
Sep 30 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: input_userauth_request: invalid user ftptest [preauth]
Sep 30 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Failed password for invalid user ftptest from 206.217.131.233 port 46964 ssh2
Sep 30 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Received disconnect from 206.217.131.233 port 46964:11: Bye Bye [preauth]
Sep 30 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14281]: Disconnected from 206.217.131.233 port 46964 [preauth]
Sep 30 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Connection closed by 162.144.236.216 port 45112 [preauth]
Sep 30 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session closed for user root
Sep 30 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Failed password for root from 220.247.224.226 port 20531 ssh2
Sep 30 01:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Received disconnect from 220.247.224.226 port 20531:11: Bye Bye [preauth]
Sep 30 01:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Disconnected from 220.247.224.226 port 20531 [preauth]
Sep 30 01:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Invalid user wialon from 59.98.83.57
Sep 30 01:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: input_userauth_request: invalid user wialon [preauth]
Sep 30 01:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for invalid user wialon from 59.98.83.57 port 49036 ssh2
Sep 30 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Received disconnect from 59.98.83.57 port 49036:11: Bye Bye [preauth]
Sep 30 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Disconnected from 59.98.83.57 port 49036 [preauth]
Sep 30 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Failed password for root from 162.144.236.216 port 53566 ssh2
Sep 30 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Connection closed by 162.144.236.216 port 53566 [preauth]
Sep 30 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Invalid user satis from 40.115.18.231
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: input_userauth_request: invalid user satis [preauth]
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Invalid user foundry from 117.216.211.19
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Failed password for invalid user satis from 40.115.18.231 port 48958 ssh2
Sep 30 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Failed password for invalid user foundry from 117.216.211.19 port 59924 ssh2
Sep 30 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Received disconnect from 40.115.18.231 port 48958:11: Bye Bye [preauth]
Sep 30 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Disconnected from 40.115.18.231 port 48958 [preauth]
Sep 30 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Received disconnect from 117.216.211.19 port 59924:11: Bye Bye [preauth]
Sep 30 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14370]: Disconnected from 117.216.211.19 port 59924 [preauth]
Sep 30 01:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Failed password for root from 162.144.236.216 port 60550 ssh2
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14387]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14388]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14386]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14388]: pam_unix(cron:session): session closed for user root
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Connection closed by 162.144.236.216 port 60550 [preauth]
Sep 30 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14449]: Successful su for rubyman by root
Sep 30 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14449]: + ??? root:rubyman
Sep 30 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318216 of user rubyman.
Sep 30 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14449]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318216.
Sep 30 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14385]: pam_unix(cron:session): session closed for user root
Sep 30 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session closed for user root
Sep 30 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14384]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: Failed password for root from 162.144.236.216 port 38896 ssh2
Sep 30 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: Connection closed by 162.144.236.216 port 38896 [preauth]
Sep 30 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: Invalid user misha from 216.172.190.206
Sep 30 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: input_userauth_request: invalid user misha [preauth]
Sep 30 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: Failed password for invalid user misha from 216.172.190.206 port 35240 ssh2
Sep 30 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: Received disconnect from 216.172.190.206 port 35240:11: Bye Bye [preauth]
Sep 30 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14704]: Disconnected from 216.172.190.206 port 35240 [preauth]
Sep 30 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Invalid user tomcat from 217.154.42.86
Sep 30 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: input_userauth_request: invalid user tomcat [preauth]
Sep 30 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14683]: Failed password for root from 162.144.236.216 port 45604 ssh2
Sep 30 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233  user=root
Sep 30 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Failed password for invalid user tomcat from 217.154.42.86 port 59590 ssh2
Sep 30 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Received disconnect from 217.154.42.86 port 59590:11: Bye Bye [preauth]
Sep 30 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Disconnected from 217.154.42.86 port 59590 [preauth]
Sep 30 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14714]: Failed password for root from 206.217.131.233 port 42054 ssh2
Sep 30 01:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14714]: Received disconnect from 206.217.131.233 port 42054:11: Bye Bye [preauth]
Sep 30 01:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14714]: Disconnected from 206.217.131.233 port 42054 [preauth]
Sep 30 01:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14683]: Connection closed by 162.144.236.216 port 45604 [preauth]
Sep 30 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Invalid user ajay from 164.68.105.9
Sep 30 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: input_userauth_request: invalid user ajay [preauth]
Sep 30 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Sep 30 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Failed password for invalid user ajay from 164.68.105.9 port 39866 ssh2
Sep 30 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Connection closed by 164.68.105.9 port 39866 [preauth]
Sep 30 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session closed for user root
Sep 30 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: Invalid user sms from 103.139.192.17
Sep 30 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: input_userauth_request: invalid user sms [preauth]
Sep 30 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: Failed password for invalid user sms from 103.139.192.17 port 45172 ssh2
Sep 30 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: Received disconnect from 103.139.192.17 port 45172:11: Bye Bye [preauth]
Sep 30 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14785]: Disconnected from 103.139.192.17 port 45172 [preauth]
Sep 30 01:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Failed password for root from 162.144.236.216 port 52964 ssh2
Sep 30 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Connection closed by 162.144.236.216 port 52964 [preauth]
Sep 30 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Failed password for root from 220.247.224.226 port 13791 ssh2
Sep 30 01:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Received disconnect from 220.247.224.226 port 13791:11: Bye Bye [preauth]
Sep 30 01:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Disconnected from 220.247.224.226 port 13791 [preauth]
Sep 30 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14822]: Failed password for root from 162.144.236.216 port 33680 ssh2
Sep 30 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Invalid user user1 from 59.98.83.57
Sep 30 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: input_userauth_request: invalid user user1 [preauth]
Sep 30 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Invalid user zahid from 40.115.18.231
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: input_userauth_request: invalid user zahid [preauth]
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14822]: Connection closed by 162.144.236.216 port 33680 [preauth]
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14863]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14864]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: Successful su for rubyman by root
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: + ??? root:rubyman
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318222 of user rubyman.
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14930]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318222.
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Failed password for invalid user user1 from 59.98.83.57 port 44512 ssh2
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Received disconnect from 59.98.83.57 port 44512:11: Bye Bye [preauth]
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14843]: Disconnected from 59.98.83.57 port 44512 [preauth]
Sep 30 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Failed password for invalid user zahid from 40.115.18.231 port 46094 ssh2
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Received disconnect from 40.115.18.231 port 46094:11: Bye Bye [preauth]
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Disconnected from 40.115.18.231 port 46094 [preauth]
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: Invalid user nifi from 117.216.211.19
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: input_userauth_request: invalid user nifi [preauth]
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: Failed password for invalid user nifi from 117.216.211.19 port 54482 ssh2
Sep 30 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: Received disconnect from 117.216.211.19 port 54482:11: Bye Bye [preauth]
Sep 30 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14956]: Disconnected from 117.216.211.19 port 54482 [preauth]
Sep 30 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session closed for user root
Sep 30 01:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14862]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: Failed password for root from 162.144.236.216 port 40052 ssh2
Sep 30 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14859]: Connection closed by 162.144.236.216 port 40052 [preauth]
Sep 30 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Invalid user sms from 206.217.131.233
Sep 30 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: input_userauth_request: invalid user sms [preauth]
Sep 30 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Failed password for invalid user sms from 206.217.131.233 port 37132 ssh2
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Received disconnect from 206.217.131.233 port 37132:11: Bye Bye [preauth]
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Disconnected from 206.217.131.233 port 37132 [preauth]
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Invalid user franz from 217.154.42.86
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: input_userauth_request: invalid user franz [preauth]
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Invalid user foundry from 216.172.190.206
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Failed password for root from 162.144.236.216 port 46694 ssh2
Sep 30 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Failed password for invalid user franz from 217.154.42.86 port 57924 ssh2
Sep 30 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Received disconnect from 217.154.42.86 port 57924:11: Bye Bye [preauth]
Sep 30 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15154]: Disconnected from 217.154.42.86 port 57924 [preauth]
Sep 30 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Failed password for invalid user foundry from 216.172.190.206 port 60014 ssh2
Sep 30 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Received disconnect from 216.172.190.206 port 60014:11: Bye Bye [preauth]
Sep 30 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Disconnected from 216.172.190.206 port 60014 [preauth]
Sep 30 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Connection closed by 162.144.236.216 port 46694 [preauth]
Sep 30 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13857]: pam_unix(cron:session): session closed for user root
Sep 30 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Failed password for root from 162.144.236.216 port 52972 ssh2
Sep 30 01:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Connection closed by 162.144.236.216 port 52972 [preauth]
Sep 30 01:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: Failed password for root from 162.144.236.216 port 33044 ssh2
Sep 30 01:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15238]: Connection closed by 162.144.236.216 port 33044 [preauth]
Sep 30 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Invalid user admins from 220.247.224.226
Sep 30 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: input_userauth_request: invalid user admins [preauth]
Sep 30 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Failed password for invalid user admins from 220.247.224.226 port 27027 ssh2
Sep 30 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Received disconnect from 220.247.224.226 port 27027:11: Bye Bye [preauth]
Sep 30 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Disconnected from 220.247.224.226 port 27027 [preauth]
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: Successful su for rubyman by root
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: + ??? root:rubyman
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318227 of user rubyman.
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318227.
Sep 30 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session closed for user root
Sep 30 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Invalid user bkp from 40.115.18.231
Sep 30 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: input_userauth_request: invalid user bkp [preauth]
Sep 30 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Failed password for invalid user bkp from 40.115.18.231 port 43158 ssh2
Sep 30 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Received disconnect from 40.115.18.231 port 43158:11: Bye Bye [preauth]
Sep 30 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Disconnected from 40.115.18.231 port 43158 [preauth]
Sep 30 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Failed password for root from 162.144.236.216 port 39062 ssh2
Sep 30 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Connection closed by 162.144.236.216 port 39062 [preauth]
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Invalid user qwerty from 206.217.131.233
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: input_userauth_request: invalid user qwerty [preauth]
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.217.131.233
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Invalid user aron from 217.154.42.86
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: input_userauth_request: invalid user aron [preauth]
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Failed password for invalid user qwerty from 206.217.131.233 port 60438 ssh2
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Received disconnect from 206.217.131.233 port 60438:11: Bye Bye [preauth]
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Disconnected from 206.217.131.233 port 60438 [preauth]
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Failed password for invalid user aron from 217.154.42.86 port 52108 ssh2
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Received disconnect from 217.154.42.86 port 52108:11: Bye Bye [preauth]
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15575]: Disconnected from 217.154.42.86 port 52108 [preauth]
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Invalid user debian from 103.139.192.17
Sep 30 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: input_userauth_request: invalid user debian [preauth]
Sep 30 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 59.98.83.57 port 39990 ssh2
Sep 30 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Received disconnect from 59.98.83.57 port 39990:11: Bye Bye [preauth]
Sep 30 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Disconnected from 59.98.83.57 port 39990 [preauth]
Sep 30 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Failed password for root from 117.216.211.19 port 49042 ssh2
Sep 30 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Received disconnect from 117.216.211.19 port 49042:11: Bye Bye [preauth]
Sep 30 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Disconnected from 117.216.211.19 port 49042 [preauth]
Sep 30 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Failed password for invalid user debian from 103.139.192.17 port 47100 ssh2
Sep 30 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Received disconnect from 103.139.192.17 port 47100:11: Bye Bye [preauth]
Sep 30 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Disconnected from 103.139.192.17 port 47100 [preauth]
Sep 30 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Failed password for root from 216.172.190.206 port 56560 ssh2
Sep 30 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Received disconnect from 216.172.190.206 port 56560:11: Bye Bye [preauth]
Sep 30 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15613]: Disconnected from 216.172.190.206 port 56560 [preauth]
Sep 30 01:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Failed password for root from 162.144.236.216 port 48830 ssh2
Sep 30 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Connection closed by 162.144.236.216 port 48830 [preauth]
Sep 30 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14387]: pam_unix(cron:session): session closed for user root
Sep 30 01:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Failed password for root from 162.144.236.216 port 55070 ssh2
Sep 30 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Connection closed by 162.144.236.216 port 55070 [preauth]
Sep 30 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: Failed password for root from 162.144.236.216 port 34536 ssh2
Sep 30 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: Connection closed by 162.144.236.216 port 34536 [preauth]
Sep 30 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15749]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: Successful su for rubyman by root
Sep 30 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: + ??? root:rubyman
Sep 30 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318230 of user rubyman.
Sep 30 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318230.
Sep 30 01:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session closed for user root
Sep 30 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Invalid user safeuser from 217.154.42.86
Sep 30 01:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: input_userauth_request: invalid user safeuser [preauth]
Sep 30 01:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Failed password for root from 220.247.224.226 port 18982 ssh2
Sep 30 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Received disconnect from 220.247.224.226 port 18982:11: Bye Bye [preauth]
Sep 30 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15972]: Disconnected from 220.247.224.226 port 18982 [preauth]
Sep 30 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Failed password for invalid user safeuser from 217.154.42.86 port 36770 ssh2
Sep 30 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Received disconnect from 217.154.42.86 port 36770:11: Bye Bye [preauth]
Sep 30 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15997]: Disconnected from 217.154.42.86 port 36770 [preauth]
Sep 30 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Failed password for root from 162.144.236.216 port 41010 ssh2
Sep 30 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Invalid user alex from 40.115.18.231
Sep 30 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: input_userauth_request: invalid user alex [preauth]
Sep 30 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Connection closed by 162.144.236.216 port 41010 [preauth]
Sep 30 01:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Failed password for invalid user alex from 40.115.18.231 port 40218 ssh2
Sep 30 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Received disconnect from 40.115.18.231 port 40218:11: Bye Bye [preauth]
Sep 30 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16024]: Disconnected from 40.115.18.231 port 40218 [preauth]
Sep 30 01:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Invalid user debian from 216.172.190.206
Sep 30 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: input_userauth_request: invalid user debian [preauth]
Sep 30 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: Failed password for root from 162.144.236.216 port 50106 ssh2
Sep 30 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Failed password for invalid user debian from 216.172.190.206 port 53106 ssh2
Sep 30 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Received disconnect from 216.172.190.206 port 53106:11: Bye Bye [preauth]
Sep 30 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Disconnected from 216.172.190.206 port 53106 [preauth]
Sep 30 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: Connection closed by 162.144.236.216 port 50106 [preauth]
Sep 30 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Invalid user code87 from 117.216.211.19
Sep 30 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: input_userauth_request: invalid user code87 [preauth]
Sep 30 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Invalid user superadmin from 59.98.83.57
Sep 30 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Failed password for invalid user code87 from 117.216.211.19 port 43598 ssh2
Sep 30 01:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Received disconnect from 117.216.211.19 port 43598:11: Bye Bye [preauth]
Sep 30 01:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16085]: Disconnected from 117.216.211.19 port 43598 [preauth]
Sep 30 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for invalid user superadmin from 59.98.83.57 port 35468 ssh2
Sep 30 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Received disconnect from 59.98.83.57 port 35468:11: Bye Bye [preauth]
Sep 30 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Disconnected from 59.98.83.57 port 35468 [preauth]
Sep 30 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14864]: pam_unix(cron:session): session closed for user root
Sep 30 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 162.144.236.216 port 57252 ssh2
Sep 30 01:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Connection closed by 162.144.236.216 port 57252 [preauth]
Sep 30 01:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Failed password for root from 162.144.236.216 port 38232 ssh2
Sep 30 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Connection closed by 162.144.236.216 port 38232 [preauth]
Sep 30 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Invalid user landi from 103.139.192.17
Sep 30 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: input_userauth_request: invalid user landi [preauth]
Sep 30 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16261]: Successful su for rubyman by root
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16261]: + ??? root:rubyman
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318234 of user rubyman.
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16261]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318234.
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Failed password for invalid user landi from 103.139.192.17 port 60182 ssh2
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Received disconnect from 103.139.192.17 port 60182:11: Bye Bye [preauth]
Sep 30 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Disconnected from 103.139.192.17 port 60182 [preauth]
Sep 30 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session closed for user root
Sep 30 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Failed password for root from 217.154.42.86 port 54680 ssh2
Sep 30 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Received disconnect from 217.154.42.86 port 54680:11: Bye Bye [preauth]
Sep 30 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Disconnected from 217.154.42.86 port 54680 [preauth]
Sep 30 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Failed password for root from 162.144.236.216 port 46484 ssh2
Sep 30 01:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Connection closed by 162.144.236.216 port 46484 [preauth]
Sep 30 01:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Invalid user jessica from 220.247.224.226
Sep 30 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: input_userauth_request: invalid user jessica [preauth]
Sep 30 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Failed password for invalid user jessica from 220.247.224.226 port 30507 ssh2
Sep 30 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Received disconnect from 220.247.224.226 port 30507:11: Bye Bye [preauth]
Sep 30 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Disconnected from 220.247.224.226 port 30507 [preauth]
Sep 30 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: Invalid user franz from 40.115.18.231
Sep 30 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: input_userauth_request: invalid user franz [preauth]
Sep 30 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Failed password for root from 162.144.236.216 port 50918 ssh2
Sep 30 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: Failed password for invalid user franz from 40.115.18.231 port 37302 ssh2
Sep 30 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: Received disconnect from 40.115.18.231 port 37302:11: Bye Bye [preauth]
Sep 30 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: Disconnected from 40.115.18.231 port 37302 [preauth]
Sep 30 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Connection closed by 162.144.236.216 port 50918 [preauth]
Sep 30 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Failed password for root from 216.172.190.206 port 49652 ssh2
Sep 30 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Received disconnect from 216.172.190.206 port 49652:11: Bye Bye [preauth]
Sep 30 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Disconnected from 216.172.190.206 port 49652 [preauth]
Sep 30 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session closed for user root
Sep 30 01:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Invalid user bp from 117.216.211.19
Sep 30 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: input_userauth_request: invalid user bp [preauth]
Sep 30 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Failed password for invalid user bp from 117.216.211.19 port 38132 ssh2
Sep 30 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Received disconnect from 117.216.211.19 port 38132:11: Bye Bye [preauth]
Sep 30 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Disconnected from 117.216.211.19 port 38132 [preauth]
Sep 30 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Failed password for root from 59.98.83.57 port 59174 ssh2
Sep 30 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Received disconnect from 59.98.83.57 port 59174:11: Bye Bye [preauth]
Sep 30 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16599]: Disconnected from 59.98.83.57 port 59174 [preauth]
Sep 30 01:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Failed password for root from 162.144.236.216 port 58068 ssh2
Sep 30 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Connection closed by 162.144.236.216 port 58068 [preauth]
Sep 30 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16654]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user root
Sep 30 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16652]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: Successful su for rubyman by root
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: + ??? root:rubyman
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318240 of user rubyman.
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318240.
Sep 30 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Failed password for root from 162.144.236.216 port 39158 ssh2
Sep 30 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user pivpn from 217.154.42.86
Sep 30 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user pivpn [preauth]
Sep 30 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Connection closed by 162.144.236.216 port 39158 [preauth]
Sep 30 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user pivpn from 217.154.42.86 port 33830 ssh2
Sep 30 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Received disconnect from 217.154.42.86 port 33830:11: Bye Bye [preauth]
Sep 30 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Disconnected from 217.154.42.86 port 33830 [preauth]
Sep 30 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13856]: pam_unix(cron:session): session closed for user root
Sep 30 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16654]: pam_unix(cron:session): session closed for user root
Sep 30 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16653]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Failed password for root from 162.144.236.216 port 45540 ssh2
Sep 30 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Connection closed by 162.144.236.216 port 45540 [preauth]
Sep 30 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Sep 30 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Failed password for root from 162.144.236.216 port 53196 ssh2
Sep 30 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Connection closed by 162.144.236.216 port 53196 [preauth]
Sep 30 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17011]: Failed password for root from 220.247.224.226 port 35996 ssh2
Sep 30 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17011]: Received disconnect from 220.247.224.226 port 35996:11: Bye Bye [preauth]
Sep 30 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17011]: Disconnected from 220.247.224.226 port 35996 [preauth]
Sep 30 01:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Failed password for root from 40.115.18.231 port 34366 ssh2
Sep 30 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session closed for user root
Sep 30 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Received disconnect from 40.115.18.231 port 34366:11: Bye Bye [preauth]
Sep 30 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Disconnected from 40.115.18.231 port 34366 [preauth]
Sep 30 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206  user=root
Sep 30 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: Failed password for root from 216.172.190.206 port 46202 ssh2
Sep 30 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: Received disconnect from 216.172.190.206 port 46202:11: Bye Bye [preauth]
Sep 30 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17073]: Disconnected from 216.172.190.206 port 46202 [preauth]
Sep 30 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17036]: Failed password for root from 162.144.236.216 port 59922 ssh2
Sep 30 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Failed password for root from 103.139.192.17 port 53524 ssh2
Sep 30 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Received disconnect from 103.139.192.17 port 53524:11: Bye Bye [preauth]
Sep 30 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Disconnected from 103.139.192.17 port 53524 [preauth]
Sep 30 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17036]: Connection closed by 162.144.236.216 port 59922 [preauth]
Sep 30 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Invalid user admin from 139.19.117.131
Sep 30 01:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Connection closed by 139.19.117.131 port 55734 [preauth]
Sep 30 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Failed password for root from 117.216.211.19 port 60954 ssh2
Sep 30 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17112]: Failed password for root from 162.144.236.216 port 37704 ssh2
Sep 30 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Received disconnect from 117.216.211.19 port 60954:11: Bye Bye [preauth]
Sep 30 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Disconnected from 117.216.211.19 port 60954 [preauth]
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17237]: Successful su for rubyman by root
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17237]: + ??? root:rubyman
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318245 of user rubyman.
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17237]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318245.
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17112]: Connection closed by 162.144.236.216 port 37704 [preauth]
Sep 30 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17149]: Failed password for root from 59.98.83.57 port 54642 ssh2
Sep 30 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17149]: Received disconnect from 59.98.83.57 port 54642:11: Bye Bye [preauth]
Sep 30 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17149]: Disconnected from 59.98.83.57 port 54642 [preauth]
Sep 30 01:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Invalid user katie from 217.154.42.86
Sep 30 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: input_userauth_request: invalid user katie [preauth]
Sep 30 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14386]: pam_unix(cron:session): session closed for user root
Sep 30 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for invalid user katie from 217.154.42.86 port 35302 ssh2
Sep 30 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Received disconnect from 217.154.42.86 port 35302:11: Bye Bye [preauth]
Sep 30 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Disconnected from 217.154.42.86 port 35302 [preauth]
Sep 30 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: Invalid user squid from 185.156.73.233
Sep 30 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: input_userauth_request: invalid user squid [preauth]
Sep 30 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 30 01:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: Failed password for invalid user squid from 185.156.73.233 port 58818 ssh2
Sep 30 01:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17445]: Connection closed by 185.156.73.233 port 58818 [preauth]
Sep 30 01:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Failed password for root from 162.144.236.216 port 46030 ssh2
Sep 30 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Connection closed by 162.144.236.216 port 46030 [preauth]
Sep 30 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 30 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for root from 93.152.230.176 port 55040 ssh2
Sep 30 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Received disconnect from 93.152.230.176 port 55040:11: Client disconnecting normally [preauth]
Sep 30 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Disconnected from 93.152.230.176 port 55040 [preauth]
Sep 30 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: Failed password for root from 162.144.236.216 port 55652 ssh2
Sep 30 01:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17471]: Connection closed by 162.144.236.216 port 55652 [preauth]
Sep 30 01:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session closed for user root
Sep 30 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Invalid user wialon from 220.247.224.226
Sep 30 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: input_userauth_request: invalid user wialon [preauth]
Sep 30 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Sep 30 01:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Failed password for invalid user wialon from 220.247.224.226 port 58849 ssh2
Sep 30 01:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Received disconnect from 220.247.224.226 port 58849:11: Bye Bye [preauth]
Sep 30 01:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Disconnected from 220.247.224.226 port 58849 [preauth]
Sep 30 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Invalid user aron from 40.115.18.231
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: input_userauth_request: invalid user aron [preauth]
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Invalid user ruslan from 216.172.190.206
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: input_userauth_request: invalid user ruslan [preauth]
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.172.190.206
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Failed password for invalid user aron from 40.115.18.231 port 59660 ssh2
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Received disconnect from 40.115.18.231 port 59660:11: Bye Bye [preauth]
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17564]: Disconnected from 40.115.18.231 port 59660 [preauth]
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Failed password for invalid user ruslan from 216.172.190.206 port 42744 ssh2
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Received disconnect from 216.172.190.206 port 42744:11: Bye Bye [preauth]
Sep 30 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Disconnected from 216.172.190.206 port 42744 [preauth]
Sep 30 01:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Failed password for root from 162.144.236.216 port 34336 ssh2
Sep 30 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Connection closed by 162.144.236.216 port 34336 [preauth]
Sep 30 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Failed password for root from 162.144.236.216 port 39468 ssh2
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Connection closed by 162.144.236.216 port 39468 [preauth]
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: Successful su for rubyman by root
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: + ??? root:rubyman
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318248 of user rubyman.
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318248.
Sep 30 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14863]: pam_unix(cron:session): session closed for user root
Sep 30 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Invalid user test from 217.154.42.86
Sep 30 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: input_userauth_request: invalid user test [preauth]
Sep 30 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for invalid user test from 217.154.42.86 port 39066 ssh2
Sep 30 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Received disconnect from 217.154.42.86 port 39066:11: Bye Bye [preauth]
Sep 30 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Disconnected from 217.154.42.86 port 39066 [preauth]
Sep 30 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for root from 162.144.236.216 port 47216 ssh2
Sep 30 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Connection closed by 162.144.236.216 port 47216 [preauth]
Sep 30 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Failed password for root from 117.216.211.19 port 55514 ssh2
Sep 30 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Received disconnect from 117.216.211.19 port 55514:11: Bye Bye [preauth]
Sep 30 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Disconnected from 117.216.211.19 port 55514 [preauth]
Sep 30 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: Invalid user toby from 59.98.83.57
Sep 30 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: input_userauth_request: invalid user toby [preauth]
Sep 30 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: Failed password for invalid user toby from 59.98.83.57 port 50120 ssh2
Sep 30 01:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: Received disconnect from 59.98.83.57 port 50120:11: Bye Bye [preauth]
Sep 30 01:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18020]: Disconnected from 59.98.83.57 port 50120 [preauth]
Sep 30 01:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Invalid user bigdata from 103.139.192.17
Sep 30 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: input_userauth_request: invalid user bigdata [preauth]
Sep 30 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Failed password for invalid user bigdata from 103.139.192.17 port 35348 ssh2
Sep 30 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Received disconnect from 103.139.192.17 port 35348:11: Bye Bye [preauth]
Sep 30 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Disconnected from 103.139.192.17 port 35348 [preauth]
Sep 30 01:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Failed password for root from 162.144.236.216 port 52980 ssh2
Sep 30 01:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Connection closed by 162.144.236.216 port 52980 [preauth]
Sep 30 01:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session closed for user root
Sep 30 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Failed password for root from 162.144.236.216 port 60744 ssh2
Sep 30 01:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Connection closed by 162.144.236.216 port 60744 [preauth]
Sep 30 01:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Invalid user estest from 40.115.18.231
Sep 30 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: input_userauth_request: invalid user estest [preauth]
Sep 30 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Failed password for invalid user estest from 40.115.18.231 port 56724 ssh2
Sep 30 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Received disconnect from 40.115.18.231 port 56724:11: Bye Bye [preauth]
Sep 30 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18277]: Disconnected from 40.115.18.231 port 56724 [preauth]
Sep 30 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Invalid user admin from 217.154.42.86
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18394]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: Successful su for rubyman by root
Sep 30 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: + ??? root:rubyman
Sep 30 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318253 of user rubyman.
Sep 30 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318253.
Sep 30 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Failed password for invalid user admin from 217.154.42.86 port 53872 ssh2
Sep 30 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Received disconnect from 217.154.42.86 port 53872:11: Bye Bye [preauth]
Sep 30 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Disconnected from 217.154.42.86 port 53872 [preauth]
Sep 30 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Failed password for root from 162.144.236.216 port 41270 ssh2
Sep 30 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user root
Sep 30 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18271]: Connection closed by 162.144.236.216 port 41270 [preauth]
Sep 30 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18389]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for root from 162.144.236.216 port 50510 ssh2
Sep 30 01:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Connection closed by 162.144.236.216 port 50510 [preauth]
Sep 30 01:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Invalid user vadim from 117.216.211.19
Sep 30 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: input_userauth_request: invalid user vadim [preauth]
Sep 30 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Failed password for invalid user vadim from 117.216.211.19 port 50072 ssh2
Sep 30 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Received disconnect from 117.216.211.19 port 50072:11: Bye Bye [preauth]
Sep 30 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18754]: Disconnected from 117.216.211.19 port 50072 [preauth]
Sep 30 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: Failed password for root from 162.144.236.216 port 58796 ssh2
Sep 30 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Invalid user depot from 59.98.83.57
Sep 30 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: input_userauth_request: invalid user depot [preauth]
Sep 30 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18764]: Connection closed by 162.144.236.216 port 58796 [preauth]
Sep 30 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Failed password for invalid user depot from 59.98.83.57 port 45594 ssh2
Sep 30 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Received disconnect from 59.98.83.57 port 45594:11: Bye Bye [preauth]
Sep 30 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18776]: Disconnected from 59.98.83.57 port 45594 [preauth]
Sep 30 01:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user root
Sep 30 01:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Invalid user rock from 103.139.192.17
Sep 30 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: input_userauth_request: invalid user rock [preauth]
Sep 30 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Failed password for invalid user rock from 103.139.192.17 port 48966 ssh2
Sep 30 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Received disconnect from 103.139.192.17 port 48966:11: Bye Bye [preauth]
Sep 30 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Disconnected from 103.139.192.17 port 48966 [preauth]
Sep 30 01:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Failed password for root from 162.144.236.216 port 37654 ssh2
Sep 30 01:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Connection closed by 162.144.236.216 port 37654 [preauth]
Sep 30 01:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Invalid user elastic from 40.115.18.231
Sep 30 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: input_userauth_request: invalid user elastic [preauth]
Sep 30 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Failed password for invalid user elastic from 40.115.18.231 port 53796 ssh2
Sep 30 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Received disconnect from 40.115.18.231 port 53796:11: Bye Bye [preauth]
Sep 30 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Disconnected from 40.115.18.231 port 53796 [preauth]
Sep 30 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Failed password for root from 217.154.42.86 port 57624 ssh2
Sep 30 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Received disconnect from 217.154.42.86 port 57624:11: Bye Bye [preauth]
Sep 30 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Disconnected from 217.154.42.86 port 57624 [preauth]
Sep 30 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18931]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18930]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19002]: Successful su for rubyman by root
Sep 30 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19002]: + ??? root:rubyman
Sep 30 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318256 of user rubyman.
Sep 30 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19002]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318256.
Sep 30 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session closed for user root
Sep 30 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18908]: Failed password for root from 162.144.236.216 port 47702 ssh2
Sep 30 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18908]: Connection closed by 162.144.236.216 port 47702 [preauth]
Sep 30 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: Failed password for root from 162.144.236.216 port 53846 ssh2
Sep 30 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19211]: Connection closed by 162.144.236.216 port 53846 [preauth]
Sep 30 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19288]: Failed password for root from 117.216.211.19 port 44630 ssh2
Sep 30 01:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19288]: Received disconnect from 117.216.211.19 port 44630:11: Bye Bye [preauth]
Sep 30 01:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19288]: Disconnected from 117.216.211.19 port 44630 [preauth]
Sep 30 01:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: Failed password for root from 162.144.236.216 port 60322 ssh2
Sep 30 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user root
Sep 30 01:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: Connection closed by 162.144.236.216 port 60322 [preauth]
Sep 30 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Invalid user jessica from 59.98.83.57
Sep 30 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: input_userauth_request: invalid user jessica [preauth]
Sep 30 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Failed password for invalid user jessica from 59.98.83.57 port 41066 ssh2
Sep 30 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Received disconnect from 59.98.83.57 port 41066:11: Bye Bye [preauth]
Sep 30 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Disconnected from 59.98.83.57 port 41066 [preauth]
Sep 30 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: Failed password for root from 162.144.236.216 port 40302 ssh2
Sep 30 01:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Invalid user alex from 217.154.42.86
Sep 30 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: input_userauth_request: invalid user alex [preauth]
Sep 30 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: Connection closed by 162.144.236.216 port 40302 [preauth]
Sep 30 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Failed password for invalid user alex from 217.154.42.86 port 53116 ssh2
Sep 30 01:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Received disconnect from 217.154.42.86 port 53116:11: Bye Bye [preauth]
Sep 30 01:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Disconnected from 217.154.42.86 port 53116 [preauth]
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19618]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19620]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19620]: pam_unix(cron:session): session closed for user root
Sep 30 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19612]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: Successful su for rubyman by root
Sep 30 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: + ??? root:rubyman
Sep 30 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318261 of user rubyman.
Sep 30 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19796]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318261.
Sep 30 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Failed password for root from 162.144.236.216 port 48438 ssh2
Sep 30 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session closed for user root
Sep 30 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session closed for user root
Sep 30 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Connection closed by 162.144.236.216 port 48438 [preauth]
Sep 30 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: Failed password for root from 40.115.18.231 port 50868 ssh2
Sep 30 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: Received disconnect from 40.115.18.231 port 50868:11: Bye Bye [preauth]
Sep 30 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20072]: Disconnected from 40.115.18.231 port 50868 [preauth]
Sep 30 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Failed password for root from 162.144.236.216 port 54670 ssh2
Sep 30 01:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20051]: Connection closed by 162.144.236.216 port 54670 [preauth]
Sep 30 01:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Invalid user  from 66.240.192.82
Sep 30 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: input_userauth_request: invalid user  [preauth]
Sep 30 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Connection closed by 66.240.192.82 port 56585 [preauth]
Sep 30 01:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for root from 103.139.192.17 port 53552 ssh2
Sep 30 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Received disconnect from 103.139.192.17 port 53552:11: Bye Bye [preauth]
Sep 30 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Disconnected from 103.139.192.17 port 53552 [preauth]
Sep 30 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for root from 162.144.236.216 port 33218 ssh2
Sep 30 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 162.144.236.216 port 33218 [preauth]
Sep 30 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session closed for user root
Sep 30 01:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Failed password for root from 117.216.211.19 port 39190 ssh2
Sep 30 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Received disconnect from 117.216.211.19 port 39190:11: Bye Bye [preauth]
Sep 30 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Disconnected from 117.216.211.19 port 39190 [preauth]
Sep 30 01:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Invalid user ehsan from 59.98.83.57
Sep 30 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: input_userauth_request: invalid user ehsan [preauth]
Sep 30 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Failed password for root from 162.144.236.216 port 41712 ssh2
Sep 30 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Connection closed by 162.144.236.216 port 41712 [preauth]
Sep 30 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Failed password for invalid user ehsan from 59.98.83.57 port 36540 ssh2
Sep 30 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Received disconnect from 59.98.83.57 port 36540:11: Bye Bye [preauth]
Sep 30 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Disconnected from 59.98.83.57 port 36540 [preauth]
Sep 30 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Invalid user minecraft from 217.154.42.86
Sep 30 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Failed password for invalid user minecraft from 217.154.42.86 port 45784 ssh2
Sep 30 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Received disconnect from 217.154.42.86 port 45784:11: Bye Bye [preauth]
Sep 30 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20288]: Disconnected from 217.154.42.86 port 45784 [preauth]
Sep 30 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20302]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20385]: Successful su for rubyman by root
Sep 30 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20385]: + ??? root:rubyman
Sep 30 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318267 of user rubyman.
Sep 30 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20385]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318267.
Sep 30 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Failed password for root from 162.144.236.216 port 49878 ssh2
Sep 30 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Connection closed by 162.144.236.216 port 49878 [preauth]
Sep 30 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session closed for user root
Sep 30 01:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20303]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Failed password for root from 162.144.236.216 port 55336 ssh2
Sep 30 01:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Connection closed by 162.144.236.216 port 55336 [preauth]
Sep 30 01:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Failed password for root from 162.144.236.216 port 33082 ssh2
Sep 30 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Connection closed by 162.144.236.216 port 33082 [preauth]
Sep 30 01:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Failed password for root from 40.115.18.231 port 47942 ssh2
Sep 30 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Received disconnect from 40.115.18.231 port 47942:11: Bye Bye [preauth]
Sep 30 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Disconnected from 40.115.18.231 port 47942 [preauth]
Sep 30 01:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Failed password for root from 162.144.236.216 port 39746 ssh2
Sep 30 01:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18931]: pam_unix(cron:session): session closed for user root
Sep 30 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20636]: Connection closed by 162.144.236.216 port 39746 [preauth]
Sep 30 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Invalid user meteo from 117.216.211.19
Sep 30 01:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: input_userauth_request: invalid user meteo [preauth]
Sep 30 01:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Failed password for root from 162.144.236.216 port 47042 ssh2
Sep 30 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Failed password for invalid user meteo from 117.216.211.19 port 33750 ssh2
Sep 30 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Received disconnect from 117.216.211.19 port 33750:11: Bye Bye [preauth]
Sep 30 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Disconnected from 117.216.211.19 port 33750 [preauth]
Sep 30 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20703]: Connection closed by 162.144.236.216 port 47042 [preauth]
Sep 30 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Invalid user debian from 217.154.42.86
Sep 30 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: input_userauth_request: invalid user debian [preauth]
Sep 30 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Failed password for invalid user debian from 217.154.42.86 port 50702 ssh2
Sep 30 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Received disconnect from 217.154.42.86 port 50702:11: Bye Bye [preauth]
Sep 30 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Disconnected from 217.154.42.86 port 50702 [preauth]
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20786]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20785]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: Successful su for rubyman by root
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: + ??? root:rubyman
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318270 of user rubyman.
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318270.
Sep 30 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Invalid user foundry from 103.139.192.17
Sep 30 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Invalid user wcs from 59.98.83.57
Sep 30 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: input_userauth_request: invalid user wcs [preauth]
Sep 30 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Failed password for invalid user foundry from 103.139.192.17 port 46816 ssh2
Sep 30 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Received disconnect from 103.139.192.17 port 46816:11: Bye Bye [preauth]
Sep 30 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Disconnected from 103.139.192.17 port 46816 [preauth]
Sep 30 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Failed password for invalid user wcs from 59.98.83.57 port 60248 ssh2
Sep 30 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session closed for user root
Sep 30 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Received disconnect from 59.98.83.57 port 60248:11: Bye Bye [preauth]
Sep 30 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Disconnected from 59.98.83.57 port 60248 [preauth]
Sep 30 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Failed password for root from 162.144.236.216 port 53792 ssh2
Sep 30 01:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20752]: Connection closed by 162.144.236.216 port 53792 [preauth]
Sep 30 01:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20784]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Failed password for root from 162.144.236.216 port 33032 ssh2
Sep 30 01:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Connection closed by 162.144.236.216 port 33032 [preauth]
Sep 30 01:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Invalid user safeuser from 40.115.18.231
Sep 30 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: input_userauth_request: invalid user safeuser [preauth]
Sep 30 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Failed password for invalid user safeuser from 40.115.18.231 port 45016 ssh2
Sep 30 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Received disconnect from 40.115.18.231 port 45016:11: Bye Bye [preauth]
Sep 30 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21133]: Disconnected from 40.115.18.231 port 45016 [preauth]
Sep 30 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19618]: pam_unix(cron:session): session closed for user root
Sep 30 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: Failed password for root from 162.144.236.216 port 41410 ssh2
Sep 30 01:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: Connection closed by 162.144.236.216 port 41410 [preauth]
Sep 30 01:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21175]: Failed password for root from 162.144.236.216 port 49402 ssh2
Sep 30 01:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21175]: Connection closed by 162.144.236.216 port 49402 [preauth]
Sep 30 01:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Invalid user ilya from 217.154.42.86
Sep 30 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: input_userauth_request: invalid user ilya [preauth]
Sep 30 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Invalid user wizard from 117.216.211.19
Sep 30 01:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: input_userauth_request: invalid user wizard [preauth]
Sep 30 01:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Failed password for invalid user ilya from 217.154.42.86 port 58284 ssh2
Sep 30 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Received disconnect from 217.154.42.86 port 58284:11: Bye Bye [preauth]
Sep 30 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Disconnected from 217.154.42.86 port 58284 [preauth]
Sep 30 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Failed password for invalid user wizard from 117.216.211.19 port 56538 ssh2
Sep 30 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Received disconnect from 117.216.211.19 port 56538:11: Bye Bye [preauth]
Sep 30 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21221]: Disconnected from 117.216.211.19 port 56538 [preauth]
Sep 30 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 211.197.158.113 port 35962 ssh2
Sep 30 01:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: Failed password for root from 162.144.236.216 port 54448 ssh2
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21238]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21236]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21299]: Successful su for rubyman by root
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21299]: + ??? root:rubyman
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318275 of user rubyman.
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21299]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318275.
Sep 30 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 211.197.158.113 port 35962 ssh2
Sep 30 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21215]: Connection closed by 162.144.236.216 port 54448 [preauth]
Sep 30 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 211.197.158.113 port 35962 ssh2
Sep 30 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user root
Sep 30 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 211.197.158.113 port 35962 ssh2
Sep 30 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21237]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 211.197.158.113 port 35962 ssh2
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Failed password for root from 211.197.158.113 port 35962 ssh2
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: error: maximum authentication attempts exceeded for root from 211.197.158.113 port 35962 ssh2 [preauth]
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21223]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Failed password for root from 162.144.236.216 port 58392 ssh2
Sep 30 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21351]: Connection closed by 162.144.236.216 port 58392 [preauth]
Sep 30 01:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Failed password for root from 211.197.158.113 port 38582 ssh2
Sep 30 01:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Invalid user renato from 59.98.83.57
Sep 30 01:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: input_userauth_request: invalid user renato [preauth]
Sep 30 01:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Failed password for root from 211.197.158.113 port 38582 ssh2
Sep 30 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Failed password for invalid user renato from 59.98.83.57 port 55720 ssh2
Sep 30 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Received disconnect from 59.98.83.57 port 55720:11: Bye Bye [preauth]
Sep 30 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Disconnected from 59.98.83.57 port 55720 [preauth]
Sep 30 01:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Failed password for root from 211.197.158.113 port 38582 ssh2
Sep 30 01:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Failed password for root from 211.197.158.113 port 38582 ssh2
Sep 30 01:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Invalid user xxx from 93.152.230.176
Sep 30 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: input_userauth_request: invalid user xxx [preauth]
Sep 30 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Failed password for root from 211.197.158.113 port 38582 ssh2
Sep 30 01:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Failed password for invalid user xxx from 93.152.230.176 port 24432 ssh2
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Received disconnect from 93.152.230.176 port 24432:11: Client disconnecting normally [preauth]
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21547]: Disconnected from 93.152.230.176 port 24432 [preauth]
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Failed password for root from 211.197.158.113 port 38582 ssh2
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: error: maximum authentication attempts exceeded for root from 211.197.158.113 port 38582 ssh2 [preauth]
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21515]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Failed password for root from 162.144.236.216 port 37204 ssh2
Sep 30 01:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 211.197.158.113 port 41166 ssh2
Sep 30 01:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 211.197.158.113 port 41166 ssh2
Sep 30 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21517]: Connection closed by 162.144.236.216 port 37204 [preauth]
Sep 30 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 211.197.158.113 port 41166 ssh2
Sep 30 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 211.197.158.113 port 41166 ssh2
Sep 30 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20306]: pam_unix(cron:session): session closed for user root
Sep 30 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 211.197.158.113 port 41166 ssh2
Sep 30 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for root from 211.197.158.113 port 41166 ssh2
Sep 30 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: error: maximum authentication attempts exceeded for root from 211.197.158.113 port 41166 ssh2 [preauth]
Sep 30 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113  user=root
Sep 30 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Invalid user debian from 40.115.18.231
Sep 30 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: input_userauth_request: invalid user debian [preauth]
Sep 30 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Failed password for root from 103.139.192.17 port 44828 ssh2
Sep 30 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Received disconnect from 103.139.192.17 port 44828:11: Bye Bye [preauth]
Sep 30 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Disconnected from 103.139.192.17 port 44828 [preauth]
Sep 30 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Failed password for root from 211.197.158.113 port 43714 ssh2
Sep 30 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Received disconnect from 211.197.158.113 port 43714:11: disconnected by user [preauth]
Sep 30 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Disconnected from 211.197.158.113 port 43714 [preauth]
Sep 30 01:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for invalid user debian from 40.115.18.231 port 42088 ssh2
Sep 30 01:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Received disconnect from 40.115.18.231 port 42088:11: Bye Bye [preauth]
Sep 30 01:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Disconnected from 40.115.18.231 port 42088 [preauth]
Sep 30 01:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Invalid user admin from 211.197.158.113
Sep 30 01:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for invalid user admin from 211.197.158.113 port 44286 ssh2
Sep 30 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for invalid user admin from 211.197.158.113 port 44286 ssh2
Sep 30 01:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Failed password for root from 162.144.236.216 port 47006 ssh2
Sep 30 01:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for invalid user admin from 211.197.158.113 port 44286 ssh2
Sep 30 01:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Connection closed by 162.144.236.216 port 47006 [preauth]
Sep 30 01:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for invalid user admin from 211.197.158.113 port 44286 ssh2
Sep 30 01:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for invalid user admin from 211.197.158.113 port 44286 ssh2
Sep 30 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Invalid user station from 217.154.42.86
Sep 30 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: input_userauth_request: invalid user station [preauth]
Sep 30 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Failed password for invalid user admin from 211.197.158.113 port 44286 ssh2
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: error: maximum authentication attempts exceeded for invalid user admin from 211.197.158.113 port 44286 ssh2 [preauth]
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21635]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Failed password for invalid user station from 217.154.42.86 port 47194 ssh2
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Received disconnect from 217.154.42.86 port 47194:11: Bye Bye [preauth]
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Disconnected from 217.154.42.86 port 47194 [preauth]
Sep 30 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Invalid user admin from 211.197.158.113
Sep 30 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user admin from 211.197.158.113 port 46734 ssh2
Sep 30 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21671]: Did not receive identification string from 162.144.236.216
Sep 30 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user admin from 211.197.158.113 port 46734 ssh2
Sep 30 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user admin from 211.197.158.113 port 46734 ssh2
Sep 30 01:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user admin from 211.197.158.113 port 46734 ssh2
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21697]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21866]: Successful su for rubyman by root
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21866]: + ??? root:rubyman
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318278 of user rubyman.
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21866]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318278.
Sep 30 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21697]: pam_unix(cron:session): session closed for user root
Sep 30 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user admin from 211.197.158.113 port 46734 ssh2
Sep 30 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user admin from 211.197.158.113 port 46734 ssh2
Sep 30 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: error: maximum authentication attempts exceeded for invalid user admin from 211.197.158.113 port 46734 ssh2 [preauth]
Sep 30 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18394]: pam_unix(cron:session): session closed for user root
Sep 30 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Failed password for root from 162.144.236.216 port 56744 ssh2
Sep 30 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Invalid user admin from 211.197.158.113
Sep 30 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21686]: Connection closed by 162.144.236.216 port 56744 [preauth]
Sep 30 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Failed password for invalid user admin from 211.197.158.113 port 49118 ssh2
Sep 30 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Invalid user zhangyue from 117.216.211.19
Sep 30 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: input_userauth_request: invalid user zhangyue [preauth]
Sep 30 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Failed password for invalid user admin from 211.197.158.113 port 49118 ssh2
Sep 30 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Failed password for invalid user zhangyue from 117.216.211.19 port 51098 ssh2
Sep 30 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Received disconnect from 117.216.211.19 port 51098:11: Bye Bye [preauth]
Sep 30 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22085]: Disconnected from 117.216.211.19 port 51098 [preauth]
Sep 30 01:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Failed password for invalid user admin from 211.197.158.113 port 49118 ssh2
Sep 30 01:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Failed password for root from 162.144.236.216 port 35378 ssh2
Sep 30 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Failed password for invalid user admin from 211.197.158.113 port 49118 ssh2
Sep 30 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Received disconnect from 211.197.158.113 port 49118:11: disconnected by user [preauth]
Sep 30 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: Disconnected from 211.197.158.113 port 49118 [preauth]
Sep 30 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22035]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 30 01:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22067]: Connection closed by 162.144.236.216 port 35378 [preauth]
Sep 30 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Invalid user oracle from 211.197.158.113
Sep 30 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: input_userauth_request: invalid user oracle [preauth]
Sep 30 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user oracle from 211.197.158.113 port 50856 ssh2
Sep 30 01:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user oracle from 211.197.158.113 port 50856 ssh2
Sep 30 01:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user oracle from 211.197.158.113 port 50856 ssh2
Sep 30 01:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user oracle from 211.197.158.113 port 50856 ssh2
Sep 30 01:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user oracle from 211.197.158.113 port 50856 ssh2
Sep 30 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user oracle from 211.197.158.113 port 50856 ssh2
Sep 30 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: maximum authentication attempts exceeded for invalid user oracle from 211.197.158.113 port 50856 ssh2 [preauth]
Sep 30 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Invalid user oracle from 211.197.158.113
Sep 30 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: input_userauth_request: invalid user oracle [preauth]
Sep 30 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user oracle from 211.197.158.113 port 53340 ssh2
Sep 30 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for root from 162.144.236.216 port 41172 ssh2
Sep 30 01:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user oracle from 211.197.158.113 port 53340 ssh2
Sep 30 01:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Connection closed by 162.144.236.216 port 41172 [preauth]
Sep 30 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Invalid user rke from 59.98.83.57
Sep 30 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: input_userauth_request: invalid user rke [preauth]
Sep 30 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20786]: pam_unix(cron:session): session closed for user root
Sep 30 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user oracle from 211.197.158.113 port 53340 ssh2
Sep 30 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for invalid user rke from 59.98.83.57 port 51200 ssh2
Sep 30 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Received disconnect from 59.98.83.57 port 51200:11: Bye Bye [preauth]
Sep 30 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Disconnected from 59.98.83.57 port 51200 [preauth]
Sep 30 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user oracle from 211.197.158.113 port 53340 ssh2
Sep 30 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user oracle from 211.197.158.113 port 53340 ssh2
Sep 30 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user oracle from 211.197.158.113 port 53340 ssh2
Sep 30 01:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: error: maximum authentication attempts exceeded for invalid user oracle from 211.197.158.113 port 53340 ssh2 [preauth]
Sep 30 01:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Invalid user oracle from 211.197.158.113
Sep 30 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: input_userauth_request: invalid user oracle [preauth]
Sep 30 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Failed password for invalid user oracle from 211.197.158.113 port 55686 ssh2
Sep 30 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Failed password for invalid user oracle from 211.197.158.113 port 55686 ssh2
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Received disconnect from 211.197.158.113 port 55686:11: disconnected by user [preauth]
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Disconnected from 211.197.158.113 port 55686 [preauth]
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: Invalid user foundry from 40.115.18.231
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Invalid user zahid from 217.154.42.86
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: input_userauth_request: invalid user zahid [preauth]
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Invalid user usuario from 211.197.158.113
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: input_userauth_request: invalid user usuario [preauth]
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: Failed password for invalid user foundry from 40.115.18.231 port 39148 ssh2
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: Received disconnect from 40.115.18.231 port 39148:11: Bye Bye [preauth]
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22238]: Disconnected from 40.115.18.231 port 39148 [preauth]
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Failed password for invalid user zahid from 217.154.42.86 port 48486 ssh2
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user usuario from 211.197.158.113 port 56578 ssh2
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Received disconnect from 217.154.42.86 port 48486:11: Bye Bye [preauth]
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Disconnected from 217.154.42.86 port 48486 [preauth]
Sep 30 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user usuario from 211.197.158.113 port 56578 ssh2
Sep 30 01:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user usuario from 211.197.158.113 port 56578 ssh2
Sep 30 01:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22181]: Failed password for root from 162.144.236.216 port 49286 ssh2
Sep 30 01:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user usuario from 211.197.158.113 port 56578 ssh2
Sep 30 01:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22181]: Connection closed by 162.144.236.216 port 49286 [preauth]
Sep 30 01:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user usuario from 211.197.158.113 port 56578 ssh2
Sep 30 01:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user usuario from 211.197.158.113 port 56578 ssh2
Sep 30 01:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: error: maximum authentication attempts exceeded for invalid user usuario from 211.197.158.113 port 56578 ssh2 [preauth]
Sep 30 01:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Invalid user usuario from 211.197.158.113
Sep 30 01:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: input_userauth_request: invalid user usuario [preauth]
Sep 30 01:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user usuario from 211.197.158.113 port 59214 ssh2
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session closed for user root
Sep 30 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22357]: Successful su for rubyman by root
Sep 30 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22357]: + ??? root:rubyman
Sep 30 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318285 of user rubyman.
Sep 30 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22357]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318285.
Sep 30 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user usuario from 211.197.158.113 port 59214 ssh2
Sep 30 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user root
Sep 30 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user usuario from 211.197.158.113 port 59214 ssh2
Sep 30 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18930]: pam_unix(cron:session): session closed for user root
Sep 30 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Failed password for root from 162.144.236.216 port 57844 ssh2
Sep 30 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Connection closed by 162.144.236.216 port 57844 [preauth]
Sep 30 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user usuario from 211.197.158.113 port 59214 ssh2
Sep 30 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user usuario from 211.197.158.113 port 59214 ssh2
Sep 30 01:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user usuario from 211.197.158.113 port 59214 ssh2
Sep 30 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: maximum authentication attempts exceeded for invalid user usuario from 211.197.158.113 port 59214 ssh2 [preauth]
Sep 30 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Invalid user usuario from 211.197.158.113
Sep 30 01:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: input_userauth_request: invalid user usuario [preauth]
Sep 30 01:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Failed password for root from 162.144.236.216 port 35060 ssh2
Sep 30 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Failed password for invalid user usuario from 211.197.158.113 port 33524 ssh2
Sep 30 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Connection closed by 162.144.236.216 port 35060 [preauth]
Sep 30 01:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for root from 103.139.192.17 port 52330 ssh2
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Received disconnect from 103.139.192.17 port 52330:11: Bye Bye [preauth]
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Disconnected from 103.139.192.17 port 52330 [preauth]
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Failed password for invalid user usuario from 211.197.158.113 port 33524 ssh2
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Received disconnect from 211.197.158.113 port 33524:11: disconnected by user [preauth]
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: Disconnected from 211.197.158.113 port 33524 [preauth]
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22596]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Invalid user test from 211.197.158.113
Sep 30 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: input_userauth_request: invalid user test [preauth]
Sep 30 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 211.197.158.113 port 34600 ssh2
Sep 30 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: Invalid user Test from 117.216.211.19
Sep 30 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: input_userauth_request: invalid user Test [preauth]
Sep 30 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 211.197.158.113 port 34600 ssh2
Sep 30 01:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: Failed password for invalid user Test from 117.216.211.19 port 45664 ssh2
Sep 30 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: Received disconnect from 117.216.211.19 port 45664:11: Bye Bye [preauth]
Sep 30 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22627]: Disconnected from 117.216.211.19 port 45664 [preauth]
Sep 30 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 211.197.158.113 port 34600 ssh2
Sep 30 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for root from 162.144.236.216 port 41876 ssh2
Sep 30 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Connection closed by 162.144.236.216 port 41876 [preauth]
Sep 30 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 211.197.158.113 port 34600 ssh2
Sep 30 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 211.197.158.113 port 34600 ssh2
Sep 30 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Failed password for invalid user test from 211.197.158.113 port 34600 ssh2
Sep 30 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: error: maximum authentication attempts exceeded for invalid user test from 211.197.158.113 port 34600 ssh2 [preauth]
Sep 30 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22624]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Invalid user test from 211.197.158.113
Sep 30 01:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: input_userauth_request: invalid user test [preauth]
Sep 30 01:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21239]: pam_unix(cron:session): session closed for user root
Sep 30 01:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user test from 211.197.158.113 port 37098 ssh2
Sep 30 01:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user test from 211.197.158.113 port 37098 ssh2
Sep 30 01:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user test from 211.197.158.113 port 37098 ssh2
Sep 30 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user test from 211.197.158.113 port 37098 ssh2
Sep 30 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Failed password for root from 162.144.236.216 port 48126 ssh2
Sep 30 01:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user test from 211.197.158.113 port 37098 ssh2
Sep 30 01:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Invalid user mminchenok from 217.154.42.86
Sep 30 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: input_userauth_request: invalid user mminchenok [preauth]
Sep 30 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Connection closed by 162.144.236.216 port 48126 [preauth]
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user test from 211.197.158.113 port 37098 ssh2
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: maximum authentication attempts exceeded for invalid user test from 211.197.158.113 port 37098 ssh2 [preauth]
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Failed password for invalid user mminchenok from 217.154.42.86 port 51344 ssh2
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Received disconnect from 217.154.42.86 port 51344:11: Bye Bye [preauth]
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Disconnected from 217.154.42.86 port 51344 [preauth]
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Invalid user foundry from 59.98.83.57
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: input_userauth_request: invalid user foundry [preauth]
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: Invalid user test from 211.197.158.113
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: input_userauth_request: invalid user test [preauth]
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Failed password for invalid user foundry from 59.98.83.57 port 46678 ssh2
Sep 30 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: Failed password for invalid user test from 211.197.158.113 port 39738 ssh2
Sep 30 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Received disconnect from 59.98.83.57 port 46678:11: Bye Bye [preauth]
Sep 30 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Disconnected from 59.98.83.57 port 46678 [preauth]
Sep 30 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: Failed password for invalid user test from 211.197.158.113 port 39738 ssh2
Sep 30 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: Received disconnect from 211.197.158.113 port 39738:11: disconnected by user [preauth]
Sep 30 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: Disconnected from 211.197.158.113 port 39738 [preauth]
Sep 30 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22948]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Invalid user user from 211.197.158.113
Sep 30 01:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: input_userauth_request: invalid user user [preauth]
Sep 30 01:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for invalid user user from 211.197.158.113 port 40612 ssh2
Sep 30 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for invalid user user from 211.197.158.113 port 40612 ssh2
Sep 30 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Failed password for root from 40.115.18.231 port 36212 ssh2
Sep 30 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Received disconnect from 40.115.18.231 port 36212:11: Bye Bye [preauth]
Sep 30 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Disconnected from 40.115.18.231 port 36212 [preauth]
Sep 30 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for invalid user user from 211.197.158.113 port 40612 ssh2
Sep 30 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for invalid user user from 211.197.158.113 port 40612 ssh2
Sep 30 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22999]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22998]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for invalid user user from 211.197.158.113 port 40612 ssh2
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23089]: Successful su for rubyman by root
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23089]: + ??? root:rubyman
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318290 of user rubyman.
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23089]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318290.
Sep 30 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Failed password for root from 162.144.236.216 port 55024 ssh2
Sep 30 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22953]: Connection closed by 162.144.236.216 port 55024 [preauth]
Sep 30 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Failed password for invalid user user from 211.197.158.113 port 40612 ssh2
Sep 30 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: error: maximum authentication attempts exceeded for invalid user user from 211.197.158.113 port 40612 ssh2 [preauth]
Sep 30 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22962]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Invalid user user from 211.197.158.113
Sep 30 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: input_userauth_request: invalid user user [preauth]
Sep 30 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session closed for user root
Sep 30 01:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22997]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for invalid user user from 211.197.158.113 port 43312 ssh2
Sep 30 01:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for invalid user user from 211.197.158.113 port 43312 ssh2
Sep 30 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for invalid user user from 211.197.158.113 port 43312 ssh2
Sep 30 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for root from 162.144.236.216 port 36002 ssh2
Sep 30 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for invalid user user from 211.197.158.113 port 43312 ssh2
Sep 30 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Connection closed by 162.144.236.216 port 36002 [preauth]
Sep 30 01:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for invalid user user from 211.197.158.113 port 43312 ssh2
Sep 30 01:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Failed password for invalid user user from 211.197.158.113 port 43312 ssh2
Sep 30 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: error: maximum authentication attempts exceeded for invalid user user from 211.197.158.113 port 43312 ssh2 [preauth]
Sep 30 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23292]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Invalid user user from 211.197.158.113
Sep 30 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: input_userauth_request: invalid user user [preauth]
Sep 30 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Failed password for invalid user user from 211.197.158.113 port 45962 ssh2
Sep 30 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Failed password for invalid user user from 211.197.158.113 port 45962 ssh2
Sep 30 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: Failed password for root from 162.144.236.216 port 43688 ssh2
Sep 30 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23379]: Connection closed by 162.144.236.216 port 43688 [preauth]
Sep 30 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Failed password for invalid user user from 211.197.158.113 port 45962 ssh2
Sep 30 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Failed password for invalid user user from 211.197.158.113 port 45962 ssh2
Sep 30 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Received disconnect from 211.197.158.113 port 45962:11: disconnected by user [preauth]
Sep 30 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: Disconnected from 211.197.158.113 port 45962 [preauth]
Sep 30 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23393]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 30 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Invalid user ftpuser from 211.197.158.113
Sep 30 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: input_userauth_request: invalid user ftpuser [preauth]
Sep 30 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user ftpuser from 211.197.158.113 port 47678 ssh2
Sep 30 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Invalid user odoo15 from 117.216.211.19
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: input_userauth_request: invalid user odoo15 [preauth]
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user ftpuser from 211.197.158.113 port 47678 ssh2
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session closed for user root
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Failed password for invalid user odoo15 from 117.216.211.19 port 40222 ssh2
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user ftpuser from 211.197.158.113 port 47678 ssh2
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Received disconnect from 117.216.211.19 port 40222:11: Bye Bye [preauth]
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Disconnected from 117.216.211.19 port 40222 [preauth]
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: Failed password for root from 80.94.95.116 port 29466 ssh2
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: Connection closed by 80.94.95.116 port 29466 [preauth]
Sep 30 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user ftpuser from 211.197.158.113 port 47678 ssh2
Sep 30 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Failed password for root from 162.144.236.216 port 51330 ssh2
Sep 30 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Connection closed by 162.144.236.216 port 51330 [preauth]
Sep 30 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user ftpuser from 211.197.158.113 port 47678 ssh2
Sep 30 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Invalid user jacob from 217.154.42.86
Sep 30 01:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: input_userauth_request: invalid user jacob [preauth]
Sep 30 01:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Failed password for invalid user ftpuser from 211.197.158.113 port 47678 ssh2
Sep 30 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: error: maximum authentication attempts exceeded for invalid user ftpuser from 211.197.158.113 port 47678 ssh2 [preauth]
Sep 30 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23434]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Invalid user ftpuser from 211.197.158.113
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: input_userauth_request: invalid user ftpuser [preauth]
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Failed password for invalid user jacob from 217.154.42.86 port 34972 ssh2
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Received disconnect from 217.154.42.86 port 34972:11: Bye Bye [preauth]
Sep 30 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Disconnected from 217.154.42.86 port 34972 [preauth]
Sep 30 01:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user ftpuser from 211.197.158.113 port 50342 ssh2
Sep 30 01:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user ftpuser from 211.197.158.113 port 50342 ssh2
Sep 30 01:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user ftpuser from 211.197.158.113 port 50342 ssh2
Sep 30 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Failed password for root from 162.144.236.216 port 57798 ssh2
Sep 30 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user ftpuser from 211.197.158.113 port 50342 ssh2
Sep 30 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user ftpuser from 211.197.158.113 port 50342 ssh2
Sep 30 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Failed password for root from 103.139.192.17 port 46750 ssh2
Sep 30 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23494]: Connection closed by 162.144.236.216 port 57798 [preauth]
Sep 30 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Received disconnect from 103.139.192.17 port 46750:11: Bye Bye [preauth]
Sep 30 01:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Disconnected from 103.139.192.17 port 46750 [preauth]
Sep 30 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for invalid user ftpuser from 211.197.158.113 port 50342 ssh2
Sep 30 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: maximum authentication attempts exceeded for invalid user ftpuser from 211.197.158.113 port 50342 ssh2 [preauth]
Sep 30 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Invalid user ftpuser from 211.197.158.113
Sep 30 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: input_userauth_request: invalid user ftpuser [preauth]
Sep 30 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Failed password for invalid user ftpuser from 211.197.158.113 port 53134 ssh2
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23775]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23771]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23836]: Successful su for rubyman by root
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23836]: + ??? root:rubyman
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23836]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318293 of user rubyman.
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23836]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318293.
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Invalid user demo from 59.98.83.57
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: input_userauth_request: invalid user demo [preauth]
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Failed password for invalid user ftpuser from 211.197.158.113 port 53134 ssh2
Sep 30 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Failed password for invalid user demo from 59.98.83.57 port 42154 ssh2
Sep 30 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Received disconnect from 59.98.83.57 port 42154:11: Bye Bye [preauth]
Sep 30 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Disconnected from 59.98.83.57 port 42154 [preauth]
Sep 30 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20304]: pam_unix(cron:session): session closed for user root
Sep 30 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Failed password for invalid user ftpuser from 211.197.158.113 port 53134 ssh2
Sep 30 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Invalid user user1 from 40.115.18.231
Sep 30 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: input_userauth_request: invalid user user1 [preauth]
Sep 30 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23773]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Failed password for invalid user ftpuser from 211.197.158.113 port 53134 ssh2
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Received disconnect from 211.197.158.113 port 53134:11: disconnected by user [preauth]
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Disconnected from 211.197.158.113 port 53134 [preauth]
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 30 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Failed password for invalid user user1 from 40.115.18.231 port 33284 ssh2
Sep 30 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Received disconnect from 40.115.18.231 port 33284:11: Bye Bye [preauth]
Sep 30 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Disconnected from 40.115.18.231 port 33284 [preauth]
Sep 30 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Invalid user test1 from 211.197.158.113
Sep 30 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: input_userauth_request: invalid user test1 [preauth]
Sep 30 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: Failed password for root from 162.144.236.216 port 35694 ssh2
Sep 30 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user test1 from 211.197.158.113 port 55022 ssh2
Sep 30 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23752]: Connection closed by 162.144.236.216 port 35694 [preauth]
Sep 30 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user test1 from 211.197.158.113 port 55022 ssh2
Sep 30 01:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user test1 from 211.197.158.113 port 55022 ssh2
Sep 30 01:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user test1 from 211.197.158.113 port 55022 ssh2
Sep 30 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user test1 from 211.197.158.113 port 55022 ssh2
Sep 30 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user test1 from 211.197.158.113 port 55022 ssh2
Sep 30 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: error: maximum authentication attempts exceeded for invalid user test1 from 211.197.158.113 port 55022 ssh2 [preauth]
Sep 30 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Invalid user test1 from 211.197.158.113
Sep 30 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: input_userauth_request: invalid user test1 [preauth]
Sep 30 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user test1 from 211.197.158.113 port 57718 ssh2
Sep 30 01:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user test1 from 211.197.158.113 port 57718 ssh2
Sep 30 01:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user test1 from 211.197.158.113 port 57718 ssh2
Sep 30 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Failed password for root from 162.144.236.216 port 43126 ssh2
Sep 30 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24066]: Connection closed by 162.144.236.216 port 43126 [preauth]
Sep 30 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user test1 from 211.197.158.113 port 57718 ssh2
Sep 30 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session closed for user root
Sep 30 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user test1 from 211.197.158.113 port 57718 ssh2
Sep 30 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user test1 from 211.197.158.113 port 57718 ssh2
Sep 30 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: maximum authentication attempts exceeded for invalid user test1 from 211.197.158.113 port 57718 ssh2 [preauth]
Sep 30 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Invalid user test1 from 211.197.158.113
Sep 30 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: input_userauth_request: invalid user test1 [preauth]
Sep 30 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Failed password for invalid user test1 from 211.197.158.113 port 60354 ssh2
Sep 30 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Invalid user rr from 217.154.42.86
Sep 30 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: input_userauth_request: invalid user rr [preauth]
Sep 30 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Failed password for invalid user test1 from 211.197.158.113 port 60354 ssh2
Sep 30 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Received disconnect from 211.197.158.113 port 60354:11: disconnected by user [preauth]
Sep 30 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Disconnected from 211.197.158.113 port 60354 [preauth]
Sep 30 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Failed password for invalid user rr from 217.154.42.86 port 44148 ssh2
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Invalid user test2 from 211.197.158.113
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: input_userauth_request: invalid user test2 [preauth]
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Received disconnect from 217.154.42.86 port 44148:11: Bye Bye [preauth]
Sep 30 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24198]: Disconnected from 217.154.42.86 port 44148 [preauth]
Sep 30 01:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for invalid user test2 from 211.197.158.113 port 33160 ssh2
Sep 30 01:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for invalid user test2 from 211.197.158.113 port 33160 ssh2
Sep 30 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: Failed password for root from 117.216.211.19 port 34776 ssh2
Sep 30 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: Received disconnect from 117.216.211.19 port 34776:11: Bye Bye [preauth]
Sep 30 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: Disconnected from 117.216.211.19 port 34776 [preauth]
Sep 30 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for invalid user test2 from 211.197.158.113 port 33160 ssh2
Sep 30 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for invalid user test2 from 211.197.158.113 port 33160 ssh2
Sep 30 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Failed password for root from 162.144.236.216 port 53130 ssh2
Sep 30 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Connection closed by 162.144.236.216 port 53130 [preauth]
Sep 30 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for invalid user test2 from 211.197.158.113 port 33160 ssh2
Sep 30 01:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for invalid user test2 from 211.197.158.113 port 33160 ssh2
Sep 30 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: error: maximum authentication attempts exceeded for invalid user test2 from 211.197.158.113 port 33160 ssh2 [preauth]
Sep 30 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Invalid user test2 from 211.197.158.113
Sep 30 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: input_userauth_request: invalid user test2 [preauth]
Sep 30 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Failed password for invalid user test2 from 211.197.158.113 port 35698 ssh2
Sep 30 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24336]: Successful su for rubyman by root
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24336]: + ??? root:rubyman
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318298 of user rubyman.
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24336]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318298.
Sep 30 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Failed password for invalid user test2 from 211.197.158.113 port 35698 ssh2
Sep 30 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: Failed password for root from 162.144.236.216 port 33218 ssh2
Sep 30 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20785]: pam_unix(cron:session): session closed for user root
Sep 30 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Failed password for invalid user test2 from 211.197.158.113 port 35698 ssh2
Sep 30 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24252]: Connection closed by 162.144.236.216 port 33218 [preauth]
Sep 30 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Failed password for invalid user test2 from 211.197.158.113 port 35698 ssh2
Sep 30 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Failed password for invalid user test2 from 211.197.158.113 port 35698 ssh2
Sep 30 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Failed password for invalid user test2 from 211.197.158.113 port 35698 ssh2
Sep 30 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: error: maximum authentication attempts exceeded for invalid user test2 from 211.197.158.113 port 35698 ssh2 [preauth]
Sep 30 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24254]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: Invalid user test2 from 211.197.158.113
Sep 30 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: input_userauth_request: invalid user test2 [preauth]
Sep 30 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: Failed password for invalid user test2 from 211.197.158.113 port 38598 ssh2
Sep 30 01:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24551]: Failed password for root from 162.144.236.216 port 39720 ssh2
Sep 30 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24551]: Connection closed by 162.144.236.216 port 39720 [preauth]
Sep 30 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Invalid user minecraft from 40.115.18.231
Sep 30 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: Failed password for invalid user test2 from 211.197.158.113 port 38598 ssh2
Sep 30 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: Received disconnect from 211.197.158.113 port 38598:11: disconnected by user [preauth]
Sep 30 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: Disconnected from 211.197.158.113 port 38598 [preauth]
Sep 30 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24582]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Failed password for invalid user minecraft from 40.115.18.231 port 58590 ssh2
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Invalid user ubuntu from 211.197.158.113
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Received disconnect from 40.115.18.231 port 58590:11: Bye Bye [preauth]
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Disconnected from 40.115.18.231 port 58590 [preauth]
Sep 30 01:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Failed password for invalid user ubuntu from 211.197.158.113 port 39754 ssh2
Sep 30 01:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Failed password for root from 59.98.83.57 port 37636 ssh2
Sep 30 01:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Failed password for invalid user ubuntu from 211.197.158.113 port 39754 ssh2
Sep 30 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Received disconnect from 59.98.83.57 port 37636:11: Bye Bye [preauth]
Sep 30 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Disconnected from 59.98.83.57 port 37636 [preauth]
Sep 30 01:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Failed password for invalid user ubuntu from 211.197.158.113 port 39754 ssh2
Sep 30 01:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Failed password for invalid user ubuntu from 211.197.158.113 port 39754 ssh2
Sep 30 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Failed password for invalid user ubuntu from 211.197.158.113 port 39754 ssh2
Sep 30 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Failed password for invalid user ubuntu from 211.197.158.113 port 39754 ssh2
Sep 30 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: error: maximum authentication attempts exceeded for invalid user ubuntu from 211.197.158.113 port 39754 ssh2 [preauth]
Sep 30 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24610]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Invalid user ubuntu from 211.197.158.113
Sep 30 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22999]: pam_unix(cron:session): session closed for user root
Sep 30 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user ubuntu from 211.197.158.113 port 42416 ssh2
Sep 30 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Failed password for root from 162.144.236.216 port 48110 ssh2
Sep 30 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24612]: Connection closed by 162.144.236.216 port 48110 [preauth]
Sep 30 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user ubuntu from 211.197.158.113 port 42416 ssh2
Sep 30 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Invalid user sergey from 217.154.42.86
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: input_userauth_request: invalid user sergey [preauth]
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user ubuntu from 211.197.158.113 port 42416 ssh2
Sep 30 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Invalid user test from 103.139.192.17
Sep 30 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: input_userauth_request: invalid user test [preauth]
Sep 30 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Failed password for invalid user sergey from 217.154.42.86 port 44844 ssh2
Sep 30 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Received disconnect from 217.154.42.86 port 44844:11: Bye Bye [preauth]
Sep 30 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Disconnected from 217.154.42.86 port 44844 [preauth]
Sep 30 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user ubuntu from 211.197.158.113 port 42416 ssh2
Sep 30 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Failed password for invalid user test from 103.139.192.17 port 60110 ssh2
Sep 30 01:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Received disconnect from 103.139.192.17 port 60110:11: Bye Bye [preauth]
Sep 30 01:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Disconnected from 103.139.192.17 port 60110 [preauth]
Sep 30 01:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user ubuntu from 211.197.158.113 port 42416 ssh2
Sep 30 01:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user ubuntu from 211.197.158.113 port 42416 ssh2
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: maximum authentication attempts exceeded for invalid user ubuntu from 211.197.158.113 port 42416 ssh2 [preauth]
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Disconnecting: Too many authentication failures [preauth]
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: PAM service(sshd) ignoring max retries; 6 > 3
Sep 30 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Failed password for root from 162.144.236.216 port 56434 ssh2
Sep 30 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Invalid user ubuntu from 211.197.158.113
Sep 30 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Failed password for invalid user ubuntu from 211.197.158.113 port 45350 ssh2
Sep 30 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Connection closed by 162.144.236.216 port 56434 [preauth]
Sep 30 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Failed password for invalid user ubuntu from 211.197.158.113 port 45350 ssh2
Sep 30 01:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Failed password for invalid user ubuntu from 211.197.158.113 port 45350 ssh2
Sep 30 01:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Failed password for invalid user ubuntu from 211.197.158.113 port 45350 ssh2
Sep 30 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Received disconnect from 211.197.158.113 port 45350:11: disconnected by user [preauth]
Sep 30 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: Disconnected from 211.197.158.113 port 45350 [preauth]
Sep 30 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24725]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 30 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Invalid user pi from 211.197.158.113
Sep 30 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: input_userauth_request: invalid user pi [preauth]
Sep 30 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for invalid user pi from 211.197.158.113 port 47012 ssh2
Sep 30 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: Successful su for rubyman by root
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: + ??? root:rubyman
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318303 of user rubyman.
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24838]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318303.
Sep 30 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for invalid user pi from 211.197.158.113 port 47012 ssh2
Sep 30 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24770]: Failed password for root from 117.216.211.19 port 57564 ssh2
Sep 30 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24770]: Received disconnect from 117.216.211.19 port 57564:11: Bye Bye [preauth]
Sep 30 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24770]: Disconnected from 117.216.211.19 port 57564 [preauth]
Sep 30 01:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for invalid user pi from 211.197.158.113 port 47012 ssh2
Sep 30 01:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for root from 162.144.236.216 port 33068 ssh2
Sep 30 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21238]: pam_unix(cron:session): session closed for user root
Sep 30 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Connection closed by 162.144.236.216 port 33068 [preauth]
Sep 30 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for invalid user pi from 211.197.158.113 port 47012 ssh2
Sep 30 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Received disconnect from 211.197.158.113 port 47012:11: disconnected by user [preauth]
Sep 30 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Disconnected from 211.197.158.113 port 47012 [preauth]
Sep 30 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: PAM service(sshd) ignoring max retries; 4 > 3
Sep 30 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Invalid user baikal from 211.197.158.113
Sep 30 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: input_userauth_request: invalid user baikal [preauth]
Sep 30 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.197.158.113
Sep 30 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Failed password for invalid user baikal from 211.197.158.113 port 49182 ssh2
Sep 30 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Received disconnect from 211.197.158.113 port 49182:11: disconnected by user [preauth]
Sep 30 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Disconnected from 211.197.158.113 port 49182 [preauth]
Sep 30 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Failed password for root from 162.144.236.216 port 40614 ssh2
Sep 30 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25017]: Connection closed by 162.144.236.216 port 40614 [preauth]
Sep 30 01:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Invalid user ilya from 40.115.18.231
Sep 30 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: input_userauth_request: invalid user ilya [preauth]
Sep 30 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Failed password for invalid user ilya from 40.115.18.231 port 55664 ssh2
Sep 30 01:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: Failed password for root from 162.144.236.216 port 46818 ssh2
Sep 30 01:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Received disconnect from 40.115.18.231 port 55664:11: Bye Bye [preauth]
Sep 30 01:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25114]: Disconnected from 40.115.18.231 port 55664 [preauth]
Sep 30 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25080]: Connection closed by 162.144.236.216 port 46818 [preauth]
Sep 30 01:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Invalid user alessio from 59.98.83.57
Sep 30 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: input_userauth_request: invalid user alessio [preauth]
Sep 30 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session closed for user root
Sep 30 01:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Failed password for invalid user alessio from 59.98.83.57 port 33102 ssh2
Sep 30 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Received disconnect from 59.98.83.57 port 33102:11: Bye Bye [preauth]
Sep 30 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Disconnected from 59.98.83.57 port 33102 [preauth]
Sep 30 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Failed password for root from 217.154.42.86 port 54958 ssh2
Sep 30 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Received disconnect from 217.154.42.86 port 54958:11: Bye Bye [preauth]
Sep 30 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Disconnected from 217.154.42.86 port 54958 [preauth]
Sep 30 01:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Failed password for root from 162.144.236.216 port 54716 ssh2
Sep 30 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Connection closed by 162.144.236.216 port 54716 [preauth]
Sep 30 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: Failed password for root from 162.144.236.216 port 34386 ssh2
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25262]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session closed for user root
Sep 30 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25550]: Successful su for rubyman by root
Sep 30 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25550]: + ??? root:rubyman
Sep 30 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318305 of user rubyman.
Sep 30 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25550]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318305.
Sep 30 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25235]: Connection closed by 162.144.236.216 port 34386 [preauth]
Sep 30 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25262]: pam_unix(cron:session): session closed for user root
Sep 30 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user root
Sep 30 01:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Invalid user bot_server from 117.216.211.19
Sep 30 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: input_userauth_request: invalid user bot_server [preauth]
Sep 30 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25261]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Failed password for invalid user bot_server from 117.216.211.19 port 52120 ssh2
Sep 30 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Received disconnect from 117.216.211.19 port 52120:11: Bye Bye [preauth]
Sep 30 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Disconnected from 117.216.211.19 port 52120 [preauth]
Sep 30 01:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Failed password for root from 162.144.236.216 port 41672 ssh2
Sep 30 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Connection closed by 162.144.236.216 port 41672 [preauth]
Sep 30 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Invalid user jenkins from 93.152.230.176
Sep 30 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: input_userauth_request: invalid user jenkins [preauth]
Sep 30 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Failed password for invalid user jenkins from 93.152.230.176 port 52998 ssh2
Sep 30 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Received disconnect from 93.152.230.176 port 52998:11: Client disconnecting normally [preauth]
Sep 30 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Disconnected from 93.152.230.176 port 52998 [preauth]
Sep 30 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Failed password for root from 103.139.192.17 port 33302 ssh2
Sep 30 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Received disconnect from 103.139.192.17 port 33302:11: Bye Bye [preauth]
Sep 30 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Disconnected from 103.139.192.17 port 33302 [preauth]
Sep 30 01:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Invalid user sergey from 40.115.18.231
Sep 30 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: input_userauth_request: invalid user sergey [preauth]
Sep 30 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session closed for user root
Sep 30 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Failed password for invalid user sergey from 40.115.18.231 port 52724 ssh2
Sep 30 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Received disconnect from 40.115.18.231 port 52724:11: Bye Bye [preauth]
Sep 30 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Disconnected from 40.115.18.231 port 52724 [preauth]
Sep 30 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25901]: Failed password for root from 162.144.236.216 port 50372 ssh2
Sep 30 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.42.86  user=root
Sep 30 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: Failed password for root from 217.154.42.86 port 48992 ssh2
Sep 30 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: Received disconnect from 217.154.42.86 port 48992:11: Bye Bye [preauth]
Sep 30 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: Disconnected from 217.154.42.86 port 48992 [preauth]
Sep 30 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25901]: Connection closed by 162.144.236.216 port 50372 [preauth]
Sep 30 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Failed password for root from 59.98.83.57 port 56796 ssh2
Sep 30 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Received disconnect from 59.98.83.57 port 56796:11: Bye Bye [preauth]
Sep 30 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Disconnected from 59.98.83.57 port 56796 [preauth]
Sep 30 01:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Failed password for root from 162.144.236.216 port 60996 ssh2
Sep 30 01:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Connection closed by 162.144.236.216 port 60996 [preauth]
Sep 30 01:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26090]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26091]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26088]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: Successful su for rubyman by root
Sep 30 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: + ??? root:rubyman
Sep 30 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318312 of user rubyman.
Sep 30 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318312.
Sep 30 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Failed password for root from 162.144.236.216 port 40966 ssh2
Sep 30 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user root
Sep 30 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Connection closed by 162.144.236.216 port 40966 [preauth]
Sep 30 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26089]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Failed password for root from 162.144.236.216 port 45962 ssh2
Sep 30 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26369]: Connection closed by 162.144.236.216 port 45962 [preauth]
Sep 30 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Invalid user superadmin from 117.216.211.19
Sep 30 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: input_userauth_request: invalid user superadmin [preauth]
Sep 30 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Failed password for invalid user superadmin from 117.216.211.19 port 46638 ssh2
Sep 30 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Received disconnect from 117.216.211.19 port 46638:11: Bye Bye [preauth]
Sep 30 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Disconnected from 117.216.211.19 port 46638 [preauth]
Sep 30 01:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26504]: Failed password for root from 162.144.236.216 port 52110 ssh2
Sep 30 01:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26504]: Connection closed by 162.144.236.216 port 52110 [preauth]
Sep 30 01:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session closed for user root
Sep 30 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: Failed password for root from 162.144.236.216 port 59186 ssh2
Sep 30 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231  user=root
Sep 30 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Failed password for root from 40.115.18.231 port 49784 ssh2
Sep 30 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Received disconnect from 40.115.18.231 port 49784:11: Bye Bye [preauth]
Sep 30 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Disconnected from 40.115.18.231 port 49784 [preauth]
Sep 30 01:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: Connection closed by 162.144.236.216 port 59186 [preauth]
Sep 30 01:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for root from 162.144.236.216 port 36490 ssh2
Sep 30 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Connection closed by 162.144.236.216 port 36490 [preauth]
Sep 30 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Invalid user qwerty from 103.139.192.17
Sep 30 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: input_userauth_request: invalid user qwerty [preauth]
Sep 30 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Invalid user azureuser from 59.98.83.57
Sep 30 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: input_userauth_request: invalid user azureuser [preauth]
Sep 30 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Failed password for invalid user qwerty from 103.139.192.17 port 34830 ssh2
Sep 30 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Received disconnect from 103.139.192.17 port 34830:11: Bye Bye [preauth]
Sep 30 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: Disconnected from 103.139.192.17 port 34830 [preauth]
Sep 30 01:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Failed password for invalid user azureuser from 59.98.83.57 port 52264 ssh2
Sep 30 01:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Received disconnect from 59.98.83.57 port 52264:11: Bye Bye [preauth]
Sep 30 01:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Disconnected from 59.98.83.57 port 52264 [preauth]
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26673]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26672]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26666]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26758]: Successful su for rubyman by root
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26758]: + ??? root:rubyman
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318317 of user rubyman.
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26758]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318317.
Sep 30 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: Failed password for root from 162.144.236.216 port 41978 ssh2
Sep 30 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22998]: pam_unix(cron:session): session closed for user root
Sep 30 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26648]: Connection closed by 162.144.236.216 port 41978 [preauth]
Sep 30 01:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27045]: Failed password for root from 162.144.236.216 port 49642 ssh2
Sep 30 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27045]: Connection closed by 162.144.236.216 port 49642 [preauth]
Sep 30 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Failed password for root from 162.144.236.216 port 54484 ssh2
Sep 30 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27083]: Connection closed by 162.144.236.216 port 54484 [preauth]
Sep 30 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Failed password for root from 117.216.211.19 port 41228 ssh2
Sep 30 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Received disconnect from 117.216.211.19 port 41228:11: Bye Bye [preauth]
Sep 30 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Disconnected from 117.216.211.19 port 41228 [preauth]
Sep 30 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session closed for user root
Sep 30 01:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for root from 162.144.236.216 port 33236 ssh2
Sep 30 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Connection closed by 162.144.236.216 port 33236 [preauth]
Sep 30 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Invalid user npm from 40.115.18.231
Sep 30 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: input_userauth_request: invalid user npm [preauth]
Sep 30 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Failed password for invalid user npm from 40.115.18.231 port 46848 ssh2
Sep 30 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Received disconnect from 40.115.18.231 port 46848:11: Bye Bye [preauth]
Sep 30 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27214]: Disconnected from 40.115.18.231 port 46848 [preauth]
Sep 30 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Failed password for root from 162.144.236.216 port 40918 ssh2
Sep 30 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27213]: Connection closed by 162.144.236.216 port 40918 [preauth]
Sep 30 01:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27249]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27250]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: Successful su for rubyman by root
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: + ??? root:rubyman
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318320 of user rubyman.
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318320.
Sep 30 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23775]: pam_unix(cron:session): session closed for user root
Sep 30 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Failed password for root from 162.144.236.216 port 46906 ssh2
Sep 30 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Connection closed by 162.144.236.216 port 46906 [preauth]
Sep 30 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Invalid user minecraft from 59.98.83.57
Sep 30 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Failed password for invalid user minecraft from 59.98.83.57 port 47748 ssh2
Sep 30 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Received disconnect from 59.98.83.57 port 47748:11: Bye Bye [preauth]
Sep 30 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Disconnected from 59.98.83.57 port 47748 [preauth]
Sep 30 01:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Failed password for root from 162.144.236.216 port 53600 ssh2
Sep 30 01:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Connection closed by 162.144.236.216 port 53600 [preauth]
Sep 30 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: Failed password for root from 162.144.236.216 port 59728 ssh2
Sep 30 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27753]: Connection closed by 162.144.236.216 port 59728 [preauth]
Sep 30 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26091]: pam_unix(cron:session): session closed for user root
Sep 30 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Failed password for root from 103.139.192.17 port 60478 ssh2
Sep 30 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Received disconnect from 103.139.192.17 port 60478:11: Bye Bye [preauth]
Sep 30 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Disconnected from 103.139.192.17 port 60478 [preauth]
Sep 30 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Invalid user ubuntu from 117.216.211.19
Sep 30 01:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Failed password for invalid user ubuntu from 117.216.211.19 port 35792 ssh2
Sep 30 01:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Received disconnect from 117.216.211.19 port 35792:11: Bye Bye [preauth]
Sep 30 01:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27842]: Disconnected from 117.216.211.19 port 35792 [preauth]
Sep 30 01:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: Failed password for root from 162.144.236.216 port 37018 ssh2
Sep 30 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: Connection closed by 162.144.236.216 port 37018 [preauth]
Sep 30 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Invalid user karimi from 40.115.18.231
Sep 30 01:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: input_userauth_request: invalid user karimi [preauth]
Sep 30 01:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Failed password for invalid user karimi from 40.115.18.231 port 43918 ssh2
Sep 30 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Received disconnect from 40.115.18.231 port 43918:11: Bye Bye [preauth]
Sep 30 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Disconnected from 40.115.18.231 port 43918 [preauth]
Sep 30 01:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Failed password for root from 162.144.236.216 port 43764 ssh2
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Connection closed by 162.144.236.216 port 43764 [preauth]
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27908]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27907]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27905]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: Successful su for rubyman by root
Sep 30 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: + ??? root:rubyman
Sep 30 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318324 of user rubyman.
Sep 30 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318324.
Sep 30 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24269]: pam_unix(cron:session): session closed for user root
Sep 30 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27906]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 162.144.236.216 port 50354 ssh2
Sep 30 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Connection closed by 162.144.236.216 port 50354 [preauth]
Sep 30 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Failed password for root from 162.144.236.216 port 56764 ssh2
Sep 30 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Connection closed by 162.144.236.216 port 56764 [preauth]
Sep 30 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Failed password for root from 39.100.183.60 port 48070 ssh2
Sep 30 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28222]: Connection closed by 39.100.183.60 port 48070 [preauth]
Sep 30 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Invalid user admin from 39.100.183.60
Sep 30 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Failed password for invalid user admin from 39.100.183.60 port 55174 ssh2
Sep 30 01:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Connection closed by 39.100.183.60 port 55174 [preauth]
Sep 30 01:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Invalid user wp from 39.100.183.60
Sep 30 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: input_userauth_request: invalid user wp [preauth]
Sep 30 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Failed password for root from 59.98.83.57 port 43228 ssh2
Sep 30 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Failed password for invalid user wp from 39.100.183.60 port 34278 ssh2
Sep 30 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Received disconnect from 59.98.83.57 port 43228:11: Bye Bye [preauth]
Sep 30 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Disconnected from 59.98.83.57 port 43228 [preauth]
Sep 30 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Connection closed by 39.100.183.60 port 34278 [preauth]
Sep 30 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Invalid user jenkins from 39.100.183.60
Sep 30 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: input_userauth_request: invalid user jenkins [preauth]
Sep 30 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26673]: pam_unix(cron:session): session closed for user root
Sep 30 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for invalid user jenkins from 39.100.183.60 port 41058 ssh2
Sep 30 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Connection closed by 39.100.183.60 port 41058 [preauth]
Sep 30 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Invalid user cs2 from 39.100.183.60
Sep 30 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: input_userauth_request: invalid user cs2 [preauth]
Sep 30 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Failed password for invalid user cs2 from 39.100.183.60 port 48118 ssh2
Sep 30 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Connection closed by 39.100.183.60 port 48118 [preauth]
Sep 30 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Failed password for root from 39.100.183.60 port 55634 ssh2
Sep 30 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Failed password for root from 162.144.236.216 port 36970 ssh2
Sep 30 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Connection closed by 39.100.183.60 port 55634 [preauth]
Sep 30 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Invalid user devopsuser from 39.100.183.60
Sep 30 01:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: input_userauth_request: invalid user devopsuser [preauth]
Sep 30 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Connection closed by 162.144.236.216 port 36970 [preauth]
Sep 30 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Failed password for invalid user devopsuser from 39.100.183.60 port 35262 ssh2
Sep 30 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28348]: Connection closed by 39.100.183.60 port 35262 [preauth]
Sep 30 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Invalid user postgres from 39.100.183.60
Sep 30 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: input_userauth_request: invalid user postgres [preauth]
Sep 30 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Failed password for invalid user postgres from 39.100.183.60 port 41952 ssh2
Sep 30 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Connection closed by 39.100.183.60 port 41952 [preauth]
Sep 30 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: Invalid user steam from 39.100.183.60
Sep 30 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: input_userauth_request: invalid user steam [preauth]
Sep 30 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19  user=root
Sep 30 01:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: Failed password for invalid user steam from 39.100.183.60 port 49668 ssh2
Sep 30 01:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28364]: Connection closed by 39.100.183.60 port 49668 [preauth]
Sep 30 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Failed password for root from 117.216.211.19 port 58590 ssh2
Sep 30 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Received disconnect from 117.216.211.19 port 58590:11: Bye Bye [preauth]
Sep 30 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Disconnected from 117.216.211.19 port 58590 [preauth]
Sep 30 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Invalid user admin from 39.100.183.60
Sep 30 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Failed password for root from 162.144.236.216 port 44642 ssh2
Sep 30 01:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for invalid user admin from 39.100.183.60 port 58406 ssh2
Sep 30 01:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 39.100.183.60 port 58406 [preauth]
Sep 30 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Connection closed by 162.144.236.216 port 44642 [preauth]
Sep 30 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: Invalid user ubuntu from 39.100.183.60
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28407]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28405]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28407]: pam_unix(cron:session): session closed for user root
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Invalid user test from 40.115.18.231
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: input_userauth_request: invalid user test [preauth]
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28491]: Successful su for rubyman by root
Sep 30 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28491]: + ??? root:rubyman
Sep 30 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318331 of user rubyman.
Sep 30 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28491]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318331.
Sep 30 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: Failed password for invalid user ubuntu from 39.100.183.60 port 37578 ssh2
Sep 30 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Failed password for invalid user test from 40.115.18.231 port 40980 ssh2
Sep 30 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Received disconnect from 40.115.18.231 port 40980:11: Bye Bye [preauth]
Sep 30 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Disconnected from 40.115.18.231 port 40980 [preauth]
Sep 30 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: Connection closed by 39.100.183.60 port 37578 [preauth]
Sep 30 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: Invalid user db2inst1 from 39.100.183.60
Sep 30 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: input_userauth_request: invalid user db2inst1 [preauth]
Sep 30 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user root
Sep 30 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session closed for user root
Sep 30 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: Failed password for invalid user db2inst1 from 39.100.183.60 port 45194 ssh2
Sep 30 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: Connection closed by 39.100.183.60 port 45194 [preauth]
Sep 30 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Invalid user deploy from 39.100.183.60
Sep 30 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: input_userauth_request: invalid user deploy [preauth]
Sep 30 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: Failed password for root from 162.144.236.216 port 51494 ssh2
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Failed password for invalid user deploy from 39.100.183.60 port 52186 ssh2
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Invalid user minecraft from 103.139.192.17
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28394]: Connection closed by 162.144.236.216 port 51494 [preauth]
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Connection closed by 39.100.183.60 port 52186 [preauth]
Sep 30 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Failed password for invalid user minecraft from 103.139.192.17 port 42840 ssh2
Sep 30 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Received disconnect from 103.139.192.17 port 42840:11: Bye Bye [preauth]
Sep 30 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Disconnected from 103.139.192.17 port 42840 [preauth]
Sep 30 01:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28865]: User ftp from 39.100.183.60 not allowed because not listed in AllowUsers
Sep 30 01:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28865]: input_userauth_request: invalid user ftp [preauth]
Sep 30 01:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=ftp
Sep 30 01:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28865]: Failed password for invalid user ftp from 39.100.183.60 port 58288 ssh2
Sep 30 01:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28865]: Connection closed by 39.100.183.60 port 58288 [preauth]
Sep 30 01:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Invalid user test from 39.100.183.60
Sep 30 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: input_userauth_request: invalid user test [preauth]
Sep 30 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for root from 162.144.236.216 port 58678 ssh2
Sep 30 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Failed password for invalid user test from 39.100.183.60 port 39522 ssh2
Sep 30 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Connection closed by 39.100.183.60 port 39522 [preauth]
Sep 30 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Connection closed by 162.144.236.216 port 58678 [preauth]
Sep 30 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Invalid user cs2server from 39.100.183.60
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: input_userauth_request: invalid user cs2server [preauth]
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: Invalid user seafile from 20.163.71.109
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: input_userauth_request: invalid user seafile [preauth]
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Sep 30 01:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28994]: User ftp from 80.94.95.115 not allowed because not listed in AllowUsers
Sep 30 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28994]: input_userauth_request: invalid user ftp [preauth]
Sep 30 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=ftp
Sep 30 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Failed password for invalid user cs2server from 39.100.183.60 port 48776 ssh2
Sep 30 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: Failed password for invalid user seafile from 20.163.71.109 port 35548 ssh2
Sep 30 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: Connection closed by 20.163.71.109 port 35548 [preauth]
Sep 30 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Connection closed by 39.100.183.60 port 48776 [preauth]
Sep 30 01:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Invalid user pi from 39.100.183.60
Sep 30 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: input_userauth_request: invalid user pi [preauth]
Sep 30 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28994]: Failed password for invalid user ftp from 80.94.95.115 port 33128 ssh2
Sep 30 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28994]: Connection closed by 80.94.95.115 port 33128 [preauth]
Sep 30 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Failed password for invalid user pi from 39.100.183.60 port 56840 ssh2
Sep 30 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Connection closed by 39.100.183.60 port 56840 [preauth]
Sep 30 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Invalid user a1234 from 39.100.183.60
Sep 30 01:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: input_userauth_request: invalid user a1234 [preauth]
Sep 30 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Failed password for invalid user a1234 from 39.100.183.60 port 35000 ssh2
Sep 30 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29029]: Connection closed by 39.100.183.60 port 35000 [preauth]
Sep 30 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Invalid user debian from 39.100.183.60
Sep 30 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: input_userauth_request: invalid user debian [preauth]
Sep 30 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27250]: pam_unix(cron:session): session closed for user root
Sep 30 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Failed password for invalid user debian from 39.100.183.60 port 41438 ssh2
Sep 30 01:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29051]: Connection closed by 39.100.183.60 port 41438 [preauth]
Sep 30 01:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Failed password for root from 162.144.236.216 port 36380 ssh2
Sep 30 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Connection closed by 162.144.236.216 port 36380 [preauth]
Sep 30 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: Failed password for root from 39.100.183.60 port 50706 ssh2
Sep 30 01:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29086]: Connection closed by 39.100.183.60 port 50706 [preauth]
Sep 30 01:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Invalid user ts3 from 39.100.183.60
Sep 30 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: input_userauth_request: invalid user ts3 [preauth]
Sep 30 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Invalid user test from 59.98.83.57
Sep 30 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: input_userauth_request: invalid user test [preauth]
Sep 30 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Failed password for invalid user ts3 from 39.100.183.60 port 57424 ssh2
Sep 30 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29098]: Connection closed by 39.100.183.60 port 57424 [preauth]
Sep 30 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Failed password for invalid user test from 59.98.83.57 port 38698 ssh2
Sep 30 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Received disconnect from 59.98.83.57 port 38698:11: Bye Bye [preauth]
Sep 30 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Disconnected from 59.98.83.57 port 38698 [preauth]
Sep 30 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29130]: Failed password for root from 39.100.183.60 port 39956 ssh2
Sep 30 01:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29130]: Connection closed by 39.100.183.60 port 39956 [preauth]
Sep 30 01:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29096]: Failed password for root from 162.144.236.216 port 44574 ssh2
Sep 30 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29096]: Connection closed by 162.144.236.216 port 44574 [preauth]
Sep 30 01:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Invalid user user from 39.100.183.60
Sep 30 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: input_userauth_request: invalid user user [preauth]
Sep 30 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Failed password for invalid user user from 39.100.183.60 port 49734 ssh2
Sep 30 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29141]: Connection closed by 39.100.183.60 port 49734 [preauth]
Sep 30 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29174]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: Successful su for rubyman by root
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: + ??? root:rubyman
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318336 of user rubyman.
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29252]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318336.
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: Failed password for root from 39.100.183.60 port 38642 ssh2
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for root from 162.144.236.216 port 51820 ssh2
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29169]: Connection closed by 39.100.183.60 port 38642 [preauth]
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Invalid user minecraft from 39.100.183.60
Sep 30 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 162.144.236.216 port 51820 [preauth]
Sep 30 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Invalid user minecraft from 117.216.211.19
Sep 30 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: input_userauth_request: invalid user minecraft [preauth]
Sep 30 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Failed password for invalid user minecraft from 39.100.183.60 port 43396 ssh2
Sep 30 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29302]: Connection closed by 39.100.183.60 port 43396 [preauth]
Sep 30 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Failed password for invalid user minecraft from 117.216.211.19 port 53150 ssh2
Sep 30 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session closed for user root
Sep 30 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Received disconnect from 117.216.211.19 port 53150:11: Bye Bye [preauth]
Sep 30 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Disconnected from 117.216.211.19 port 53150 [preauth]
Sep 30 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Invalid user oracle from 39.100.183.60
Sep 30 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: input_userauth_request: invalid user oracle [preauth]
Sep 30 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Failed password for invalid user oracle from 39.100.183.60 port 49134 ssh2
Sep 30 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Connection closed by 39.100.183.60 port 49134 [preauth]
Sep 30 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: Invalid user jacob from 40.115.18.231
Sep 30 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: input_userauth_request: invalid user jacob [preauth]
Sep 30 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: Failed password for invalid user jacob from 40.115.18.231 port 38040 ssh2
Sep 30 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: Received disconnect from 40.115.18.231 port 38040:11: Bye Bye [preauth]
Sep 30 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29488]: Disconnected from 40.115.18.231 port 38040 [preauth]
Sep 30 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Failed password for root from 39.100.183.60 port 55442 ssh2
Sep 30 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Connection closed by 39.100.183.60 port 55442 [preauth]
Sep 30 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Failed password for root from 162.144.236.216 port 56088 ssh2
Sep 30 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Invalid user ubuntu from 39.100.183.60
Sep 30 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: input_userauth_request: invalid user ubuntu [preauth]
Sep 30 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Connection closed by 162.144.236.216 port 56088 [preauth]
Sep 30 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Failed password for invalid user ubuntu from 39.100.183.60 port 33886 ssh2
Sep 30 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Connection closed by 39.100.183.60 port 33886 [preauth]
Sep 30 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Invalid user postgres from 39.100.183.60
Sep 30 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: input_userauth_request: invalid user postgres [preauth]
Sep 30 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Failed password for invalid user postgres from 39.100.183.60 port 42776 ssh2
Sep 30 01:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Connection closed by 39.100.183.60 port 42776 [preauth]
Sep 30 01:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: Invalid user admin from 39.100.183.60
Sep 30 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: Failed password for invalid user admin from 39.100.183.60 port 48920 ssh2
Sep 30 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: Connection closed by 39.100.183.60 port 48920 [preauth]
Sep 30 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Invalid user es from 39.100.183.60
Sep 30 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: input_userauth_request: invalid user es [preauth]
Sep 30 01:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Failed password for root from 162.144.236.216 port 35498 ssh2
Sep 30 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Connection closed by 162.144.236.216 port 35498 [preauth]
Sep 30 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Failed password for invalid user es from 39.100.183.60 port 56000 ssh2
Sep 30 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Connection closed by 39.100.183.60 port 56000 [preauth]
Sep 30 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: Invalid user es from 39.100.183.60
Sep 30 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: input_userauth_request: invalid user es [preauth]
Sep 30 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: Failed password for invalid user es from 39.100.183.60 port 33176 ssh2
Sep 30 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29575]: Connection closed by 39.100.183.60 port 33176 [preauth]
Sep 30 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Invalid user teamspeak3 from 39.100.183.60
Sep 30 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: input_userauth_request: invalid user teamspeak3 [preauth]
Sep 30 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Failed password for invalid user teamspeak3 from 39.100.183.60 port 41114 ssh2
Sep 30 01:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Connection closed by 39.100.183.60 port 41114 [preauth]
Sep 30 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27908]: pam_unix(cron:session): session closed for user root
Sep 30 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: Invalid user admin from 39.100.183.60
Sep 30 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: Failed password for invalid user admin from 39.100.183.60 port 48188 ssh2
Sep 30 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: Connection closed by 39.100.183.60 port 48188 [preauth]
Sep 30 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Invalid user cassandra from 39.100.183.60
Sep 30 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: input_userauth_request: invalid user cassandra [preauth]
Sep 30 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Failed password for invalid user cassandra from 39.100.183.60 port 54818 ssh2
Sep 30 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Connection closed by 39.100.183.60 port 54818 [preauth]
Sep 30 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: Failed password for root from 162.144.236.216 port 41330 ssh2
Sep 30 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Invalid user ftptest from 103.139.192.17
Sep 30 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: input_userauth_request: invalid user ftptest [preauth]
Sep 30 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17
Sep 30 01:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29573]: Connection closed by 162.144.236.216 port 41330 [preauth]
Sep 30 01:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Failed password for invalid user ftptest from 103.139.192.17 port 49490 ssh2
Sep 30 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Received disconnect from 103.139.192.17 port 49490:11: Bye Bye [preauth]
Sep 30 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Disconnected from 103.139.192.17 port 49490 [preauth]
Sep 30 01:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Failed password for root from 59.98.83.57 port 34166 ssh2
Sep 30 01:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Received disconnect from 59.98.83.57 port 34166:11: Bye Bye [preauth]
Sep 30 01:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Disconnected from 59.98.83.57 port 34166 [preauth]
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29706]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29704]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29702]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: Successful su for rubyman by root
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: + ??? root:rubyman
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318337 of user rubyman.
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318337.
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Failed password for root from 162.144.236.216 port 49144 ssh2
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Invalid user testuser from 39.100.183.60
Sep 30 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: input_userauth_request: invalid user testuser [preauth]
Sep 30 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Failed password for invalid user testuser from 39.100.183.60 port 41364 ssh2
Sep 30 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29699]: Connection closed by 39.100.183.60 port 41364 [preauth]
Sep 30 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26090]: pam_unix(cron:session): session closed for user root
Sep 30 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Connection closed by 162.144.236.216 port 49144 [preauth]
Sep 30 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29703]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Invalid user user2 from 93.152.230.176
Sep 30 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: input_userauth_request: invalid user user2 [preauth]
Sep 30 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Failed password for invalid user user2 from 93.152.230.176 port 17993 ssh2
Sep 30 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Received disconnect from 93.152.230.176 port 17993:11: Client disconnecting normally [preauth]
Sep 30 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Disconnected from 93.152.230.176 port 17993 [preauth]
Sep 30 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Failed password for root from 162.144.236.216 port 58066 ssh2
Sep 30 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29980]: Connection closed by 162.144.236.216 port 58066 [preauth]
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Invalid user kafka from 39.100.183.60
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: input_userauth_request: invalid user kafka [preauth]
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 39.100.183.60 port 46360 ssh2
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Connection closed by 39.100.183.60 port 46360 [preauth]
Sep 30 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Failed password for invalid user kafka from 39.100.183.60 port 60096 ssh2
Sep 30 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29633]: Connection closed by 39.100.183.60 port 60096 [preauth]
Sep 30 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Invalid user steam from 39.100.183.60
Sep 30 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: input_userauth_request: invalid user steam [preauth]
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Invalid user hp from 117.216.211.19
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: input_userauth_request: invalid user hp [preauth]
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Invalid user sfserver from 40.115.18.231
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: input_userauth_request: invalid user sfserver [preauth]
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.115.18.231
Sep 30 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Failed password for invalid user steam from 39.100.183.60 port 39352 ssh2
Sep 30 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Failed password for invalid user hp from 117.216.211.19 port 47708 ssh2
Sep 30 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30041]: Connection closed by 39.100.183.60 port 39352 [preauth]
Sep 30 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Received disconnect from 117.216.211.19 port 47708:11: Bye Bye [preauth]
Sep 30 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30034]: Disconnected from 117.216.211.19 port 47708 [preauth]
Sep 30 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Failed password for invalid user sfserver from 40.115.18.231 port 35102 ssh2
Sep 30 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Received disconnect from 40.115.18.231 port 35102:11: Bye Bye [preauth]
Sep 30 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Disconnected from 40.115.18.231 port 35102 [preauth]
Sep 30 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Invalid user oracle from 39.100.183.60
Sep 30 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: input_userauth_request: invalid user oracle [preauth]
Sep 30 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Failed password for invalid user oracle from 39.100.183.60 port 45088 ssh2
Sep 30 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Connection closed by 39.100.183.60 port 45088 [preauth]
Sep 30 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Invalid user ansible from 39.100.183.60
Sep 30 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: input_userauth_request: invalid user ansible [preauth]
Sep 30 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Failed password for root from 162.144.236.216 port 35462 ssh2
Sep 30 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user ansible from 39.100.183.60 port 51482 ssh2
Sep 30 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30033]: Connection closed by 162.144.236.216 port 35462 [preauth]
Sep 30 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Connection closed by 39.100.183.60 port 51482 [preauth]
Sep 30 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30093]: Failed password for root from 162.144.236.216 port 41040 ssh2
Sep 30 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: Invalid user es from 39.100.183.60
Sep 30 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: input_userauth_request: invalid user es [preauth]
Sep 30 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Invalid user liyulan from 190.103.202.7
Sep 30 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: input_userauth_request: invalid user liyulan [preauth]
Sep 30 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Sep 30 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28405]: pam_unix(cron:session): session closed for user root
Sep 30 01:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30093]: Connection closed by 162.144.236.216 port 41040 [preauth]
Sep 30 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: Failed password for invalid user es from 39.100.183.60 port 57874 ssh2
Sep 30 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30095]: Connection closed by 39.100.183.60 port 57874 [preauth]
Sep 30 01:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Failed password for invalid user liyulan from 190.103.202.7 port 57000 ssh2
Sep 30 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Connection closed by 190.103.202.7 port 57000 [preauth]
Sep 30 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Invalid user es from 39.100.183.60
Sep 30 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: input_userauth_request: invalid user es [preauth]
Sep 30 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Failed password for invalid user es from 39.100.183.60 port 52394 ssh2
Sep 30 01:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Connection closed by 39.100.183.60 port 52394 [preauth]
Sep 30 01:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: Invalid user oracle from 39.100.183.60
Sep 30 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: input_userauth_request: invalid user oracle [preauth]
Sep 30 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: Failed password for invalid user oracle from 39.100.183.60 port 58146 ssh2
Sep 30 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30164]: Connection closed by 39.100.183.60 port 58146 [preauth]
Sep 30 01:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Failed password for root from 162.144.236.216 port 45940 ssh2
Sep 30 01:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Connection closed by 162.144.236.216 port 45940 [preauth]
Sep 30 01:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30243]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30240]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30315]: Successful su for rubyman by root
Sep 30 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30315]: + ??? root:rubyman
Sep 30 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318341 of user rubyman.
Sep 30 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30315]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318341.
Sep 30 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: Failed password for root from 162.144.236.216 port 51358 ssh2
Sep 30 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: Invalid user pi from 39.100.183.60
Sep 30 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: input_userauth_request: invalid user pi [preauth]
Sep 30 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26672]: pam_unix(cron:session): session closed for user root
Sep 30 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30212]: Connection closed by 162.144.236.216 port 51358 [preauth]
Sep 30 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: Failed password for invalid user pi from 39.100.183.60 port 47270 ssh2
Sep 30 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30458]: Connection closed by 39.100.183.60 port 47270 [preauth]
Sep 30 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30242]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Invalid user devuser from 39.100.183.60
Sep 30 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: input_userauth_request: invalid user devuser [preauth]
Sep 30 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Failed password for invalid user devuser from 39.100.183.60 port 53972 ssh2
Sep 30 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Connection closed by 39.100.183.60 port 53972 [preauth]
Sep 30 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Invalid user kali from 39.100.183.60
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: input_userauth_request: invalid user kali [preauth]
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Failed password for root from 162.144.236.216 port 59116 ssh2
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Invalid user ovpn from 59.98.83.57
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: input_userauth_request: invalid user ovpn [preauth]
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57
Sep 30 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30608]: Connection closed by 162.144.236.216 port 59116 [preauth]
Sep 30 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Failed password for invalid user kali from 39.100.183.60 port 34802 ssh2
Sep 30 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30658]: Connection closed by 39.100.183.60 port 34802 [preauth]
Sep 30 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Failed password for invalid user ovpn from 59.98.83.57 port 57866 ssh2
Sep 30 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Received disconnect from 59.98.83.57 port 57866:11: Bye Bye [preauth]
Sep 30 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Disconnected from 59.98.83.57 port 57866 [preauth]
Sep 30 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.139.192.17  user=root
Sep 30 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Failed password for root from 39.100.183.60 port 41784 ssh2
Sep 30 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Failed password for root from 103.139.192.17 port 43214 ssh2
Sep 30 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Connection closed by 39.100.183.60 port 41784 [preauth]
Sep 30 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Received disconnect from 103.139.192.17 port 43214:11: Bye Bye [preauth]
Sep 30 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Disconnected from 103.139.192.17 port 43214 [preauth]
Sep 30 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Invalid user es from 39.100.183.60
Sep 30 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: input_userauth_request: invalid user es [preauth]
Sep 30 01:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Failed password for invalid user es from 39.100.183.60 port 49938 ssh2
Sep 30 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Connection closed by 39.100.183.60 port 49938 [preauth]
Sep 30 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Invalid user drupal from 39.100.183.60
Sep 30 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: input_userauth_request: invalid user drupal [preauth]
Sep 30 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for root from 162.144.236.216 port 37892 ssh2
Sep 30 01:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Failed password for invalid user drupal from 39.100.183.60 port 55818 ssh2
Sep 30 01:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Connection closed by 39.100.183.60 port 55818 [preauth]
Sep 30 01:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Connection closed by 162.144.236.216 port 37892 [preauth]
Sep 30 01:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Invalid user test from 117.216.211.19
Sep 30 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: input_userauth_request: invalid user test [preauth]
Sep 30 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60  user=root
Sep 30 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Failed password for invalid user test from 117.216.211.19 port 42268 ssh2
Sep 30 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Failed password for root from 39.100.183.60 port 34874 ssh2
Sep 30 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Received disconnect from 117.216.211.19 port 42268:11: Bye Bye [preauth]
Sep 30 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Disconnected from 117.216.211.19 port 42268 [preauth]
Sep 30 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Connection closed by 39.100.183.60 port 34874 [preauth]
Sep 30 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user root
Sep 30 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Failed password for root from 162.144.236.216 port 44678 ssh2
Sep 30 01:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Connection closed by 162.144.236.216 port 44678 [preauth]
Sep 30 01:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Invalid user admin from 39.100.183.60
Sep 30 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.100.183.60
Sep 30 01:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user admin from 39.100.183.60 port 37648 ssh2
Sep 30 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Connection closed by 39.100.183.60 port 37648 [preauth]
Sep 30 01:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: Failed password for root from 162.144.236.216 port 51724 ssh2
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: Connection closed by 162.144.236.216 port 51724 [preauth]
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30905]: Successful su for rubyman by root
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30905]: + ??? root:rubyman
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318346 of user rubyman.
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30905]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318346.
Sep 30 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27249]: pam_unix(cron:session): session closed for user root
Sep 30 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for root from 162.144.236.216 port 58752 ssh2
Sep 30 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Connection closed by 162.144.236.216 port 58752 [preauth]
Sep 30 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: Failed password for root from 162.144.236.216 port 37620 ssh2
Sep 30 01:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: Connection closed by 162.144.236.216 port 37620 [preauth]
Sep 30 01:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Failed password for root from 59.98.83.57 port 53346 ssh2
Sep 30 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Received disconnect from 59.98.83.57 port 53346:11: Bye Bye [preauth]
Sep 30 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Disconnected from 59.98.83.57 port 53346 [preauth]
Sep 30 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29706]: pam_unix(cron:session): session closed for user root
Sep 30 01:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Failed password for root from 162.144.236.216 port 44884 ssh2
Sep 30 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Invalid user wilson from 117.216.211.19
Sep 30 01:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: input_userauth_request: invalid user wilson [preauth]
Sep 30 01:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Connection closed by 162.144.236.216 port 44884 [preauth]
Sep 30 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Failed password for invalid user wilson from 117.216.211.19 port 36830 ssh2
Sep 30 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Received disconnect from 117.216.211.19 port 36830:11: Bye Bye [preauth]
Sep 30 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Disconnected from 117.216.211.19 port 36830 [preauth]
Sep 30 01:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31263]: Failed password for root from 162.144.236.216 port 53846 ssh2
Sep 30 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31263]: Connection closed by 162.144.236.216 port 53846 [preauth]
Sep 30 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session closed for user root
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31375]: Successful su for rubyman by root
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31375]: + ??? root:rubyman
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318350 of user rubyman.
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31375]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318350.
Sep 30 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session closed for user root
Sep 30 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27907]: pam_unix(cron:session): session closed for user root
Sep 30 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for root from 162.144.236.216 port 59574 ssh2
Sep 30 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Connection closed by 162.144.236.216 port 59574 [preauth]
Sep 30 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31303]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for root from 162.144.236.216 port 39364 ssh2
Sep 30 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Connection closed by 162.144.236.216 port 39364 [preauth]
Sep 30 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for root from 162.144.236.216 port 44742 ssh2
Sep 30 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Connection closed by 162.144.236.216 port 44742 [preauth]
Sep 30 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session closed for user root
Sep 30 01:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Failed password for root from 162.144.236.216 port 52494 ssh2
Sep 30 01:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.98.83.57  user=root
Sep 30 01:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Invalid user admin from 62.60.131.157
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Failed password for root from 59.98.83.57 port 48824 ssh2
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Received disconnect from 59.98.83.57 port 48824:11: Bye Bye [preauth]
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31793]: Disconnected from 59.98.83.57 port 48824 [preauth]
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Connection closed by 162.144.236.216 port 52494 [preauth]
Sep 30 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user admin from 62.60.131.157 port 62854 ssh2
Sep 30 01:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user admin from 62.60.131.157 port 62854 ssh2
Sep 30 01:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user admin from 62.60.131.157 port 62854 ssh2
Sep 30 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user admin from 62.60.131.157 port 62854 ssh2
Sep 30 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Invalid user jane from 117.216.211.19
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: input_userauth_request: invalid user jane [preauth]
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.211.19
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Failed password for root from 162.144.236.216 port 33264 ssh2
Sep 30 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user admin from 62.60.131.157 port 62854 ssh2
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: Successful su for rubyman by root
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: + ??? root:rubyman
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318356 of user rubyman.
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318356.
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Received disconnect from 62.60.131.157 port 62854:11: Bye [preauth]
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Disconnected from 62.60.131.157 port 62854 [preauth]
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Failed password for invalid user jane from 117.216.211.19 port 59628 ssh2
Sep 30 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Received disconnect from 117.216.211.19 port 59628:11: Bye Bye [preauth]
Sep 30 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Disconnected from 117.216.211.19 port 59628 [preauth]
Sep 30 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Connection closed by 162.144.236.216 port 33264 [preauth]
Sep 30 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session closed for user root
Sep 30 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Failed password for root from 162.144.236.216 port 39748 ssh2
Sep 30 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Connection closed by 162.144.236.216 port 39748 [preauth]
Sep 30 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: Failed password for root from 162.144.236.216 port 45902 ssh2
Sep 30 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32133]: Connection closed by 162.144.236.216 port 45902 [preauth]
Sep 30 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Failed password for root from 162.144.236.216 port 51722 ssh2
Sep 30 01:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32175]: Connection closed by 162.144.236.216 port 51722 [preauth]
Sep 30 01:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user root
Sep 30 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Failed password for root from 162.144.236.216 port 56818 ssh2
Sep 30 01:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32213]: Connection closed by 162.144.236.216 port 56818 [preauth]
Sep 30 01:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: Failed password for root from 162.144.236.216 port 34614 ssh2
Sep 30 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32298]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32297]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32295]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32366]: Successful su for rubyman by root
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32366]: + ??? root:rubyman
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318360 of user rubyman.
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32366]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318360.
Sep 30 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32273]: Connection closed by 162.144.236.216 port 34614 [preauth]
Sep 30 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29174]: pam_unix(cron:session): session closed for user root
Sep 30 01:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32296]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Failed password for root from 162.144.236.216 port 41838 ssh2
Sep 30 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Connection closed by 162.144.236.216 port 41838 [preauth]
Sep 30 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Failed password for root from 162.144.236.216 port 49586 ssh2
Sep 30 01:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Connection closed by 162.144.236.216 port 49586 [preauth]
Sep 30 01:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session closed for user root
Sep 30 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Failed password for root from 162.144.236.216 port 57598 ssh2
Sep 30 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32641]: Connection closed by 162.144.236.216 port 57598 [preauth]
Sep 30 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Failed password for root from 162.144.236.216 port 38214 ssh2
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Connection closed by 162.144.236.216 port 38214 [preauth]
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32746]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32747]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[343]: Successful su for rubyman by root
Sep 30 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[343]: + ??? root:rubyman
Sep 30 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318364 of user rubyman.
Sep 30 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[343]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318364.
Sep 30 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29704]: pam_unix(cron:session): session closed for user root
Sep 30 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32745]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: Failed password for root from 162.144.236.216 port 44334 ssh2
Sep 30 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: Connection closed by 162.144.236.216 port 44334 [preauth]
Sep 30 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Failed password for root from 162.144.236.216 port 50340 ssh2
Sep 30 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Connection closed by 162.144.236.216 port 50340 [preauth]
Sep 30 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Failed password for root from 162.144.236.216 port 56468 ssh2
Sep 30 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[592]: Connection closed by 162.144.236.216 port 56468 [preauth]
Sep 30 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: Failed password for root from 162.144.236.216 port 35132 ssh2
Sep 30 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user root
Sep 30 01:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[624]: Connection closed by 162.144.236.216 port 35132 [preauth]
Sep 30 01:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: Failed password for root from 162.144.236.216 port 41860 ssh2
Sep 30 01:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[648]: Connection closed by 162.144.236.216 port 41860 [preauth]
Sep 30 01:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Failed password for root from 162.144.236.216 port 48630 ssh2
Sep 30 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[677]: Connection closed by 162.144.236.216 port 48630 [preauth]
Sep 30 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[725]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[724]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session closed for user p13x
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[807]: Successful su for rubyman by root
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[807]: + ??? root:rubyman
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318367 of user rubyman.
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[807]: pam_unix(su:session): session closed for user rubyman
Sep 30 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318367.
Sep 30 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: Failed password for root from 162.144.236.216 port 55406 ssh2
Sep 30 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: Connection closed by 162.144.236.216 port 55406 [preauth]
Sep 30 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30243]: pam_unix(cron:session): session closed for user root
Sep 30 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[723]: pam_unix(cron:session): session closed for user samftp
Sep 30 01:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Invalid user ming from 93.152.230.176
Sep 30 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: input_userauth_request: invalid user ming [preauth]
Sep 30 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Failed password for invalid user ming from 93.152.230.176 port 45364 ssh2
Sep 30 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Received disconnect from 93.152.230.176 port 45364:11: Client disconnecting normally [preauth]
Sep 30 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1107]: Disconnected from 93.152.230.176 port 45364 [preauth]
Sep 30 01:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Failed password for root from 162.144.236.216 port 36820 ssh2
Sep 30 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Connection closed by 162.144.236.216 port 36820 [preauth]
Sep 30 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Invalid user array from 185.156.73.233
Sep 30 01:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: input_userauth_request: invalid user array [preauth]
Sep 30 01:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 30 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for root from 162.144.236.216 port 43998 ssh2
Sep 30 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Connection closed by 162.144.236.216 port 43998 [preauth]
Sep 30 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Failed password for invalid user array from 185.156.73.233 port 44184 ssh2
Sep 30 01:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1150]: Connection closed by 185.156.73.233 port 44184 [preauth]
Sep 30 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Failed password for root from 162.144.236.216 port 50220 ssh2
Sep 30 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Connection closed by 162.144.236.216 port 50220 [preauth]
Sep 30 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32298]: pam_unix(cron:session): session closed for user root
Sep 30 01:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Invalid user admin from 80.94.95.112
Sep 30 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: input_userauth_request: invalid user admin [preauth]
Sep 30 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user admin from 80.94.95.112 port 13792 ssh2
Sep 30 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for root from 162.144.236.216 port 57306 ssh2
Sep 30 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Connection closed by 162.144.236.216 port 57306 [preauth]
Sep 30 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user admin from 80.94.95.112 port 13792 ssh2
Sep 30 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user admin from 80.94.95.112 port 13792 ssh2
Sep 30 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Failed password for root from 162.144.236.216 port 34358 ssh2
Sep 30 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user admin from 80.94.95.112 port 13792 ssh2
Sep 30 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Connection closed by 162.144.236.216 port 34358 [preauth]
Sep 30 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user admin from 80.94.95.112 port 13792 ssh2
Sep 30 01:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Received disconnect from 80.94.95.112 port 13792:11: Bye [preauth]
Sep 30 01:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Disconnected from 80.94.95.112 port 13792 [preauth]
Sep 30 01:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 01:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 01:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: Failed password for root from 162.144.236.216 port 39908 ssh2
Sep 30 01:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1255]: Connection closed by 162.144.236.216 port 39908 [preauth]
Sep 30 01:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 01:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Failed password for root from 162.144.236.216 port 44126 ssh2
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1294]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1295]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1293]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1296]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session closed for user root
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1293]: pam_unix(cron:session): session closed for user root
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1291]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1276]: Connection closed by 162.144.236.216 port 44126 [preauth]
Sep 30 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1418]: Successful su for rubyman by root
Sep 30 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1418]: + ??? root:rubyman
Sep 30 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318371 of user rubyman.
Sep 30 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1418]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318371.
Sep 30 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1294]: pam_unix(cron:session): session closed for user root
Sep 30 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user root
Sep 30 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: Failed password for root from 162.144.236.216 port 50800 ssh2
Sep 30 02:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1292]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1403]: Connection closed by 162.144.236.216 port 50800 [preauth]
Sep 30 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Failed password for root from 162.144.236.216 port 56770 ssh2
Sep 30 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Connection closed by 162.144.236.216 port 56770 [preauth]
Sep 30 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for root from 162.144.236.216 port 35610 ssh2
Sep 30 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Connection closed by 162.144.236.216 port 35610 [preauth]
Sep 30 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32747]: pam_unix(cron:session): session closed for user root
Sep 30 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Failed password for root from 162.144.236.216 port 42478 ssh2
Sep 30 02:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Connection closed by 162.144.236.216 port 42478 [preauth]
Sep 30 02:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for root from 162.144.236.216 port 49100 ssh2
Sep 30 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Connection closed by 162.144.236.216 port 49100 [preauth]
Sep 30 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Failed password for root from 162.144.236.216 port 55372 ssh2
Sep 30 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Connection closed by 162.144.236.216 port 55372 [preauth]
Sep 30 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1899]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1901]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1897]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: Successful su for rubyman by root
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: + ??? root:rubyman
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318379 of user rubyman.
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318379.
Sep 30 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Failed password for root from 162.144.236.216 port 33454 ssh2
Sep 30 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Connection closed by 162.144.236.216 port 33454 [preauth]
Sep 30 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session closed for user root
Sep 30 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1898]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Failed password for root from 162.144.236.216 port 41724 ssh2
Sep 30 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Connection closed by 162.144.236.216 port 41724 [preauth]
Sep 30 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: Failed password for root from 162.144.236.216 port 48416 ssh2
Sep 30 02:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2195]: Connection closed by 162.144.236.216 port 48416 [preauth]
Sep 30 02:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Failed password for root from 162.144.236.216 port 54594 ssh2
Sep 30 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Connection closed by 162.144.236.216 port 54594 [preauth]
Sep 30 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[725]: pam_unix(cron:session): session closed for user root
Sep 30 02:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Failed password for root from 162.144.236.216 port 60650 ssh2
Sep 30 02:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Connection closed by 162.144.236.216 port 60650 [preauth]
Sep 30 02:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for root from 162.144.236.216 port 37792 ssh2
Sep 30 02:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 162.144.236.216 port 37792 [preauth]
Sep 30 02:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Failed password for root from 162.144.236.216 port 44502 ssh2
Sep 30 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2317]: Connection closed by 162.144.236.216 port 44502 [preauth]
Sep 30 02:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Invalid user user from 62.60.131.157
Sep 30 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: input_userauth_request: invalid user user [preauth]
Sep 30 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 02:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Failed password for invalid user user from 62.60.131.157 port 30222 ssh2
Sep 30 02:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Failed password for invalid user user from 62.60.131.157 port 30222 ssh2
Sep 30 02:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: Failed password for root from 162.144.236.216 port 50024 ssh2
Sep 30 02:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Failed password for invalid user user from 62.60.131.157 port 30222 ssh2
Sep 30 02:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: Connection closed by 162.144.236.216 port 50024 [preauth]
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: Successful su for rubyman by root
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: + ??? root:rubyman
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318383 of user rubyman.
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318383.
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Failed password for invalid user user from 62.60.131.157 port 30222 ssh2
Sep 30 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Failed password for invalid user user from 62.60.131.157 port 30222 ssh2
Sep 30 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session closed for user root
Sep 30 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Received disconnect from 62.60.131.157 port 30222:11: Bye [preauth]
Sep 30 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Disconnected from 62.60.131.157 port 30222 [preauth]
Sep 30 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Sep 30 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Failed password for root from 162.144.236.216 port 56482 ssh2
Sep 30 02:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Connection closed by 162.144.236.216 port 56482 [preauth]
Sep 30 02:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Failed password for root from 162.144.236.216 port 35836 ssh2
Sep 30 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Connection closed by 162.144.236.216 port 35836 [preauth]
Sep 30 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: Invalid user array from 80.94.95.116
Sep 30 02:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: input_userauth_request: invalid user array [preauth]
Sep 30 02:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 30 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: Failed password for invalid user array from 80.94.95.116 port 25836 ssh2
Sep 30 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2671]: Connection closed by 80.94.95.116 port 25836 [preauth]
Sep 30 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Failed password for root from 162.144.236.216 port 41610 ssh2
Sep 30 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2672]: Connection closed by 162.144.236.216 port 41610 [preauth]
Sep 30 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1296]: pam_unix(cron:session): session closed for user root
Sep 30 02:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Failed password for root from 162.144.236.216 port 47974 ssh2
Sep 30 02:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2707]: Connection closed by 162.144.236.216 port 47974 [preauth]
Sep 30 02:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Failed password for root from 162.144.236.216 port 55858 ssh2
Sep 30 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Connection closed by 162.144.236.216 port 55858 [preauth]
Sep 30 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Failed password for root from 162.144.236.216 port 34076 ssh2
Sep 30 02:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2778]: Connection closed by 162.144.236.216 port 34076 [preauth]
Sep 30 02:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2811]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: Successful su for rubyman by root
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: + ??? root:rubyman
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318388 of user rubyman.
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2872]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318388.
Sep 30 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Failed password for root from 162.144.236.216 port 40980 ssh2
Sep 30 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Connection closed by 162.144.236.216 port 40980 [preauth]
Sep 30 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32297]: pam_unix(cron:session): session closed for user root
Sep 30 02:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for root from 162.144.236.216 port 47482 ssh2
Sep 30 02:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Connection closed by 162.144.236.216 port 47482 [preauth]
Sep 30 02:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Failed password for root from 162.144.236.216 port 56044 ssh2
Sep 30 02:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3109]: Connection closed by 162.144.236.216 port 56044 [preauth]
Sep 30 02:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Failed password for root from 162.144.236.216 port 33444 ssh2
Sep 30 02:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Connection closed by 162.144.236.216 port 33444 [preauth]
Sep 30 02:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1901]: pam_unix(cron:session): session closed for user root
Sep 30 02:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Failed password for root from 162.144.236.216 port 39238 ssh2
Sep 30 02:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Connection closed by 162.144.236.216 port 39238 [preauth]
Sep 30 02:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for root from 162.144.236.216 port 45984 ssh2
Sep 30 02:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Connection closed by 162.144.236.216 port 45984 [preauth]
Sep 30 02:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: Failed password for root from 162.144.236.216 port 51194 ssh2
Sep 30 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3207]: Connection closed by 162.144.236.216 port 51194 [preauth]
Sep 30 02:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Failed password for root from 162.144.236.216 port 57556 ssh2
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Connection closed by 162.144.236.216 port 57556 [preauth]
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3245]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3242]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: Successful su for rubyman by root
Sep 30 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: + ??? root:rubyman
Sep 30 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318392 of user rubyman.
Sep 30 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3316]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318392.
Sep 30 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32746]: pam_unix(cron:session): session closed for user root
Sep 30 02:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3243]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Failed password for root from 162.144.236.216 port 34460 ssh2
Sep 30 02:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Connection closed by 162.144.236.216 port 34460 [preauth]
Sep 30 02:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: Failed password for root from 162.144.236.216 port 40536 ssh2
Sep 30 02:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: Connection closed by 162.144.236.216 port 40536 [preauth]
Sep 30 02:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Failed password for root from 162.144.236.216 port 48768 ssh2
Sep 30 02:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Connection closed by 162.144.236.216 port 48768 [preauth]
Sep 30 02:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2359]: pam_unix(cron:session): session closed for user root
Sep 30 02:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Failed password for root from 162.144.236.216 port 55244 ssh2
Sep 30 02:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3583]: Connection closed by 162.144.236.216 port 55244 [preauth]
Sep 30 02:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Failed password for root from 162.144.236.216 port 35582 ssh2
Sep 30 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Connection closed by 162.144.236.216 port 35582 [preauth]
Sep 30 02:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Failed password for root from 162.144.236.216 port 43622 ssh2
Sep 30 02:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Connection closed by 162.144.236.216 port 43622 [preauth]
Sep 30 02:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session closed for user root
Sep 30 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3761]: Successful su for rubyman by root
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3761]: + ??? root:rubyman
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318396 of user rubyman.
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3761]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318396.
Sep 30 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 162.144.236.216 port 49544 ssh2
Sep 30 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Connection closed by 162.144.236.216 port 49544 [preauth]
Sep 30 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Sep 30 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[724]: pam_unix(cron:session): session closed for user root
Sep 30 02:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Failed password for root from 162.144.236.216 port 54076 ssh2
Sep 30 02:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Connection closed by 162.144.236.216 port 54076 [preauth]
Sep 30 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: Failed password for root from 162.144.236.216 port 33892 ssh2
Sep 30 02:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4014]: Connection closed by 162.144.236.216 port 33892 [preauth]
Sep 30 02:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Failed password for root from 162.144.236.216 port 40168 ssh2
Sep 30 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Connection closed by 162.144.236.216 port 40168 [preauth]
Sep 30 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2811]: pam_unix(cron:session): session closed for user root
Sep 30 02:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Failed password for root from 162.144.236.216 port 46776 ssh2
Sep 30 02:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Connection closed by 162.144.236.216 port 46776 [preauth]
Sep 30 02:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Failed password for root from 162.144.236.216 port 53296 ssh2
Sep 30 02:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Connection closed by 162.144.236.216 port 53296 [preauth]
Sep 30 02:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Failed password for root from 162.144.236.216 port 58984 ssh2
Sep 30 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Connection closed by 162.144.236.216 port 58984 [preauth]
Sep 30 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: Successful su for rubyman by root
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: + ??? root:rubyman
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318400 of user rubyman.
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4258]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318400.
Sep 30 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Failed password for root from 162.144.236.216 port 37396 ssh2
Sep 30 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Connection closed by 162.144.236.216 port 37396 [preauth]
Sep 30 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1295]: pam_unix(cron:session): session closed for user root
Sep 30 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4330]: Failed password for root from 162.144.236.216 port 42452 ssh2
Sep 30 02:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4330]: Connection closed by 162.144.236.216 port 42452 [preauth]
Sep 30 02:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176  user=root
Sep 30 02:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Failed password for root from 93.152.230.176 port 26961 ssh2
Sep 30 02:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Received disconnect from 93.152.230.176 port 26961:11: Client disconnecting normally [preauth]
Sep 30 02:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Disconnected from 93.152.230.176 port 26961 [preauth]
Sep 30 02:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Failed password for root from 162.144.236.216 port 47450 ssh2
Sep 30 02:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Connection closed by 162.144.236.216 port 47450 [preauth]
Sep 30 02:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: Failed password for root from 162.144.236.216 port 54770 ssh2
Sep 30 02:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4494]: Connection closed by 162.144.236.216 port 54770 [preauth]
Sep 30 02:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Failed password for root from 162.144.236.216 port 59822 ssh2
Sep 30 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Connection closed by 162.144.236.216 port 59822 [preauth]
Sep 30 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session closed for user root
Sep 30 02:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Failed password for root from 162.144.236.216 port 38812 ssh2
Sep 30 02:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Connection closed by 162.144.236.216 port 38812 [preauth]
Sep 30 02:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for root from 162.144.236.216 port 44408 ssh2
Sep 30 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Connection closed by 162.144.236.216 port 44408 [preauth]
Sep 30 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4614]: Failed password for root from 162.144.236.216 port 51600 ssh2
Sep 30 02:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4614]: Connection closed by 162.144.236.216 port 51600 [preauth]
Sep 30 02:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4644]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4643]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4639]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: Successful su for rubyman by root
Sep 30 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: + ??? root:rubyman
Sep 30 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318405 of user rubyman.
Sep 30 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4712]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318405.
Sep 30 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1899]: pam_unix(cron:session): session closed for user root
Sep 30 02:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: Failed password for root from 162.144.236.216 port 58120 ssh2
Sep 30 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4642]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4636]: Connection closed by 162.144.236.216 port 58120 [preauth]
Sep 30 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Failed password for root from 162.144.236.216 port 37144 ssh2
Sep 30 02:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Connection closed by 162.144.236.216 port 37144 [preauth]
Sep 30 02:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Failed password for root from 162.144.236.216 port 44060 ssh2
Sep 30 02:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Connection closed by 162.144.236.216 port 44060 [preauth]
Sep 30 02:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: Failed password for root from 162.144.236.216 port 50206 ssh2
Sep 30 02:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4977]: Connection closed by 162.144.236.216 port 50206 [preauth]
Sep 30 02:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session closed for user root
Sep 30 02:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Failed password for root from 162.144.236.216 port 55750 ssh2
Sep 30 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4999]: Connection closed by 162.144.236.216 port 55750 [preauth]
Sep 30 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Failed password for root from 162.144.236.216 port 34142 ssh2
Sep 30 02:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5038]: Connection closed by 162.144.236.216 port 34142 [preauth]
Sep 30 02:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5108]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5107]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5104]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5168]: Successful su for rubyman by root
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5168]: + ??? root:rubyman
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318408 of user rubyman.
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5168]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318408.
Sep 30 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: Failed password for root from 162.144.236.216 port 45818 ssh2
Sep 30 02:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2358]: pam_unix(cron:session): session closed for user root
Sep 30 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5091]: Connection closed by 162.144.236.216 port 45818 [preauth]
Sep 30 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5105]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: Failed password for root from 162.144.236.216 port 52512 ssh2
Sep 30 02:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: Connection closed by 162.144.236.216 port 52512 [preauth]
Sep 30 02:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Failed password for root from 162.144.236.216 port 60420 ssh2
Sep 30 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Connection closed by 162.144.236.216 port 60420 [preauth]
Sep 30 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Failed password for root from 162.144.236.216 port 37708 ssh2
Sep 30 02:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Connection closed by 162.144.236.216 port 37708 [preauth]
Sep 30 02:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user root
Sep 30 02:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: Failed password for root from 162.144.236.216 port 43254 ssh2
Sep 30 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5536]: Connection closed by 162.144.236.216 port 43254 [preauth]
Sep 30 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: Failed password for root from 162.144.236.216 port 49534 ssh2
Sep 30 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5581]: Connection closed by 162.144.236.216 port 49534 [preauth]
Sep 30 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for root from 162.144.236.216 port 55704 ssh2
Sep 30 02:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Connection closed by 162.144.236.216 port 55704 [preauth]
Sep 30 02:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5650]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5649]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5645]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5647]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: Successful su for rubyman by root
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: + ??? root:rubyman
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318413 of user rubyman.
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5801]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318413.
Sep 30 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5645]: pam_unix(cron:session): session closed for user root
Sep 30 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Failed password for root from 162.144.236.216 port 35312 ssh2
Sep 30 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Connection closed by 162.144.236.216 port 35312 [preauth]
Sep 30 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session closed for user root
Sep 30 02:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5648]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: Failed password for root from 162.144.236.216 port 40390 ssh2
Sep 30 02:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: Connection closed by 162.144.236.216 port 40390 [preauth]
Sep 30 02:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for root from 162.144.236.216 port 46882 ssh2
Sep 30 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 162.144.236.216 port 46882 [preauth]
Sep 30 02:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Failed password for root from 162.144.236.216 port 53092 ssh2
Sep 30 02:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Connection closed by 162.144.236.216 port 53092 [preauth]
Sep 30 02:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4644]: pam_unix(cron:session): session closed for user root
Sep 30 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Failed password for root from 162.144.236.216 port 57310 ssh2
Sep 30 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6093]: Connection closed by 162.144.236.216 port 57310 [preauth]
Sep 30 02:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Failed password for root from 162.144.236.216 port 36584 ssh2
Sep 30 02:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Connection closed by 162.144.236.216 port 36584 [preauth]
Sep 30 02:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Failed password for root from 162.144.236.216 port 42714 ssh2
Sep 30 02:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Connection closed by 162.144.236.216 port 42714 [preauth]
Sep 30 02:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session closed for user root
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: Successful su for rubyman by root
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: + ??? root:rubyman
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318420 of user rubyman.
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318420.
Sep 30 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for root from 162.144.236.216 port 49072 ssh2
Sep 30 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Connection closed by 162.144.236.216 port 49072 [preauth]
Sep 30 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6208]: pam_unix(cron:session): session closed for user root
Sep 30 02:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3245]: pam_unix(cron:session): session closed for user root
Sep 30 02:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6207]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for root from 162.144.236.216 port 58152 ssh2
Sep 30 02:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Did not receive identification string from 121.186.31.54
Sep 30 02:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 162.144.236.216 port 58152 [preauth]
Sep 30 02:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: User backup from 62.60.131.157 not allowed because not listed in AllowUsers
Sep 30 02:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: input_userauth_request: invalid user backup [preauth]
Sep 30 02:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=backup
Sep 30 02:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Failed password for invalid user backup from 62.60.131.157 port 62292 ssh2
Sep 30 02:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Failed password for invalid user backup from 62.60.131.157 port 62292 ssh2
Sep 30 02:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Failed password for root from 162.144.236.216 port 37352 ssh2
Sep 30 02:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Connection closed by 162.144.236.216 port 37352 [preauth]
Sep 30 02:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Failed password for invalid user backup from 62.60.131.157 port 62292 ssh2
Sep 30 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: message repeated 2 times: [ Failed password for invalid user backup from 62.60.131.157 port 62292 ssh2]
Sep 30 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Received disconnect from 62.60.131.157 port 62292:11: Bye [preauth]
Sep 30 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: Disconnected from 62.60.131.157 port 62292 [preauth]
Sep 30 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=backup
Sep 30 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6532]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 02:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Failed password for root from 162.144.236.216 port 43270 ssh2
Sep 30 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Connection closed by 162.144.236.216 port 43270 [preauth]
Sep 30 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5108]: pam_unix(cron:session): session closed for user root
Sep 30 02:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Failed password for root from 162.144.236.216 port 50006 ssh2
Sep 30 02:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Connection closed by 162.144.236.216 port 50006 [preauth]
Sep 30 02:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for root from 162.144.236.216 port 55620 ssh2
Sep 30 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6734]: Connection closed by 185.156.73.233 port 25812 [preauth]
Sep 30 02:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Connection closed by 162.144.236.216 port 55620 [preauth]
Sep 30 02:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Failed password for root from 162.144.236.216 port 33098 ssh2
Sep 30 02:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Connection closed by 162.144.236.216 port 33098 [preauth]
Sep 30 02:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for root from 162.144.236.216 port 40158 ssh2
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Connection closed by 162.144.236.216 port 40158 [preauth]
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6800]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6799]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: Successful su for rubyman by root
Sep 30 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: + ??? root:rubyman
Sep 30 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318424 of user rubyman.
Sep 30 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318424.
Sep 30 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session closed for user root
Sep 30 02:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6796]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for root from 162.144.236.216 port 47602 ssh2
Sep 30 02:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Connection closed by 162.144.236.216 port 47602 [preauth]
Sep 30 02:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Failed password for root from 162.144.236.216 port 55152 ssh2
Sep 30 02:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Connection closed by 162.144.236.216 port 55152 [preauth]
Sep 30 02:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Failed password for root from 162.144.236.216 port 33984 ssh2
Sep 30 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Connection closed by 162.144.236.216 port 33984 [preauth]
Sep 30 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5650]: pam_unix(cron:session): session closed for user root
Sep 30 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Failed password for root from 162.144.236.216 port 40362 ssh2
Sep 30 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7243]: Connection closed by 162.144.236.216 port 40362 [preauth]
Sep 30 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Failed password for root from 162.144.236.216 port 45912 ssh2
Sep 30 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Connection closed by 162.144.236.216 port 45912 [preauth]
Sep 30 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for root from 162.144.236.216 port 51238 ssh2
Sep 30 02:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Connection closed by 162.144.236.216 port 51238 [preauth]
Sep 30 02:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Failed password for root from 162.144.236.216 port 59448 ssh2
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: Successful su for rubyman by root
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: + ??? root:rubyman
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318427 of user rubyman.
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318427.
Sep 30 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Connection closed by 162.144.236.216 port 59448 [preauth]
Sep 30 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user root
Sep 30 02:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Failed password for root from 162.144.236.216 port 39062 ssh2
Sep 30 02:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Connection closed by 162.144.236.216 port 39062 [preauth]
Sep 30 02:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Failed password for root from 162.144.236.216 port 46120 ssh2
Sep 30 02:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7637]: Connection closed by 162.144.236.216 port 46120 [preauth]
Sep 30 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7662]: Failed password for root from 162.144.236.216 port 52660 ssh2
Sep 30 02:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7662]: Connection closed by 162.144.236.216 port 52660 [preauth]
Sep 30 02:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session closed for user root
Sep 30 02:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7711]: Failed password for root from 162.144.236.216 port 59510 ssh2
Sep 30 02:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7711]: Connection closed by 162.144.236.216 port 59510 [preauth]
Sep 30 02:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Failed password for root from 162.144.236.216 port 37596 ssh2
Sep 30 02:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7754]: Connection closed by 162.144.236.216 port 37596 [preauth]
Sep 30 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Failed password for root from 162.144.236.216 port 47428 ssh2
Sep 30 02:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7797]: Connection closed by 162.144.236.216 port 47428 [preauth]
Sep 30 02:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7822]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: Successful su for rubyman by root
Sep 30 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: + ??? root:rubyman
Sep 30 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318431 of user rubyman.
Sep 30 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7906]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318431.
Sep 30 02:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4643]: pam_unix(cron:session): session closed for user root
Sep 30 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Failed password for root from 162.144.236.216 port 55638 ssh2
Sep 30 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Connection closed by 162.144.236.216 port 55638 [preauth]
Sep 30 02:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7823]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8118]: Failed password for root from 162.144.236.216 port 33694 ssh2
Sep 30 02:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8118]: Connection closed by 162.144.236.216 port 33694 [preauth]
Sep 30 02:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8181]: Failed password for root from 162.144.236.216 port 39932 ssh2
Sep 30 02:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8181]: Connection closed by 162.144.236.216 port 39932 [preauth]
Sep 30 02:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Invalid user osmc from 93.152.230.176
Sep 30 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: input_userauth_request: invalid user osmc [preauth]
Sep 30 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: Failed password for root from 162.144.236.216 port 46458 ssh2
Sep 30 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Failed password for invalid user osmc from 93.152.230.176 port 17997 ssh2
Sep 30 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Received disconnect from 93.152.230.176 port 17997:11: Client disconnecting normally [preauth]
Sep 30 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8226]: Disconnected from 93.152.230.176 port 17997 [preauth]
Sep 30 02:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8196]: Connection closed by 162.144.236.216 port 46458 [preauth]
Sep 30 02:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6800]: pam_unix(cron:session): session closed for user root
Sep 30 02:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Failed password for root from 162.144.236.216 port 52722 ssh2
Sep 30 02:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Connection closed by 162.144.236.216 port 52722 [preauth]
Sep 30 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for root from 162.144.236.216 port 58368 ssh2
Sep 30 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Connection closed by 162.144.236.216 port 58368 [preauth]
Sep 30 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Failed password for root from 162.144.236.216 port 35664 ssh2
Sep 30 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8297]: Connection closed by 162.144.236.216 port 35664 [preauth]
Sep 30 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Failed password for root from 162.144.236.216 port 40370 ssh2
Sep 30 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8310]: Connection closed by 162.144.236.216 port 40370 [preauth]
Sep 30 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8336]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8334]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8417]: Successful su for rubyman by root
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8417]: + ??? root:rubyman
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318436 of user rubyman.
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8417]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318436.
Sep 30 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5107]: pam_unix(cron:session): session closed for user root
Sep 30 02:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8335]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Failed password for root from 162.144.236.216 port 48054 ssh2
Sep 30 02:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8407]: Connection closed by 162.144.236.216 port 48054 [preauth]
Sep 30 02:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Failed password for root from 162.144.236.216 port 54516 ssh2
Sep 30 02:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8643]: Connection closed by 162.144.236.216 port 54516 [preauth]
Sep 30 02:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Failed password for root from 162.144.236.216 port 33500 ssh2
Sep 30 02:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Connection closed by 162.144.236.216 port 33500 [preauth]
Sep 30 02:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session closed for user root
Sep 30 02:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: Failed password for root from 162.144.236.216 port 40564 ssh2
Sep 30 02:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: Connection closed by 162.144.236.216 port 40564 [preauth]
Sep 30 02:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Failed password for root from 162.144.236.216 port 47266 ssh2
Sep 30 02:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Connection closed by 162.144.236.216 port 47266 [preauth]
Sep 30 02:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Failed password for root from 162.144.236.216 port 52844 ssh2
Sep 30 02:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8880]: Connection closed by 162.144.236.216 port 52844 [preauth]
Sep 30 02:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: Failed password for root from 162.144.236.216 port 58562 ssh2
Sep 30 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: Connection closed by 162.144.236.216 port 58562 [preauth]
Sep 30 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8927]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8928]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8926]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8928]: pam_unix(cron:session): session closed for user root
Sep 30 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9003]: Successful su for rubyman by root
Sep 30 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9003]: + ??? root:rubyman
Sep 30 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318442 of user rubyman.
Sep 30 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9003]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318442.
Sep 30 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session closed for user root
Sep 30 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5649]: pam_unix(cron:session): session closed for user root
Sep 30 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Bad protocol version identification '\026\003\001\002' from 164.52.24.187 port 53421
Sep 30 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for root from 162.144.236.216 port 37148 ssh2
Sep 30 02:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection closed by 162.144.236.216 port 37148 [preauth]
Sep 30 02:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Did not receive identification string from 164.52.24.187
Sep 30 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: Failed password for root from 162.144.236.216 port 45644 ssh2
Sep 30 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9348]: Connection closed by 162.144.236.216 port 45644 [preauth]
Sep 30 02:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Failed password for root from 66.23.227.122 port 60836 ssh2
Sep 30 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Received disconnect from 66.23.227.122 port 60836:11: Bye Bye [preauth]
Sep 30 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9399]: Disconnected from 66.23.227.122 port 60836 [preauth]
Sep 30 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Failed password for root from 162.144.236.216 port 51002 ssh2
Sep 30 02:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Connection closed by 162.144.236.216 port 51002 [preauth]
Sep 30 02:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Failed password for root from 162.144.236.216 port 57220 ssh2
Sep 30 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session closed for user root
Sep 30 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9424]: Connection closed by 162.144.236.216 port 57220 [preauth]
Sep 30 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9459]: Failed password for root from 162.144.236.216 port 36386 ssh2
Sep 30 02:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9459]: Connection closed by 162.144.236.216 port 36386 [preauth]
Sep 30 02:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9470]: Failed password for root from 162.144.236.216 port 42084 ssh2
Sep 30 02:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9470]: Connection closed by 162.144.236.216 port 42084 [preauth]
Sep 30 02:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: Failed password for root from 162.144.236.216 port 48150 ssh2
Sep 30 02:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9504]: Connection closed by 162.144.236.216 port 48150 [preauth]
Sep 30 02:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: Successful su for rubyman by root
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: + ??? root:rubyman
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318445 of user rubyman.
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318445.
Sep 30 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Failed password for root from 162.144.236.216 port 54974 ssh2
Sep 30 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Connection closed by 162.144.236.216 port 54974 [preauth]
Sep 30 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6209]: pam_unix(cron:session): session closed for user root
Sep 30 02:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: Connection closed by 164.52.24.187 port 41868 [preauth]
Sep 30 02:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: Failed password for root from 162.144.236.216 port 59846 ssh2
Sep 30 02:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: Connection closed by 162.144.236.216 port 59846 [preauth]
Sep 30 02:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: Failed password for root from 162.144.236.216 port 38360 ssh2
Sep 30 02:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: Connection closed by 162.144.236.216 port 38360 [preauth]
Sep 30 02:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: Failed password for root from 162.144.236.216 port 44928 ssh2
Sep 30 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9975]: Connection closed by 162.144.236.216 port 44928 [preauth]
Sep 30 02:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8337]: pam_unix(cron:session): session closed for user root
Sep 30 02:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Failed password for root from 162.144.236.216 port 54158 ssh2
Sep 30 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Connection closed by 162.144.236.216 port 54158 [preauth]
Sep 30 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Failed password for root from 162.144.236.216 port 60550 ssh2
Sep 30 02:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Connection closed by 162.144.236.216 port 60550 [preauth]
Sep 30 02:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1536
Sep 30 02:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for root from 162.144.236.216 port 38624 ssh2
Sep 30 02:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Connection closed by 162.144.236.216 port 38624 [preauth]
Sep 30 02:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session closed for user root
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: Successful su for rubyman by root
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: + ??? root:rubyman
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318451 of user rubyman.
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318451.
Sep 30 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Failed password for root from 162.144.236.216 port 43960 ssh2
Sep 30 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Connection closed by 162.144.236.216 port 43960 [preauth]
Sep 30 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6799]: pam_unix(cron:session): session closed for user root
Sep 30 02:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for root from 162.144.236.216 port 50720 ssh2
Sep 30 02:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Connection closed by 162.144.236.216 port 50720 [preauth]
Sep 30 02:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Failed password for root from 162.144.236.216 port 58266 ssh2
Sep 30 02:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Connection closed by 162.144.236.216 port 58266 [preauth]
Sep 30 02:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8927]: pam_unix(cron:session): session closed for user root
Sep 30 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Failed password for root from 162.144.236.216 port 39064 ssh2
Sep 30 02:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Connection closed by 162.144.236.216 port 39064 [preauth]
Sep 30 02:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: fatal: mm_answer_moduli: bad parameters: 2048 2048 512
Sep 30 02:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Failed password for root from 162.144.236.216 port 47612 ssh2
Sep 30 02:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10522]: Connection closed by 162.144.236.216 port 47612 [preauth]
Sep 30 02:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: Failed password for root from 162.144.236.216 port 54916 ssh2
Sep 30 02:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: Connection closed by 162.144.236.216 port 54916 [preauth]
Sep 30 02:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Failed password for root from 162.144.236.216 port 60842 ssh2
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: Successful su for rubyman by root
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: + ??? root:rubyman
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318456 of user rubyman.
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10666]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318456.
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10584]: Connection closed by 162.144.236.216 port 60842 [preauth]
Sep 30 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session closed for user root
Sep 30 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: Failed password for root from 162.144.236.216 port 39406 ssh2
Sep 30 02:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10679]: Connection closed by 162.144.236.216 port 39406 [preauth]
Sep 30 02:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Failed password for root from 162.144.236.216 port 44636 ssh2
Sep 30 02:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Connection closed by 162.144.236.216 port 44636 [preauth]
Sep 30 02:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10908]: fatal: mm_answer_moduli: bad parameters: 2048 2048 768
Sep 30 02:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Failed password for root from 162.144.236.216 port 51864 ssh2
Sep 30 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10910]: Connection closed by 162.144.236.216 port 51864 [preauth]
Sep 30 02:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Failed password for root from 162.144.236.216 port 58886 ssh2
Sep 30 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10945]: Connection closed by 162.144.236.216 port 58886 [preauth]
Sep 30 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session closed for user root
Sep 30 02:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Failed password for root from 162.144.236.216 port 36246 ssh2
Sep 30 02:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Connection closed by 162.144.236.216 port 36246 [preauth]
Sep 30 02:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Failed password for root from 162.144.236.216 port 42328 ssh2
Sep 30 02:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Connection closed by 162.144.236.216 port 42328 [preauth]
Sep 30 02:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Failed password for root from 162.144.236.216 port 50112 ssh2
Sep 30 02:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Connection closed by 162.144.236.216 port 50112 [preauth]
Sep 30 02:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11054]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11051]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11116]: Successful su for rubyman by root
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11116]: + ??? root:rubyman
Sep 30 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318459 of user rubyman.
Sep 30 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11116]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318459.
Sep 30 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11138]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
Sep 30 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session closed for user root
Sep 30 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: Failed password for root from 162.144.236.216 port 56066 ssh2
Sep 30 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: Connection closed by 162.144.236.216 port 56066 [preauth]
Sep 30 02:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11052]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Failed password for root from 162.144.236.216 port 34526 ssh2
Sep 30 02:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Connection closed by 162.144.236.216 port 34526 [preauth]
Sep 30 02:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for root from 162.144.236.216 port 42072 ssh2
Sep 30 02:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Connection closed by 162.144.236.216 port 42072 [preauth]
Sep 30 02:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Failed password for root from 66.23.227.122 port 57044 ssh2
Sep 30 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Received disconnect from 66.23.227.122 port 57044:11: Bye Bye [preauth]
Sep 30 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Disconnected from 66.23.227.122 port 57044 [preauth]
Sep 30 02:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Failed password for root from 162.144.236.216 port 48726 ssh2
Sep 30 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user root
Sep 30 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Connection closed by 162.144.236.216 port 48726 [preauth]
Sep 30 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: Failed password for root from 162.144.236.216 port 56174 ssh2
Sep 30 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11414]: Connection closed by 162.144.236.216 port 56174 [preauth]
Sep 30 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1536
Sep 30 02:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Failed password for root from 162.144.236.216 port 35448 ssh2
Sep 30 02:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Connection closed by 162.144.236.216 port 35448 [preauth]
Sep 30 02:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Failed password for root from 162.144.236.216 port 41592 ssh2
Sep 30 02:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Connection closed by 162.144.236.216 port 41592 [preauth]
Sep 30 02:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11501]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11501]: pam_unix(cron:session): session closed for user root
Sep 30 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: Successful su for rubyman by root
Sep 30 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: + ??? root:rubyman
Sep 30 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318462 of user rubyman.
Sep 30 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318462.
Sep 30 02:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user root
Sep 30 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8336]: pam_unix(cron:session): session closed for user root
Sep 30 02:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Failed password for root from 162.144.236.216 port 48160 ssh2
Sep 30 02:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Connection closed by 162.144.236.216 port 48160 [preauth]
Sep 30 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Failed password for root from 162.144.236.216 port 57096 ssh2
Sep 30 02:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Connection closed by 162.144.236.216 port 57096 [preauth]
Sep 30 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Sep 30 02:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Failed password for root from 185.156.73.233 port 21898 ssh2
Sep 30 02:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Connection closed by 185.156.73.233 port 21898 [preauth]
Sep 30 02:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Failed password for root from 162.144.236.216 port 35432 ssh2
Sep 30 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Connection closed by 162.144.236.216 port 35432 [preauth]
Sep 30 02:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Invalid user ftpclient from 66.23.227.122
Sep 30 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: input_userauth_request: invalid user ftpclient [preauth]
Sep 30 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session closed for user root
Sep 30 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11981]: Connection closed by 164.52.24.187 port 44604 [preauth]
Sep 30 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Failed password for invalid user ftpclient from 66.23.227.122 port 53212 ssh2
Sep 30 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Received disconnect from 66.23.227.122 port 53212:11: Bye Bye [preauth]
Sep 30 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Disconnected from 66.23.227.122 port 53212 [preauth]
Sep 30 02:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: Failed password for root from 162.144.236.216 port 42196 ssh2
Sep 30 02:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11969]: Connection closed by 162.144.236.216 port 42196 [preauth]
Sep 30 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Invalid user kkkk from 93.152.230.176
Sep 30 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: input_userauth_request: invalid user kkkk [preauth]
Sep 30 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 02:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Failed password for invalid user kkkk from 93.152.230.176 port 25842 ssh2
Sep 30 02:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Received disconnect from 93.152.230.176 port 25842:11: Client disconnecting normally [preauth]
Sep 30 02:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Disconnected from 93.152.230.176 port 25842 [preauth]
Sep 30 02:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Failed password for root from 162.144.236.216 port 48930 ssh2
Sep 30 02:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Connection closed by 162.144.236.216 port 48930 [preauth]
Sep 30 02:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for root from 162.144.236.216 port 55310 ssh2
Sep 30 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Connection closed by 162.144.236.216 port 55310 [preauth]
Sep 30 02:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: Successful su for rubyman by root
Sep 30 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: + ??? root:rubyman
Sep 30 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318469 of user rubyman.
Sep 30 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318469.
Sep 30 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Failed password for root from 162.144.236.216 port 34620 ssh2
Sep 30 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Connection closed by 162.144.236.216 port 34620 [preauth]
Sep 30 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8926]: pam_unix(cron:session): session closed for user root
Sep 30 02:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Failed password for root from 162.144.236.216 port 41902 ssh2
Sep 30 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Connection closed by 162.144.236.216 port 41902 [preauth]
Sep 30 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Failed password for root from 162.144.236.216 port 48668 ssh2
Sep 30 02:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Connection closed by 162.144.236.216 port 48668 [preauth]
Sep 30 02:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: Failed password for root from 162.144.236.216 port 55430 ssh2
Sep 30 02:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12403]: Connection closed by 162.144.236.216 port 55430 [preauth]
Sep 30 02:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Failed password for root from 162.144.236.216 port 60960 ssh2
Sep 30 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Invalid user k8s from 66.23.227.122
Sep 30 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: input_userauth_request: invalid user k8s [preauth]
Sep 30 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11054]: pam_unix(cron:session): session closed for user root
Sep 30 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Connection closed by 162.144.236.216 port 60960 [preauth]
Sep 30 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Failed password for invalid user k8s from 66.23.227.122 port 34692 ssh2
Sep 30 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Received disconnect from 66.23.227.122 port 34692:11: Bye Bye [preauth]
Sep 30 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12440]: Disconnected from 66.23.227.122 port 34692 [preauth]
Sep 30 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Failed password for root from 162.144.236.216 port 38542 ssh2
Sep 30 02:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Connection closed by 162.144.236.216 port 38542 [preauth]
Sep 30 02:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Failed password for root from 162.144.236.216 port 43034 ssh2
Sep 30 02:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Connection closed by 162.144.236.216 port 43034 [preauth]
Sep 30 02:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Failed password for root from 162.144.236.216 port 50328 ssh2
Sep 30 02:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Connection closed by 162.144.236.216 port 50328 [preauth]
Sep 30 02:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12540]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12600]: Successful su for rubyman by root
Sep 30 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12600]: + ??? root:rubyman
Sep 30 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318473 of user rubyman.
Sep 30 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12600]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318473.
Sep 30 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9527]: pam_unix(cron:session): session closed for user root
Sep 30 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12532]: Failed password for root from 162.144.236.216 port 57172 ssh2
Sep 30 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12532]: Connection closed by 162.144.236.216 port 57172 [preauth]
Sep 30 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Failed password for root from 162.144.236.216 port 34632 ssh2
Sep 30 02:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Connection closed by 162.144.236.216 port 34632 [preauth]
Sep 30 02:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Failed password for root from 162.144.236.216 port 40998 ssh2
Sep 30 02:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Connection closed by 162.144.236.216 port 40998 [preauth]
Sep 30 02:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Failed password for root from 162.144.236.216 port 48550 ssh2
Sep 30 02:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Connection closed by 162.144.236.216 port 48550 [preauth]
Sep 30 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Invalid user seekcy from 66.23.227.122
Sep 30 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: input_userauth_request: invalid user seekcy [preauth]
Sep 30 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user seekcy from 66.23.227.122 port 35508 ssh2
Sep 30 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Received disconnect from 66.23.227.122 port 35508:11: Bye Bye [preauth]
Sep 30 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Disconnected from 66.23.227.122 port 35508 [preauth]
Sep 30 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session closed for user root
Sep 30 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12899]: Failed password for root from 162.144.236.216 port 54954 ssh2
Sep 30 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12899]: Connection closed by 162.144.236.216 port 54954 [preauth]
Sep 30 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: Failed password for root from 162.144.236.216 port 32992 ssh2
Sep 30 02:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12948]: Connection closed by 162.144.236.216 port 32992 [preauth]
Sep 30 02:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Failed password for root from 162.144.236.216 port 40656 ssh2
Sep 30 02:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Connection closed by 162.144.236.216 port 40656 [preauth]
Sep 30 02:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: Successful su for rubyman by root
Sep 30 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: + ??? root:rubyman
Sep 30 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318476 of user rubyman.
Sep 30 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13081]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318476.
Sep 30 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Failed password for root from 162.144.236.216 port 48122 ssh2
Sep 30 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user root
Sep 30 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Connection closed by 162.144.236.216 port 48122 [preauth]
Sep 30 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Failed password for root from 162.144.236.216 port 54596 ssh2
Sep 30 02:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Connection closed by 162.144.236.216 port 54596 [preauth]
Sep 30 02:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.15.38  user=root
Sep 30 02:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Failed password for root from 162.144.236.216 port 33000 ssh2
Sep 30 02:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13328]: Failed password for root from 47.237.15.38 port 33950 ssh2
Sep 30 02:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13328]: Connection closed by 47.237.15.38 port 33950 [preauth]
Sep 30 02:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Connection closed by 162.144.236.216 port 33000 [preauth]
Sep 30 02:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: Invalid user seekcy from 66.23.227.122
Sep 30 02:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: input_userauth_request: invalid user seekcy [preauth]
Sep 30 02:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Failed password for root from 162.144.236.216 port 38934 ssh2
Sep 30 02:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Connection closed by 162.144.236.216 port 38934 [preauth]
Sep 30 02:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: Failed password for invalid user seekcy from 66.23.227.122 port 48620 ssh2
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: Received disconnect from 66.23.227.122 port 48620:11: Bye Bye [preauth]
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13366]: Disconnected from 66.23.227.122 port 48620 [preauth]
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Invalid user admin from 78.128.112.74
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: input_userauth_request: invalid user admin [preauth]
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Sep 30 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Failed password for invalid user admin from 78.128.112.74 port 60892 ssh2
Sep 30 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Connection closed by 78.128.112.74 port 60892 [preauth]
Sep 30 02:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session closed for user root
Sep 30 02:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for root from 162.144.236.216 port 45056 ssh2
Sep 30 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Connection closed by 162.144.236.216 port 45056 [preauth]
Sep 30 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Failed password for root from 162.144.236.216 port 51800 ssh2
Sep 30 02:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Connection closed by 162.144.236.216 port 51800 [preauth]
Sep 30 02:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Failed password for root from 162.144.236.216 port 59372 ssh2
Sep 30 02:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13448]: Connection closed by 162.144.236.216 port 59372 [preauth]
Sep 30 02:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13473]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13471]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13537]: Successful su for rubyman by root
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13537]: + ??? root:rubyman
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318480 of user rubyman.
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13537]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318480.
Sep 30 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for root from 162.144.236.216 port 37910 ssh2
Sep 30 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Connection closed by 162.144.236.216 port 37910 [preauth]
Sep 30 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user root
Sep 30 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13472]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Failed password for root from 162.144.236.216 port 43892 ssh2
Sep 30 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13600]: Connection closed by 162.144.236.216 port 43892 [preauth]
Sep 30 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Failed password for root from 162.144.236.216 port 49196 ssh2
Sep 30 02:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: Invalid user ftpuser from 66.23.227.122
Sep 30 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: input_userauth_request: invalid user ftpuser [preauth]
Sep 30 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Connection closed by 162.144.236.216 port 49196 [preauth]
Sep 30 02:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: Failed password for invalid user ftpuser from 66.23.227.122 port 49052 ssh2
Sep 30 02:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: Received disconnect from 66.23.227.122 port 49052:11: Bye Bye [preauth]
Sep 30 02:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13771]: Disconnected from 66.23.227.122 port 49052 [preauth]
Sep 30 02:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Failed password for root from 162.144.236.216 port 57518 ssh2
Sep 30 02:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Connection closed by 162.144.236.216 port 57518 [preauth]
Sep 30 02:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12540]: pam_unix(cron:session): session closed for user root
Sep 30 02:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: Failed password for root from 162.144.236.216 port 36274 ssh2
Sep 30 02:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: Connection closed by 162.144.236.216 port 36274 [preauth]
Sep 30 02:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Failed password for root from 162.144.236.216 port 43164 ssh2
Sep 30 02:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Connection closed by 162.144.236.216 port 43164 [preauth]
Sep 30 02:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for root from 162.144.236.216 port 49306 ssh2
Sep 30 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Connection closed by 162.144.236.216 port 49306 [preauth]
Sep 30 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Failed password for root from 162.144.236.216 port 56400 ssh2
Sep 30 02:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Connection closed by 162.144.236.216 port 56400 [preauth]
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13918]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13916]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session closed for user root
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Invalid user tor from 80.94.95.112
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: input_userauth_request: invalid user tor [preauth]
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13990]: Successful su for rubyman by root
Sep 30 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13990]: + ??? root:rubyman
Sep 30 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318486 of user rubyman.
Sep 30 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13990]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318486.
Sep 30 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Failed password for invalid user tor from 80.94.95.112 port 64769 ssh2
Sep 30 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13916]: pam_unix(cron:session): session closed for user root
Sep 30 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11053]: pam_unix(cron:session): session closed for user root
Sep 30 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Failed password for invalid user tor from 80.94.95.112 port 64769 ssh2
Sep 30 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for root from 162.144.236.216 port 35128 ssh2
Sep 30 02:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Failed password for invalid user tor from 80.94.95.112 port 64769 ssh2
Sep 30 02:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Connection closed by 162.144.236.216 port 35128 [preauth]
Sep 30 02:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13915]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Failed password for invalid user tor from 80.94.95.112 port 64769 ssh2
Sep 30 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Failed password for root from 66.23.227.122 port 44570 ssh2
Sep 30 02:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Failed password for invalid user tor from 80.94.95.112 port 64769 ssh2
Sep 30 02:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Received disconnect from 66.23.227.122 port 44570:11: Bye Bye [preauth]
Sep 30 02:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Disconnected from 66.23.227.122 port 44570 [preauth]
Sep 30 02:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Received disconnect from 80.94.95.112 port 64769:11: Bye [preauth]
Sep 30 02:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Disconnected from 80.94.95.112 port 64769 [preauth]
Sep 30 02:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 02:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 02:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Failed password for root from 162.144.236.216 port 40638 ssh2
Sep 30 02:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Connection closed by 162.144.236.216 port 40638 [preauth]
Sep 30 02:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14338]: Failed password for root from 162.144.236.216 port 48108 ssh2
Sep 30 02:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14338]: Connection closed by 162.144.236.216 port 48108 [preauth]
Sep 30 02:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Failed password for root from 162.144.236.216 port 54568 ssh2
Sep 30 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Connection closed by 162.144.236.216 port 54568 [preauth]
Sep 30 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session closed for user root
Sep 30 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Invalid user user from 80.94.95.112
Sep 30 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: input_userauth_request: invalid user user [preauth]
Sep 30 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 02:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Failed password for root from 162.144.236.216 port 60636 ssh2
Sep 30 02:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Connection closed by 162.144.236.216 port 60636 [preauth]
Sep 30 02:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Failed password for invalid user user from 80.94.95.112 port 63205 ssh2
Sep 30 02:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Failed password for invalid user user from 80.94.95.112 port 63205 ssh2
Sep 30 02:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.15.38  user=root
Sep 30 02:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Failed password for invalid user user from 80.94.95.112 port 63205 ssh2
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Failed password for root from 47.237.15.38 port 39386 ssh2
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Invalid user pi from 47.237.15.38
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: input_userauth_request: invalid user pi [preauth]
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: Connection closed by 47.237.15.38 port 39386 [preauth]
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.15.38
Sep 30 02:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: Failed password for root from 162.144.236.216 port 37832 ssh2
Sep 30 02:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Failed password for invalid user user from 80.94.95.112 port 63205 ssh2
Sep 30 02:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Failed password for invalid user pi from 47.237.15.38 port 39412 ssh2
Sep 30 02:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14413]: Connection closed by 162.144.236.216 port 37832 [preauth]
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Failed password for invalid user user from 80.94.95.112 port 63205 ssh2
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Received disconnect from 80.94.95.112 port 63205:11: Bye [preauth]
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Disconnected from 80.94.95.112 port 63205 [preauth]
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
Sep 30 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 02:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Connection closed by 47.237.15.38 port 39412 [preauth]
Sep 30 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Failed password for root from 162.144.236.216 port 44940 ssh2
Sep 30 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Connection closed by 162.144.236.216 port 44940 [preauth]
Sep 30 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14482]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14480]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14478]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14554]: Successful su for rubyman by root
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14554]: + ??? root:rubyman
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318492 of user rubyman.
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14554]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Invalid user nginx from 47.237.15.38
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: input_userauth_request: invalid user nginx [preauth]
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318492.
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.15.38
Sep 30 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Invalid user user from 47.237.15.38
Sep 30 02:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: input_userauth_request: invalid user user [preauth]
Sep 30 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Failed password for invalid user nginx from 47.237.15.38 port 40472 ssh2
Sep 30 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Connection closed by 47.237.15.38 port 40472 [preauth]
Sep 30 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Invalid user hex from 66.23.227.122
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: input_userauth_request: invalid user hex [preauth]
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Failed password for root from 162.144.236.216 port 51596 ssh2
Sep 30 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
Sep 30 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user hex from 66.23.227.122 port 49616 ssh2
Sep 30 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Received disconnect from 66.23.227.122 port 49616:11: Bye Bye [preauth]
Sep 30 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Disconnected from 66.23.227.122 port 49616 [preauth]
Sep 30 02:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Connection closed by 162.144.236.216 port 51596 [preauth]
Sep 30 02:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: Connection reset by 47.237.15.38 port 53328 [preauth]
Sep 30 02:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: Connection closed by 47.237.15.38 port 40484 [preauth]
Sep 30 02:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14479]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14686]: Connection reset by 47.237.15.38 port 53318 [preauth]
Sep 30 02:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Connection reset by 47.237.15.38 port 53306 [preauth]
Sep 30 02:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Connection closed by 47.237.15.38 port 53326 [preauth]
Sep 30 02:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: Failed password for root from 162.144.236.216 port 59304 ssh2
Sep 30 02:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14744]: Connection closed by 162.144.236.216 port 59304 [preauth]
Sep 30 02:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Did not receive identification string from 47.237.15.38
Sep 30 02:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Failed password for root from 162.144.236.216 port 37456 ssh2
Sep 30 02:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Connection closed by 162.144.236.216 port 37456 [preauth]
Sep 30 02:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: Failed password for root from 162.144.236.216 port 44688 ssh2
Sep 30 02:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14820]: Connection closed by 162.144.236.216 port 44688 [preauth]
Sep 30 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session closed for user root
Sep 30 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Failed password for root from 162.144.236.216 port 50926 ssh2
Sep 30 02:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14842]: Connection closed by 162.144.236.216 port 50926 [preauth]
Sep 30 02:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Failed password for root from 162.144.236.216 port 58278 ssh2
Sep 30 02:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Connection closed by 162.144.236.216 port 58278 [preauth]
Sep 30 02:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Failed password for root from 162.144.236.216 port 37304 ssh2
Sep 30 02:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Connection closed by 162.144.236.216 port 37304 [preauth]
Sep 30 02:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Invalid user test from 66.23.227.122
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: input_userauth_request: invalid user test [preauth]
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14937]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14938]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15000]: Successful su for rubyman by root
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15000]: + ??? root:rubyman
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318495 of user rubyman.
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15000]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318495.
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Failed password for invalid user test from 66.23.227.122 port 52884 ssh2
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Received disconnect from 66.23.227.122 port 52884:11: Bye Bye [preauth]
Sep 30 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Disconnected from 66.23.227.122 port 52884 [preauth]
Sep 30 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session closed for user root
Sep 30 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Failed password for root from 162.144.236.216 port 43742 ssh2
Sep 30 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Connection closed by 162.144.236.216 port 43742 [preauth]
Sep 30 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Failed password for root from 162.144.236.216 port 51446 ssh2
Sep 30 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Connection closed by 162.144.236.216 port 51446 [preauth]
Sep 30 02:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15214]: Failed password for root from 162.144.236.216 port 57656 ssh2
Sep 30 02:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15214]: Connection closed by 162.144.236.216 port 57656 [preauth]
Sep 30 02:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for root from 162.144.236.216 port 35940 ssh2
Sep 30 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Connection closed by 162.144.236.216 port 35940 [preauth]
Sep 30 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13918]: pam_unix(cron:session): session closed for user root
Sep 30 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: Failed password for root from 162.144.236.216 port 43166 ssh2
Sep 30 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15279]: Connection closed by 162.144.236.216 port 43166 [preauth]
Sep 30 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Invalid user max from 93.152.230.176
Sep 30 02:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: input_userauth_request: invalid user max [preauth]
Sep 30 02:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 02:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Failed password for invalid user max from 93.152.230.176 port 47377 ssh2
Sep 30 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Received disconnect from 93.152.230.176 port 47377:11: Client disconnecting normally [preauth]
Sep 30 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Disconnected from 93.152.230.176 port 47377 [preauth]
Sep 30 02:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Failed password for root from 162.144.236.216 port 49600 ssh2
Sep 30 02:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15311]: Connection closed by 162.144.236.216 port 49600 [preauth]
Sep 30 02:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Failed password for root from 162.144.236.216 port 55586 ssh2
Sep 30 02:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15350]: Connection closed by 162.144.236.216 port 55586 [preauth]
Sep 30 02:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: Failed password for root from 66.23.227.122 port 42764 ssh2
Sep 30 02:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: Received disconnect from 66.23.227.122 port 42764:11: Bye Bye [preauth]
Sep 30 02:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15366]: Disconnected from 66.23.227.122 port 42764 [preauth]
Sep 30 02:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Failed password for root from 162.144.236.216 port 60278 ssh2
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15368]: Connection closed by 162.144.236.216 port 60278 [preauth]
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15382]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15443]: Successful su for rubyman by root
Sep 30 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15443]: + ??? root:rubyman
Sep 30 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318498 of user rubyman.
Sep 30 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15443]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318498.
Sep 30 02:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session closed for user root
Sep 30 02:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15383]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Failed password for root from 162.144.236.216 port 37846 ssh2
Sep 30 02:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Connection closed by 162.144.236.216 port 37846 [preauth]
Sep 30 02:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: Failed password for root from 162.144.236.216 port 45750 ssh2
Sep 30 02:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: Connection closed by 162.144.236.216 port 45750 [preauth]
Sep 30 02:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Failed password for root from 162.144.236.216 port 54612 ssh2
Sep 30 02:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Connection closed by 162.144.236.216 port 54612 [preauth]
Sep 30 02:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14482]: pam_unix(cron:session): session closed for user root
Sep 30 02:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for root from 162.144.236.216 port 60540 ssh2
Sep 30 02:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Connection closed by 162.144.236.216 port 60540 [preauth]
Sep 30 02:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: Failed password for root from 162.144.236.216 port 39676 ssh2
Sep 30 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: Connection closed by 162.144.236.216 port 39676 [preauth]
Sep 30 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Invalid user seekcy from 66.23.227.122
Sep 30 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: input_userauth_request: invalid user seekcy [preauth]
Sep 30 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Failed password for invalid user seekcy from 66.23.227.122 port 33310 ssh2
Sep 30 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Received disconnect from 66.23.227.122 port 33310:11: Bye Bye [preauth]
Sep 30 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Disconnected from 66.23.227.122 port 33310 [preauth]
Sep 30 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15775]: Failed password for root from 162.144.236.216 port 46120 ssh2
Sep 30 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15775]: Connection closed by 162.144.236.216 port 46120 [preauth]
Sep 30 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15810]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15811]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15808]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: Successful su for rubyman by root
Sep 30 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: + ??? root:rubyman
Sep 30 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318503 of user rubyman.
Sep 30 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15873]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318503.
Sep 30 02:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: Failed password for root from 162.144.236.216 port 53978 ssh2
Sep 30 02:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: Connection closed by 162.144.236.216 port 53978 [preauth]
Sep 30 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session closed for user root
Sep 30 02:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15809]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 162.144.236.216 port 58442 ssh2
Sep 30 02:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Connection closed by 162.144.236.216 port 58442 [preauth]
Sep 30 02:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for root from 162.144.236.216 port 39658 ssh2
Sep 30 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Connection closed by 162.144.236.216 port 39658 [preauth]
Sep 30 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14938]: pam_unix(cron:session): session closed for user root
Sep 30 02:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: Failed password for root from 162.144.236.216 port 49398 ssh2
Sep 30 02:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: Connection closed by 162.144.236.216 port 49398 [preauth]
Sep 30 02:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Failed password for root from 66.23.227.122 port 42700 ssh2
Sep 30 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Received disconnect from 66.23.227.122 port 42700:11: Bye Bye [preauth]
Sep 30 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Disconnected from 66.23.227.122 port 42700 [preauth]
Sep 30 02:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Failed password for root from 162.144.236.216 port 56748 ssh2
Sep 30 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16179]: Connection closed by 162.144.236.216 port 56748 [preauth]
Sep 30 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for root from 162.144.236.216 port 33204 ssh2
Sep 30 02:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Connection closed by 162.144.236.216 port 33204 [preauth]
Sep 30 02:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Failed password for root from 162.144.236.216 port 39184 ssh2
Sep 30 02:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Connection closed by 162.144.236.216 port 39184 [preauth]
Sep 30 02:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16254]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16255]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16253]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16257]: pam_unix(cron:session): session closed for user root
Sep 30 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16249]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: Successful su for rubyman by root
Sep 30 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: + ??? root:rubyman
Sep 30 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318507 of user rubyman.
Sep 30 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16326]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318507.
Sep 30 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Invalid user ftpuser from 80.94.95.116
Sep 30 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: input_userauth_request: invalid user ftpuser [preauth]
Sep 30 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Sep 30 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13473]: pam_unix(cron:session): session closed for user root
Sep 30 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16253]: pam_unix(cron:session): session closed for user root
Sep 30 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Failed password for invalid user ftpuser from 80.94.95.116 port 20658 ssh2
Sep 30 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Failed password for root from 162.144.236.216 port 45476 ssh2
Sep 30 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16357]: Connection closed by 80.94.95.116 port 20658 [preauth]
Sep 30 02:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Connection closed by 162.144.236.216 port 45476 [preauth]
Sep 30 02:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Failed password for root from 162.144.236.216 port 52986 ssh2
Sep 30 02:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16541]: Connection closed by 162.144.236.216 port 52986 [preauth]
Sep 30 02:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Failed password for root from 162.144.236.216 port 60216 ssh2
Sep 30 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Connection closed by 162.144.236.216 port 60216 [preauth]
Sep 30 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Failed password for root from 162.144.236.216 port 37082 ssh2
Sep 30 02:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Connection closed by 162.144.236.216 port 37082 [preauth]
Sep 30 02:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session closed for user root
Sep 30 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for root from 66.23.227.122 port 33458 ssh2
Sep 30 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Received disconnect from 66.23.227.122 port 33458:11: Bye Bye [preauth]
Sep 30 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Disconnected from 66.23.227.122 port 33458 [preauth]
Sep 30 02:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Failed password for root from 162.144.236.216 port 41628 ssh2
Sep 30 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Connection closed by 162.144.236.216 port 41628 [preauth]
Sep 30 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Failed password for root from 162.144.236.216 port 49374 ssh2
Sep 30 02:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Connection closed by 162.144.236.216 port 49374 [preauth]
Sep 30 02:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Invalid user admin from 139.19.117.131
Sep 30 02:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: input_userauth_request: invalid user admin [preauth]
Sep 30 02:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Failed password for root from 162.144.236.216 port 55182 ssh2
Sep 30 02:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Connection closed by 162.144.236.216 port 55182 [preauth]
Sep 30 02:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Failed password for root from 162.144.236.216 port 60494 ssh2
Sep 30 02:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Connection closed by 139.19.117.131 port 39456 [preauth]
Sep 30 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16723]: Connection closed by 162.144.236.216 port 60494 [preauth]
Sep 30 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: Successful su for rubyman by root
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: + ??? root:rubyman
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318512 of user rubyman.
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16831]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318512.
Sep 30 02:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Failed password for root from 162.144.236.216 port 37656 ssh2
Sep 30 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session closed for user root
Sep 30 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Connection closed by 162.144.236.216 port 37656 [preauth]
Sep 30 02:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for root from 162.144.236.216 port 44510 ssh2
Sep 30 02:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Connection closed by 162.144.236.216 port 44510 [preauth]
Sep 30 02:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Failed password for root from 162.144.236.216 port 52580 ssh2
Sep 30 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Connection closed by 162.144.236.216 port 52580 [preauth]
Sep 30 02:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: Failed password for root from 66.23.227.122 port 36882 ssh2
Sep 30 02:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: Received disconnect from 66.23.227.122 port 36882:11: Bye Bye [preauth]
Sep 30 02:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17080]: Disconnected from 66.23.227.122 port 36882 [preauth]
Sep 30 02:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Failed password for root from 162.144.236.216 port 59288 ssh2
Sep 30 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Connection closed by 162.144.236.216 port 59288 [preauth]
Sep 30 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15811]: pam_unix(cron:session): session closed for user root
Sep 30 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: Failed password for root from 162.144.236.216 port 36834 ssh2
Sep 30 02:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: Connection closed by 162.144.236.216 port 36834 [preauth]
Sep 30 02:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Failed password for root from 162.144.236.216 port 42982 ssh2
Sep 30 02:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Connection closed by 162.144.236.216 port 42982 [preauth]
Sep 30 02:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Failed password for root from 162.144.236.216 port 49634 ssh2
Sep 30 02:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17196]: Connection closed by 162.144.236.216 port 49634 [preauth]
Sep 30 02:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17221]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: Successful su for rubyman by root
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: + ??? root:rubyman
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318517 of user rubyman.
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318517.
Sep 30 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for root from 162.144.236.216 port 54888 ssh2
Sep 30 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Connection closed by 162.144.236.216 port 54888 [preauth]
Sep 30 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14480]: pam_unix(cron:session): session closed for user root
Sep 30 02:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Failed password for root from 162.144.236.216 port 32898 ssh2
Sep 30 02:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Connection closed by 162.144.236.216 port 32898 [preauth]
Sep 30 02:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Invalid user seekcy from 66.23.227.122
Sep 30 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: input_userauth_request: invalid user seekcy [preauth]
Sep 30 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for root from 162.144.236.216 port 38918 ssh2
Sep 30 02:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Failed password for invalid user seekcy from 66.23.227.122 port 36068 ssh2
Sep 30 02:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Received disconnect from 66.23.227.122 port 36068:11: Bye Bye [preauth]
Sep 30 02:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Disconnected from 66.23.227.122 port 36068 [preauth]
Sep 30 02:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Connection closed by 162.144.236.216 port 38918 [preauth]
Sep 30 02:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Failed password for root from 162.144.236.216 port 47562 ssh2
Sep 30 02:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Connection closed by 162.144.236.216 port 47562 [preauth]
Sep 30 02:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16255]: pam_unix(cron:session): session closed for user root
Sep 30 02:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Failed password for root from 162.144.236.216 port 53624 ssh2
Sep 30 02:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17567]: Connection closed by 162.144.236.216 port 53624 [preauth]
Sep 30 02:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Failed password for root from 162.144.236.216 port 59298 ssh2
Sep 30 02:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17613]: Connection closed by 162.144.236.216 port 59298 [preauth]
Sep 30 02:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Failed password for root from 162.144.236.216 port 37960 ssh2
Sep 30 02:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Connection closed by 162.144.236.216 port 37960 [preauth]
Sep 30 02:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: Failed password for root from 162.144.236.216 port 44186 ssh2
Sep 30 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Sep 30 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17661]: Connection closed by 162.144.236.216 port 44186 [preauth]
Sep 30 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17689]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17683]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: Successful su for rubyman by root
Sep 30 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: + ??? root:rubyman
Sep 30 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318521 of user rubyman.
Sep 30 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318521.
Sep 30 02:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: Failed password for root from 20.163.71.109 port 57474 ssh2
Sep 30 02:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: Connection closed by 20.163.71.109 port 57474 [preauth]
Sep 30 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14937]: pam_unix(cron:session): session closed for user root
Sep 30 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17684]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: Failed password for root from 162.144.236.216 port 49578 ssh2
Sep 30 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17679]: Connection closed by 162.144.236.216 port 49578 [preauth]
Sep 30 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Invalid user jerry from 66.23.227.122
Sep 30 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: input_userauth_request: invalid user jerry [preauth]
Sep 30 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for root from 162.144.236.216 port 56900 ssh2
Sep 30 02:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Connection closed by 162.144.236.216 port 56900 [preauth]
Sep 30 02:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for invalid user jerry from 66.23.227.122 port 42046 ssh2
Sep 30 02:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Received disconnect from 66.23.227.122 port 42046:11: Bye Bye [preauth]
Sep 30 02:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Disconnected from 66.23.227.122 port 42046 [preauth]
Sep 30 02:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: Failed password for root from 162.144.236.216 port 37916 ssh2
Sep 30 02:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: Connection closed by 162.144.236.216 port 37916 [preauth]
Sep 30 02:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session closed for user root
Sep 30 02:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Failed password for root from 162.144.236.216 port 44934 ssh2
Sep 30 02:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Connection closed by 162.144.236.216 port 44934 [preauth]
Sep 30 02:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: Failed password for root from 162.144.236.216 port 51008 ssh2
Sep 30 02:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: Connection closed by 162.144.236.216 port 51008 [preauth]
Sep 30 02:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Failed password for root from 162.144.236.216 port 58212 ssh2
Sep 30 02:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Connection closed by 162.144.236.216 port 58212 [preauth]
Sep 30 02:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18475]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18474]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18472]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18550]: Successful su for rubyman by root
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18550]: + ??? root:rubyman
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318525 of user rubyman.
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18550]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318525.
Sep 30 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: Failed password for root from 162.144.236.216 port 37190 ssh2
Sep 30 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: Connection closed by 162.144.236.216 port 37190 [preauth]
Sep 30 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session closed for user root
Sep 30 02:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18473]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: Failed password for root from 162.144.236.216 port 44482 ssh2
Sep 30 02:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: Connection closed by 162.144.236.216 port 44482 [preauth]
Sep 30 02:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for root from 162.144.236.216 port 50526 ssh2
Sep 30 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: Invalid user seekcy from 66.23.227.122
Sep 30 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: input_userauth_request: invalid user seekcy [preauth]
Sep 30 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Connection closed by 162.144.236.216 port 50526 [preauth]
Sep 30 02:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: Failed password for invalid user seekcy from 66.23.227.122 port 48500 ssh2
Sep 30 02:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: Received disconnect from 66.23.227.122 port 48500:11: Bye Bye [preauth]
Sep 30 02:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18814]: Disconnected from 66.23.227.122 port 48500 [preauth]
Sep 30 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: Failed password for root from 162.144.236.216 port 56812 ssh2
Sep 30 02:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18825]: Connection closed by 162.144.236.216 port 56812 [preauth]
Sep 30 02:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session closed for user root
Sep 30 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Failed password for root from 162.144.236.216 port 35206 ssh2
Sep 30 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Connection closed by 162.144.236.216 port 35206 [preauth]
Sep 30 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: Failed password for root from 162.144.236.216 port 42228 ssh2
Sep 30 02:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18907]: Connection closed by 162.144.236.216 port 42228 [preauth]
Sep 30 02:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Invalid user oracle from 93.152.230.176
Sep 30 02:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: input_userauth_request: invalid user oracle [preauth]
Sep 30 02:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Failed password for invalid user oracle from 93.152.230.176 port 39653 ssh2
Sep 30 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Received disconnect from 93.152.230.176 port 39653:11: Client disconnecting normally [preauth]
Sep 30 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18935]: Disconnected from 93.152.230.176 port 39653 [preauth]
Sep 30 02:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: Failed password for root from 162.144.236.216 port 48474 ssh2
Sep 30 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18937]: Connection closed by 162.144.236.216 port 48474 [preauth]
Sep 30 02:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18976]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session closed for user root
Sep 30 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18974]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: Failed password for root from 162.144.236.216 port 55186 ssh2
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: Successful su for rubyman by root
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: + ??? root:rubyman
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318532 of user rubyman.
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318532.
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18961]: Connection closed by 162.144.236.216 port 55186 [preauth]
Sep 30 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15810]: pam_unix(cron:session): session closed for user root
Sep 30 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18976]: pam_unix(cron:session): session closed for user root
Sep 30 02:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18975]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: Failed password for root from 162.144.236.216 port 33580 ssh2
Sep 30 02:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: Connection closed by 162.144.236.216 port 33580 [preauth]
Sep 30 02:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Invalid user bpm from 66.23.227.122
Sep 30 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: input_userauth_request: invalid user bpm [preauth]
Sep 30 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Failed password for root from 162.144.236.216 port 40540 ssh2
Sep 30 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19372]: Connection closed by 162.144.236.216 port 40540 [preauth]
Sep 30 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Failed password for invalid user bpm from 66.23.227.122 port 59578 ssh2
Sep 30 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Received disconnect from 66.23.227.122 port 59578:11: Bye Bye [preauth]
Sep 30 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19447]: Disconnected from 66.23.227.122 port 59578 [preauth]
Sep 30 02:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Invalid user admin from 80.94.95.25
Sep 30 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: input_userauth_request: invalid user admin [preauth]
Sep 30 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 30 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Failed password for root from 162.144.236.216 port 46526 ssh2
Sep 30 02:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for invalid user admin from 80.94.95.25 port 8428 ssh2
Sep 30 02:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Connection closed by 162.144.236.216 port 46526 [preauth]
Sep 30 02:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for invalid user admin from 80.94.95.25 port 8428 ssh2
Sep 30 02:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for invalid user admin from 80.94.95.25 port 8428 ssh2
Sep 30 02:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17689]: pam_unix(cron:session): session closed for user root
Sep 30 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for invalid user admin from 80.94.95.25 port 8428 ssh2
Sep 30 02:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Failed password for root from 162.144.236.216 port 54370 ssh2
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for invalid user admin from 80.94.95.25 port 8428 ssh2
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Received disconnect from 80.94.95.25 port 8428:11: Bye [preauth]
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Disconnected from 80.94.95.25 port 8428 [preauth]
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.25
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: PAM service(sshd) ignoring max retries; 5 > 3
Sep 30 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Connection closed by 162.144.236.216 port 54370 [preauth]
Sep 30 02:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Failed password for root from 162.144.236.216 port 32934 ssh2
Sep 30 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Connection closed by 162.144.236.216 port 32934 [preauth]
Sep 30 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Failed password for root from 162.144.236.216 port 37704 ssh2
Sep 30 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Connection closed by 162.144.236.216 port 37704 [preauth]
Sep 30 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 162.144.236.216 port 43644 ssh2
Sep 30 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Connection closed by 162.144.236.216 port 43644 [preauth]
Sep 30 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: Successful su for rubyman by root
Sep 30 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: + ??? root:rubyman
Sep 30 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318536 of user rubyman.
Sep 30 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318536.
Sep 30 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16254]: pam_unix(cron:session): session closed for user root
Sep 30 02:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19813]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Failed password for root from 162.144.236.216 port 49440 ssh2
Sep 30 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Connection closed by 162.144.236.216 port 49440 [preauth]
Sep 30 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Invalid user pt from 66.23.227.122
Sep 30 02:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: input_userauth_request: invalid user pt [preauth]
Sep 30 02:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Failed password for invalid user pt from 66.23.227.122 port 57418 ssh2
Sep 30 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Received disconnect from 66.23.227.122 port 57418:11: Bye Bye [preauth]
Sep 30 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Disconnected from 66.23.227.122 port 57418 [preauth]
Sep 30 02:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Failed password for root from 162.144.236.216 port 56516 ssh2
Sep 30 02:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Connection closed by 162.144.236.216 port 56516 [preauth]
Sep 30 02:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Failed password for root from 162.144.236.216 port 38152 ssh2
Sep 30 02:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Connection closed by 162.144.236.216 port 38152 [preauth]
Sep 30 02:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18475]: pam_unix(cron:session): session closed for user root
Sep 30 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: Failed password for root from 162.144.236.216 port 44274 ssh2
Sep 30 02:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20244]: Connection closed by 162.144.236.216 port 44274 [preauth]
Sep 30 02:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Failed password for root from 162.144.236.216 port 51234 ssh2
Sep 30 02:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20294]: Connection closed by 162.144.236.216 port 51234 [preauth]
Sep 30 02:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Failed password for root from 162.144.236.216 port 57742 ssh2
Sep 30 02:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20319]: Connection closed by 162.144.236.216 port 57742 [preauth]
Sep 30 02:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20353]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: Failed password for root from 162.144.236.216 port 35640 ssh2
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20431]: Successful su for rubyman by root
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20431]: + ??? root:rubyman
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318539 of user rubyman.
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20431]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318539.
Sep 30 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20339]: Connection closed by 162.144.236.216 port 35640 [preauth]
Sep 30 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session closed for user root
Sep 30 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Invalid user elena from 66.23.227.122
Sep 30 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: input_userauth_request: invalid user elena [preauth]
Sep 30 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20355]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Failed password for invalid user elena from 66.23.227.122 port 41154 ssh2
Sep 30 02:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Received disconnect from 66.23.227.122 port 41154:11: Bye Bye [preauth]
Sep 30 02:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Disconnected from 66.23.227.122 port 41154 [preauth]
Sep 30 02:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for root from 162.144.236.216 port 42428 ssh2
Sep 30 02:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Connection closed by 162.144.236.216 port 42428 [preauth]
Sep 30 02:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: Failed password for root from 162.144.236.216 port 48448 ssh2
Sep 30 02:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: Connection closed by 162.144.236.216 port 48448 [preauth]
Sep 30 02:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Failed password for root from 162.144.236.216 port 54678 ssh2
Sep 30 02:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Connection closed by 162.144.236.216 port 54678 [preauth]
Sep 30 02:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: Failed password for root from 162.144.236.216 port 32934 ssh2
Sep 30 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: Connection closed by 162.144.236.216 port 32934 [preauth]
Sep 30 02:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18978]: pam_unix(cron:session): session closed for user root
Sep 30 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Failed password for root from 162.144.236.216 port 40536 ssh2
Sep 30 02:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20743]: Connection closed by 162.144.236.216 port 40536 [preauth]
Sep 30 02:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Failed password for root from 162.144.236.216 port 48498 ssh2
Sep 30 02:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Connection closed by 162.144.236.216 port 48498 [preauth]
Sep 30 02:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: Failed password for root from 162.144.236.216 port 55586 ssh2
Sep 30 02:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Invalid user github from 66.23.227.122
Sep 30 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: input_userauth_request: invalid user github [preauth]
Sep 30 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20812]: Connection closed by 162.144.236.216 port 55586 [preauth]
Sep 30 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Failed password for invalid user github from 66.23.227.122 port 46204 ssh2
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Received disconnect from 66.23.227.122 port 46204:11: Bye Bye [preauth]
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Disconnected from 66.23.227.122 port 46204 [preauth]
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: Successful su for rubyman by root
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: + ??? root:rubyman
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318543 of user rubyman.
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318543.
Sep 30 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session closed for user root
Sep 30 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for root from 162.144.236.216 port 33196 ssh2
Sep 30 02:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Connection closed by 162.144.236.216 port 33196 [preauth]
Sep 30 02:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Failed password for root from 162.144.236.216 port 40224 ssh2
Sep 30 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Connection closed by 162.144.236.216 port 40224 [preauth]
Sep 30 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 162.144.236.216 port 46652 ssh2
Sep 30 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Connection closed by 162.144.236.216 port 46652 [preauth]
Sep 30 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Invalid user yangjian from 46.101.170.54
Sep 30 02:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: input_userauth_request: invalid user yangjian [preauth]
Sep 30 02:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Sep 30 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Failed password for invalid user yangjian from 46.101.170.54 port 37760 ssh2
Sep 30 02:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21154]: Connection closed by 46.101.170.54 port 37760 [preauth]
Sep 30 02:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Failed password for root from 162.144.236.216 port 51144 ssh2
Sep 30 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Connection closed by 162.144.236.216 port 51144 [preauth]
Sep 30 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session closed for user root
Sep 30 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: Invalid user user from 185.156.73.233
Sep 30 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: input_userauth_request: invalid user user [preauth]
Sep 30 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Sep 30 02:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: Failed password for invalid user user from 185.156.73.233 port 22238 ssh2
Sep 30 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21197]: Connection closed by 185.156.73.233 port 22238 [preauth]
Sep 30 02:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: Failed password for root from 162.144.236.216 port 59830 ssh2
Sep 30 02:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21201]: Connection closed by 162.144.236.216 port 59830 [preauth]
Sep 30 02:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Failed password for root from 162.144.236.216 port 38442 ssh2
Sep 30 02:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21233]: Connection closed by 162.144.236.216 port 38442 [preauth]
Sep 30 02:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Invalid user notes from 66.23.227.122
Sep 30 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: input_userauth_request: invalid user notes [preauth]
Sep 30 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Failed password for invalid user notes from 66.23.227.122 port 55502 ssh2
Sep 30 02:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Received disconnect from 66.23.227.122 port 55502:11: Bye Bye [preauth]
Sep 30 02:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21265]: Disconnected from 66.23.227.122 port 55502 [preauth]
Sep 30 02:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Failed password for root from 162.144.236.216 port 44752 ssh2
Sep 30 02:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Connection closed by 162.144.236.216 port 44752 [preauth]
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21282]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21283]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21277]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21279]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: Successful su for rubyman by root
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: + ??? root:rubyman
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318546 of user rubyman.
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318546.
Sep 30 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21277]: pam_unix(cron:session): session closed for user root
Sep 30 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session closed for user root
Sep 30 02:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21280]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: Failed password for root from 162.144.236.216 port 53154 ssh2
Sep 30 02:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21276]: Connection closed by 162.144.236.216 port 53154 [preauth]
Sep 30 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21663]: Failed password for root from 162.144.236.216 port 33544 ssh2
Sep 30 02:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21663]: Connection closed by 162.144.236.216 port 33544 [preauth]
Sep 30 02:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: Failed password for root from 162.144.236.216 port 43488 ssh2
Sep 30 02:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21698]: Connection closed by 162.144.236.216 port 43488 [preauth]
Sep 30 02:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session closed for user root
Sep 30 02:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: Failed password for root from 162.144.236.216 port 49928 ssh2
Sep 30 02:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21730]: Connection closed by 162.144.236.216 port 49928 [preauth]
Sep 30 02:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Failed password for root from 162.144.236.216 port 56618 ssh2
Sep 30 02:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Connection closed by 162.144.236.216 port 56618 [preauth]
Sep 30 02:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Failed password for root from 66.23.227.122 port 47586 ssh2
Sep 30 02:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Received disconnect from 66.23.227.122 port 47586:11: Bye Bye [preauth]
Sep 30 02:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21816]: Disconnected from 66.23.227.122 port 47586 [preauth]
Sep 30 02:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Failed password for root from 162.144.236.216 port 36492 ssh2
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21836]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21834]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21833]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21830]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21836]: pam_unix(cron:session): session closed for user root
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21828]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Connection closed by 162.144.236.216 port 36492 [preauth]
Sep 30 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21914]: Successful su for rubyman by root
Sep 30 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21914]: + ??? root:rubyman
Sep 30 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318556 of user rubyman.
Sep 30 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21914]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318556.
Sep 30 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21830]: pam_unix(cron:session): session closed for user root
Sep 30 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18474]: pam_unix(cron:session): session closed for user root
Sep 30 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21829]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Failed password for root from 162.144.236.216 port 44962 ssh2
Sep 30 02:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21903]: Connection closed by 162.144.236.216 port 44962 [preauth]
Sep 30 02:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Failed password for root from 162.144.236.216 port 52470 ssh2
Sep 30 02:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Connection closed by 162.144.236.216 port 52470 [preauth]
Sep 30 02:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for root from 162.144.236.216 port 58094 ssh2
Sep 30 02:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Connection closed by 162.144.236.216 port 58094 [preauth]
Sep 30 02:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22220]: Failed password for root from 162.144.236.216 port 36184 ssh2
Sep 30 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22220]: Connection closed by 162.144.236.216 port 36184 [preauth]
Sep 30 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20834]: pam_unix(cron:session): session closed for user root
Sep 30 02:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: Failed password for root from 162.144.236.216 port 42036 ssh2
Sep 30 02:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22233]: Connection closed by 162.144.236.216 port 42036 [preauth]
Sep 30 02:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Failed password for root from 162.144.236.216 port 48026 ssh2
Sep 30 02:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Connection closed by 162.144.236.216 port 48026 [preauth]
Sep 30 02:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Failed password for root from 66.23.227.122 port 42094 ssh2
Sep 30 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Received disconnect from 66.23.227.122 port 42094:11: Bye Bye [preauth]
Sep 30 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Disconnected from 66.23.227.122 port 42094 [preauth]
Sep 30 02:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: Failed password for root from 162.144.236.216 port 53852 ssh2
Sep 30 02:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22306]: Connection closed by 162.144.236.216 port 53852 [preauth]
Sep 30 02:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22336]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22333]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: Successful su for rubyman by root
Sep 30 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: + ??? root:rubyman
Sep 30 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318557 of user rubyman.
Sep 30 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22406]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318557.
Sep 30 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Failed password for root from 162.144.236.216 port 34216 ssh2
Sep 30 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Connection closed by 162.144.236.216 port 34216 [preauth]
Sep 30 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18977]: pam_unix(cron:session): session closed for user root
Sep 30 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22334]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Failed password for root from 162.144.236.216 port 40710 ssh2
Sep 30 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22590]: Connection closed by 162.144.236.216 port 40710 [preauth]
Sep 30 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22659]: Failed password for root from 162.144.236.216 port 48812 ssh2
Sep 30 02:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22659]: Connection closed by 162.144.236.216 port 48812 [preauth]
Sep 30 02:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for root from 162.144.236.216 port 53348 ssh2
Sep 30 02:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Connection closed by 162.144.236.216 port 53348 [preauth]
Sep 30 02:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21283]: pam_unix(cron:session): session closed for user root
Sep 30 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Failed password for root from 162.144.236.216 port 59658 ssh2
Sep 30 02:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Connection closed by 162.144.236.216 port 59658 [preauth]
Sep 30 02:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Invalid user administrator from 66.23.227.122
Sep 30 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: input_userauth_request: invalid user administrator [preauth]
Sep 30 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: Failed password for root from 162.144.236.216 port 37924 ssh2
Sep 30 02:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Failed password for invalid user administrator from 66.23.227.122 port 46740 ssh2
Sep 30 02:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Received disconnect from 66.23.227.122 port 46740:11: Bye Bye [preauth]
Sep 30 02:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Disconnected from 66.23.227.122 port 46740 [preauth]
Sep 30 02:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: Connection closed by 162.144.236.216 port 37924 [preauth]
Sep 30 02:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Invalid user xml from 93.152.230.176
Sep 30 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: input_userauth_request: invalid user xml [preauth]
Sep 30 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.152.230.176
Sep 30 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Failed password for invalid user xml from 93.152.230.176 port 13724 ssh2
Sep 30 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Received disconnect from 93.152.230.176 port 13724:11: Client disconnecting normally [preauth]
Sep 30 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Disconnected from 93.152.230.176 port 13724 [preauth]
Sep 30 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: Failed password for root from 162.144.236.216 port 45202 ssh2
Sep 30 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22973]: Connection closed by 162.144.236.216 port 45202 [preauth]
Sep 30 02:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Failed password for root from 162.144.236.216 port 51354 ssh2
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: Successful su for rubyman by root
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: + ??? root:rubyman
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318561 of user rubyman.
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318561.
Sep 30 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Connection closed by 162.144.236.216 port 51354 [preauth]
Sep 30 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session closed for user root
Sep 30 02:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Failed password for root from 162.144.236.216 port 57444 ssh2
Sep 30 02:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Connection closed by 162.144.236.216 port 57444 [preauth]
Sep 30 02:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23367]: Failed password for root from 162.144.236.216 port 36512 ssh2
Sep 30 02:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23367]: Connection closed by 162.144.236.216 port 36512 [preauth]
Sep 30 02:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: Failed password for root from 162.144.236.216 port 43234 ssh2
Sep 30 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: Connection closed by 162.144.236.216 port 43234 [preauth]
Sep 30 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21834]: pam_unix(cron:session): session closed for user root
Sep 30 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Invalid user administrator from 66.23.227.122
Sep 30 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: input_userauth_request: invalid user administrator [preauth]
Sep 30 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: pam_unix(sshd:auth): check pass; user unknown
Sep 30 02:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122
Sep 30 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: Failed password for root from 162.144.236.216 port 51846 ssh2
Sep 30 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Failed password for invalid user administrator from 66.23.227.122 port 34516 ssh2
Sep 30 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Received disconnect from 66.23.227.122 port 34516:11: Bye Bye [preauth]
Sep 30 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Disconnected from 66.23.227.122 port 34516 [preauth]
Sep 30 02:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: Connection closed by 162.144.236.216 port 51846 [preauth]
Sep 30 02:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Failed password for root from 162.144.236.216 port 59500 ssh2
Sep 30 02:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Connection closed by 162.144.236.216 port 59500 [preauth]
Sep 30 02:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Failed password for root from 162.144.236.216 port 36170 ssh2
Sep 30 02:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Connection closed by 162.144.236.216 port 36170 [preauth]
Sep 30 02:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Failed password for root from 162.144.236.216 port 41678 ssh2
Sep 30 02:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Connection closed by 162.144.236.216 port 41678 [preauth]
Sep 30 02:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23762]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23765]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23760]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: Successful su for rubyman by root
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: + ??? root:rubyman
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318566 of user rubyman.
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318566.
Sep 30 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session closed for user root
Sep 30 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Failed password for root from 162.144.236.216 port 47174 ssh2
Sep 30 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23761]: pam_unix(cron:session): session closed for user samftp
Sep 30 02:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Connection closed by 162.144.236.216 port 47174 [preauth]
Sep 30 02:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Failed password for root from 162.144.236.216 port 53382 ssh2
Sep 30 02:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24035]: Connection closed by 162.144.236.216 port 53382 [preauth]
Sep 30 02:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for root from 162.144.236.216 port 60348 ssh2
Sep 30 02:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Connection closed by 162.144.236.216 port 60348 [preauth]
Sep 30 02:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Failed password for root from 162.144.236.216 port 37822 ssh2
Sep 30 02:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Connection closed by 162.144.236.216 port 37822 [preauth]
Sep 30 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.23.227.122  user=root
Sep 30 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Failed password for root from 66.23.227.122 port 60574 ssh2
Sep 30 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Received disconnect from 66.23.227.122 port 60574:11: Bye Bye [preauth]
Sep 30 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Disconnected from 66.23.227.122 port 60574 [preauth]
Sep 30 02:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session closed for user root
Sep 30 02:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Failed password for root from 162.144.236.216 port 43408 ssh2
Sep 30 02:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: Connection closed by 162.144.236.216 port 43408 [preauth]
Sep 30 02:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: Failed password for root from 162.144.236.216 port 48640 ssh2
Sep 30 02:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: Connection closed by 162.144.236.216 port 48640 [preauth]
Sep 30 02:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Failed password for root from 162.144.236.216 port 54862 ssh2
Sep 30 02:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Connection closed by 162.144.236.216 port 54862 [preauth]
Sep 30 02:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.144.236.216  user=root
Sep 30 02:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: Failed password for root from 162.144.236.216 port 59846 ssh2
Sep 30 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: Connection closed by 162.144.236.216 port 59846 [preauth]
Sep 30 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24257]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24256]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24253]: pam_unix(cron:session): session closed for user p13x
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: Successful su for rubyman by root
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: + ??? root:rubyman
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 318569 of user rubyman.
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: pam_unix(su:session): session closed for user rubyman
Sep 30 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 318569.